Although technology might help protect our systems and property better in future, organisations' own internet security experts could become the target of physical attacks by cyber criminals.

This was one of the findings of Turning the Corner, a report from the UK's Office of Science and Technology's Foresight Crime Prevention Panel. The panel of industry, academic and government luminaries examines how technology is likely to have an impact on criminal activity.

Among its recommendations is a call for the government to introduce a national e-crime strategy. The panel points out that certain electronic crimes may be beyond the long arm of the law because the UK legal system has yet to consider the unique nature of cyber crime.

"Currently, it is not an offence to obtain a service by deceiving a 'machine'. This appears to open numerous opportunities for 'deception' to occur without adequate recourse to law," says the report.

David Naylor, a partner at international technology law firm Morrison & Foerster, explains: "Technology has developed so rapidly, and become so borderless, that it produces significant issues for anyone involved in legitimate business."

Standard law is not enough

But the UK legislature is not alone in its failure to tackle the changing face of virtual crime. According to a report by US consultancy McConnell International, many countries still have laws that are unenforceable against computer crime.

"Most countries still rely on standard terrestrial law to prosecute cyber crimes, using archaic statutes that predate the birth of cyberspace," says McConnell.

McConnell analysed the laws of 52 countries and found that only one, the Philippines, has adequately updated its statute book to deal with cyber crime. The Philippines was prompted to act as a direct consequence of its inability to prosecute the student responsible for releasing the LoveBug virus.

The UK is ranked only in the third tier of countries, which, the report says, have "partially updated" their laws. The report highlights data interception, data theft, virus dissemination and computer fraud and forgery as areas where UK law needs to be reviewed.

Cyber crime on a global scale

Tackling cyber crime is further complicated by the global nature of the internet. "It's easier to hold up a bank from a PC in Russia than to walk into one with a gun," warns Clifford May, computer investigations manager at forensic computing specialist Vogon International.

"We have to improve international co-operation - sometimes it takes months to do things overseas."

While the international police co-ordination body Interpol has put itself forward as the best organisation to establish a global cyber police force, in reality such a move is some way off.

Although Vogon has seen its business quadruple this year alone, May believes that companies can do more to tackle e-crime, regardless of government legislation.

"Most IT security problems come from inside companies, not externally. Management often has no idea what's going on inside its computers," he explains.

"The weakest link is usually the person at the bottom. For example, who takes backups? It's usually a low ranking job, but that person has a copy of all the company's data, which they could slip in their pocket and walk out the door with."

Companies need to establish a formal computer security policy, stick to it, and keep on reviewing it. "It's a continuing investment. You have to keep evolving your security policy. The hardest thing to do is persuade people to take preventive measures. It's much more common to be firefighting after the event," May adds.