Companies in the IT security industry must be very pleased with themselves at the moment. Business is booming.

We have moved on from the perception that the internet is inherently insecure and anyone who so much as looks at a computer will fall foul of teams of evil teenagers sitting in cyberspace waiting to steal their credit card details.

But now we are privy to a new wave of security pressures such as software vulnerabilities, viruses, worms, identity theft, phishing and denial of service attacks.

The internet and new, open ways of working have opened a back door to the business.

Figures from anti-virus specialist Symantec last week show that in 2003, seven new software vulnerabilities were identified every day.

And research from the Department for Trade and Industry and PricewaterhouseCoopers shows that around half of UK companies suffered a virus or denial of service attack last year.

Symantec thinks numbers of flaws have reached a plateau, but the sophistication of worms and viruses created to exploit these vulnerabilities is maturing.

The latest trend to emerge is online extortion, often engineered by gangs of organised criminals.

Businesses with high profile web sites, often sites that generate money, are targeted. The hacker finds a back-door into the site and the company's systems, and leaves some kind of evidence that they are in and have the ability to wreak havoc.

The company is then contacted and threatened with its site being taken down or its data removed, if sums of money are not paid to the criminals.

All sounds a bit James Bond, but the National HiTech Crime Unit is taking it very seriously, citing it as one of the biggest growing trends in the world of cybercrime.

It has led at least one insurance company, Hiscox, to start offering insurance against hacking.

If your company is hit by one of these extortion rackets it will pay the ransom, and recoup damages if worse comes to worse.

Hiscox is not going to insure any old company just because it happens to operate predominantly on the internet. But if this is a trend that takes off, there is a danger that companies will be complacent when it comes to protecting their digital assets, treating them with similar regard to a camera on a week's holiday - it doesn't matter, it's covered on the insurance.

This slack attitude will simply play into the hands of the unscrupulous individuals looking to sully the internet and turn it into a dangerous criminal landscape.

We know these problems exist. We know security is a threat. We know it has to be taken seriously. And we know that businesses know they need to take security seriously.

Yet there are still alarming numbers of businesses that are crossing their fingers and hoping that they won't become victims, with only 30 per cent of UK companies having security representation at board level, according to Netegrity.

Organisations have to be more responsible when it comes to securing their IT systems and online activities.

It used to be fine to leave security measures to the IT department, that's no longer the case.

Security has to be the business of the business. There needs to be board members championing security best practice and making sure the organisation is doing all it can to protect itself.

It is essential that IT assets are treated with the same seriousness as their physical counterparts.

It doesn't matter how many locks you have on your front door; you cannot guarantee that you won't be burgled. But you can certainly make it harder for the burglar to get in by making your property more of an obstacle, instead of leaving the back door open and a note on the door step advising the milkman you'll be on holiday for the next two weeks.

Businesses must be more responsible and make sure they follow advice and are doing all they can to prevent security breaches.