Aquarter of the total cost of crime affecting small and medium-sized firms in the UK stems from Internet-related offences, according to a recent British Chambers of Commerce report. This amounts to £5bn every 12 months. And a recent US survey by the San Francisco FBI and private security advisory body the Computer Security Institute (CSI) found that financial damages from computer crime had risen by about a quarter in the past year.

There have been many such reports over the past few months, which indicates a growing desire among law enforcement agencies and industry bodies to understand and investigate security breaches and computer crime.

The problem of computer crime may be worse even than these reports suggest as many firms are reluctant to report breaches because they are afraid of bad publicity, or the possibility of further attacks, or simply because they believe the police can do little to protect them.

The joint FBI/CSI report received 503 responses from US security practitioners. Of these respondents, only 221 were willing or able to detail their financial losses from computer crime. The reported losses were $456m, or about $2m per company affected. Despite the massive cost of computer crime, experts believe the problem is not being treated seriously enough by the judicial system.

Toby Ben, product manager at security company Preventon Technologies, said computer crimes are hard to prove in court because juries are not computer experts, and they tend to treat such crimes less seriously.

"People tend to view stealing a million by computer far less seriously than an unarmed robber stealing from a warehouse - because it is intangible," said Ben. "It is worse is if it is stealing 1p from 100 million people, because it is seen as amusing or inconsequential. Whereas [if the crime is] stealing £1m, from one person, the jury can see the actual loss."

To help tackle the problem, one expert said computer crime needs to be categorised and defined more clearly. Charles Neal, the current vice president of managed security services at Cable & Wireless Internet Services and a former FBI computer crime investigator, said that until there is an agreed definition of what constitutes a computer crime it will be hard to assess the extent of the problem.

"We need a common definition and context for offences, or the statistics will not be of much use," he argued.

Neal said that problems might be reduced if computer crimes were not treated as a special case. Neal predicted that in future digital crimes will no longer be defined specifically as computer offences, but will be referred to using conventional terms, such as fraud, trespass or theft. This step might encourage courts to take computer offences more seriously and so to hand out heavier sentences. The theory is that courts would be more likely to realise the seriousness of an offence if, for example, it was referred to simply as theft rather than electronic data theft.

Simon Halberstam, head of e-commerce law at legal practice Sprecher Grier Halberstam, agreed that this might happen. "The law, as always, trails technology by some distance," he said. "It is possible that as the world become more and more IT centric and the legal world adapts to the concepts involved in computer- and Internet-based crime, the general law and computer law will merge to an increasing degree."

However, Halberstam argued that this approach would not be appropriate for some offences. He suggested that the offence of hacking, for example, does not have an equivalent in the non-IT world. "I don't see that a change in terminology from 'hacking' to 'unauthorised access' is either likely or of any significance," he added.

Have your say: contact IT Week