This year's Infosecurity conference in London showed that the issue of network security is as important as ever to corporates and IT vendors. It also showed the size and breadth of an industry that has grown faster in the last two or three years than at any other time in its history, thanks to companies' growing fears that they will fall victim to malicious attacks of one kind or another.

In many cases companies'concerns are well founded. The number of viruses, worms, Trojans and forms of denial-of-service (DOS) attack have exploded since the start of the decade.

However, it is difficult to say how many deliberate attempts there have been to hack into commercially sensitive databases in order to gain information, rather than simply to cause destruction, mainly because so few of these incidents are publicised.

One thing is certain, however - more items of malicious code than ever before have hit my inbox or have been reported in the news during the last 12 months. All of them have been created with the specific aim of causing disruption to business systems, and in some cases to reduce firms' profits.

However, the full extent of the damage caused by these attacks is always difficult to gauge with any degree of accuracy. Loose figures, usually in the billion-dollar category, are always bandied about, but in truth it is absolutely impossible to get any real sense of just how many firms lost just how much money from any one attack or spate of attacks over a year.

I always wonder how the financial community begins to compile these figures. A roll of the dice and random multiplier, perhaps?

The logical way to proceed would be to ask firms to volunteer information about the effects of an attack and how much money they reckon it cost them, detailing revenues before, during and after the assault in question. But exactly how much of this information is likely to be forthcoming?

And this of course is the big problem. How many companies are willing to admit that they have been caught with their pants down, that their existing security infrastructure has been compromised and vital information scrambled, lost or obtained by potentially dangerous factions?

Publicising a firm's failings could shake the confidence of its customers and business partners - assuming they have not already noticed something amiss when the company suddenly started to send a deluge of pornographic material to their electronic inboxes.

In days gone by, before the astronomical growth in demand for security products from all sectors of the IT industry, I would often attend product launches and ask the vendor what type of firm actually needed the relatively high level of security that their latest solution offered. They told me that security was a big issue for many companies, and that customers had, behind closed doors, admitted to coming under attack but did not want to go public about it.

Which presumably leaves shows such as Infosecurity full of people who perhaps deny they have a problem, but are looking out for new security tools as a precaution, or maybe for a friend.