The IT industry has yet to get security right, according to the European Network and Information Security Agency (ENISA) Europe's security advisory group.
"We have not got it right. Perhaps we are setting the bar too low," Steve Purser, head of the technical competency department at ENISA told the ISSE 2009 security conference in The Hague.
The IT sector needed to make a more proactive contribution to the security process, he said. This is why ENISA had made building a better information security community a strategic goal.
"We need to encourage electronic common sense so people protect information online in the same way as they do in the real world," said Steve Purser.
Most businesses and individuals were still adapting to living in an online world, Purser said. Security models needed to be reviewed to cope with those changes.
Pee-to-peer networking was mainly associated with online gaming, but now being used in the enterprise and security models needed to reflect that change, he said.
With all new opportunities come risk, so if business and government were to benefit, they needed to reduce that risk by developing appropriate and effective frameworks to assure end-users, he said.
The challenge was to achieve a greater level of security that was also economically effective, by carefully balancing opportunity and risk, said Purser.
Governments needed to ensure that businesses do not lose out through complying with new regulations aimed at improving IT security, he added.