Cyber-crime incidents that are reported by the press are "just a snapshot" of what is actually happening, according to the government spy agency GCHQ's director Sir Iain Lobban.
In an article entitled "Countering the cyber threat to business" in the spring edition of the Institute of Directors Big Policy journal, Lobban said: "Cyberspace is contested every day, every hour, every minute, every second.
"From GCHQ's vantage point, we have seen significant disruption to government systems - from malware picked up accidently from the internet but also from deliberate attacks. On average 33,000 malicious emails a month are blocked at the gateway to the Government Secure Intranet - they contain sophisticated malware, often sent by highly capable cyber criminals or by state sponsored groups," he added.
Lobban went on to urge business directors to understand how the cyber threat can affect their organisations, stating that it wasn't just an issue for the defence and security sector but for all firms.
He warned professional services firms' that their proprietary client information is an attractive target, for example.
He went on to say that organisations may not immediately realise that they have been targeted, with data being copied without any sign that it has happened.
"The risk of not acting now is that, by the time you realise your defences have been breached, it will be too late and the damage will have been done," he said.
"As technology becomes ever more affordable and available, it is open to a wide range of threat actors - states, criminals and hackers - to mount attacks which put at risk many millions of pounds of investment on a daily basis. If these attacks are left unchecked, they could have a devastating impact on the future earning potential of companies and the economic well-being of nations," he added.
Lobban also warned that the "Ten Steps To Cyber Security" in the Cyber Security Guidance for Business booklet produced by the Communications Electronics Security Group (CESG), the Department for Business Innovation and Skills (BIS) and the Centre for the Protection of National Infrastructure (CPNI) last year, while still valid, may be becoming outdated.
"What was considered a sophisticated cyber-attack only a year ago might now be incorporated into a downloadable and easy-to-deploy internet application, requiring little or no expertise to use," he warned.