Microsoft's admission last week that the security of its computer system had been breached and that hackers had obtained early sight of unannounced products should have sent chills down the collective spine of managers worldwide.

First, there is a worry because of the apparent ease with which the miscreants, using, it seems, a readily available and not too sophisticated program called QAZ Trojan, were able to break through the defences of the world's mightiest software organisation.

"If this could happen to Microsoft then no company is safe," was a typical view.

The weakness was a system being used off-site, possibly at home, raising the likelihood that companies will have to screen employees more rigorously.

The second concern is the growing realisation that if Microsoft owns up to having a cold, then the rest of the world is suffering from raging influenza.

Security experts agree that the Microsoft attack was merely the tip of an iceberg threatening all the world's leading intellectual property companies. The level of the threat has been camouflaged by the reluctance of most companies to admit either that their security has been compromised or that they have the means to track a break-in.

Consultants who try to draw attention to the scale of the problem are frequently accused of scaremongering with a view to generating more business. Mr Scott Charney, a former chief of the US Department of Justice computer crime division, says most companies are simply unaware that "virtual" intruders have made off with their intellectual property.

"If I break in and copy your customer list, how do you know?" he asks, adding that most computer crimes are not reported.

Mr Charney, now a principal consultant at PricewaterhouseCoopers, pointed to a test carried out by his staff on US defence department computer systems. They tried secretly to break into 38,000 defence department computers and were successful in penetrating 24,700 of them. A security audit later showed that the department's system administrator had spotted only 988 successful attacks, or 4 per cent of the intrusions. More important, he had reported only 267 of the incidents to his superiors.

"And that was in an agency with mandatory reporting and some pretty tough security measures," Mr Charney said.

Experts also agree that the spread of computer viruses is woefully under-reported. Mr Srivats Sampath, the chief executive officer of McAfee, the computer security software group, said it had spotted more than 2.8 million files infected with the infamous Love Bug virus on the computers of its North American customers in the past 30 days.

The implication is that the virus, which paralysed corporate email systems earlier this year, is still out there and multiplying. But very few people had come forward to report it, said Mr Sampath.

"Maybe people are just keeping quiet about these things," he added.

Security experts say that the majority of break-ins are not identified because hackers have become more sophisticated in their mode of attack and because companies still refuse to devote adequate resources to basic risk-management.

Once a break-in had been spotted it was frequently not reported, often because the tools were not available to gauge the seriousness of the intrusion. News of break-ins rarely reaches the public as companies fear losing the confidence of their customers and investors.

The growth of the Internet has made intrusion significantly easier than in earlier times, when hackers frequently depended on company insiders to provide telephone numbers to make it possible to dial-up a firm's network and passwords to smooth their way inside. It seems likely that the hackers involved in the Microsoft incident broke in via a computer being used by an employee at a remote site, and which may not have been as adequately protected as Microsoft's office systems.

Mr Charney said companies had first to acknowledge that they were at risk. "It's a risk but it's a manageable risk," he said. He advised companies to make a thorough assessment of their networks, identifying assets that they wanted to protect and working out the potential threats to those assets.

"Sometimes that's not so difficult: a recent joint venture could bring outsiders into your operation."

Companies also needed to form an emergency response team to tackle intrusions. No security systems were foolproof, he added. But Microsoft itself admitted that last week's break-in was only the latest in a string of attacks on its network. It said: "Microsoft is a frequent target of network-based attacks and corporate security actively works to protect the network against them."