
He also maintained that some of the organisations to which companies are supposed to report breaches are biased.
"We have to accept living with uncertainty about the size of the problem, but we should be aware of the nature of the risks," de Bruin said.
"We have launched a three-year programme to create trust and confidence with decision makers through a better insight into emerging risks."
De Bruin explained that Enisa will look to build up an authoritative view of the nature of threats facing firms today by building on the data collection initiatives already in place in member states.
"The aim is that, by 2010, 30 stakeholders from 15 member states will point to us as a reference for this," he said.
De Bruin also highlighted the importance of member states sharing best practice. "Let's be frank, some member states are more equipped than others," he said.
"We strongly believe that they should all support each other by sharing information in order to get the balance back."