With millions of Britons being invited every day to share their credit card details with "phishing" fraudsters, the government is under pressure to do something about IT security as it affects the public.

A report published last week by the Cabinet Office points out the need to raise awareness about "information assurance" among ordinary users.

Meanwhile, Ian Watmore, the government's chief information officer, last month invited companies to join a new government-sponsored awareness scheme, Project Endurance. Microsoft's chief executive, Steve Ballmer, attended the inaugural lunch and "voiced support", the Cabinet Office says.

The man responsible for the new efforts is Sir David Omand, the government's security and intelligence coordinator and former head of GCHQ. He last week took time out from supervising the intelligence services to unveil a study of current work in information assurance.

Sir David warns that government can no longer rely on building a security fence around its systems. "In today's information society, there is no longer a clear divide between systems in the public and private sectors; they depend on each other to run smoothly and effectively."

Although numerous recent reports have warned that the government is not doing enough to protect its critical national IT infrastructure, the new study suggests that Britain is doing more than countries elsewhere in Europe. "We're well ahead of the game," says Nick Coleman, the report's author.

The study was carried out by Saint, the Security Alliance for Internet and New Technologies, an industry-government task force set up three years ago to work on information security. It found more than 30 groups carrying out work on information assurance, including industry and banking organisations as well as obvious candidates such as the Home Office's High Tech Crime Unit. Two government groups and five industry groups are working on the information assurance issues of biometrics, the survey found.

Coleman says that the survey reveals gaps in three key areas. The first is public awareness. "We've seen a lot of activity but the majority of initiatives have focused on corporate systems. We've seen very few aimed at small companies and home users."

The next gap is in skills and professonalism. Much more needs to be done to train and accredit security experts, says Coleman. "There's no one institution that covers people working in information assurance."

The final area that the survey highlighted was in sharing information between government and business. "There doesn't seem to be much collaboration around some issues, for example social engineering [tricks for persuading insiders to give up passwords and other secrets]," says Coleman. Not surprisingly, the study suggests that a culture of secrecy pervades the security community. "Where information and intelligence is exchanged, it tends to be between two or more individuals who have built up a trusted relationship."

Saint is likely to call for action in all three areas when it reports on the survey next month. Although at present responsibility for information assurance is split among several government departments, from the Department for Trade and Industry to the Home Office to the Ministry of Defence and Department for Constitutional Affairs, Coleman says there is no need for a single body to take control.

A Cabinet Office organisation called the Central Sponsor for Information Assurance is supposed to coordinate work across government and identify gaps. However, he says it is unclear who will take on the task of educating home users in how to protect their systems.

According to the IT services firm LogicaCMG, more than 1m Britons have become victims of online security breaches and one in 20 consumers have experienced an attempt to steal their details while on the internet.

Meanwhile, a "dumbed down" guide to the top 20 IT security threats has been published by Commissum, an Edinburgh-based security firm. The No 1 threat, it explains, is the web server. "This is the big white box in your tech department which inspired the phrase '24/7'. If it's not on, customers get a blank web page when they try to surf your site. Trouble is, since it's always on, it is the first port of call for the opportunistic hacker."

The guide explains workstation service applications, file sharing and instant messaging in similar terms, which it says are aimed at the "average businessman on the street".