Apparently phishing is not just on the rise – it is exploding. The number of incidents of criminals using spam emails to persuade people to part with online banking passwords has rocketed by 8,000 per cent in about 18 months.

Such astronomic growth may be down to the attractions of armchair international law-breaking: phishing is easy money for minimal outlay, far from both the scene of the crime and its legal penalties.

But statistics are rarely so simple. Phishing’s massive rise may also be because internet banking customers are wising up, forcing phishers to launch more attacks for the same return.

Without further information – namely the number of those attacks which are successful – the 8,000 per cent figure, while striking, is largely meaningless.

Addressing a House of Lords committee last week, banking industry body Apacs again fought off suggestions that it should publish bank by bank information on the number of successful attacks. Apacs says making such information public would be unhelpful, spook potential customers, damage ebusiness and create an erroneous picture of banks’ security.

But without a clear picture of the size and nature of the phishing phenomenon, no amount of customer scepticism or co-operation in international law enforcement will be sure of effectively dealing with it.

The banks’ perspective may not be entirely self-serving. Statistics are famously malleable, and very few situations remain, on closer inspection, as simple as they first appear.

But if one set of metrics is too unsophisticated, it is up to Apacs and its members to establish constructive alternatives, as without such basic information, strategies for dealing with phishing will be based on uncertain foundations.

Looking the other way and pretending that cyber crime is someone else’s problem benefits no one but the criminals. And until the dimensions of the problem are clearly established, it will be difficult to know how best to fight it.

European Commission statements can be open to charges of bureaucratic obfuscation, even for the most supportive commentators.

Last week's communication on spam is no exception: 12 pages of broad assertions about the need for such nebulous things as 'co-ordination and integration at a national level' and 'subscription to international co-operation procedures'.

There are hints of plans for legislation, but couched in the indecisive terms of aims and proposals rather than guaranteed action. And there are no concrete measures to enable the recommended cross-border co-operation or any clear statement of the Commission's role.

In total the document says little more than that cybercrime of all sorts is widespread, expensive and needs to be taken seriously by everybody from governments downwards.

Of that there is no question. Almost three-quarters of traffic through Internet Service Providers' servers is junk mail and the Commission figures estimate a global cost of €39bn (£26bn) last year alone.

Legislation does clearly have a place.

UK business groups continue to put pressure on the government to give the Information Commissioner greater powers to enforce anti-spam laws. And the Commission's noises on Europe-wide measures are also welcome, if lacking any immediate substance.

But laws alone will not solve the problem.

Most spam originates outside Europe so local legislation, while necessary, can be of only limited effect. It is also worth noting that China still tops the world league for spam production, despite new laws passed in February, and the US Can-Spam Act has not managed to knock the country out of the top three.

So the Commission's appeal for international co-ordination may appear open to the usual criticisms of vacuous grandiloquence. But it is at least addressing the central question, and there are no obvious answers.

Spam is a global issue, requiring a global response. To follow up on its good start, the Commission must accompany January's legislative proposals with clear and tangible measures to effect the co-operation it so blithely invokes.