Rodney L. Joffe was speaking to IT PRO about a recent report that Ealing Council released, describing how the Conficker worm shut down its systems.
He said that most companies didn't talk about being hit by Conficker, and that some likely didn't even recognise that they had been infected by the worm.
Joffe described some of the public and private sector businesses that had "checked in" with the Conficker Working Group after they had been infected with the bug in the last 24 hours, which included one of the largest retail chains in the UK.
He said: "The last couple of days covers the entire spectrum of UK enterprise. In the last 24 hours, banks have checked in, two airports, and eight or nine different councils."
Joffe wouldn't reveal names of the businesses involved, as it was "inappropriate" - and would also mean that criminals would be able to target the companies vulnerable to an attack.
However, he did reveal that the Conficker Working Group was now supplying information to the Police Central e-crime Unit.
"But there's a manpower issue," Joffe warned. "If there are 5,000 organisations in the Met area that have been infected, the e-crime Unit doesn't have the ability to contact all of them."
"There are two airports that have been infected. They are going to be looked at before the home ISP provider. There's a limit to what they can do."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.