"If you follow a series of regulations, you'll check off a series of boxes, and you'll get great compliance, but you won't necessarily be secure," she added. "Regulations move too slowly to protect against how quickly our adversaries are attacking us."
Public-private sharing is also imbalanced because not only does the government have the power to compel information from the private sector, but it also maintains a hoard of classified information that it can't or won't share. "It's a meeting of non-equals," Baylor said.
Public and private perspectives on cyber threats can also produce snags in sharing. "The public sector sees everything as a threat," Shane Shook, chief knowledge officer and global vice president of consulting at Cylance, said in an interview. "Whereas, the private sector differentiates between threats that affect their business and risks they're constantly being bombarded with, whether it be DDoS attacks, malware, script kiddies or hacktivists.
"The private sector takes the time to differentiate between threats and risks, while the public sector doesn't do that," he said. "It has a different kind of risk tolerance. It can't afford to ignore any kind of risk."
Sign up for MIS Asia eNewsletters.