"Most of the business world is in denial that these threats exist," says Phil Kernick, a security expert with CQR Consulting. "They don't see them reported so they assume they aren't there. Of course there is no reason for anyone to report them."
Turnbull agrees that "companies are naturally reluctant to reveal how often their systems are attacked by trojans like those found at the NBN Co".
"The more awareness of cyber safety, and the more recognition of vulnerability, the more likely it is that CEOs will focus on the problem," he says.
LAWLESS BADLAND WILL GET REGULATED
Policymakers have a tough challenge on their hands adapting existing legal and regulatory frameworks to a world where so much activity is mediated by the internet. Any half-smart risk manager knows that our digitised lives have liberated numerous new threats that we should seek to mitigate.
And these risks are highly asymmetric. When Syrian hackers wanted to protest US interference in their civil war, they penetrated the Associated Press's Twitter account and sent out a report about a White House bomb scare. This event wiped $US136.5 billion off US equity markets in three minutes.
While the internet wars may never end, one result will almost certainly be more regulation.
"Just as you have to take out insurance when buying a car, one day we may all be required to have a licence to secure our PC devices when venturing forth online," Lynch says.
In this context, Crikey's Keane is right to call for more debate on the looming national security legislation reforms, which few people really understand.
Sign up for CIO Asia eNewsletters.