As long as companies only share attack indicators, "we don't see that there's any real issue at the end of the day," Gordon said.
But in some cases, companies would share IP addresses in an effort to pinpoint the source of attacks, Charney said. Courts should oversee the sharing of IP addresses and customer account information, he said. "There reaches a point where the government wants more [information], and we require legal processes to be followed, so that our customers know we're protecting their privacy, and not just giving the data away voluntarily," he said.
Sign up for CIO Asia eNewsletters.