Striking back against cyberattackers in other countries is a "loser" of a strategy and could subject companies to criminal charges, Rogers said. "When you decide you're going to breach territorial jurisdiction and go after someone, you have opened up a can of worms which is well beyond the scope of your threat," he added.
In addition, companies' ability to attribute the attackers is "all over the map," Rogers said. "Some can do it very, very well," he said. "Some don't have a clue of how to do it, but that wouldn't stop them from [responding] anyway. How do you contain that?"
Sign up for CIO Asia eNewsletters.