"It's almost a case of being able to detect that you've had a breach. One of the big challenges and differences with cyber over a more traditional event like flooding is if you've been flooded you know," he said.
"Sometimes if you've been attacked from a cyber perspective you may not actually realise that you've been attacked - and the first sign that you have been attacked may be someone else telling you."
"So because of that it's very difficult to quantify. It could be the data elements that are lost, it could be the financial transactions that will be part of that attack. The first thing is getting that detection capability and quantify things much better, and hopefully limit the ability of that attack."
Sign up for CIO Asia eNewsletters.