But for all its flaws, attribution remains an important part of international law and any reaction to cyberespionage or attacks will have to rely on it to some extent.
For the time being, industry watchers expect any agreement won't lead to immediate change but they do represent a positive step forward. Companies shouldn't let their guard down, said Patterson.
"Our strong recommendation is that companies that make up the world’s critical infrastructure do not look at these talks as protecting them," he said.
Sign up for CIO Asia eNewsletters.