Asia is also stepping up, he said, and Interpol recently opened a cyber center in Singapore.
"Where you find problems is countries where you have a significant cybercriminal presence that haven't signed up for the same amount of cross-border collaboration," he said. "For example, Russia comes to mind as a country where it's been very difficult for western law enforcement to reach across the border, to provide evidence of criminal behavior, and to obtain cooperation and actual prosecution."
Some countries turn a blind eye to cybercrime, or even use criminal groups as proxies, he said.
It's particularly frustrating that companies that have been hit by cybercrime can't call in the authorities, like they can if there was a traditional robbery -- and they also aren't allowed to take the law into their own hands.
"In the case of cyber attacks, what we've seen until recently is that corporations are simply told that they've been hacked -- maybe -- and left to their own devices," he said. "It's not like there's some sort of cyber police. Everyone is just told do a better job with security."
If the situation doesn't improve, organizations might considering become a little bit more proactive, more offensive, in their approaches, he said.
"In the U.S, it's illegal for commercial organizations to hack back if they detect hacking or gather information on attackers and provide it to law enforcement if that information would be obtained illegally," he said. "But it is theoretically possible to employ such forces who operated from other countries where those types of activities aren't considered illegal, which is considered a gray area. Well, I suppose law enforcement in the U.S. wouldn't consider it a gray area, but organizations are seeing an inadequacy in public policy in the U.S., where they have to sit on their hands, and criminals can do anything they want."
Meanwhile, there are steps that enterprises can take to help in this fight, and progress has been made on this front, said Bill Conner, CEO at security firm SonicWall, which was recently spun out of Dell.
The first thing, he said, is that enterprises need to share more information with one another.
"And that is happening," he said. "Over the last five years, the cooperation between banks about cyber has dramatically increased, and that's a good thing. And all enterprises, not just banks, are reporting more and more not just to the FBI, but to local law enforcement."
It can seem daunting, he added.
"You feel like you've handed over the data and they have all the cards and you can't see them," he said. "So there's still an issue. Most of the time, law enforcement could be more helpful about giving color about things to do and talking about what's happening."
Sign up for CIO Asia eNewsletters.