Companies may soon choose to hack cyberthieves to retrieve stolen data, Retired Gen. Michael Hayden, a former director of the Central Intelligence Agency, said at the Kaspersky Government Cybersecurity Forum in Washington.
(Read More: Cyberattacks Mean Big Business for Small Security Firms )
Because the government has failed to establish the legal framework to help businesses increase security via information-sharing between the public and private sectors, companies are mulling alternative ways—including offensive measures—to protect their digital assets.
"In the American system—actually in the Western system—when government is late to need, guess who shows up? Guess who fills in? It's the private sector," Hayden said, who was also director of the National Security Agency.
(Read More: Threat of 'Spectacular' Cyberattack Looms: Official )
One of the primary ways companies are protecting themselves against security breaches is by aggressively collecting intelligence on attackers' identity and location, and how they operate. While such information can go a long way in helping defend against future attacks, it doesn't get companies' property back. So there is a growing train of thought that breached businesses should be able to counterattack, or "hack back," Hayden said.
"In other words, It's not just employing a bigger shield," Hayden said. "It's holding a shield and using your free hand to pick up a sword. It has been fascinating to watch the thought processes go forward on how active an active defense can really be."
(Read More: 10 Ways Companies Get Hacked )
Some in the private sector want to go after those who breach their systems with guns blazing.
While bringing a cybercriminal to justice by taking matters into your own hands may be an appealing idea, it's important to be careful when developing an offensive strategy, said Larry Zelvin, director of the National Cyber and Communications Integration Center at the Department of Homeland Security, on Tuesday at the forum.
"It is a crime to hack back," Zelvin said. "I know there is a desire to do those things, but I would urge you to not to. We don't want to create an arms race in cyberspace...There are more threats out there then you will be able to take on."
Correction: An earlier version of the story misquoted Zelvin as saying there is an arms race in cyberspace. That quote has been clarified to say, "We don't want to create an arms race in cyberspace."
But just because hacking back isn't legal isn't necessarily a reason to rule it out, said Jim Jaeger, vice president of cybersecurity services at General Dynamics Fidelis Cybersecurity Solutions, who also spoke on a forum panel.
"If a company wants to go after a cybercriminal who is responsible for a security breach, who is going to complain? The hacker?" Jaeger said. "Frankly, I think it's really good to see."
By CNBC's Cadie Thompson. Follow her on Twitter
Correction: An earlier version of this story misquoted Zelvin as saying "There is an arms race in cyberspace."