The Securities and Exchange Commission is working on new regulations for market technology. Only voluntary standards—some dating back to the 1980s—are in place now.
"Those standards reflect the time in which they were written. ... I think there needs to be an update, especially to address what we know about computer security, how we know attackers operate today," McGeorge said.
The exchanges have pushed back against regulation. But after the "Flash Freeze" on Thursday, the Nasdaq CEO Robert Greifield seemed more open to the SEC's proposals.
"When you look at the details of the rules, there's always ways to quibble," he told CNBC. "But the pure spirit of the rules are there, and we think we ought to go further on this concept of defensive driving."
Watch: Greifield on the Nasdaq Nightmare
McGeorge, who has been working in cybersecurity for the financial industry since 2008, said that the industry must take a broader view of the expense. While cybersecurity can be a big investment, the costs of an attack are far greater.
For example, he said, "the PlayStation network that's delivered by Sony … a very large network, had significant downtime, months, because of a security breach." If the same kind of thing were to happen to the exchanges, "I don't know if the economy could deal with something like this," he added.
Watch: Is Wall Street prepared for a cyberwar?
According to McGeorge, regulators and stock exchanges can take a few specific measures to increase cybersecurity.
For one, financial networks need to be better segregated. Thousands of people and firms need to access critical systems daily. Each person is a point of vulnerability.
"If I can compromise one of the users of this system, that gives me an avenue to attack the system itself," McGeorge said.
Stock exchanges also need more redundancies, or backups, he said. The Nasdaq glitch occurred when the central system for reporting prices—known as the securities information processor, or SIP—was compromised.
Greifeld told CNBC that the Nasdaq would be open to allowing competitors to set up SIPs of their own. That way if a system goes down, firms would have an alternative source for pricing information.