The administration has wrestled with the idea of updating cyberlaws as the tools and weapons in cyberspace have increased in numbers and grown ever more sophisticated.
The black market for cyberweapons, which can be used to attack critical infrastructure, banks, or personal networks, is growing rapidly, Rosenbach said. (Read More: SEC Left Computers Vulnerable to Cyberattacks: Sources)
"I think about the fact that you can go out there and purchase a specific type of cyberweapon and use that against the United States, and they don't even have to be a nation anymore to develop a weapon like that — those are more like the dark web pages," Rosenbach said. "I can't give a specific name, it's classified information. But if you have the weapon and you know the vulnerabilities of the U.S. infrastructure, that makes me nervous." (Read More: Cyberattacks Up Sharply, Suppliers Targeted: Lockheed )
Over the last six months, massive security breaches — such as the attack on Saudi Aramco, the world's largest oil company, and attacks against U.S. financial services companies, including PNC Financial, Wells Fargo, JPMorgan Chase, and Bank of America — have shown that government and businesses are not prepared for such cyberattacks. (Read More: Hackers in Iran Responsible for Cyberattacks: US )
"CEOs need to understand the mounting threat, consider the risk and plan accordingly," Rosenbach said. "You are naive if you are not factoring some aspects of cyberrisk into your business plan."