"That sharing was pushed by the political side, and that sharing just isn't pushed right now, so that's the challenge."
The government has also failed to implement cybersecurity requirements for companies that are the backbone of critical infrastructure, Coviello said.
Last month, the Obama administration established a voluntary Cybersecurity Framework for critical infrastructure providers, which was a step in the right direction, but Congress is still "monumentally inactive," Coviello said.
Example: The Senate's failure to pass the Cyber Intelligence Sharing and Protection Act, which was introduced almost three years ago but has stalled because of privacy concerns.
"I'm all for privacy, but we've got to have some balance here. The administration has to lead and Congress has to act," Coviello said. "And we, all of us, have to push Congress to get these things passed."
But businesses shouldn't hold their breath for the government to do anything anytime soon, said John Watters, chairman and CEO of iSight Partners, a cyberthreat intelligence firm.
"Through a customer lens, they (the government) are not going to be leading the charge of the change. It will have to come from the commercial sector at a commercial pace," Watters said.
"Commercial companies are going to have to lead the way."
—By CNBC's Cadie Thompson. Follow her on Twitter @CadieThompson.