Cyberattacks an 'existential threat to society': VC

Cybersecurity summit important first step: Pro

As President Barack Obama held a cybersecurity summit in Silicon Valley on Friday, venture capitalist Venky Ganesan warned that not enough was being done to protect systems from hackers, despite recent high-profile attacks.

"We still are not spending the right amount of time and resources and money on the cybersecurity problem. It's much bigger than people think," said the managing director of Menlo Ventures, a big investor in cybersecurity.

In fact, Ganesan said that only 5 percent of corporate information technology budgets are spent on security.

"That's the equivalent of protecting a Tiffany's with a deadbolt. We need to make sure that we spend the right amount of money because this is an existential threat to our society," he told "Squawk Alley."

Obama was meeting with tech execs at Stanford University on Friday to discuss the issue. He will also sign an executive order aimed at encouraging companies to share more information about cybersecurity threats. It sets the stage for a new private sector-led "information sharing and analysis organizations (ISAOs), by which companies can share cybersecurity data and the Department of Homeland Security.

Read MoreObama to encourage companies to share cyberthreat data

Ganesan called it a very important first step, but said it was a "mini-step."

Big Silicon Valley companies have been hesitant to fully support more mandated cybersecurity information sharing without reforms to government surveillance practices exposed by former National Security Agency contractor Edward Snowden.

Aneesh Chopra, former U.S. chief technology officer, said that both the privacy protection issue and the issue of liability can't be dealt with by executive action alone and need to go through Congress.

He called Friday's summit and executive order a very positive step and said the issue of progress comes down to two words: "better together."

"If I can identify an attack vector and I can share that knowledge with my peers, they can do a better job of finding that attack vector before it infiltrates their networks," Chopra, author of "Innovative State," said in an interview with "Squawk on the Street."

Need national cybersecurity standard: Former US CTO

Read More

In fact, he said health care is a good example of how more transparency is leading to better security initiatives.

Every data breach is now reported by law and it is already having the effect it is supposed to, he said.

"Health-care companies are investing more in cybersecurity protection. Our goal is to get more of that marketplace dynamic in the broader private sector," Chopra noted.

Just last week, health insurer Anthem announced the personal data of about 80 million customers and employees had been breached. When Sony was hacked last November, corporate emails and new movies were leaked.

"What you see in all these private attacks, it's someone making the errant mistake of clicking on something inappropriately disclosing their credentials and then having someone fake in as them and then taking all the data that person is otherwise entitled to," Chopra said.

Read MoreHacking led to a billion compromisedrecords

If employees can do a better job of presenting themselves as who they are digitally, it will be harder for hackers to succeed in those types of attacks, he said. "We need better security around passwords."

James Lyne, global head of security research at the cybersecurity firm Sophos, noted that the majority of cybercriminals are interested in making money. While credit cards may be the obvious target, other data can also be lucrative for hackers.

"The kinds of data we're seeing in these most recent breaches … could open up possibilities for very significant fraud, perhaps opening up a mortgage application in someone else's name using the combination of data and information like the loss of a Social Security number," Lyne said in an interview with "Power Lunch."

"There could be very significant financial and social damage as a result of this kind of data loss."

Those holding such valuable information need to do more to protect it, he added.

Ganesan thinks there should be security ratings for companies that hold personal information.

As for what sectors he thinks are vulnerable, he said he's worried about health care and utilities, "where the exposure to society is much higher" than sectors like retail.

—Reuters contributed to this report.