Some small companies still may not understand the need for cybersecurity measures or have the money to buy tools, Franz said. TechAmerica called for the U.S. government to initiate a nationwide dialog about cybersecurity, and the bill does include money for federal cybersecurity research and development and for regional cybersecurity centers.

The trade group could support some new regulation on a "case-by-case basis," Bond added.

But just hours after the TechAmerica briefing, CEOs of two major cybersecurity vendors said some new regulation may be necessary. John Jack, president and CEO of Fortify Software, and Philippe Courtot, chairman and CEO of Qualys, both suggested the U.S. government could come up with broad standards that private industry should follow.

The government should not mandate specific technologies but it could act as a "catalyst to show the way," said Jack, speaking at the Fortify Leadership Summit in Washington, D.C.

The U.S. government could also "elevate the bar" for IT vendors by enforcing security standards, but creating effective legislation would be difficult, Courtot added.