"The problem is that many companies don't understand the absolute necessity to spend money to secure their assets properly," says Craig Williams, head cyber-threat researcher for Cisco (CSCO) . "Events like this put the need in perspective."
New technology is helping to deal with the problem, but experts say much of the threat stems from companies failing to take the issue seriously enough.
"Someone needs to have a serious discussion about industry best practices," Williams says. "The reality is that some of the data the hackers were able to get out of Sony should have been encrypted and not accessible."
Even President Obama expressed concern, saying Friday that the U.S. has to do more to help protect private and public assets.
Williams says there are a number of steps companies should be taking -- but aren't.
"Best practices require that sensitive data, such as salary spreadsheets, should always be encrypted and kept on networks with limited access, separate from other internal networks," he explains.
Companies, however, face an enormous security challenge because they share information with multiple destinations, including people outside a company's control. For that reason, companies can't protect such things as email from hacking, says Jay Heir, an analyst at Gartner.
"Sensitive data shouldn't be put in email. Email is designed to share and disseminate, not protect data." Heir says. "At the very least, companies should use programs that generate passwords randomly, rather than passwords rooted in dictionary words."
There are a couple of relatively new security practices that corporate America is starting to implement. One is the use of the cloud-where information is stored remotely on a common server rather than a computer.