In the current state of the world, there's almost no way for companies to protect their date from cyberattacks, John Hering, co-founder of mobile security firm Lookout, told CNBC on Friday.
"For any given unit of time that goes by, the probability of an organization being compromised is trending to 100 percent," he said in a "Squawk Box" interview.
Health insurer Anthem announced on Wednesday that the personal data of about 80 million customers and employees had been compromised in what it called a "very sophisticated" cyberattack. While the breach did not expose financial information, the hackers gained access to names, birth dates, Social Security numbers, street addresses, email addresses and employment information.
Read MoreAnthem hacked, millions of records likely stolen
Security experts said many health insurers like Anthem are vulnerable because they do not encrypt the data, The New York Times reported.
Anthem is the second largest U.S. health insurer, and the attack could be the largest ever disclosed by a health care company.
Cybersecurity has not yet become a corporate board-level issue at many companies, but it needs to be, Hering said. The current state of security is reactive, and while progress is being made, it's being driven by breaches, he said.
Read MoreAttackon Anthem: All the details
"We need to move to a world where security is not reactive, but proactive and predictive," he said.
In the case of the Sony hack, which exposed corporate emails and leaked unreleased films, Hering said there were indications that the system had been compromised six months before the breach became public.
Read MoreWhy you should care about the Anthem breach
Banks in particular are very focused on cybersecurity and have controls and protections in place. He noted that most consumers are not liable for attacks that compromise their bank accounts.
However, the insurance industry—which like health care is consolidated and large—has not taken cybersecurity as seriously as the financial services industry, he said.