Silicon Valley has its guard down with regards to the risk posed by state-sponsored hackers and snoops.

That was the consensus of a bunch of cybersecurity specialists in a roundtable dialogue on the Fortune Brainstorm Tech convention in Aspen, Colo., on Tuesday.

“I believe folks within the Valley are naïve to the international nation-state risk,” mentioned Tim Junio, the co-founder and CEO of Expanse, a San Francisco-based startup that helps purchasers monitor and cut back their digital “assault floor” and whose buyers embody TPG Development, Palantir Applied sciences co-founder Peter Thiel, and Michael Dell. “It’s extremely uncommon—and late within the recreation—for firms to consider the truth that international actors are going to recruit folks to penetrate their networks.”

The largest firms are acutely conscious that international governments want to entry their networks by any means obtainable—whether or not by hacking in from outdoors or planting a spy inside. However startups are a lot much less more likely to view themselves as potential targets of state-sponsored exercise.

“I do assume that in Silicon Valley the smaller firms aren’t as conscious as they need to be of the specter of insider breaches and international gamers like China,” mentioned Michael Brown, former CEO of cyber safety software program firm Symantec and now the director of the U.S. Division of Protection’s Valley-based Protection Innovation Unit. “Ought to that be,” he added rhetorically, “one thing that our authorities ought to shield?”

The connection between Washington D.C. and Silicon Valley has been the topic of debate this week after inflammatory feedback made by Thiel in a speech on Sunday. Thiel, a Fb board member, criticized Alphabet subsidiary Google for its choice to not proceed a contract that gave the Division of Protection entry to its synthetic intelligence capabilities.

However Brown mentioned that the thought of a rift between the Valley and federal authorities was overblown. His Protection Division unit, he mentioned, receives loads of help from the tech neighborhood. “We see numerous firms that wish to assist,” mentioned Brown. “Once we ship out a request, we usually get 30 to 40 responses inbound.”

One solution to fight the risk from international governments and felony hackers alike is for firms to give attention to selling and imposing higher cyber “hygiene” of their workforce.

Dorian Daley, government vice chairman and basic counsel of tech large Oracle, mentioned that the corporate has a safety oversight committee of prime execs that convenes on a quarterly foundation to drill down on safety points. “We now have what I name a ‘company colonoscopy,’” mentioned Daley. “Folks must be held accountable. They must be known as on the carpet.”

Vigilance from the highest down is essential, but it surely’s not going to make the risk go away, argued Dmitri Alperovitch, the co-founder and CTO of cybersecurity agency CrowdStrike, which held an IPO final month. Sure international governments, in accordance with Alperovitch, pose an ongoing risk.

“There are solely 4 issues in cybersecurity: China, Russia, North Korea, and Iran,” mentioned Alperovitch, maybe half joking. “It’s not simply not the nation-state hackers. Numerous the criminals are working out of these international locations as effectively.” And if a community has a weak point they’ll discover it will definitely.

Extra must-read tales from Fortune Brainstorm Tech 2019:

—A.I.’s hidden biases proceed to bedevil companies. Can they be stopped?

—Land O’Lakes CEO: Massive knowledge helps farmers cope with local weather swings

—How Spotify “playlisting” turned an unknown artist right into a star

—U.S. dangers falling behind in crypto, warns ‘Crypto Mother’ SEC commissioner

—Verizon government requires federal privateness guidelines on 5GGet Fortune’s Eye on A.I. e-newsletter, the place synthetic intelligence meets business