Privately-owned U.S. computer networks remain vulnerable to cyber attacks, and many U.S. companies are not doing enough to protect them, Deputy U.S. Defense Secretary Ashton Carter said on Wednesday.

“I hope this isn’t one of those situations where we won’t do what we need to do until we get slammed,” Carter told the annual Air Force Association conference.

Attacks on American computer infrastructure by other countries and criminal gangs have soared in recent years, according to U.S. government officials.

Efforts to pass legislation to strengthen U.S. cyber security have met obstacles such as privacy issues, prompting the White House to consider an executive order to protect U.S. computer networks from attack.

Carter said the Pentagon was doing all it could to protect its own networks and develop offensive cyber weapons, but shoring up the nation’s overall cyber infrastructure -- much of which is privately held -- was far more challenging.

“When it comes to the nation’s networks there are many other forces and considerations that make it very complicated, and therefore very slow, and I’m concerned that it’s moving too slowly,” he told Reuters after his remarks at the conference.

“We’re still vulnerable and the pace is not adequate,” Carter told the conference, noting that many private companies either did not invest at all -- or invested too little in cyber security.

General Martin Dempsey, chairman of the U.S. Joint Chiefs of Staff, echoed his concerns about the vulnerabilities of U.S. computer systems and said cyberspace operations would be fully “integrated into the way we do business in the future.”

“We better take seriously the threat in cyber space,” Dempsey told Reuters after a speech at the conference. “We’ve got to get ourselves better prepared for the kind of activities in cyber that are happening all over the globe.”