Schmidt, a former White House adviser for cybersecurity, said the focus of cyberattacks had shifted from larger firms, which have improved their security, to smaller firms where weaknesses remain.
This is creating new threats which affect the big players further up the supply chain.
"The trend is small and medium-sized companies getting attacked - everything from phishing e-mails to denial of service to hack attacks are moving down the food chain," said Schmidt.
Multinational companies are increasingly requiring their smaller suppliers to pass IT security audits and to sign contracts that say they have adequate IT security in place, said Schmidt.
But he warned that small companies faced serious problems dealing with the different compliance demands from the larger organisations.
"The issue is where you have one supplier for seven large corporations and all seven demand an audit as part of their contract," said Schmidt. He called for an effort to "develop some mechanism to ease that pain".
CIOs of major corporations have begun to share security information about suppliers informally and this could pave the way for corporations to accept security audits conducted by other businesses, he said.
"The next logical step is trying to formalise the processes," Schmidt said.
RSA Security Conference >>