Scott Charney, vice-president of security at Microsoft, called for governments and the private sector to work in "smart partnerships" to improve security.
Charney said governments could fund long-term research in areas ignored by the security market.
Demand after the World Trade Center terrorist attacks has driven security investment, but there are still strategic gaps, he said.
"One of the gaps is the lack of long-term fundamental security research that can be transferred from the government to the private sector for commoditisation," said Charney.
"A lot of the research and development the government has funded has been replaced with short-term national security research, some of which is classified and does not end up back in the commercial sector."
Microsoft is investing £3.2bn a year in research and development, much of it geared towards security. Its security development lifecycle programme has publicly reported reduced serious and critical vulnerabilities by 67%, Charney said. But the company still has further to go, he added.