Once a month, cybersecurity lawyer Paul Haswell gets a call from an Asian company with the same question: We've been hacked. Who do we need to tell?

More often than not, his answer is "no one." The client will hang up before Haswell can urge them to go public anyway.

"There's no uniformity across Asia — some countries don't even have a law," said Haswell, a Hong Kong-based partner at Pinsent Masons. "In mainland China, security is the lowest priority."