Companies are less worried about bad publicity than they were five or six years ago, said Randy Gainer, a partner at the legal firm Davis Wright Tremaine. "The time for keeping these events under covers is gone," he said. Even if a company doesn't have a legal obligation to come forward about cybercrime, customers may figure out that an incident occurred, providing fodder for class-action lawsuits, he said.

Law enforcement agents said they are also sensitive to other issues companies might have. When David Dunn of the U.S. Secret Service E-Crimes Task Force responds to a company that calls about a data breach, he's very aware that the organization is in crisis mode, he said.

"We acknowledge that this is a usual event for us but very unusual for you," he said. But he can often help companies prevent further damage. He might recognize the attack from previous attacks and be able to direct the company to another vulnerability that the cybercriminal is likely to hit next. "We can provide information to help the company close a door," he said.

Because he's experienced with major cybercrime, he can direct companies about what types of files to copy and which to protect from being overwritten, in order to preserve data that might help track down the perpetrators. "We can help stop the bleeding," he said.

Boeing reported good experiences working with authorities on a couple of cases, including one where a former employee was threatening employees via email. The victims were given a contact at the attorney's office to talk to about their concerns and were only named by their initials publicly. "That went a long way to help people feel a little more comfortable," said Vanessa Lee, senior counsel at Boeing.