Public, private sectors still far apart on protecting IT infrastructure