More than half the world's critical infrastructure organisations admit being targeted by cyber attacks, research commissioned by security firm McAfee has revealed.
Some 54% of IT security executives at 600 critical infrastructure providers surveyed said they have been hit by large-scale attacks or infiltrations.
Twenty nine per cent said they are facing multiple attacks every month, according to the survey by the Center for Strategic and International Studies (CSIS).
Attacks by cybercriminals, terrorists and nation states vary from massive distributed denial of service (DDOS) attacks to stealthy efforts to enter networks undetected.
These attacks are also on the rise, according to the CSIS report on critical infrastructure in the age of cyberwar released at the annual World Economic Forum meeting in Davos, Switzerland.
Despite a growing number of laws and regulations, 37% of respondents said the vulnerability of critical infrastructure to cyber attack has increased in the past year.
Only 20% believe the sector is safe from serious cyber attack in the next five years, and 40% expect a major incident within the next year.
The CSIS report highlights that many of the world's critical infrastructures have been designed to be highly reliable and available, but with little attention paid to security.
Traditionally, organisations have relied on physical security and have little or no cyber protection, the report found.
The recent cyber attacks on Google and more than 20 other companies could easily have been targeted at critical infrastructure, said Dave DeWalt, chief executive at McAfee.
The attacks were the most sophisticated threat in years, making it a watershed moment in cybersecurity because of the targeted and co-ordinated nature of the attack, he said.
The CSIS report said the research offers no easy answers for governments and organisations seeking to improve cybersecurity of critical infrastructure.
But the report said authentication of users and encryption of data are two key areas that need to be improved.
Other key challenges, the report said, include modifying government structures to deal with threats and finding useful ways so share information about threats and vulnerabilities to improve defence capabilities.