Utility and other critical infrastructure firms are wide open to an online attack, according to industry insiders and other experts interviewed by gateway security firm Secure Computing.

Respondents to the study were asked to indicate the state of readiness against IT threats in eight different industries. Over 50 per cent said that utilities, oil and gas, transportation, telecommunications, chemical, emergency services and postal/shipping industries were not prepared. The energy sector emerged as the most vulnerable target.

Only the financial services sector was considered to be adequately ready to defend against attack, according to the Securing Critical Infrastructure report.

Secure Computing advised critical infrastructure operators to perform ongoing vulnerability assessments, carefully monitor network automation and control systems, and share more information with each other about threats and attacks.

"An attack on any one of these industries could cause widespread economic disruption, major environmental disaster, loss of property and even loss of life," said Elan Winkler, director of critical infrastructure solutions at Secure Computing.

"This study revealed that many critical infrastructure organisations are simply not ready for the cyber-attacks which are coming soon."

In related news, web security-as-a-service firm ScanSafe released new research today highlighting the top five industries at risk from web-borne malware.

The company's Vertical Risk Report (PDF) also identified energy and oil as the most likely sector to be hit, followed by pharmaceutical and chemicals, and engineering and construction.

"We were concerned to find that the industries consistently encountering the highest rate of web-delivered malware are not typical industries, but rather industries that can have a critical bearing on infrastructure and intellectual property rights," said ScanSafe senior security researcher Mary Landesman.