The report, In the Crossfire: Critical Infrastructure in the Age of Cyber War, was commissioned by McAfee. It also found that oil and gas companies were the most exposed to DDoS attacks, with two-thirds of executives saying that they had been bombarded with traffic designed to bring down their systems. A third reported multiple attacks each month.
Denial of service had a more significant effect on oil companies, too. Companies in this sector said that 24 hours of downtime would cost them $8.4m per day – again, a third as much as the cross-sector average. Two-fifths of the total survey base expect a 24-hour outage in their sector in the next year.
This report comes just days after the publication of a Christian Science Monitor article detailing cyberattacks on three of the United States' largest oil companies: ExxonMobil, Marathon Oil, and ConocoPhillips. All three oil companies were infiltrated using malware, according to the report, which added that highly sensitive bid data was stolen.
In spite of being primary targets for cyberattacks, oil and gas companies made the biggest cuts to their security budgets as a result of the recession, according to the report. Up to three-quarters of respondents from this sector reported reductions, it said. And yet according to the report, whereas most sectors focused on cost as a limiting factor in security, the oil sector bucked that trend.
"In the water/sewage and oil/gas sectors, those obstacles were reversed in significance, with lack of awareness being most frequently cited, ahead of cost," the report noted.
Almost six in ten respondents to the survey believed that foreign states had been involved with cyberattacks affecting critical infrastructure in their countries, reflecting growing concerns over cyberwarfare and espionage between governments.
The report polled 600 IT and security executives from 14 countries in seven sectors for their views on the threat landscape.