Nearly half of those who work in critical infrastructure systems worldwide expect their company to be targeted by a computer attack over the next year, a new survey has found.
About one-third of the respondents say their company is "extremely" prepared to deal with it, according to the survey (PDF) released today by security company Symantec.
Another 36 percent to 41 percent (depending on the type of attack) say their company is "somewhat" prepared to deal with attacks that range from attempted theft and modification or destruction of data to shutting down computer networks and manipulating physical equipment through control networks. And 6 percent to 9 percent (depending on attack type) said their companies are "extremely unprepared" to deal with those various attacks.
The survey, which interviewed 1,580 enterprises across 15 countries in August, found that the respondents from the energy industry felt the most prepared and those in communications industry felt least prepared to deal with attacks. Forty-four percent said attacks are increasing over time, and 38 percent said the number of attacks remains steady.
On average, each company had been attacked 10 times in the last five years, which cost them an average of $850,000 each over that period, the survey found.
About 90 percent said they have engaged in critical infrastructure protection programs that include working with the government and other companies.
But consumers need to do their part for the safety of the ecosystem too, by keeping their security software up to date and patching other programs, Justin Somaini, Symantec's chief information security officer, told CNET in an interview.
"A lot of malware is coming from workstations," he said. "The consumer has a role to play, and they can affect the critical infrastructure of the Internet."
The Stuxnet worm, which targets industrial control systems, shows that attacks on critical infrastructure are stronger than ever, according to Somaini.
"But (critical infrastructure) has proven itself to be pretty resilient," he said. "That does not mean it's perfect or that it can't be better. It means it is not complete doom and gloom."