Cyber attacks revealed by Google involving China have underscored growing risks to critical infrastructure, with 40 per cent of infrastructure organisations around the world expecting big cyber attacks within the next 12 months.

A survey report from IT security firm McAfee, authored by the Centre for Strategic and International Studies, found that 54 per cent of organisations responsible for critical infrastructure have already suffered large-scale attacks or stealthy infiltrations from organised crime gangs, terrorists or nation-states.

The risk of cyber attack is also rising, with 37 per cent of respondents saying their sector's vulnerability had increased over the past 12 months and two fifths expecting a large security incident in their sector within the next year.

Only 20 per cent were confident enough to think their sector was safe from a serious cyber attack over the next five years.

The survey found 60 per cent of those surveyed believe representatives of foreign governments have been involved in past infrastructure infiltrations. Interestingly, the biggest threat to critical infrastructure was not China, nominated by 33 per cent of respondents, but the United States, with a 36 per cent share of votes.

However, McAfee chief executive Dave DeWalt said in a statement that the attack announced by Google involving China was "the most sophisticated threat seen in years", and was a watershed moment in the world of cyber security because of the targeted and co-ordinated nature of the attack.

The survey of 600 IT professionals showed the staggering cost and impact that cyber attacks could have on critical infrastructure such as electrical grids, oil and gas production, telecommunications and transportation networks. The average estimated cost of downtime associated with a large incident is $US6.3 million ($7.14 million) a day.

DeWalt said that attacks on critical organisations, including transportation, energy and telecommunications infrastructure could cause "widespread economic disruptions, environmental disasters, loss of property and even loss of life".

The survey also found that IT professionals felt laws were ineffective in protecting against potential attacks, while more than half of those surveyed felt that insurance firms would bear the brunt of costs for any future attacks.