That's not the case in the IT security industry, which often prides itself on the open disclosure of information, and there is often a culture clash between IT security folks who push to make security information public, and more conservative utility security workers, who worry that this kind of knowledge could be misused.

The Energy Insights survey found that many insiders are dissatisfied with the lack of preparedness within their own industries. About three quarters of respondents said they were "annoyed, angry or frustrated" with the state of critical infrastructure security, Winkler said.

"These are the people who actually know what's going on and they're unhappy," she said. "That, to me was a real surprise"

Some industries are farther along than others, Winkler said. Financial, energy and telecommunications are the most prepared, she said. While the water industry, shipping, and transportation industries were rated least-ready.

However, the Energy sector was considered the most in need of improved security because it is the biggest, most vulnerable and easiest to breach, respondents said.