A cyberterror attack on vital national infrastructure such as power facilities, transport networks and the financial sector could be imminent—and international governments are ill-prepared, cybersecurity experts have warned.
"It's not easy to predict what will happen, but the worst terrorist attacks are not expected," Eugene Kaspersky, the co-founder and chief executive of global IT security firm Kaspersky Labs, told CNBC.
"So I am afraid that if we face this cyberterrorism, it will be very unpredictable in a very unpredictable place, but with very visible damage. Unfortunately, there are many possible victims."
In recent months, the business world and political establishment has seen an uptick in the use of debilitating digital attacks. As well as the Sony attacks, allegedly by North Korea, and the widespread hacking of international news agencies by the "Syrian Electronic Army," On Monday, Malaysian Airlines refuted that its website had been hacked by a group calling itself the "Cyber Caliphate" and claiming affiliation with the Islamic State (ISIS).
Now, there are concerns that the next big attack will be against national critical infrastructure and could cripple a country's ability to function.
Kaspersky told CNBC that each country needed to make a "very serious audit" of the critical infrastructure within its borders. In order of importance, he noted that the infrastructure most vulnerable was the power network, "because if the power plants and power grid don't work, then nothing else works," followed by telecommunications, financial services and transportation.
"A security strategy needs to be made for all of these components," Kaspersky said.
He warned that governments needed to allocate a good part of their budgets over the next decade to making critical infrastructure systems more secure.
"Technically it's possible to make them immune from attacks, but it's complicated, it's expensive and it will take time and budgets," Kaspersky said.
Budget cuts in the U.K. and Europe have undoubtedly challenged government attempts to counter cyberterrorism, but a spokesperson for the U.K. Cabinet Office told CNBC that cybersecurity was a priority.
"Cybersecurity is already a tier-one national security priority and our investment of £860 million ($1.3 billion) over five years in the National Cyber Security Programme (NCSP) supports a wide range of projects to develop the U.K.'s cyber security capabilities. This is a clear signal of just how seriously the Government is treating the threat," the spokesperson said.
Kaspersky noted that there needed to be far stronger international cooperation against cyberterrorism, including in the sharing of information, in order to relay early warnings ahead of potential attacks.
The U.K. and U.S. have already pledged to work together in a bid to remain one step ahead of terrorism groups like Islamic State that are increasingly using computers as means of attack.
In particular, there are the so-called war games involve "cybercells" of U.S. and U.K. intelligence agents staging attacks against each another, in order to test the resilience of certain sectors to cyberattacks. The first exercise will test the financial sector, with simulated attacks on the City of London, including the Bank of England, and Wall Street.
E.J. Hilbert, the heads Kroll's cyber unit for Europe, the Middle East and Africa, told CNBC that hundred, if not thousands attacks were already taking place—and that more attacks were coming.
Read MoreTop 5 cybersecurity risks for 2015
"There are hundreds of attacks taking place against the U.K. and U.S. nuclear industry and financial system every day. There is this non-stop badgering of the system by hackers who are hoping that one day the system will crack," said Hilbert, a former FBI agent in the cybercrime and counterterrorism field.
He was emphatic that national governments were unprepared for a cyberattack on critical infrastructure. He said that the proposed "war games" would have limited effect in acting as a pre-warning to governments on the weaknesses of critical systems.
"These tests don't do what the bad guys are going to do, they don't go far enough. If the bad guys want to shut a system down, they'll shut it down and unless you've tested for that, you don't actually know if there's a way of bringing a system back," Hilbert said.
If an attack is so bad that all else has failed, governments can always choose to shut down their own infrastructure systems. But taking such steps can have alarming consequences, such as lack of power if power plants are shut down, lack of water if water facilities are closed, and permanent system failure.
With that in mind, Hilbert said "it might be better to fight the attack then shut down the system."
- By CNBC's Holly Ellyatt, follow her on Twitter @HollyEllyatt. Follow us on Twitter: @CNBCWorld