In what Ernst and Young refers to as an "invisible" threat, the issue emerged for the first time this year in the firm's recurring survey of most important concerns of energy executives, ranking ninth on the list.
Ernst and Young based its "Business Pulse: Oil and Gas" study, released this week, on a survey of more than 100 oil and gas industry executives from 90 companies in 21 countries.
The report cited three main types of information technology security threats: Intellectual property theft, commercial espionage and operational sabotage, which Ernst and Young said was potentially the most damaging and high-profile of the three because "targeted attacks increasingly have the potential to bring down crucial components of a company's infrastructure network."
"Oil and gas facilities are crucial to a country's national infrastructure and, as such, are likely to be among the primary targets for cyberattacks," the report warns.
Control systems used by oil and gas companies are becoming more sophisticated, but that also means that having a physical network controlled digitally poses "significant" risks, it added.
With the amount of sensitive proprietary information circulating within and between oil and natural gas companies and their counterparties, Ernst and Young says, information security needs to be "watertight" to prevent both industrial espionage and breaches by "hacktivists" -- those who hack into computer networks to promote a political or social ideology.
"Chief information officers have suddenly become very important with respect to the management of companies," Ernst and Young's Marcela Donadio said in the report. "Previously, the major IT issue concerned the operational effectiveness of systems, but now, security is equally important."
The report quoted one company as saying: "When we go to particular countries we go with clean cellphones and clean computers. We don't store any information, we don't transmit any information back home and we don't go on any networks."
Yet the firm's research indicates that most information leakages or threats come from internal rather than external sources.
A March report by Houston network security firm Alert Logic said that 61 percent of the 54 energy companies it serves experienced targeted malware attacks, often involving malicious software that company workers had load inadvertently onto their networks through contaminated USB drives, links in emails, or infected websites.
The top-ranked concern revealed by this year's Ernst and Young survey was "the risk of a health, safety or environmental incident," as it was in the last survey, in 2011. Other key risks in the latest survey include price volatility, an uncertain energy policy, access to reserves and markets and cost escalation.