An audit has found Queensland's water providers aren't doing enough to protect themselves against cyber attacks, putting the state's water supply at risk.
An audit of Queensland's water grid has found most operators aren't sufficiently prepared for a cyber attack, leaving the state's water supply vulnerable.
The Auditor-General's report found bulk water providers SeqWater and SunWater, as well as local councils, did not have adequate processes in place to maintain water supply in the event of their systems being hacked.
"The age of many of these control systems, combined with more recent integration with corporate networks, had resulted in higher risks that had not always been recognised and tested by the entities themselves," acting Auditor-General Greg Close wrote.
"All entities we audited had the capability to respond to information security incidents if they detected them. However, they were not well prepared to respond to cyber attacks.They had not planned or tested their response and recovery from a malicious or cyber incident."
The report, released on Tuesday, made several recommendations to beef up cyber security and emergency processes.
It included improving oversight and monitoring of potential cyber threats by organisations, and increasing information sharing across the water supply bodies.
The report also recommended water providers improved internal processes to better prepare for potential malicious attacks.
The Department of Energy and Water Supply and Department of the Premier and Cabinet accepted all of the recommendations and pledged to implement them as soon as possible.
It follows a major worldwide hacking attack on public organisations including hospitals, earlier this year where patient data was held to ransom by hackers.
Queensland hospitals put measures in place quickly to stop the so-called ransomware attack, but the measures caused system glitches that took days to resolve.