Mr. Obama was an early adherent of Mr. Nunn’s advocacy for comprehensive programs to reduce the amount of nuclear material in the world, and by any measure his six-year effort to prevent nuclear terrorism has made major progress. Each summit meeting has forced countries to make progress on locking down or eliminating materials.

The Nuclear Threat Initiative, which publishes an annual index of nuclear security around the world, notes that a dozen countries have eliminated all weapons-usable nuclear materials since the summit meetings began. Many more have greatly improved the security surrounding lightly guarded materials, which are stored every place from hospitals to research reactors on university campuses.

But at the very moment that the black market in nuclear materials remains active, the report found that 24 nations still had more than 2.2 pounds of weapons-usable nuclear material, “much of it still too vulnerable to theft,” and many have just begun to think about their vulnerability to cyberthreats that could enable an attacker to sabotage a site without breaking through fences or risk setting off perimeter alarms.

The most famous cyberattack on a nuclear facility was done by the United States and Israel: the effort to destroy and disable nuclear centrifuges at the Natanz nuclear enrichment plant in Iran. That program, code-named Olympic Games, used a worm that was later named Stuxnet to knock the centrifuges out of operation. It did not release radioactive material into the atmosphere, but it was a vivid demonstration of the vulnerability of nuclear facilities to cyberattack. Iran had completely isolated the Natanz facility from the Internet, but the originators of the program found ways to insert it.

The lesson of Stuxnet, however, has apparently been lost on many nations that have yet to develop requirements that nuclear facilities have cyberprotections in place before they can operate.

“Too many states require virtually no effective security measures at nuclear facilities to address the threat posed by hackers,” the study, in which the Economist Intelligence Unit also participated, concluded. Of the two dozen nations with weapons-usable material, nine got the maximum score for cyberindicators, and seven got a score of zero.

In 23 nations that possessed no weapons-usable materials, but had nuclear power plants or other nuclear facilities that contain fuel that could be converted to weapons use, 13 got a zero score.

More than 80 percent of all nuclear stockpiles are classified as military material, meaning they are largely used in weapons programs, and all of those are outside international security review, including the guidelines issued by the International Atomic Energy Agency for the protection of civilian nuclear stocks.