Only 14 Percent of Companies Increased Security Budgets After WannaCry, NotPetya Attacks

A recent AlienVault survey of 233 IT professionals worldwide found that just 14 percent said their budgets for cyber security were increased following the WannaCry and NotPetya cyber attacks of 2017, and just 20 percent were able to implement changes or projects that had previously been put on hold.

Just 16 percent of IT security professionals believe their company leadership and boards took a greater interest in their roles following the attacks.

“WannaCry and NotPetya are generally believe to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture,” AlienVault security advocate Javvad Malik said in a statement. “Destructive malware poses existential threats to companies across all industries and can no longer be ignored.”

“To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks,” Malik added.

Blamed for Breaches

Thirteen percent of IT professionals whose companies were hit by WannaCry or NotPetya felt that they were blamed for the fact that their organization became a victim.

As a result, regardless of budget, many respondents have responded to the attacks by striving to improve their organization’s cyber security.

Fifty percent said they’re now using threat intelligence more regularly, 58 percent carried out a review of their security posture in response to the attacks, and 66 percent are more up to date with patching than they were before.

“The IT security profession remains a very tough place to work, where resilience is the key to success — particularly if you are blamed in the event of your company suffering a security incident,” Malik said.

While 28 percent of respondents said most people in their organizations listen to their IT advice more than they did before, just 10 percent said they’ve experienced an increase in job offers or have successfully negotiated a pay raise following the attacks.

A Focus on Security

A separate Spiceworks survey of 2,163 IT professionals in North America and Europe found that 32 percent of respondents hope to look for or start a different job in the next 12 months, 51 percent expect a raise from their current employer in the next year, and 21 percent expect a promotion.

While 70 percent of IT pros said they’re satisfied with their jobs, 63 percent believe they’re underpaid.

Among those that hope to change jobs, 75 percent are looking for a better salary, 70 percent want to advance their skills, and 39 percent want to work at a company that makes IT more of a priority.

And while 81 percent of IT professionals said it’s critical to have cyber security expertise, just 19 percent claimed to have advanced cyber security knowledge.

“Although the majority of IT professionals are satisfied with their jobs, many also believe they should be making more money, and will take the initiative to find an employer who is willing to pay them what they’re worth in 2018,” Spiceworks senior technology analyst Peter Tsai said in a statement.

“Many IT professionals are also motivated to change jobs to advance their skills, particularly in cyber security,” Tsai added. “As data breaches and ransomware outbreaks continue to haunt businesses, IT professionals recognize there is high demand for skilled security professionals now, and in the years to come.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles