Freely subscribe to our NEWSLETTER

Key Findings:

– 89% of respondents expect that the number of cyber-attacks against ERP systems will grow in next 12 months.

– An average cost of a security breach in SAP is estimated at $5m with fraud considered as the costliest risk.

– A third of organizations assesses the damage of fraudulent actions at more than 10m USD.

– There is a lack of awareness towards ERP Security, worryingly, even among people who are engaged in ERP Security. One-third of them haven’t even heard about any SAP Security incident. Only 4% know about the episode with the direst consequences – USIS data breach started with an SAP vulnerability, which resulted in the company’s bankruptcy.

– One of three respondents hasn’t taken any ERP Security initiative yet and is going to do so this year.

– Cybersecurity professionals are most concerned about protecting customer data (72%), employee data (66%), and emails (54%). Due to this information being stored in different SAP systems (e.g. ERP, HR, or others), they are one of the most important assets to protect.

– It is still unclear who is in charge of ERP Security: 43% of responders suppose that CIO takes responsibilities, while 28% consider it CISO’s duty.

– The most widespread approach to SAP Security is to conduct pentesting or security assessment by a 3rd party – 33% responders has applied this measure.

“In my opinion, the result of the survey are not surprising findings. As
for today, most enterprises are still unprepared for any attacks,
including ones against ERP systems, due to their ever-expanding attack
surfaces. ERP systems store and manage essential business information
and processes.Taking into account the recent ransomware attacks and its
costs for organizations, we can imagine how huge the impact could be if
hackers target SAP for ransom. CISOs should include this area in their
list of top priorities if haven’t done it yet.”- commented Alexander
Polyakov, CTO at ERPScan.