SAP Risk Not Understood by C-Level

A new survey of executives and IT and security professionals found that far fewer executives are extremely concerned about SAP security, a stat that could be detrimental to developing sound cybersecurity strategies, according to ERP Maestro.

Given that enterprise resource planning (ERP) systems process so much transactional data and are often targets for attacks, Americas' SAP Users' Group (ASUG) conducted a May survey of C-level executives and IT and security professionals. Sponsored by ERP Maestro, the survey included responses from customers using both cloud and on-premise SAP solutions. SAP remains the dominant core ERP system used among ASUG members, and it is used to process 77% of the world’s transaction revenue.

The survey showed a sizable gap between executives and other professional groups in their perception of SAP security risks. The most substantial disparity exists between executives and those directly responsible for IT and security.

Only 25% of executives said that they were extremely concerned about security. That number is in stark contrast to the 80% of IT and security respondents whose concern level is in the range of very or extremely concerned.

“Dedicated security professionals understand the nuances of security and see it as a significant challenge. They likely have a more accurate assessment of their environment,” the report wrote. “The lack of concern among executive-level employees may indicate that more education is needed among this cohort to help increase understanding of the potential risks and insider threats.”

According to the survey, 82% of respondents said their systems have only minor vulnerabilities, while only 5% rated their systems as impenetrable and 8% did not know how to classify their systems. Additionally, of the respondents, one-third do not have a defined cybersecurity strategy.

“One of our biggest challenges, and also an objective in the work we do with SAP customers, is bridging the divide between executives and IT/security teams so that they are all on the same page when it comes to understanding their level of risk,” said Britta Simms, IBM's lead for Global Center of Competency SAP Security.

“That joint knowledge is crucial in forming comprehensive strategies and getting buy-in across the organization for the best prevention plans and tools. It’s also a competitive advantage.”

What’s Hot on Infosecurity Magazine?