SAP Risk not Understood by C-Level


A recent survey of executives and IT and security professionals found that far fewer executives are deeply concerned about SAP security. This is a stat that could be detrimental to developing and cybersecurity strategies, according to ERP Maestro.

As ERP (enterprise resource planning) systems process so much transactional data and are common targets for attacks, Americas’ SAP Users’ Group (ASUG) conducted a survey of C-level executives and IT security professionals back in May.

The Survey

The survey, which was sponsored by ERP Maestro, included many responses from customers using both cloud and on-premise SAP solutions. SAP continues to be the dominant core ERP system used by ASUG members. It is used to process 77 per cent of transaction revenue across the globe.

The survey demonstrated a sizable gap between executives and other groups of professionals in their view of SAP security risks. The most substantial disparity exists between both executives and those who are directly responsible for IT and security.

Only a quarter of executives said that they were extremely concerned about security. This is a large comparison to the 80 per cent of IT and security professionals who expressed a much higher rate of concern.

“Dedicated security professionals understand the nuances of security and see it as a significant challenge. They likely have a more accurate assessment of their environment,” the report wrote. “The lack of concern among executive-level employees may indicate that more education is needed among this cohort to help increase understanding of the potential risks and insider threats.”

The Statistics

According to the survey, 82 per cent of those who responses said that their systems only have minor vulnerabilities. Only 5 per cent, however, rated their systems as impenetrable and 8 per cent were unsure how to classify their systems. What’s more, one-third of the respondents did not have a defined cybersecurity strategy,

“One of our biggest challenges, and also an objective in the work we do with SAP customers, is bridging the divide between executives and IT/security teams so that they are all on the same page when it comes to understanding their level of risk,” said Britta Simms, IBM’s lead for Global Center of Competency SAP Security.

“That joint knowledge is crucial in forming comprehensive strategies and getting buy-in across the organization for the best prevention plans and tools. It’s also a competitive advantage.”

Join us for ECC UK

Cloud computing and DevOps represent wonderful investment opportunities for large enterprise organisations worldwide. Join us in September as we bring together hundreds of leading industry speakers, users and suppliers of Cloud to review the latest ground-breaking technological innovations in this space.