Cybersecurity experts anticipate growing number of attacks against ERP systems

Palo Alto, CA – May 31, 2017 – Crowd Research Partners with the support of ERPScan, a leading business application security provider, released the ERP Cybersecurity Survey 2017. The research revealed that there is still a lack of both awareness and security measures taken by enterprises, even though the majority of cybersecurity professionals anticipate the growing number of attacks on ERP systems.

The survey of more 1900 cybersecurity experts demonstrates that ERP Security has finally hit the list of topics organizations are most concerned about, with 89% of security professionals expecting the number of cyberattacks against ERP systems to grow. Moreover, 30% of the respondents anticipate a significant increase.

The fact that cybersecurity experts consider attacks on this key software as a costly risk worsens the situation – an average cost of an SAP security breach is estimated at $5m. According to the survey, fraud is viewed as the threat bringing the greatest financial loss, a third of organizations polled assesses the damage of fraudulent actions at more than $10m.

Still, the statistics show that there is a lot of work left to go in the field of ERP Security awareness. One in three respondents hasn’t heard about any SAP Security incidents, which happen every year. Only worrisome 4% know about an episode with the direst consequences – USIS data breach started with an SAP vulnerability, which resulted in the company’s bankruptcy. The most alarming is the fact that such results were gained by surveying among people who are engaged in ERP Security.

The lack of awareness is one of the reasons why enterprises are falling behind on securing ERP systems. One of three respondents hasn’t taken any ERP Security initiative yet and is going to address this area this year.

The result of the survey are not surprising findings. As for today, most enterprises are still unprepared for any attacks, including ones against ERP systems, due to their ever-expanding attack surfaces. ERP systems store and manage essential business information and processes.Taking into account the recent ransomware attacks and its costs for organizations, we can imagine how huge the impact could be if hackers target SAP for ransom. CISOs should include this area in their list of top priorities if haven’t done it yet.

– commented Alexander Polyakov, CTO at ERPScan.

The report covers numerous topics related to ERP Security including ERP Security risks, awareness, trends, improvements, etc. Respondents were selected from various roles and companies of different sizes and industries such as Technology, Software & Internet, Government, Financial Services, Healthcare, Pharmaceuticals, Manufacturing, Telecommunications, and others.

Download the ERP Cybersecurity 2017 Report to learn the key findings as well as practical takeaways.

Register for the “SAP Security – How to Protect Your Most Critical ERP Platform” webinar, to hear directly from the researchers and take a closer look at the state of ERP Cybersecurity and start building a defense strategy for your ERP system.

About ERPScan

ERPScan is the most credible Business Application Cybersecurity provider. The company operates globally and enables large Oil and Gas, Financial, Retail, and other organizations to secure their mission-critical processes. Named an ‘Emerging Vendor’ in Security by CRN and distinguished by 40+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.

ERPScan’s primary mission is to close the gap between technical and business security and provide solutions for CISOs to evaluate and secure SAP and Oracle ERP systems. Our clients are large enterprises, Fortune 2000 companies and managed service providers.