Crowd Research Partners with the support of ERPScan released the ERP Cybersecurity Survey 2017. The report covers numerous topics related to ERP Security such as ERP Security risks, awareness, trends, improvements as well as practical takeaways on security. Respondents were selected from various roles and companies of different sizes and verticals, including Technology, Software & Internet, Government, Financial Services, Healthcare, Pharmaceuticals, Manufacturing, and Telecommunications.
- 89% of respondents expect that the number of cyber-attacks against ERP systems will grow in next 12 months.
- An average cost of a security breach in SAP is estimated at $5m with fraud considered as the costliest risk. A third of organizations assesses the damage of fraudulent actions at more than 10m USD.
- There is a lack of awareness towards ERP Security, worryingly, even among people who are engaged in ERP Security. One-third of them haven’t even heard about any SAP Security incident. Only 4% know about the episode with the direst consequences – USIS data breach started with an SAP vulnerability, which resulted in the company’s bankruptcy.
- One of three respondents hasn’t taken any ERP Security initiative yet and is going to do so this year.
- Cybersecurity professionals are most concerned about protecting customer data (72%), employee data (66%), and emails (54%). Due to this information being stored in different SAP systems (e.g. ERP, HR, or others), they are one of the most important assets to protect.
- It is still unclear who is in charge of ERP Security: 43% of responders suppose that CIO takes responsibilities, while 28% consider it CISO’s duty.
- The most widespread approach to SAP Security is to conduct pentesting or security assessment by a 3rd party – 33% responders has applied this measure.