Almost 90 per cent of cybersecurity professionals expect cyberattacks against ERP systems to grow, with 54 per cent expecting successful cyberattacks on their organisations in the next 12 months and 30 per cent anticipating a significant increase in ERP cyberattacks overall, according to the results of a survey conducted by Crowd Research Partners and business application security provider ERPScan.
The ‘ERP Cybersecurity Survey 2017’ found that fraud is viewed as the threat that results in the highest financial losses, with one-third of respondents assessing the damage of fraudulent actions at more than US$10 million. The average cost of an SAP security breach is estimated to be US$5 million.
“We can only imagine how huge the impact could be if hackers targeted SAP for ransom,” said Alexander Polyakov, CTO, ERPScan.
The survey of more than 1900 cybersecurity professionals found respondents to be most concerned about protecting customer data (72 per cent), employee data (66 per cent), and emails (54 per cent). Because all of this information is stored in various SAP systems, these results shine the spotlight on SAP systems as a very important asset to protect.
Accordingly, cybersecurity budgets are set to increase, with 46 per cent of respondents planning an increase of 21 per cent. A total of 33 per cent of organisations reported that they will focus on cloud infrastructure, while 23 per cent will focus on training and education and 23 per cent will focus on mobile devices.
Despite these findings, the survey found that 29 per cent of respondents have not heard of any SAP security incidents and that only 4 per cent were aware that the security incident with the most dire consequences to date – the USIS data breach which led to the company’s bankruptcy – started with an SAP vulnerability. Just 33 per cent of respondents said that their organisation has conducted a pentest or security assessment by a third party, while one in three respondents has not yet taken any ERP security initiatives, although they plan to do so sometime this year.
To better manage cyber threats and reduce the risk of a security breach, companies are prioritising three key capabilities: improved threat detection (62 per cent), better analytical capabilities (43 per cent) and threat blocking (39 per cent).
To address security challenges, 54 per cent of respondents plan to train and certify their IT staff, followed by 29 per cent who said that they will partner with a managed security service provider and 27 per cent who will leverage security technology solutions.
Survey results indicate that it is still unclear as to who is in charge of ERP security, with 43 per cent of respondents indicating it is a CIO responsibility and 28 per cent identifying it as a CISO responsibility.