We secured this Forbes feature to spotlight SecurityBridge CTO Ivan Dolensky’s expert insights on why SAP systems remain a critical cybersecurity blind spot. This is exactly what our PR services are built for—elevating technical voices into top-tier business media where they drive real impact.

Originally posted at: https://www.forbes.com/councils/forbestechcouncil/2025/10/01/the-cybersecurity-paradox-why-sap-systems-remain-an-overlooked-risk/

As CTO of SecurityBridge, Ivan is an expert in SAP Security and cybersecurity innovation, ensuring business-critical systems remain secure.

Cybersecurity is a top priority in the boardroom, with billions spent on defense. Yet, an astonishing paradox persists: The systems running companies’ core operations—notably SAP enterprise software—often remain a security blind spot.

SAP systems are the lifeblood of global business, powering approximately 77% of global commerce and housing around 70% of corporate data. If attackers breach these core platforms, they can practically “sweep the rug from under the company’s feet,” stealing sensitive data, committing fraud or halting operations.

Why, then, do so many organizations invest heavily in cybersecurity, yet leave SAP security on the sidelines?

Why Critical SAP Security Falls Through The Cracks

Several factors help explain this oversight:

• Assumed Shared Responsibility: Many companies assume SAP (or their cloud provider) is securing these systems—but that’s only partly true. The vendor might safeguard the infrastructure, but customers must still lock down configurations, control access and monitor activity. Confusion over this split often leaves critical gaps.
• Misunderstanding The Threat Surface: SAP is seen as a sealed internal system, not a target for hackers. In reality, these applications interface with suppliers, clients and mobile employees, often via web portals. Attackers actively probe SAP’s proprietary interfaces for weaknesses. Treating SAP as “too obscure to hack” is a dangerous mistake.
• Other Fires Get Priority: Many security leaders have focused their attention on cloud platforms, endpoints and ransomware threats. By comparison, ERP security hasn’t made headlines and often slid down the priority list. In short, SAP security quietly fell through the cracks while more flashy cyber concerns captured attention.
• Siloed Teams And Complexity: SAP administration is often handled separately from cybersecurity, resulting in silos. Security teams may also lack the necessary tools or expertise to monitor SAP’s unique logs effectively. As a result, SAP becomes a “black box” that goes largely unwatched—sometimes not even on the SOC’s radar.

The outcome is a mission-critical system that attackers view as a soft target, despite management’s assumption that it’s protected.

Wake-Up Calls: Breaches Underscore Urgency

Recent incidents are shattering any complacency around SAP security. One poll found 40% of organizations don’t include SAP or other critical systems in their cyber monitoring (and another 27% aren’t sure), leaving a massive visibility gap.

Attackers have noticed this blind spot.

In 2024, ransomware crippled a U.S. beverage company’s SAP system, paralyzing operations for months. The company even cited the SAP breach in its bankruptcy filing—a reminder that SAP compromises can have a severe impact on businesses.

In another case, hackers exploited a cloud-based SAP HR system to steal sensitive employee records from Coca-Cola and other entities. Even Fortune 500 giants proved not immune, showing that SAP applications are clearly lucrative targets.

Meanwhile, advanced threat actors are actively hunting SAP weaknesses. Researchers have observed Chinese state-sponsored groups and ransomware gangs exploiting newly disclosed SAP vulnerabilities within days of the disclosure. SAP applications are now firmly in attackers’ crosshairs, and any delay in protecting them can be disastrous.

Closing The SAP Security Gap

How can executives resolve this paradox and fully integrate SAP into the cybersecurity fold?

First, elevate SAP security in your risk oversight. Ensure these systems have clear accountability and are being actively monitored and tested. Simply asking about SAP security at board meetings can uncover blind spots and spur action.

Next, integrate SAP expertise into security operations. Bring SAP specialists into the security team and use tools to feed SAP logs and alerts into your SIEM. The goal is unified visibility—an SAP breach should trigger the same alarms and response as any other major incident.

Also, apply the same rigor to SAP as to other domains. Patch SAP systems promptly, harden configurations, perform regular access audits and include SAP in incident drills. If your staff lacks SAP security expertise, consider seeking expert assistance.

Finally, make SAP security everyone’s responsibility. Leadership must emphasize that protecting these core systems is a shared mandate across IT and security. When CIOs, CISOs and SAP teams truly share responsibility, the blind spot disappears.

Key Takeaways For CISOs And Board Executives

To strengthen resilience, organizations should make SAP security a strategic priority. That means treating SAP as an integral part of the cybersecurity strategy—integrating SAP logs into centralized monitoring, investing in SAP-specific tooling for patching and offering assessments and training to protect these systems with the same urgency given to traditional, customer-facing applications.

Equally important is breaking down silos and assigning clear ownership. SAP security should be a shared responsibility between ERP and security teams, with security specialists embedded directly into the SAP team. No mission-critical system can afford to be “out of sight, out of mind.” When a critical SAP vulnerability surfaces, the team must know immediately who is accountable and ready to respond, rather than scrambling to determine ownership.

In today’s threat landscape, closing the SAP security gap isn’t optional—it’s a business imperative that protects the very core of your operations.