When it comes to communicating the importance of cybersecurity, PR plays a crucial role in bridging the gap between technical insight and business leadership. Partnering with top-tier publications like Forbes amplifies awareness of often-overlooked risksāsuch as vulnerabilities within SAP systems that power the majority of global commerce. By spotlighting expert voices like SecurityBridgeās CTO, Ivan, and contextualizing these issues for executive audiences, PR ensures that critical cybersecurity priorities reach decision-makers where it matters most: at the strategic level.
Thank you for reading this post, don't forget to subscribe!Originally posted at: https://www.forbes.com/councils/forbestechcouncil/2025/10/01/the-cybersecurity-paradox-why-sap-systems-remain-an-overlooked-risk/
As CTO of SecurityBridge, Ivan is an expert in SAP Security and cybersecurity innovation, ensuring business-critical systems remain secure.
Cybersecurity is a top priority in the boardroom, with billions spent on defense. Yet, an astonishing paradox persists: The systems running companiesā core operationsānotably SAP enterprise softwareāoften remain a security blind spot.
SAP systems are the lifeblood of global business, powering approximately 77% of global commerce and housing around 70% of corporate data. If attackers breach these core platforms, they can practically āsweep the rug from under the companyās feet,ā stealing sensitive data, committing fraud or halting operations.
Why, then, do so many organizations invest heavily in cybersecurity, yet leave SAP security on the sidelines?
Why Critical SAP Security Falls Through The Cracks
Several factors help explain this oversight:
- Assumed Shared Responsibility: Many companies assume SAP (or their cloud provider) is securing these systemsābut thatās only partly true. The vendor might safeguard the infrastructure, but customers must still lock down configurations, control access and monitor activity. Confusion over this split often leaves critical gaps.
- Misunderstanding The Threat Surface: SAP is seen as a sealed internal system, not a target for hackers. In reality, these applications interface with suppliers, clients and mobile employees, often via web portals. Attackers actively probe SAPās proprietary interfaces for weaknesses. Treating SAP as ātoo obscure to hackā is a dangerous mistake.
- Other Fires Get Priority: Many security leaders have focused their attention on cloud platforms, endpoints and ransomware threats. By comparison, ERP security hasnāt made headlines and often slid down the priority list. In short, SAP security quietly fell through the cracks while more flashy cyber concerns captured attention.
- Siloed Teams And Complexity: SAP administration is often handled separately from cybersecurity, resulting in silos. Security teams may also lack the necessary tools or expertise to monitor SAPās unique logs effectively. As a result, SAP becomes a āblack boxā that goes largely unwatchedāsometimes not even on the SOCās radar.
The outcome is a mission-critical system that attackers view as a soft target, despite managementās assumption that itās protected.
Wake-Up Calls: Breaches Underscore Urgency
Recent incidents are shattering any complacency around SAP security. One poll found 40% of organizations donāt include SAP or other critical systems in their cyber monitoring (and another 27% arenāt sure), leaving a massive visibility gap.
Attackers have noticed this blind spot.
In 2024, ransomware crippled a U.S. beverage companyās SAP system, paralyzing operations for months. The company even cited the SAP breach in its bankruptcy filingāa reminder that SAP compromises can have a severe impact on businesses.
In another case, hackers exploited a cloud-based SAP HR system to steal sensitive employee records from Coca-Cola and other entities. Even Fortune 500 giants proved not immune, showing that SAP applications are clearly lucrative targets.
Meanwhile, advanced threat actors are actively hunting SAP weaknesses. Researchers have observed Chinese state-sponsored groups and ransomware gangs exploiting newly disclosed SAP vulnerabilities within days of the disclosure. SAP applications are now firmly in attackersā crosshairs, and any delay in protecting them can be disastrous.
Closing The SAP Security Gap
How can executives resolve this paradox and fully integrate SAP into the cybersecurity fold?
First, elevate SAP security in your risk oversight. Ensure these systems have clear accountability and are being actively monitored and tested. Simply asking about SAP security at board meetings can uncover blind spots and spur action.
Next, integrate SAP expertise into security operations. Bring SAP specialists into the security team and use tools to feed SAP logs and alerts into your SIEM. The goal is unified visibilityāan SAP breach should trigger the same alarms and response as any other major incident.
Also, apply the same rigor to SAP as to other domains. Patch SAP systems promptly, harden configurations, perform regular access audits and include SAP in incident drills. If your staff lacks SAP security expertise, consider seeking expert assistance.
Finally, make SAP security everyoneās responsibility. Leadership must emphasize that protecting these core systems is a shared mandate across IT and security. When CIOs, CISOs and SAP teams truly share responsibility, the blind spot disappears.
Key Takeaways For CISOs And Board Executives
To strengthen resilience, organizations should make SAP security a strategic priority. That means treating SAP as an integral part of the cybersecurity strategyāintegrating SAP logs into centralized monitoring, investing in SAP-specific tooling for patching and offering assessments and training to protect these systems with the same urgency given to traditional, customer-facing applications.
Equally important is breaking down silos and assigning clear ownership. SAP security should be a shared responsibility between ERP and security teams, with security specialists embedded directly into the SAP team. No mission-critical system can afford to be “out of sight, out of mind.” When a critical SAP vulnerability surfaces, the team must know immediately who is accountable and ready to respond, rather than scrambling to determine ownership.
In today’s threat landscape, closing the SAP security gap isn’t optionalāit’s a business imperative that protects the very core of your operations.
