Ponemon Institute issued a report after it “surveyed 607 IT and IT security practitioners who are involved in the security of SAP” and that 58% “of respondents rate the difficulty of securing SAP applications as high and 65 percent of respondents rate their level of concern about malware infections in the SAP infrastructure as very high applications.” The February 2016 report entitled “Uncovering the Risk of SAP Cyber Breaches” included this alarming conclusion:

…63 percent of respondents say C-level executives in their company tend to underestimate the risks associated with insecure SAP applications.

Here are the results about whether SAP applications secure:

Fifty-four percent of respondents believe it is the responsibility of SAP, not their company, to ensure the security of its applications and platform.

While 62 percent of respondents say SAP applications are more secure than other applications deployed by their company, respondents say their companies are evenly divided about confidence in the security of SAP applications (50 percent of respondents).

A barrier to achieving security is that only 34 percent of respondents say they have full visibility into the security of SAP applications and many companies do not have the required expertise to prevent, detect and respond to cyber attacks on their SAP applications.

This is alarming and likely applies to all ERP systems (including Oracle, Microsoft, Infor, and smaller ERP systems)!