Companies aren’t protecting their ERP systems from cyber-attacks, says new report

ERP software is vulnerable to cyber-attacks but enterprises are not doing enough to secure their systems, according to a new report.

The ERP Cybersecurity survey 2017, conducted by Crowd Research Partners and ERPScan, spoke to more than 1,900 cybersecurity experts and found that 89% expect to see a surge in attacks on ERP systems. 33% said they expect a “significant increase” in attacks.

The report said that there is a general lack of awareness around ERP security – one in three respondents said that they hadn’t implemented any ERP security strategy.

Furthermore, it found that many organisations are still unclear as to who is responsible for ERP security. 43% said it should be the CIO’s task but 28% said it was the CISO’s responsibility.

Find ERP with suitable security features using our completely up-to-date ERP vendor directory

The authors added that the responses show that there is still a lot of work to be done in securing ERP systems and spreading awareness. SAP tips the average costs of a security breach at $5 million.

The survey found that cybersecurity professionals are most concerned about the following three areas: protecting customer data (72%), protecting employee data (66%), and protecting emails (54%). This is all data that may be stored in some kind of ERP system. The report recommends regular pen-testing.

Despite the recent ransomware attacks that hit companies and organisations globally, including theNHS, Alexander Polyakov, CTO of ERPScan, said the results of the survey were unsurprising. He claimed that “most enterprises are still unprepared” for cyber-attacks targeting ERP systems.

“ERP systems store and manage essential business information and processes. Taking into account the recent ransomware attacks and its costs to organizations, we can imagine how huge the impact could be if hackers target SAP. CISOs should include this area in their list of top priorities if they haven't done it yet,” he said.