Almost 90% of cyber-security experts expect attacks against ERP systems to increase over the next year, with the average cost of a breach estimated at $5 million.
Despite the rising threat, however, one-third of respondents to the ERP Cyber security Survey 2017 conducted and had never heard about a single security incident. Only 4% knew about history’s most dire ERP security breach in 2013 and 2014, when personal records on 25,000 government employees were stolen from now-bankrupt USIS, at the time the largest commercial provider of background investigations to the US federal government.
“The results of the survey are not surprising – most enterprises are still unprepared for any attacks,”. “Taking into account the recent ransomware attacks and their costs to organizations, we can imagine how huge the impact could be if hackers target ERP.”
The survey asked more than 1,900 cyber security experts from a variety of industries about their companies’ ERP security measures. Sixty-one percent said ERP is the most critical business application they run, followed by financial systems (57%) and CRM systems (55%).
However, only 44% percent of respondents monitor their system’s security at least monthly (only 25% constantly analyze system security), and 14% of respondents say they never analyze the security of their ERP systems.”
Part of the problem seems to be confusion around who is responsible for ERP security, the report says. Because SAP leads the business application market, serving 87% of Fortune 2000 companies, many responses highlight that company’s systems. Usually the chief information officer believes the chief information security officer is in charge, the survey notes, while the CISO believes the CIO is accountable because the internal SAP team has its own security department.
Consequently, nearly one-third of respondents say they only just now are beginning to pursue an ERP security initiative.