Many companies invest heavily in perimeter protection to ward off external attacks, while considering their internal SAP landscapes to be secure and neglecting them in terms of cyber security. However, this assumption can prove to be a fatal fallacy and lead to fundamental vulnerabilities in processes, responsibilities, and corporate culture going unrecognized.
Inadequate security for SAP systems can not only result in financial losses, but also cause massive damage to an organization’s reputation or bring operations to a standstill. Medium-sized companies are particularly affected by this, as they often do not have the same resources as large corporations and are therefore more vulnerable to cyber attacks.
Due to their complexity and integration into business-critical processes, SAP systems are a worthwhile target for cybercriminals. Many companies overlook internal vulnerabilities such as outdated authorization concepts, inadequate patch management, or a lack of logging. The German Federal Office for Information Security (BSI) considers the current state of IT security in Germany to be cause for concern. In his keynote speech at the DSAG Annual Congress 2025, DSAG CEO Jens Hungershausen explained that up to 90% of cyber attacks can be attributed to human (mis)behavior, such as opening phishing emails, using weak passwords, or plugging in unknown USB sticks. Once attackers have gained access to the network in this way, they are able to cause immense damage.
The complex authorization assignment in SAP often proves to be a challenge. Over the years, authorizations accumulate that no longer correspond to the actual task profiles of the users. The result is overprivileged users – and a significant risk for the company. If an account with extensive authorizations is compromised, the consequences can be devastating. In addition, there is often no centralized monitoring of access and activities within SAP systems. However, continuous logging is a prerequisite for detecting suspicious activities in a timely manner and performing forensic analyses in the event of an attack.
The gap between perceived and actual security is not only technical in nature, but also has its roots in the organization and culture of companies. In many companies, cybersecurity is still considered a purely IT task. However, failure to integrate cybersecurity into business processes is one of the biggest vulnerabilities. Companies that do not consider security from the outset when planning and implementing new SAP systems and modules create significant points of attack for cybercriminals.
Another fundamental factor is employee awareness. Even the latest technology is useless if employees handle data carelessly or fall victim to phishing emails. In the SAP context in particular, users must be aware of the importance of the data they process and act with appropriate caution. Regular training and awareness campaigns contribute significantly to establishing a robust security culture (see below).
Many companies view investments in cybersecurity as a necessary evil. However, when talking to organizations that have been victims of cyberattacks in the past and have had to deal with the consequences of such attacks, a clear picture emerges: The costs of restoring operational readiness are enormous. In addition, insurance companies may only cover part of these costs, as “optimizations” of the IT landscape are often excluded from the terms and conditions. Furthermore, insurance rates usually increase after a cyberattack and can only be reduced if companies are able to prove that they have taken effective measures to ensure cybersecurity.
In order to strengthen cyber security in SAP landscapes in the long term, it is advisable to compare your own security requirements with your actual resilience. The following measures should play a role here:
Holistic risk analysis
Specific risk assessments for the SAP landscape include, for example, the identification of critical systems, data, and business processes, as well as the analysis of potential vulnerabilities and resulting threats. It is important that organizational and human factors are taken into account in addition to technical aspects.
Permanent monitoring with automated processes
Manual security processes are error-prone and time-consuming. Companies should therefore use automated tools for identity and access management (IAM), vulnerability scans, patch management, and configuration checks. Continuous monitoring of SAP systems for unusual activity is essential for detecting attacks early and taking effective countermeasures.
Establishing a zero trust architecture
The zero trust concept is based on the principle of not trusting any device, user, service, or application inside or outside your own network. This means that every access to SAP systems – whether by internal or external users – is strictly authentified and authorized regardless of its origin.
Ensuring business continuity
The question is no longer whether a company will be attacked, but when. This makes it all the more important to define countermeasures that can be taken in the event of a cyberattack (incident response) and are specifically tailored to SAP scenarios. This includes defined procedures for detection, containment, elimination, and recovery after a cyberattack. A concept for ensuring business continuity describes how critical SAP processes can continue to run even in the event of an attack.
Regular audits and penetration tests
External audits and penetration tests reveal vulnerabilities and put the effectiveness of security measures to the test. Ideally, the checks are tailored precisely to SAP requirements in order to address the specific challenges of SAP architectures.
The technical security of SAP systems is only part of the equation. A robust security culture also requires all employees to be aware of the potential risks and to act accordingly. Regular training and awareness campaigns are crucial for raising awareness of cybersecurity and enabling employees to recognize and report suspicious activity.
Users should be regularly informed about current threats and best practices. Phishing simulations and interactive training can help raise vigilance and improve responsiveness. A strong security culture is essential to increase resilience to cyber threats and ensure the integrity of SAP systems.
To achieve the highest possible level of protection, companies need to critically examine their cybersecurity strategy and take a realistic look at the effectiveness of the measures they have put in place. By combining technology, processes, and culture in a holistic approach, organizations increase their resilience to cyber attacks and reduce the likelihood that the consequences of an attack will threaten their existence. At the same time, they protect themselves from the enormous costs that would be incurred in restoring operations after a successful cyber attack.