Independent Market Survey Reveals in the Last Year 64% of ERP Deployments Have Been Breached

Independent Market Survey Reveals in the Last Year 64% of ERP Deployments Have Been Breached

Onapsis, provider of business application cybersecurity solutions, today announced the findings of a new IDC survey titled ‘ERP Security: The Reality of Business Application Protection’ sponsored by Onapsis. According to the sponsored survey of 430 IT decision makers, ERP applications are critical to business operations. Of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-Business Suite, 64 percent of them confirmed that their deployments have had an ERP-related breach in the last 24 months.

“ERP applications such as Oracle E-Business Suite and SAP can be foundational for businesses. A breach of such critical ERP applications can lead to unexpected downtime, increased compliance risk, diminished brand confidence and project delays,” said Frank Dickson, Program Vice President, Cybersecurity Products with IDC. “Cyber miscreants seem to be indiscriminate when it comes to ERP systems, having an appetite for all types of data, which, if in the wrong hands, could be detrimental to the business in terms of revenue and reputation.”

Amid the 64 percent of enterprises that have experienced breaches of large ERP platforms in the last 24 months, reported compromised information includes sales data (50 percent), HR data (45 percent), customer personally identifiable information (41 percent), intellectual property (36 percent) and financial data (34 percent). Additional findings of the sponsored survey include:

  • 78 percent of respondents report that ERP application users are audited every 90 days or more.
  • 74 percent of SAP and Oracle EBS applications are connected to the internet.
  • 56 percent of C-level executives are concerned or very concerned about moving ERP applications to the cloud.

“The findings of this independent survey should raise questions at the Board level about the adequacy of internal controls to prevent cyber attacks and the level of auditing taking place. The lack of these controls is one way for cyber insurance companies to deny claims,” said Larry Harrington, former Chairman of the Global Board of the Institute of Internal Auditors (IIA). “The information compromised most often according to this research is the highest regulated in today’s business ecosystem. Most concerning is the popularity of sales, financial data and PII, all of which should raise flags about the possibility of insider trading, collusion and fraud.”

Download the new IDC survey titled ‘ERP Security: The Reality of Business Application Protection’ sponsored by Onapsis, and feel free to read our blog post titled, “How to Keep Your ERP Data Safe from Ransomware.


Looking for more? Download our Enterprise Resource Planning Buyers Guide for free to compare the top-24 products available on the market with full page vendor profiles, key capabilities, an ERP software market overview, our bottom line analysis, and questions for prospective buyers.

And don’t forget to follow us on TwitterFacebook and LinkedIn for all the latest in the ERP space!

Follow Liz

Elizabeth Quirk

Liz is a leading enterprise technology writer covering Enterprise Resource Planning (ERP), Business Process Management (BPM) and Talent Management Suites (TMS) at Solutions Review. She writes to bridge the gap between consumer and technical expert to help readers understand what they're looking for. Liz attended Massachusetts College of Liberal Arts, where she obtained her Bachelor of Arts Degree in English and Communications. You can reach her at equirk@solutionsreview.com
Elizabeth Quirk
Follow Liz