A recent survey published by cloud-based controls provider ERP Maestro found a major disconnect between IT security workers and other corporate executives.
The survey of IT, security and audit professionals using SAP conducted by Americas' SAP Users' Group found only 25 percent of the C-level executives, including CIOs and CTOs, asked were very or extremely concerned about security, as compared to 80 percent of security professionals who fell into the very and extremely concerned range. The survey also found that only 64 percent of the companies participating reported having a defined cyber-security strategy in place, 12 percent had no strategy at all and 23 percent simply did not know about their company's cyber-security strategy.
Eighty-two percent of the respondents described their level of security for SAP applications as a "minor vulnerability" but generally their company has good access controls.
One reason for this disconnect, according to ERP's report, was many executives have too much faith in the security of their SAP-based workloads possibly due to a lack of the automated tools needed gain visibility into the number and scope of actual risks and vulnerabilities.