The Cybersecurity Blindspot That Could Impact Plans for SAP Tech Leaders

Last year was defined by major cybersecurity incidents and SAP issuing a record number of high-priority patches. Still, security has decreased in importance as a business priority in 2026. According to the SAPinsider Benchmark Report: Technology Leaders’ Strategic Agenda for 2026, only 17% of technology leaders rank improving cybersecurity and risk posture as a top business priority for 2026. Moreover, when it comes to planned investments beyond core ERP, third-party tools for monitoring, testing, or security for SAP sit at the bottom of the list, with only 10% of executive budget allocation.

The AI Security Intersection

“As organizations transform their business environments by moving to the cloud and implementing AI, they are creating new vulnerabilities,” says Robert Holland, Chief Research Officer at SAPinsider and author of the report.

When integrating AI capabilities like Joule or building AI-native applications on SAP Business Technology Platform (BTP), failing to include security from the outset puts the entire ERP ecosystem at risk, and this blind spot is alarming.

Finally, the data in this report explicitly warns that just as AI requires guardrails to prevent models from accessing sensitive enterprise data or returning hallucinations, standard security measures cannot be an afterthought in these deployments.

What This Means for SAPinsiders

The gap between the real-world threat landscape and current executive priorities creates a strategic opening for SAP practitioners. Currently, 23% of leaders admit to having a significant skill gap in SAP security and compliance. Therefore, SAPinsiders must:

• Bridge the Skills Gap: Upskill in SAP identity management, cloud security architecture, and AI governance. With only 20% of organizations actively planning to strengthen cybersecurity skills in 2026, becoming an internal expert in these areas is invaluable.
• Embed Security in Scope: Do not wait for leadership to ask for security measures. Treat threat detection, automated compliance, and vulnerability management as non-negotiable foundations for every SAP or cloud extension project, whether that is a new application in SAP BTP or a company-wide ERP transformation.
• Change the Narrative: Translate the technical risk of unpatched SAP systems and unsecured AI integrations into business terms. Executive sponsors are currently hyper-focused on reducing costs; SAPinsiders should remind them that the financial and operational fallout from a single systemic breach could obliterate any operational efficiency gains they hope to achieve in 2026.

Learn more about why Cybersecurity needs to be front and center for Technology Leaders today during an SAPinsider webinar discussing the details of this report on May 5. Register here.