Why SAP Security Leaders Are Reassessing Where Risk Resides

Security in SAP environments has moved beyond system hardening and authorizations into a broader discipline that spans identity, access governance, and operational risk.

As SAP landscapes integrate more deeply with cloud platforms, third-party applications, and business-critical workflows, security teams are increasingly responsible for how users, systems, and processes interact—not just how infrastructure is configured.

In this context, impersonation has emerged as a growing source of cyber exposure.

Research from Accenture, which was based on a survey of more than 1,000 workers in the UK, found that nearly a quarter of employees under 35 would respond to a suspicious work message if it appeared to come from a colleague or senior leader.

Advances in AI have further lowered the barrier to these attacks, enabling realistic messages to be generated and scaled with minimal effort.

As a result, SAP security leaders are being forced to reassess where risk resides—shifting focus from system-level controls alone toward identity assurance, workflow governance, and employee decision-making within SAP-driven processes.

Where Workplace Habits Create Exposure

According to the research from accenture, 15% of respondents said they would share company information, or approve payments, through messaging platforms, like WhatsApp, without verifying the sender if the request appeared to come from within the organization.

That figure rises to 24% among professionals under the age of 35, which suggests a need for clearer organizational policies, consistent verification processes, and targeted training that reflects how younger employees interact through informal digital channels.

More than 80% of employees surveyed in the report were confident in their ability to identify phishing or AI-enabled cyberattacks. That confidence, however, did not correspond with more cautious behavior, according to the report.

While 56% of businesses in the UK reported concerns about cyber threats, more than a third of workers (37%) said they had never received cybersecurity training.

Of those that had received training, 50% said it did not include guidance on using AI safely. Nearly one in five (17%) said they have no awareness of AI-driven cyber threats. Those who reported some knowledge cited deepfake videos (61%), AI-generated phishing emails (61%), voice cloning (47%), and identity theft (45%).

Cyber Risk Now Lives in Routine Workflows

Impersonation and other social engineering attacks continue to gain ground because they exploit everyday human interaction in the workplace.

AI has accelerated this pattern by making it easier to generate credible messages, replicate organizational context, and sustain deception across multiple channels.

Yet technology alone does not explain their effectiveness. These attacks succeed because modern workplaces prioritize speed, informality, and distributed decision-making, often without consistent verification embedded into everyday workflows.

For cybersecurity leaders, this shifts how vulnerability must be understood and managed. Risk no longer sits solely within compromised devices or misconfigured systems, but in how requests are made, verified, and acted on across the organization.

Messaging platforms, approval chains, and identity-based access therefore function as part of the security infrastructure, even when they sit outside traditional security tooling.

In this environment, resilience depends as much on the design of workflows and identity controls as it does on technical detection and response. That often means clearer policies and training that reflects how employees use communication and collaboration tools.

As Kamran Ikram, security lead in the UK and Ireland for Accenture, concluded in a press release, “building a cyber-savvy workforce isn’t just about protecting your systems, it’s also what allows innovation and trust to scale together.”

What This Means for SAP Insiders

• Identity-driven workflows have become a security concern. Cyber risk increasingly arises from how identity and authority are exercised within SAP-supported business processes. Approval chains, role-based access, and off-system communications can introduce exposure, requiring SAP security leaders to manage verification paths and decision flows as part of their security model.
• AI turns impersonation risk into a scalable threat. AI makes it easier to impersonate users, approvers, and support roles, using realistic messages that align with business context. This reframes AI risk from a tooling issue into an operational exposure that affects role-based access, approval workflows, and how transactions are initiated and validated.
• Training has become a core SAP security control. As impersonation attacks exploit judgment, employee behavior directly affects the security of processes. This means training must align with real SAP workflows—who can request changes, how approvals are validated, and when out-of-band verification is required—so human decisions reinforce, rather than bypass, SAP access controls and governance.