Fortify Your Future: The New Era of SAP Security
What is SAP Security?
SAP Security encompasses the strategies, technologies, and practices designed to protect SAP systems, applications, and data across on-premise, cloud, and hybrid landscapes. It addresses key domains such as identity and access governance, data protection and privacy, cybersecurity and threat protection, and compliance controls.
With increasing adoption of SAP’s intelligent enterprise platform, S/4HANA, SAP Business Technology Platform (BTP), and RISE with SAP, the security posture of SAP environments has become more complex and more critical than ever. Enterprises must defend against sophisticated cyberattacks, embedded vulnerabilities, and evolving compliance requirements.
SAP Security aims to:
-
Ensure only authorized users and processes can access sensitive functions and data
-
Protect confidential and regulated data against breaches or misuse
-
Detect and respond to threats, intrusions, and anomalous behavior
-
Embed security across development, operations, and transformations (i.e. security by design)
-
Maintain compliance with industry standards, regulations, and audit requirements
Why SAP Security Matters
-
High-value target: SAP systems often run mission-critical processes (finance, supply chain, HR), making them attractive targets for attackers.
-
Complex ecosystems: Many organizations run hybrid environments (on-prem + cloud + third-party integrations), increasing attack surfaces.
-
Rapid transformation: As companies migrate to S/4HANA or move workloads to cloud, they must ensure security is not an afterthought.
-
Regulatory and compliance pressures: Regulations such as GDPR, SOX, NIS2, and industry-specific mandates demand strict controls over data and access.
-
Shared responsibility models: In cloud or managed SAP models, security responsibilities can be split between vendor, cloud provider, and enterprise, requiring clear governance.
SAPinsider Security Resources!
Cybersecurity Threats and Challenges to SAP Systems 2025Over the past year the number of cyber threats impacting enterprise landscapes, and the SAP systems that reside in them, continued to increase. Reflecting this increase in cyber threats, 23% of respondents reported that they experienced a credential compromise or social engineering attack, a malware or ransomware attack, or a cybersecurity attack that has impacted their SAP environment during the past year. This makes it vital that organizations are prepared for the cyber threats that their organization is facing, and for the change in the nature and impact of attacks against their systems.
Which cybersecurity threats are the most important to SAPinsiders varies from year to year based on what is being most actively exploited by threat actors. However, for the last few years ransomware attacks has been towards the top of the list along with unpatched systems. This year, perhaps reflecting the fact that as more organizations complete transformation projects that bring together SAP and non-SAP data from across the enterprise, there are greater concerns about data exfiltration attacks and connections to other systems or applications. With more systems running in the cloud, the exposure points between these systems and those still running locally in data centers or in other cloud environments can significantly expand the attack surface.
This year's research also explored the the challenges faced in securing SAP systems. Despite the fact that organizations have needed to patch SAP systems for years, keeping up with SAP security notes, patches, and updates remained the biggest challenge respondents faced in securing their SAP systems. This is something that must be addressed by SAPinsiders if they are to ensure that their systems are secure.
In addition, this year's report explores how the cybersecurity maturity posture of organizations is impacting what they are prioritizing from a cybersecurity perspective and what SAPinsiders should be focusing on as their cybersecurity strategy matures.
The findings indicate that those with a greater cybersecurity maturity are more concerned about topics like supply chain attacks, credentials compromise, and ransomware attacks than those that are lagging from a cybersecurity maturity perspective. This indicates that these organizations may have addressed some of these challenges and are moving forward with bigger threats.
Download the benchmark report to read the full data analysis and receive recommendations for your own plans.
- Understand the biggest factors impacting cybersecurity strategy.
- Explore the challenges that SAPinsiders face with securing their SAP systems.
- Learn about where SAPinsiders are planning on making cybersecurity investments..
- See what role application development will play in the future.
1 minute readReported SAP Cyber Attack Severely Impacts Business OperationsIn April 2025 an SAP cyberattack has halted operations at a leading global manufacturer, exposing critical business data and sending shockwaves through global supply chains. Security experts report that a recently released SAP exploit, now in the hands of multiple threat actor groups, has made it easier than ever for attackers to compromise vulnerable systems. […]
1 minute readThe Technology Leader’s 2025 Agenda for SAPTechnology Leaders at SAP customer organizations are facing much change in 2025 and beyond. The end of mainstream maintenance for SAP ECC looms, compelling companies to transition to SAP S/4HANA. Meanwhile, artificial intelligence (AI) is rising in the enterprise technology world, with vendors like SAP building AI tools, embedding AI into their systems, and creating platforms for custom AI innovation. The emergence of AI has brought it to the forefront of technology leaders’ minds as they plan their investments and staffing. For this report, SAPinsider surveyed technology leaders across various industries and regions about their agendas for SAP and SAP-adjacent technologies. This included their top challenges, priorities, and planned investments for 2025, as well as their strategies for SAP S/4HANA and AI. Throughout their responses, SAP S/4HANA, along with AI strategy and AI technologies, consistently emerged as core focus areas. Respondents discussed how AI and SAP S/4HANA impact their budgets and the size of their staffing teams. Spoiler Alert: SAP S/4HANA migrations require more resources, while AI innovation presents many challenges. Still, many technology leaders are pushing ahead with this crucial projects, driven by the desire to create more efficient and visible processes, to become more data-driven, and in the case of SAP S/4HANA, migrate before the end of mainstream maintenance for SAP ECC in 2027. Download this benchmark report to read the full data analysis from technology leaders in the SAPinsider community and receive recommendations for your own plans. Discover where your peers are along their AI journeys. Understand the priorities that are driving technology leaders' strategy and investment. Explore the most sought after technologies and associated skillsets at SAPinsider organizations. See how SAP-related budgets and SAP-related staffs are expected to change in 2025.
Cyber Security News from our Partners!
3 min readNew Onapsis Platform Updates Deliver Deeper SAP SecurityAs SAP systems face increasing cyber threats, Onapsis has announced new functionality in its platform to enhance security and patch management, emphasizing the importance of prioritizing SAP protection, securing executive support for cybersecurity initiatives, and adopting a layered defense strategy.
3 min readSAP’s Hectic Six Months of PatchingIn the first half of 2025, SAP's release of 27 high-priority security notes, 14 HotNews updates, and several zero-day vulnerabilities, including one allowing unauthenticated file uploads, highlights the increasing sophistication of cyber threats targeting SAP systems, underscoring the necessity for customers to stay vigilant with patching, monitoring, and adopting layered cybersecurity measures.
1 min readThe SAP Zero-Day Wake-Up Call: What CISOs and CIOs Need to Know In recent months, an unprecedented wave of SAP zero-day attacks exposed critical structural weaknesses in the security programs of hundreds of the world’s leading organizations—raising urgent questions about detection, response, and long-term resilience of their business-critical applications. And while this made major headlines, many business leaders are still scrambling to understand what happened, what […]- 1 min readSAPinsider Research Webinar: Cybersecurity Threats and Challenges to SAP Systems 2025Over the past year the number of cyber threats impacting enterprise landscapes, and the SAP systems that reside in them, continued to increase. Reflecting this increase in cyber threats, 23% of respondents reported that they experienced a credential compromise or social engineering attack, a malware or ransomware attack, or a cybersecurity attack that has impacted their SAP environment during the past year. This makes it vital that organizations are prepared for the cyber threats that their organization is facing, and for changes in the nature and impact of attacks against their systems. The findings webinar for the 2025 Cybersecurity Threats and Challenges to SAP Systems report reviews the data from this year’s research, highlights changes from previous years, and explores how the maturity of respondents’ cybersecurity posture is impacting their cybersecurity focus. By attending the session, you will: Understand the biggest factors impacting cybersecurity strategy. Explore the challenges that SAPinsiders face with securing their SAP systems. Learn about where SAPinsiders are planning on making cybersecurity investments. See what role application development will play in the future.
3 min readCharting a Path to SAP Cloud SecurityAs businesses shift to the cloud, they encounter distinct security challenges that can hinder their ability to fully utilize cloud capabilities; adopting a 'security by design' approach and collaborating with experienced partners like Onapsis and Capgemini is crucial for ensuring data security and navigating new risks, particularly with the integration of AI.
3 min readUnderstanding Threat Actors Attacking SAP with OnapsisIn April 2024, Onapsis, in collaboration with Flashpoint, released the 'Ch4tter: Threat Actors Attacking SAP for Profit' report, emphasizing the evolving cybersecurity risks facing SAP organizations and advocating for proactive measures like penetration testing and ongoing education to mitigate these threats.
3 min readOnapsis Announces New Cybersecurity Book to Debut at SAPinsider Vegas 2025At SAPinsider Vegas, technology leaders will gather to explore SAP landscape optimization and cybersecurity, highlighted by the release of Onapsis's new book 'Cybersecurity for SAP,' co-authored by its CTO and focused on addressing security challenges amid rising cyber threats.
SAPinsider Security Resources!
14 min readA Leader’s Guide to the SAP GRC FrameworkSAP GRC (Governance, Risk, and Compliance) is a crucial integrated framework that helps organizations navigate the complexities of compliance, risk management, and governance within increasingly regulated and threat-laden business environments, serving as both a tool and a strategic imperative for operational integrity.
7 min readSecuring the Bridge: A Leader’s Guide to SAP BTP in Hybrid ArchitecturesThe SAP Business Technology Platform (BTP) is crucial for innovation in hybrid environments but poses significant security risks due to its integration with core systems; thus, organizations must adopt comprehensive security strategies that include proactive monitoring, secure development practices, and strict identity management to protect against vulnerabilities and unauthorized access.
6 min readBeyond LNK Files: Unmasking the SAP Shortcut Phishing ThreatAttackers can exploit SAP Shortcut (.sap) files in phishing campaigns to execute remote code on user machines, bypassing traditional security measures, necessitating defenses such as blocking these attachments and implementing SAP security configurations.
6 min readNew in The Onapsis Platform: Deeper SAP Insights and Automated DefensesOnapsis has launched significant updates to The Onapsis Platform, including the SAP Notes Command Center, Rapid Controls, expanded Alert on Anything capabilities for SAP BTP, and enhanced Coverage Analysis in Onapsis Security Advisor, aimed at improving SAP application security by providing deeper insights, greater visibility, and more automation to help organizations effectively respond to an alarming rise in attacks targeting critical applications.
4 min readOnapsis and Microsoft Sentinel: End-to-End SAP Threat Monitoring for the SOCOnapsis has integrated its threat monitoring product, Onapsis Defend, with Microsoft Sentinel Solution for SAP to enhance visibility and security for mission-critical SAP systems, enabling quicker detection and response to sophisticated threats.- 1 min readReported SAP Cyber Attack Severely Impacts Business OperationsIn April 2025 an SAP cyberattack has halted operations at a leading global manufacturer, exposing critical business data and sending shockwaves through global supply chains. Security experts report that a recently released SAP exploit, now in the hands of multiple threat actor groups, has made it easier than ever for attackers to compromise vulnerable systems. […]
1 min readCritical SAP Zero-Day Vulnerability Under Active ExploitationActive exploitation of a critical zero-day vulnerability (CVE-2025-31324) in the SAP Visual Composer component allows unauthenticated attackers to gain full control over SAP systems, prompting SAP to release an emergency patch and urging customers to either apply it or disable access to the vulnerable component.
5 min readSecuring SAP Remote Function Calls: The Crucial Role of S_ICF AuthorizationThe article discusses the importance of the S_ICF authorization object in SAP systems as a security measure to mitigate RFC hopping attacks by controlling access to RFC destinations and ensuring that only authorized users can initiate function calls, thereby reducing the risk of unauthorized privilege escalation following a cyber attack.
3 min readVulnerabilities Affecting SAP AI ServicesOn July 17th, 2024, Hillai Ben-Sasson, a security researcher from the cloud company WIZ released the results of a research focused on SAP Cloud AI services, which was part of a broader research around mainstream AI cloud providers also including Hugging Face and Replicate. The researcher identified a set of weaknesses in the cloud infrastructure of the SAP Core AI service.
2 min readLessons from Onapsis-Flashpoint Report and BeyondIn the realm of enterprise resource planning (ERP) systems, security is a constant battleground. Despite the availability of patches for known vulnerabilities, the Onapsis-Flashpoint Ch4tter report sheds light on a worrying trend: increased attack activities on these critical systems.
