header background image

Securing SAP Systems: A Comprehensive Approach

January 23, 2024


Jens Kettler



In the current digital landscape, the security of SAP systems and the business processes running on them is paramount. This article delves into the importance of robust security measures, drawing on insights from IBM's Cost of a Data Breach Report (https://www.ibm.com/reports/data-breach), bitkom’s information (https://www.bitkom.org/Presse/Presseinformation/Organisierte-Kriminalitaet-greift-verstaerkt-deutsche-Wirtschaft-an) and the Association of Certified Fraud Examiner (ACFE) Report to the Nations (https://legacy.acfe.com/report-to-the-nations/2022/), highlighting the significant financial repercussions and reputational risks associated with data breaches and insider fraud.

Infographic that illustrates Rising costs for cyberattacks, Rising risks for organizations, Rising threats from Russia and China.

The Imperative of Security

The data presented in the reports underscores the substantial costs and far-reaching implications of data breaches: the German economy alone had costs and losses resulting from cyberattacks of more than 200 bn Euros in 2023 alone. On average, it took more than 200 days to identify a breach, and another 75 days to contain it.
These are not mere inconveniences but critical events that can jeopardize the very foundation of a business.

Moreover, the ACFE's report sheds light on the equally troubling issue of insider fraud, revealing vulnerabilities that exist within the organizations themselves. The ACFE conducted surveys that indicate that up to 5% of revenue is lost to fraud, annually. And similar to cyberattack cases, it also takes very long to find and stop fraud: around 15 months on average (median). Most of the cases are even detected by chance rather than a monitoring program in place. But monitoring can reduce losses substantially, according to the ACFE.

Infographic that illustrates that on average it takes 212 days to identify a data breach, 75 days to contain a data breach and 287 days to identify and contain a date breach.
BROSCHÜRE - die Vorteile unserer Produkte!

remQ – Quick Assessment

The remQ Quick Assessment delivers tangible results on risks and potential financial losses within one day: we scan your business processes and uncover overpayments, lost revenue and other financial losses.

Tablet mit dem Deckblatt des Dokuments

Dual Layers of Defense: Cybersecurity and Internal Controls

In the realm of SAP systems, security is a multi-faceted endeavor. On one front, cybersecurity measures are essential to thwart external threats. These include deploying firewalls, implementing robust encryption, and maintaining rigorous access controls. Add to that secure ABAP code, change management, securing interfaces, and many more things.

However, equal attention must be paid to internal controls that secure the business process in the SAP system. Besides preventive controls, mainly access controls for employees, it is critical to actively monitor business processes to prevent fraud from within the organization. Employees, despite their legitimate access to sensitive transactions, can pose risks, bypass controls, work in collusion, use social engineering, etc. This makes a comprehensive business monitoring approach essential.

SAP Security Solutions: A Structured Approach

The SAP Security Solution Map provides a structured approach to safeguarding SAP systems.

SAP Security Solution Map

This resource offers a strategic framework and best practices to enhance security measures systematically. Additionally, the SAP Security Baseline Template serves as a crucial tool, especially with its Configuration Validation feature in the SAP Solution Manager, which automates and reinforces security checks.

WHITE PAPER - erweitere Dein Wissen!

Reduce Fraud & Boost Cost Savings by Automating Internal Controls

Our White Paper explains how using robust controls and automation, organizations can better manage fraud risks, comply with regulations, improve operational efficiency, and save substantial costs.

Tablet mit dem Deckblatt des Dokuments

Keine Artikel gefunden.

Addressing Insider Risks: Beyond Cybersecurity Measures

While cybersecurity and the SAP Security Baseline Template is geared towards external threats, addressing risks posed by insiders requires a different approach. This is where solutions like remQ (https://www.voquzlabs.com/remq) come into play. remQ specializes in monitoring business processes, providing a defense mechanism against errors and potential frauds. It's an essential tool in a comprehensive security strategy, ensuring that threats, whether internal or external, are identified and mitigated promptly.

Fraud - Insiders bypass controls: 5% of revenue lost, 4/5 cases by insiders, 15 months to detect, 50% detected by chance, 70% in finance O2C, P2P. Monitoring can reduce losses by 40%.

In conclusion, securing SAP systems and the business processes they support is a complex yet critical task. It demands a balanced focus on both cybersecurity measures to protect against external threats and internal controls to guard against insider risks. With the right combination of strategic planning, technological tools, and continuous monitoring, organizations can fortify their defenses and safeguard their operations against the multifaceted threats of the digital age.


Jens Kettler

Jens verfügt über mehr als 20 Jahre Erfahrung in den Bereichen SAP-Sicherheit, Compliance und interne Kontrollen. Er ist ein ehemaliger Wirtschaftsprüfer, immer neugierig, bereit zu lernen und Wissen zu teilen. Bei VOQUZ Labs ist Jens für die Risiko- und Compliance-Produkte verantwortlich. Es macht ihm Spaß, mit Kunden zu interagieren und schnelle und einfache Wege zu finden, um Produkte zu verbessern und den Kunden einen Mehrwert zu bieten. Pragmatisch und kundenorientiert? Dann Jens :)


Hast Du Fragen oder möchtest Du etwas hinzufügen? Hinterlasse  uns bitte eine Nachricht! Deine Nachricht wird per E-Mail an uns übermittelt und nicht veröffentlicht.

Danke! Deine Anfrage wurde empfangen!
Ups! Beim Absenden des Formulars ist etwas schief gelaufen.
Illustration of a woman editing documents

Melde Dich für unseren Newsletter an!
Bleib auf dem Laufenden!

Thank you! Your successfully signed up for our newsletter.
Ups! Beim Absenden des Formulars ist etwas schief gelaufen.


Vorschaubild mit Link zum Beitrag unten

RISE with SAP: Das verlockende Angebot der SAP für die Cloud




Vorschaubild mit Link zum Beitrag unten

Duplicate Payments: Understand and prevent them!




Vorschaubild mit Link zum Beitrag unten

RISE with SAP: Kann man ohne Sorgen in die Cloud?