How to avoid the long-term cost of cyber threats with SAP transformation

Cyber threats are rising quickly. Embedding security early in SAP^® transformations can help avoid costly breaches and build resilience.

In brief

• The cost of ransomware attacks will reach US$265b by 2031.¹
• More CEOs are being held personally responsible for the impact of cybercrime.
• Planning proactive cybersecurity measures into SAP transformations can save organizations millions in mitigation costs.

In 1981, the first reported cybercrime involved a hacker manipulating a major telephone carrier’s system to allow free calls. While this may seem quaint today, the cyber threat landscape has evolved dramatically. Furthermore, the World Economic Forum has recently identified cybercrime and cyber insecurity as among the most severe global risks organizations are facing currently.

As cybercrime escalates, and threat actors launch more sophisticated, artificial intelligence (AI)-driven attacks, organizations must urgently enhance security around digital and enterprise resource planning (ERP) transformations. That’s why now — more than ever — cybersecurity can’t be treated as a bolt-on. It must be embedded into the heart of digital transformation and treated as an enabler for the organization.

Forward-thinking digital leaders globally are championing the migration to cloud-hosted environments, such as SAP CloudERP, public and private. SAP CloudERP is an integrated enterprise resource planning system that provides real-time data processing and advanced analytics and manages end-to-end business functions from finance to supply chain management.

The most effective solution is to ensure the CISO has a seat at the table. These digital transformations are complex, and each add-on or built-in feature, whether for environments such as SAP S/4HANA Cloud (Private Edition) or other hosting solutions, demands specialized insights and expertise to address the challenges effectively.

Involving the CISO early offers a significant advantage by eliminating a potential obstacle. The CISO’s primary responsibility is to identify organizational risks and assess their acceptability for the entire organization. By including the CISO during transformative decision points and maintaining their involvement throughout the process, the CISO will gain the necessary insights to enable the program, thereby reducing the likelihood of costly delays.

One such key decision point is whether the organization, and the business, should move forward with a brownfield transformation approach, or leverage a new greenfield environment. While every organization is different in how they choose their future journey with an enterprise resource planning (ERP), cybersecurity must be elevated to a business transformation priority, and leaders need to adopt a more proactive stance toward integrating cyber leadership in their transformation journeys far earlier. Here’s how:

Secure your solution early with Secure by Design principles

A Secure by Design approach prioritizes security as a core component rather than an afterthought once a system is in place. Cybersecurity measures are embedded into every component and phase of a transformation journey from the first critical business decision. This strategy incorporates a well-built security-first architecture that can reduce rework, streamline audits, and lower long-term operational and remediation costs.

Including business-critical needs into a Secure by Design strategy, such as having third-party vendors who need to access the ERP environment externally, allows for key decisions and costs to be included as part of the original design. As with all ERP transformations, there will be design changes throughout, but limiting the additional cost sprawl is imperative to a successful and secure ERP transformation. By integrating the Secure by Design strategy with proactive risk management, businesses can detect and remediate risks before systems are deployed. This continuous optimization loop enables agile operations, allowing for quick, decisive actions that enhance business efficiency.

The role of new SAP solutions for ERPs

For organizations that are in the next wave of the move to cloud, it is of critical importance that they focus on embedding key cybersecurity principles into their transformation journey. Areas to consider during the design and strategy process should include:

The earlier organizations embed zero trust principles and design for regulatory compliance, visibility and integration, the fewer delays, rework and financial risks they face later in the transformation.

By aligning on these core security concepts from the outset — like secure architecture, compliance planning and tool integration — CIOs and CISOs can reduce implementation costs, accelerate timelines, and prevent operational disruptions during and after the move to SAP S/4HANA Cloud (Private Edition).

Practical steps to embrace Secure by Design principles — while improving efficiency and reducing downstream costs: To embrace these technological advances and changes, organizations should take the following best-in-class approach and steps:

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.