header background image

Securing SAP Systems: A Comprehensive Approach

January 23, 2024


Jens Kettler



In the current digital landscape, the security of SAP systems and the business processes running on them is paramount. This article delves into the importance of robust security measures, drawing on insights from IBM's Cost of a Data Breach Report (https://www.ibm.com/reports/data-breach), bitkom’s information (https://www.bitkom.org/Presse/Presseinformation/Organisierte-Kriminalitaet-greift-verstaerkt-deutsche-Wirtschaft-an) and the Association of Certified Fraud Examiner (ACFE) Report to the Nations (https://legacy.acfe.com/report-to-the-nations/2022/), highlighting the significant financial repercussions and reputational risks associated with data breaches and insider fraud.

Infographic that illustrates Rising costs for cyberattacks, Rising risks for organizations, Rising threats from Russia and China.

The Imperative of Security

The data presented in the reports underscores the substantial costs and far-reaching implications of data breaches: the German economy alone had costs and losses resulting from cyberattacks of more than 200 bn Euros in 2023 alone. On average, it took more than 200 days to identify a breach, and another 75 days to contain it.
These are not mere inconveniences but critical events that can jeopardize the very foundation of a business.

Moreover, the ACFE's report sheds light on the equally troubling issue of insider fraud, revealing vulnerabilities that exist within the organizations themselves. The ACFE conducted surveys that indicate that up to 5% of revenue is lost to fraud, annually. And similar to cyberattack cases, it also takes very long to find and stop fraud: around 15 months on average (median). Most of the cases are even detected by chance rather than a monitoring program in place. But monitoring can reduce losses substantially, according to the ACFE.

Infographic that illustrates that on average it takes 212 days to identify a data breach, 75 days to contain a data breach and 287 days to identify and contain a date breach.
BROCHURE – the benefits of our products!

remQ – Quick Assessment

The remQ Quick Assessment delivers tangible results on risks and potential financial losses within one day: we scan your business processes and uncover overpayments, lost revenue and other financial losses.

Tablet showing the cover page of the document

Dual Layers of Defense: Cybersecurity and Internal Controls

In the realm of SAP systems, security is a multi-faceted endeavor. On one front, cybersecurity measures are essential to thwart external threats. These include deploying firewalls, implementing robust encryption, and maintaining rigorous access controls. Add to that secure ABAP code, change management, securing interfaces, and many more things.

However, equal attention must be paid to internal controls that secure the business process in the SAP system. Besides preventive controls, mainly access controls for employees, it is critical to actively monitor business processes to prevent fraud from within the organization. Employees, despite their legitimate access to sensitive transactions, can pose risks, bypass controls, work in collusion, use social engineering, etc. This makes a comprehensive business monitoring approach essential.

SAP Security Solutions: A Structured Approach

The SAP Security Solution Map provides a structured approach to safeguarding SAP systems.

SAP Security Solution Map

This resource offers a strategic framework and best practices to enhance security measures systematically. Additionally, the SAP Security Baseline Template serves as a crucial tool, especially with its Configuration Validation feature in the SAP Solution Manager, which automates and reinforces security checks.

WHITE PAPER – enhance your knowledge!

Reduce Fraud & Boost Cost Savings by Automating Internal Controls

Our White Paper explains how using robust controls and automation, organizations can better manage fraud risks, comply with regulations, improve operational efficiency, and save substantial costs.

Tablet showing the cover page of the document

No items found.

Addressing Insider Risks: Beyond Cybersecurity Measures

While cybersecurity and the SAP Security Baseline Template is geared towards external threats, addressing risks posed by insiders requires a different approach. This is where solutions like remQ (https://www.voquzlabs.com/remq) come into play. remQ specializes in monitoring business processes, providing a defense mechanism against errors and potential frauds. It's an essential tool in a comprehensive security strategy, ensuring that threats, whether internal or external, are identified and mitigated promptly.

Fraud - Insiders bypass controls: 5% of revenue lost, 4/5 cases by insiders, 15 months to detect, 50% detected by chance, 70% in finance O2C, P2P. Monitoring can reduce losses by 40%.

In conclusion, securing SAP systems and the business processes they support is a complex yet critical task. It demands a balanced focus on both cybersecurity measures to protect against external threats and internal controls to guard against insider risks. With the right combination of strategic planning, technological tools, and continuous monitoring, organizations can fortify their defenses and safeguard their operations against the multifaceted threats of the digital age.


Jens Kettler

Jens has 20+ years of experience in SAP security, compliance and internal controls. He is an ex-auditor, always curious, willing to learn and to share knowledge. At VOQUZ Labs Jens is responsible for our risk and compliance products. He enjoys interacting with customers and finding quick and simple ways to improve our products to deliver value to customers. Pragmatic and customer-focused? Then Jens :)


Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Illustration of a woman editing documents

Register for our newsletter now!
Keep yourself up to date!

Thank you! Your successfully signed up for our newsletter.
Oops! Something went wrong while submitting the form.


Thumbnail that links to the post below

RISE with SAP: Can you move to the cloud without worries?




Thumbnail that links to the post below

Access Violation Management in SAP ERP: Mitigating Risks




Thumbnail that links to the post below

Miss Q’s conclusion of "S/4HANA: Your path to the optimal licensing landscape" VOQUZ Labs’ interactive webinar