New Report Reveals Global SAP Security Benchmarks
SecurityBridge data shows strengths in system hardening despite persistent gaps in authorizations and data protection.
- By Jesse Jacobs
- Mar 17, 2026
A new global benchmark report is shedding light on the actual state of SAP security, revealing that while organizations have matured in host-level controls, significant vulnerabilities remain in user authorizations and foundational configurations.
The Cybersecurity Resilience Index for SAP, released by SecurityBridge, analyzed anonymized data from thousands of production environments. The index measures the percentage of compliant security checks across various areas of responsibility to help leaders identify systemic gaps.
According to the findings, the strongest area of SAP security is the operating system, which boasted a 100% compliance rate. This suggests that host-level controls and system hardening are consistently enforced and heavily audited across the sector. Additionally, secure development practices and system integrations both scored 77%, indicating a reduced risk of lateral movement by hackers through insecure interfaces.
However, the report highlighted several areas of concern. SAP Basis, the technical foundation of the SAP environment, scored the lowest at 58%. Security experts warn that weaknesses in this area can undermine audit readiness and create a visibility gap that hampers incident response.
Data protection and authorizations also lagged behind, scoring 65% and 68%, respectively.
"Authorization control gaps strongly correlate with attacker pathways from basic users to elevated privileges," the report stated. These lower scores suggest that many organizations still struggle to detect or remediate overly powerful user permissions, which remain a primary vector for data breaches.
To improve resilience, the report recommends that security teams prioritize the pruning of unused authorization profiles and tighten baseline hardening for SAP Basis to ensure audit logs are properly maintained.