ERP Statistics: A Huge Risk of Payment Fraud

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Technology is affecting how Accounts Payable teams manage their day-to-day operations. Enterprise Resource Planning (ERP) systems allow you to plan and manage every resource and task you undertake. To counter this trend, each year, more ERP systems are becoming compromised by cyber attacks that gain access to sensitive data.

Let’s look at these ERP statistics to understand better the cybercrime trends and the preventative steps being taken.

Author’s Top Picks

  • Of the 64% that have suffered a breach of SAP or Oracle E-Business Suite (EBS), sales data (50%) was most commonly compromised.
  • Almost 90% of cyber security experts expect attacks against ERP systems to increase over the near year.
  • Up to 50% of ERP implementations fail the first time around, 64% of ERP projects go over budget, and 30% take longer than expected.
  • In the last 18 months, 79% of companies have experienced at least one cloud data breach.

ERP Statistics

1. In 2019, the global ERP software market grew by 9%, resulting in a value of approximately $39 billion in total software revenue.

According to Market Share Analysis by Gartner, market leaders suggest that the ERP software market is consistently growing. The reason for the growth is organisations are finding ERP systems more beneficial allowing them to enhance business reporting in their day-to-day tasks.

2. In a survey of IT decision-makers, 53% said ERP was an investment priority, in addition to CRM.

The Computer Weekly IT Priorities survey shows that companies across Europe are committed to upgrading their data centre infrastructure. However, enterprise resource planning remains the strongest category for packaged business applications.

3. 50% of companies are acquiring, upgrading or planning to update ERP systems soon.

The main reasons for updating an ERP system are weak controls and weak functionality as well as the inability to control the risks involved. Upgrading or updating ERP systems is one of the best ways to achieve full ERP security.

4. Of the 64% that have suffered a breach of SAP or Oracle E-Business Suite (EBS), sales data (50%) was most commonly compromised.

Research from Onapsis suggests that SAP and Oracle suffered a data breach resulting in a loss of sales data, HR data, personal customer information, intellectual property and financial data. Additionally, nearly two-thirds of businesses rely on SAP or Oracle. Due to its connection to the web, ERP can pose a security risk.

5. 95% of more than 600 SAP systems tested were vulnerable to attack, mainly because patches had not been applied.

It is best to always have the latest ERP patches applied, as it ensures secure ERP systems. In a situation where ERP software isn’t updated, a data breach is very likely to occur. As a safety measure, companies that install advanced security technologies also need to have accounting protocols in place to minimise the risks of cyberattacks.

6. Almost 90% of cyber security experts expect attacks against ERP systems to increase over the near year.

Cybercriminals prefer to target ERP systems, as well as phishing and brute force attacks. Each year, they come up with new and inventive ways to steal your information or defraud your financial accounts. One of the main causes of a compromised ERP system is that CFOs are unable to monitor their system’s security regularly.

7. Researchers have identified more than 17,000 SAP and Oracle ERP applications exposed on the internet, most of them operated by the world’s largest commercial and government organisations.

The findings shed light on how cybercriminals and hacktivist groups are actively targeting organisations to disrupt business operations. Cybercriminals are likely to compromise ERP systems due to leaked information by third parties and employees.

8. The top 5 Countries exposing SAP Applications to the internet were USA, India, China, Germany and Brazil.

Most of the cyber attacks that occur often happen in the countries listed above. This becomes an ideal testing ground for hackers attempting to target small-range attacks. Large organisations are usually targeted with ERP attacks due to their poor security controls around their ERP environment.

9. 62% believe that their ERP applications have critical vulnerabilities despite attention to patching.

Not focusing on I.T cybersecurity but rather just on general I.T controls can leave a company exposed. Accounts payable teams must apply security patches early to often mitigate ERP systems compromises.

Common ERP Failures Statistics

10. In 2016 Revlon had a disastrous ERP rollout resulting in millions of dollars in lost sales.

Poor maintenance, a lack of budgeting, irregular implementation, or lack of continuous monitoring are some of the causes of ERP failures. In Revlon’s case, it had opted in 2016 to establish connections with a new ERP provider named SAP Hana. A lack of effective controls led to the company losing millions of dollars due to a disastrous event.

11. Up to 50% of ERP implementations fail the first time around, 64% of ERP projects go over budget, and 30% take longer than expected.

ERP implementations can be costly, but failure to budget and secure adequate funding before starting will result in a failed implementation. Most CFOs and AP teams fail to budget the process during the implementation and after.

12. Hershey’s ERP implementation failure was due to attempting to deploy 2 resource planning technologies at once.

During Hershey’s ERP implementation period, the chocolate giant suffered a major failure. Due to the Y2K incident, the firm rushed to complete the project. An attempt to use the resource planning technologies at the same time resulted in failed system testing, data migration and training.

13. Nike’s supply chain issues brought about $100 million in lost revenue.

Early in the 2000s, Nike lost $100 million due to a software glitch in its new upgraded supply chain system ERP solution. Other ERP problems occurred, including bugs and performance difficulties. Millions were lost, but the company also lost millions in lawsuits and had 20% of its stock dropped.

14. Gartner's research has found that globally 55% up to 75% of all ERP projects fail.

For any organisation, ERP failure statistics can be daunting to hear. When it comes to renewing or replacing an ERP system, several factors are involved. A strategic plan must be in place before transitioning to cover all areas during, before and after implementation. Other than technology, employees must be adequately trained.

15. 95% of failed companies dedicate less than 10% of the total budget to education/training/change management when transitioning to an ERP.

One of the main causes of ERP implementation failure is weak budgeting. Poor management communication and short-cutting training programs often lead to a disastrous ERP transition. Employees who aren’t educated on the new software application can pose ERP risks involving compromised systems.

16. 51% of companies experience operational disruption when they go live.

There are several ways organisations can avoid operational disruption. Some of the most successful often implement a sophisticated plan that details all aspects of the execution phase. This usually involves, analysing operational challenges, key business partners that involve communication, building a bulletproof QA process & measuring performance.

17. The two most commonly cited challenges during ERP implementation were insufficient testing and not enough process reengineering.

It’s common for organisations to fail at business process reengineering. When manual working is used to change standard ERP modules, business reengineering can fail. One way organisations can attack this is through a strong pre-planned strategy for parallel engineering.

Cloud ERP Statistics

18. In the last 18 months, 79% of companies have experienced at least one cloud data breach.

CFOs and AP teams must work together as a team to ensure cloud ERP security. To maximise security, CFOs and AP teams shouldn’t solely depend on cloud ERP security. An ongoing awareness program and security culture must be maintained to minimise the chances of cyber-attacks.

19. The same study found that cloud-based ERP systems had a 21% enterprise application growth rate in the public cloud in 2018.

More and more, companies are making the switch from in-house technologies to cloud-based enterprise applications to become more efficient, have more control, and increase accessibility.

20. According to a worldwide survey, around 64% of organisations are known to use SaaS, 21% are known to use Cloud ERP while the rest 15% are known to use on-premises.

On-premise ERP and cloud ERP differ primarily by the location of the data. Some businesses choose cloud-based ERP based on the benefits and features it offers over on-premise. Cloud computing has the advantage of high levels of security.

21. Cloud ERP revenue growth was impacted by the pandemic, with ERP applications for manufacturing showing a 2% decline in revenue overall.

Over the past decade, companies have been gradually adopting next-generation enterprise resource planning (ERP) solutions due to the expectations of traditional ERP vendors. Digitalization and new ways of working have always been important to the business. However, post-COVID-19 ERP systems will accelerate the adoption.

22. 88% of organisations currently using public cloud infrastructure services.

Many companies still view cloud ERP systems as more secure and resilient environments even after well-publicised incidents of cloud ERP data loss. According to Oracle, 40% of respondents agree that public clouds are much more secure. Security teams and IT professionals are still wary of the cloud-based threat.

Multi-Factor Verification
How can an organisation verify the legitimacy of a counterparty to a transaction in a fully digital environment? Download this guide outlining the challenges we all face when it comes to establishing legitimacy in the digital world. It also explores our Multi-Factor Verification methodology.


From an Onapsis survey, nearly 2 of 3 organisations using enterprise resource planning platforms in the last 24 months have had a security breach according to I.T decision-makers. Some of the breaches targeted ERP systems such as SAP and Oracle, which are one of the most popular ERP platforms. On-premise or cloud-based ERP systems currently present vulnerability when it comes to cyber-attacks.

In most cases, cloud ERPs are considered to be the most secure option, as they provide greater security and service updates. Traditionally, enterprise-level ERP servers are managed by their respective enterprises. However, cloud-based ERP vendors host applications and data on specialized Cloud databases protected by highly skilled firewalls to guard against malicious attacks.

ERP systems are susceptible to becoming exposed. These vulnerabilities make ERP systems more likely to be exploited by hackers. Issues like, updates being delayed, lack of staff training, and rights to access could result in security vulnerabilities if the issues are not managed well. This could lead to ERP systems becoming compromised by malware.

Identifying, defending against and recovering from ERP attacks is an important part of the ERP security process as companies transfer or upgrade to new platforms. One approach is to restrict accessibility and implement Multi-Factor Authentication (MFA). Restricted access helps organizations become more secure by allocating access rights to individual employees.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.