Quick Takeaways
- ERP systems like SAP are now recognized as critical assets, with vulnerabilities causing severe operational, financial, and reputational damage, exemplified by the 2025 Jaguar Land Rover cyberattack.
- The threat landscape is escalating, with cybercriminals rapidly exploiting ERP vulnerabilities—often within hours of patch releases—highlighting the urgent need for proactive security measures.
- Regulatory frameworks such as SOX, GDPR, NIS2, and DORA impose strict liability on boards and executives to ensure ERP security, emphasizing the importance of clear ownership and accountability.
- Boards must demand comprehensive ERP risk visibility, invest in resilience testing, and foster a shared responsibility model to prevent devastating breaches and maintain operational continuity.
The Issue
Following the devastating cyberattack on Jaguar Land Rover (JLR) in September 2025, which resulted in a six-week production halt, boards of directors are now recognizing the critical importance of safeguarding enterprise resource planning (ERP) systems. The attack, executed by the cybercrime group ShinyHunters, led to massive financial losses—halving revenue and shrinking sales volumes—highlighting how vulnerable these “crown jewel” systems have become. This incident, coupled with the escalating threats from cybercriminals exploiting vulnerabilities like SAP’s zero-day flaw, underscores the urgent need for organizations to prioritize ERP security, as attackers now operate with alarming speed and sophistication. In response, leaders are shifting their focus from mere compliance to prioritizing organizational survival, demanding clear ownership of ERP risks, increased visibility, and proactive resilience testing.
This new emphasis on protecting ERP platforms is driven by multiple factors, including tightening regulations like SOX and GDPR that impose strict liabilities on top executives, and the stark reality that losing such systems can shut down entire enterprises—evidenced by the 2024 bankruptcy of Stoli Group’s US subsidiaries after an ERP ransomware attack. Consequently, boards are urged to adopt more strategic measures: quantifying risks in financial terms, partnering closely with CIOs to deploy automated threat detection, and establishing definitive accountability models. Moreover, regular testing, such as tabletop exercises simulating ERP ransomware scenarios, becomes vital. Overall, the JLR incident exemplifies how attack speeds and sophistication have outstripped traditional defenses, making robust ERP security not just a technical concern but a fundamental requirement for ongoing business viability—placing these typically overlooked systems squarely in the spotlight for top leadership.
Risk Summary
If your business neglects its seemingly dullest systems, problems can quickly emerge, causing serious disruptions. For example, outdated or overlooked processes—like data management or safety protocols—may seem unimportant but are vital for smooth operations. When these systems fail or become inefficient, they can lead to costly errors, safety hazards, or compliance issues, ultimately damaging reputation and profits. Moreover, such neglect often results in increased downtime, wasted resources, and missed opportunities for growth. Therefore, any business that overlooks these “boring” systems risks vulnerabilities that can escalate and threaten overall success. In sum, prioritizing even the most mundane systems ensures operational stability and long-term resilience.
Possible Next Steps
In the landscape of cybersecurity, it often seems that the most unassuming systems—those that appear least vulnerable or most mundane—are the ones that can silently become critical entry points if neglected. Boards must recognize that ignoring the “boring” systems can lead to swift, severe breaches that threaten organizational integrity. Prioritizing timely remediation for these overlooked assets is essential to maintaining a robust security posture and ensuring comprehensive risk management.
Risk Assessment
Identify and catalog all systems, including the seemingly insignificant ones, to understand their role within the network and potential impact if compromised.
Vulnerability Management
Conduct regular vulnerability scans and patch management procedures to address known weaknesses promptly.
Segmentation and Isolation
Implement network segmentation to contain potential breaches on less prominent systems, preventing lateral movement within the network.
Monitoring & Detection
Establish continuous monitoring and logging for all systems, including the “boring” ones, to detect unauthorized activity swiftly.
Patch & Update
Ensure consistent patching and software updates to eliminate exploitable flaws before adversaries can leverage them.
Access Control
Enforce strict access controls and least privilege principles to limit the exposure of these systems to internal and external threats.
Incident Response Planning
Develop tailored action plans that include these systems, to ensure quick, organized responses when a breach occurs.
Regular Testing
Perform routine testing and simulations involving these systems to evaluate readiness and uncover overlooked vulnerabilities.
Focusing on these steps maintains the integrity of even the most unassuming systems, preventing them from becoming gateways for advanced cyber threats and ensuring that organizational resilience extends across all layers of the infrastructure.
Continue Your Cyber Journey
Discover cutting-edge developments in Emerging Tech and industry Insights.
Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
