SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Moody sap server room red rack weak security cracked shields
#
Data Protection
#
Digital Transformation
#
Encryption

SAP Basis emerges as weakest link in new CRIS index

Wed, 18th Mar 2026
Author image
By Sean Mitchell, Publisher

Securitybridge has published a new benchmark aggregating security data from thousands of live SAP production environments. It points to uneven resilience across core control areas, with the weakest performance in SAP Basis configuration.

The Cybersecurity Resilience Index for SAP (CRIS) measures the average percentage of "compliant checks" across multiple Areas of Responsibility. Most categories fall between 58% and 77%, with SAP Basis lowest at 58%. Securitybridge describes SAP Basis as the foundational layer that influences controls across the SAP stack.

The report draws on anonymised customer telemetry from organisations that use the Securitybridge platform and have invested in SAP security processes and tooling. As a result, the benchmark reflects environments already taking steps to harden SAP systems, rather than a broad cross-section of all SAP users.

Security teams often treat SAP as part of the wider enterprise estate, which can leave its configuration and authorisation model with less attention than endpoints or cloud infrastructure. The benchmark frames SAP hardening as a continuous task, with hundreds of recommendations that may apply to each SAP system.

Benchmark spread

CRIS groups results by responsibility area, including identity and access, integration, development, and data protection. Most areas cluster between 65% and 77%, with variability in governance and integration.

The strongest result is operating system security, at 100%. The report links this to mature host-level hardening and controls that organisations tend to audit consistently.

Integration and development both scored 77%. For integration, the benchmark highlights hardening interfaces such as RFC, HTTP, and TCP/IP, noting that inter-system connectivity can enable lateral movement during an attack.

Development, labelled "code vulnerability" in the benchmark, also reached 77%. Securitybridge attributes this to more established secure development practices for custom ABAP code and repository changes.

Identity and access management scored 73%. The report links that figure to joiner, mover, and leaver processes and authentication controls, suggesting many teams actively manage accounts and are working to reduce orphaned or overly privileged access.

Lower-scoring areas

Authorisations scored 68% and data protection scored 65%, placing both at the lower end of the benchmark. These areas align with common breach pathways: excessive permissions and weak control over sensitive data can turn initial access into broader compromise.

Securitybridge links gaps in authorisation controls to attacker pathways from basic users to elevated privileges. The results suggest some organisations still struggle to detect or remediate broad and powerful authorisation assignments.

For data protection, the benchmark associates lower compliance with regulatory exposure, including GDPR risk, and the potential for data exfiltration. It ties the score to inconsistent enforcement of sensitive-data access controls and monitoring.

Basis concerns

SAP Basis, at 58%, stands out because its configuration underpins other controls, including logging and audit readiness. Securitybridge characterises weaknesses here as systemic: misconfigurations can reduce visibility and weaken other safeguards.

The report points to frequent misconfigurations and slow remediation cycles in SAP Basis. It also links these issues to weaker incident response and forensics, where audit logs, retention policies, and configuration history are central to investigations.

The benchmark offers a reference point for security leaders deciding where to focus scarce specialist effort. SAP security teams often face backlogs driven by upgrades, functional change, and integration work. CRIS is positioned as a way to gauge relative maturity across key control domains and target remediation where risk is concentrated.

Suggested actions

Securitybridge recommends focusing first on authorisations, data protection, and SAP Basis. For authorisations, it highlights auditing and pruning unused or risky profiles, adopting least-privilege models, and monitoring for unusual privilege elevation. It also points to policy-driven remediation and continuous oversight of authorisation assignments.

For data protection, the report recommends stronger data access controls, encryption where applicable, and monitoring to reduce exfiltration risk. It also stresses validating privacy controls and running access reviews aligned with regulatory requirements.

For SAP Basis, it calls for tighter baseline hardening and fixes for misconfigurations, and ensuring audit logs are enabled and retained. It also recommends regular reviews of transport security and parameter settings as part of operational hygiene.

A key message is that strong application-level controls do not always translate into strong foundational configuration. This imbalance can leave exploitable gaps through misconfiguration, weak logging, or exposed interfaces, even when other controls appear mature.

Securitybridge plans to continue using aggregated, anonymised production data to track SAP security trends and inform how organisations prioritise remediation across complex SAP landscapes.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member