Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.
  • 27 March 2019 13:00

CyberArk survey: Majority of enterprises fear disruption to business critical applications, yet don’t prioritise securing them

New research from CyberArk suggests organisations are mostly not securing business critical applications, and details what they can do to rethink their security priorities to respect their significance.

SYDNEY, Australia – March 27, 2019 – According to a new CyberArk (NASDAQ: CYBR) survey, the majority of organisations (nearly 70 percent) do not prioritise the protection of the applications that their business depend on – such as ERP and CRM systems – any differently than how low-value data, applications or services are secured.  

The independent survey was conducted among 1,450 business and IT decision makers, primarily from Western European economies. Respondents indicated that even the slightest downtime affecting business critical applications would be massively disruptive, with 61 percent agreeing that the impact would be severe.

  Breaches affecting applications that are the lifeblood of business can result in punitive costs, with a 2018 report estimating the average cost of an attack on an ERP system at $7.7 million AUD.1 The threat actors that enterprises face are formidable – organised crime was behind 50 percent of all breaches in 2018, with attacks using established tactics like privileges abuse to achieve their aims.

  Despite the fact that more than half (56 percent) of organisations have experienced data loss, integrity issues or service disruptions affecting business critical applications in the previous two years, the survey found a large majority (72 percent) of respondents are confident that their organisation can effectively stop all data security attacks or breaches at the perimeter. This brings to light a remarkable disconnect between where security strategy is focused and the business value of what is most important to the organisation. An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.

  The survey also found that 74 percent of organisations indicated they have moved (or will move within two years) business critical applications to the cloud. A risk-prioritised approach to protecting these assets is necessary for this transition to be managed successfully. Further industry data shows that, globally, 69 percent of organisations are migrating data for popular ERP applications to the cloud.

“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them – whether they are on-premises or in the cloud,” said David Higgins, EMEA technical director at CyberArk. “CISOs must take a prioritised, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”  

About the Survey

The CyberArk-sponsored survey was conducted by Arlington Research amongst 1,450 business and IT decision makers in eight countries in Europe, the Middle East and Africa: the UK, France, Germany, Italy, Spain, Switzerland, Netherlands and Israel.  

Additional Resources


1 – Industry-Focused Data Breach Report 2018 – ERPScan

2 2018 Verizon Data Breach Investigations Report (DBIR)  

3 – Enterprise Resource Planning (ERP) Applications and Cloud Adoption 2019  

About CyberArk                                                                                                       

CyberArk (NASDAQ: CYBR) is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organisations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit, read the CyberArk blogs or follow on Twitter via @CyberArkLinkedIn or Facebook.

Copyright © 2019 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

  # # #  

Media Relations Contacts:         

Ricki Bui and India Bednall

+61 2 8016 2200

Submit a media release

Editor's Recommendations

Solution Centres

Brand Page


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release