SAP announces chief security officer as critical report lands

SAP announced its first-ever chief security officer, who has been in the role since Jan. 1, just as a study highlighting worries about SAP app security lands.

SAP said it has named Justin Somaini, a former executive at Box, Yahoo and Symantec, as its first-ever chief security officer.

The role is new to SAP. Somaini was chief trust officer at cloud storage company Box and held various positions at Yahoo and Symantec.

According to SAP, Somaini will help execute its security strategy for products and early detection. SAP's security strategy is outlined on its site.

What's worth mentioning is that SAP announced Somaini as security chief on Wednesday when he took over the role on Jan. 1. SAP's announcement happened to land the same time--9 a.m. ET--as a Ponemon Institute survey on the risk of SAP cyberattacks.

The Ponemon study, which was sponsored by security vendor Onapsis, found that 56 percent of companies surveyed found that it is likely that they would be hit by a data breach due to insecure SAP apps. Onapsis provides software to better secure SAP.

According to Ponemon, CXOs underestimate SAP security risks and struggle to react to them. The Ponemon study, based on 600 respondents, found that 100 percent of those surveyed couldn't detect an SAP breach immediately.

Fifty-four percent of respondents also thought that SAP should be responsible for securing its application. And 75 percent of respondents said that its likely that SAP platforms contain malware.

Generally speaking, I won't cover vendor sponsored studies, but the timing between the SAP CSO announcement and the Ponemon is likely to be a bit more than coincidence.