SAP Custom Code Security for Heavy and Discrete Manufacturing

Download

Cyberattacks targeting critical ERP, product innovation, and supply chain applications within the heavy and discrete manufacturing industry can have far-reaching financial and reputational impacts. The recent Jaguar Land Rover breach, which caused an estimated ยฃ1.9 billion in financial impact and disrupted over 5,000 supply chain organizations, illustrates the massive operational costs of system downtime.

A successful exploit can delay key digital transformation projects, interfere with business continuity, or put company intellectual property (IP) at risk. With the number of cyberattacks targeting manufacturers aggressively growing, organizations must protect their critical systems and ensure the safety of their products while meeting accelerated demands for digitization and sustainability. 

27.7% of global cyber incidents hit manufacturing, making it the top target for five consecutive years 2
$5.56M is the average cost of a data breach for the manufacturing industry 3
47% of manufacturers consider intellectual property (IP) theft a top OT cybersecurity concern 4

Key Risk Factors

Understanding your primary risk vectors is the first step toward securing critical systems and defending your business-critical applications.

Direct ERP Attacks on the Rise 

Cyberattacks targeting manufacturing are evolving as criminals increasingly exploit vulnerabilities in the application layer and custom code. Successful attacks on SAP systems can be devastating, with the potential to halt global production, compromise intellectual property, and severely disrupt connected supply chains.

The Explosion of AI in Development & Operations

The rapid adoption of Agentic AI for logistics and AI coding assistants (like SAP Joule) accelerates SAP custom code development but introduces a dangerous blindspot. AI-generated code often suffers from “context blindness,” which introduces hidden vulnerabilities, missing authorization checks, and shadow dependencies.

Strict Compliance Mandates

Heavy and discrete manufacturers face stringent new regulatory requirements that demand a “secure-by-design” approach. Mandates like UN R155, the EU NIS2 Directive, and TISAX certification require organizations to prove that their backend IT systems, software update mechanisms, and connected supply chains are resilient against cyber threats.

Key Challenges 

Security teams in the manufacturing sector must overcome deep operational visibility gaps and resource constraints to protect their ERP environments.

Security Is Often an Afterthought in Digital Transformation

The race to migrate to S/4HANA or RISE with SAP demands a “Clean Core” strategy. However, the need for rapid deployment often pushes security to the very end of the development lifecycle, leading to grueling manual code reviews, costly project delays, and the risk of migrating legacy vulnerabilities into cloud environments.

The Cybersecurity Talent Gap

A severe talent shortage prevents security teams from keeping pace with rapid custom code developments. Because 56% of IT leaders cite a lack of cybersecurity skills as the top cause of breaches, stretched teams often lack the deep, SAP-specific knowledge required to manually secure complex custom code or validate AI-generated developments.

Blind Spots in Custom Code & The Application Layer

Traditional security tools fail to see inside the SAP application layer. Without automated, centralized visibility into the millions of lines of custom code that run business-critical processes, organizations cannot effectively identify or remediate vulnerabilities before they reach production.

The Solution 

Securing your SAP landscape doesn’t have to be complicated, even with advanced threats and accelerating compliance mandates.

Onapsis Control: A Secure-by-Design Approach

Onapsis Control automates your SAP custom code security to protect your digital core and support your DevSecOps pipeline. As the undisputed leader in SAP application security testing and the only vendor in the SAP Endorsed Apps program, Onapsis empowers manufacturers to embed security directly into their development lifecycles.

With Onapsis Control, your team can:

  • Automate DevSecOps: Embed security checks directly into IDEs and CI/CD pipelines to ensure only clean, secure code reaches production during critical RISE with SAP transformations.
  • Secure AI-Assisted Development: Automatically scan human- and AI-authored code to eliminate hidden vulnerabilities and missing AUTHORITY-CHECK statements caused by AI “context blindness”.
  • Enforce Automotive Compliance: Validate custom code against over 600 specialized test cases to align with strict mandates like TISAX, UN R155, and NIS2.
  • Accelerate Release Cycles: Reduce manual code reviews using actionable, prioritized insights to fix security issues quickly and keep transformation projects on schedule.

Case Study: ล koda

Leading Automotive Manufacturer Improves Performance of ERP Systems While Saving Time Using a Secure-by-Design Approach

The Challenge

ล koda faced challenges ensuring the quality and security of their code aligned with internal and group-wide guidelines. Standard tools were not sufficient to fully meet their needs for compliance or effectiveness, resulting in increased costs, significant time consumption, and various operational inefficiencies. ล koda needed a robust solution to continuously maintain a safe, compliant, and up-to-date SAP landscape with a strong focus on quality assurance.

The Solution

ล koda chose Onapsis Control because it best addressed their needs for an automated DevSecOps solution. Onapsis Control was implemented across a total of five production systems, including their main ERP solution and Data Warehouse. The ล koda team experienced a smooth implementation, gaining the centralized visibility they needed to enforce continuous compliance.

15,000 findings seamlessly resolved
300 developers reduced manual effort during code reviews
Significant time reductions achieved alongside improved security, quality, performance, and stability

Learn more about how Onapsis helps heavy and discrete manufacturers protect the systems and data supporting their ERP, digital supply chains, product innovation, and other business-critical operations.

Reference Bullets 

1 CMC Statement on the Jaguar Land Rover Cyber
Incident, Cyber Monitoring Centre

2 X-Force Threat Intelligence Index 2026, IBM
3 Cost of a data breach: The industrial sector, IBM
4 2025 Smart Manufacturing and Operations
Survey, Deloitte