For a long time, cybersecurity was considered primarily a technical issue, dealt with by IT teams. Today, however, this view has changed significantly.
Cybersecurity has become a strategic business challenge that concerns the entire organisation: executive leadership, business departments, IT teams, partners and suppliers alike.
The reason is simple: information systems now sit at the heart of business value creation. When they become unavailable, the entire organisation can be affected.
As organisations accelerate their digital transformation, their IT environments are becoming increasingly interconnected and therefore more exposed to cyber threats. ERP systems, the operational backbone of the business, have become critical assets that must be protected.
An ERP system does far more than automate business processes. It centralises some of the organisation’s most sensitive information, including:
A successful cyberattack against an ERP environment can have significant consequences, including:
Cybersecurity is therefore no longer solely about preventing attacks. It is about ensuring system availability, protecting data integrity, and enabling the business to continue operating when incidents occur.
The question is no longer simply 'How do we protect ourselves?’, but rather ’How do we anticipate, detect and respond effectively?’
Cybersecurity has become a key pillar of operational resilience.
Cyberattacks rarely exploit a single technical weakness. More often, they take advantage of a combination of vulnerabilities: weak governance, excessive user privileges, insufficient monitoring, outdated systems, complex architectures, or a lack of employee awareness.
An effective cybersecurity strategy relies on a holistic approach, combining:
Cybersecurity is no longer a one-off project. It is an ongoing process that must be embedded within the organisation’s overall strategy.
At Deveho, we help organisations deploy, enhance, and optimise Sage X3, an ERP solution designed to meet the needs of manufacturing, distribution, and service organisations.
Sage X3 provides a range of features that contribute to strengthening the security of ERP environments, including:
However, as with any critical information system, security is not determined by the software alone.
It also depends on the overall architecture, configuration, hosting environment, maintenance, access governance, software updates, and user awareness.
Cybersecurity must therefore be considered from the very beginning of every ERP project, through a Security by Design approach, where security is built into the solution rather than added afterwards.
This need for a more comprehensive cybersecurity strategy is further reinforced by the evolving European regulatory landscape.
The European NIS2 Directive represents a significant milestone in the evolution of cybersecurity across Europe.
Against a backdrop of increasingly sophisticated cyber threats, the Directive reflects a fundamental shift in thinking: cybersecurity is no longer viewed purely as an IT responsibility, but as a strategic issue encompassing governance, risk management, and business continuity.
As cyberattacks become more frequent and more disruptive, organisations are expected to demonstrate their ability to anticipate threats, protect critical assets, detect incidents rapidly, and maintain business operations during periods of disruption.
One of NIS2’s key objectives is to extend responsibility for cybersecurity beyond IT departments alone.
The Directive promotes a risk-based approach, with stronger accountability at executive level. Organisations are expected to establish robust cyber governance frameworks, capable of identifying threats, assessing potential impacts, and implementing appropriate security measures.
Key requirements include:
This final point is particularly significant. An organisation’s cybersecurity posture depends not only on its own infrastructure, but also on the security of its wider digital ecosystem. Service providers, software vendors, hosting partners, and external suppliers with access to information systems all represent potential sources of risk.
For organisations using ERP systems, such as Sage X3, the challenges posed by NIS2 are particularly significant.
ERP systems are now critical systems at the heart of business operations. They hold essential data and support processes that are vital to the running of the organisation:
In this context, the requirements introduced by NIS2 are prompting organisations to strengthen their approach across several areas:
The Directive thus reinforces a key principle: the security of an ERP system does not rest solely on the solution itself, but on its entire lifecycle, from design through to day-to-day operation.
Beyond regulatory obligations, NIS2 represents an opportunity for businesses to structure their cybersecurity approach and strengthen their resilience in the long term.
The aim is no longer simply to prevent an incident, but to be able to limit its consequences and quickly return to normal operations.
This shift requires a change in mindset: moving from a predominantly reactive approach to a proactive strategy, integrating cybersecurity into the organisation’s key decision-making processes.
In particular, this requires better identification of critical assets, improved access governance, strengthened prevention and detection measures, and the development of a genuine cybersecurity culture amongst all staff.
Discussions organised with EY as part of the Devho Tour 2026 have shed valuable light on these transformations: a European context that remains diverse, varying levels of cyber maturity across organisations, and a growing need for businesses to anticipate new regulatory requirements.
The message is clear: cybersecurity must no longer be viewed simply as a compliance obligation, but as a driver of trust, performance, and resilience.
At Deveho, we firmly believe that a successful ERP project is not measured solely by the solution’s functional performance.
It must also guarantee the security, availability and long-term resilience of the information system.
Our role is to help organisations combine ERP performance, cybersecurity and regulatory compliance within a single, coherent strategy. We believe these objectives should never be treated separately, but as complementary drivers of long-term business resilience.
To achieve this, we support our clients throughout their Sage X3 digital transformation projects by integrating cybersecurity considerations from the earliest stages.
This approach is based in particular on:
A high-performing ERP system is also a secure one, capable of supporting business operations over the long term while withstanding today’s cyber threats.
By combining our Sage X3 expertise, our understanding of business challenges and continuous monitoring of cybersecurity and regulatory developments, we help our clients build information systems that are more robust, more resilient and better prepared for tomorrow’s challenges.
Today, cybersecurity is no longer just about protection. It has become a key driver of trust, business continuity and long-term competitiveness.
Would you like to discuss the cybersecurity challenges facing your Sage X3 environment? Contact us