Many companies are negligent about SAP security, researchers say