ERP systems typically hold the keys to the kingdom for an organization. Names, national identifiers, bank account info and proprietary company financial data are just some of the types of data that ERP applications store.
ERP systems are complex (millions of lines of code) and typically onerous to administer, patch and upgrade. There is typically very little tolerance for the downtime needed to keep the system up to date on necessary maintenance.
Customized functionality is often introduced into ERP applications without a view into the security vulnerabilities that might be exposed.