IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Realistic office printer with security warnings digital lock shadowy figures access
#
Firewalls
#
Data Protection
#
Network Security

Poor printer security leaves firms exposed according to HP report

Yesterday
Author image
By Sean Mitchell, Publisher

A new report from HP Wolf Security has found that many organisations are neglecting printer platform security, leaving critical data and devices exposed to increasing cyber threats.

The study, which surveyed more than 800 IT and security decision-makers globally, reveals that only 36% of IT teams promptly apply printer firmware updates. This is despite IT staff spending an average of 3.5 hours per printer each month managing related security issues.

Lifecycle vulnerabilities

The research outlines significant vulnerabilities across all stages of the printer lifecycle including supplier selection and onboarding, ongoing management, remediation, and decommissioning.

During the supplier selection and onboarding stage, collaboration between procurement, IT and security teams is limited. Only 38% of respondents reported that these functions work together to define printer security standards, while 60% said that a lack of collaboration increases organisational risk. Furthermore, 51% of IT decision-makers admitted they could not confirm whether printers had been tampered with during delivery.

The report found additional gaps at the procurement phase: 42% of respondents said IT or security teams are not included in vendor presentations; 54% do not request technical documentation to substantiate security claims; and 55% fail to have vendor security responses reviewed by their own security teams.

Patch management and remediation

Ongoing management of printer devices also presents challenges. Only 35% of IT and security decision-makers are able to identify vulnerable printers when new hardware or firmware vulnerabilities are disclosed. Tracking unauthorised changes or detecting security events linked to hardware-level attacks remains difficult, with only 34% and 32% of respondents, respectively, able to do so.

Beyond cyber threats, physical security risks persist. 70% of decision-makers expressed concern about offline threats, such as employees mishandling or printing sensitive company documents inappropriately.

Decommissioning challenges

Security concerns also hamper decommissioning and re-use of printers. The report notes that 86% of IT and security decision-makers see data security as an obstacle to reusing, reselling, or recycling printer hardware. On average, the surveyed organisations have approximately 80 printers sitting idle or approaching end-of-life.

Confidence in current data sanitisation solutions is also low. 35% of respondents said they are unsure if printers can be fully and safely wiped. As a result, one in four believe it is necessary to physically destroy storage drives from the devices, and one in ten insist on destroying both the printer and its storage to secure data.

Expert warnings

"Printers are no longer just harmless office fixtures – they're smart, connected devices storing sensitive data," warns Steve Inch, Global Senior Print Security Strategist at HP Inc. "With multi-year refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale. The wrong choice can leave organisations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network."

The report also highlights ongoing collaboration issues, with 60% of IT decision-makers stating that poor collaboration with procurement increases security risks, and 51% unable to confirm whether printers have been tampered with during transit.

Recommendations

HP Wolf Security's report provides several recommendations to address these challenges. They include improved collaboration between IT, security, and procurement teams to define requirements for new printers, requiring security certificates from manufacturers, and prompt application of firmware updates to minimise security exposure. Additionally, the report advocates using security tools for policy-based configuration compliance, selecting devices that monitor for zero-day threats, and deploying printers capable of secure erasure of hardware, firmware, and stored data at end of life.

"By considering security at each stage of a printer's lifecycle, organisations will not only improve the security and resilience of their endpoint infrastructure, but also benefit from better reliability, performance, and cost-efficiency over the lifetime of their fleets," comments Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc.

The survey responses are based on input from IT and security professionals in the United States, Canada, United Kingdom, Japan, Germany, and France, conducted in 2024.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Okta, NCC Group partner for enhanced CIAM & cyber security
Lenovo selects Tikiri Wanduragala to lead UKI ISG technology
Zoho unveils Zia LLM & AI suite with strong data privacy focus
Octo Tempest targets airlines as Microsoft warns of new cyber risks
LogicMonitor launches Edwin AI for ITOps on AWS Marketplace

Top stories

Cloud cost conundrum: Rising expenses hinder AI innovation in Europe
Kyndryl unveils Agentic AI Framework for secure enterprise AI
SquareX unveils field manual to tackle rising browser threats
Doug Kurfess joins Globality as Chief Sales Officer to drive AI sourcing
Yetipay raises GBP £3.5 million to boost growth in payments