HP study finds printer firmware security still a major blind spot

A new global report from HP Wolf Security has highlighted persistent gaps in print platform security, with just 36% of IT and security decision-makers (ITSDMs) applying printer firmware updates promptly.

The report, Securing the Print Estate: A Proactive Lifecycle Approach to Cyber Resilience, is based on a survey of over 800 ITSDMs across six countries and examines security challenges at every stage of the printer lifecycle. Despite IT teams spending an average of 3.5 hours per printer each month managing security, the study found that failure to install firmware updates in a timely manner leaves many organisations open to potentially serious risks, such as data theft or device hijacking.

Issues begin as early as procurement. Only 38% of respondents said that IT, security, and procurement teams collaborate to define printer security requirements. Many also fail to request security documentation or involve relevant teams in vendor selection. More than half are unable to verify whether a printer has been tampered with in the factory or during shipping.

In the remediation phase, just 35% said they could identify printers vulnerable to newly discovered threats, while 32% were able to detect hardware-level attacks. Concerns about offline security were also rising, with 70% of ITSDMs worried about physical risks like the mishandling of sensitive printouts.

End-of-life printer handling presents further problems. Nearly nine out of 10 respondents cited data security as a barrier to reuse or recycling, with many lacking confidence in their ability to securely wipe devices. A quarter of ITSDMs believe it is necessary to physically destroy printer storage drives to prevent data breaches.

Steve Inch, global senior print security strategist at HP, warned: “With multi-year refresh cycles, unsecured printers create long-term vulnerabilities. If compromised, attackers can harvest confidential information for extortion or sale.”

HP recommends that organisations prioritise collaboration across departments when procuring print hardware, apply firmware updates promptly, and use printers with built-in threat monitoring and secure data erasure capabilities to improve lifecycle security.