Neglecting printer security is leaving you wide open to cyber attacks

Man using a printer in an open plan office space while talking to colleague.

(Image credit: Getty Images)

published 17 July 2025

If you need another reason to hate printers, you can add 'security risk' to the list.

A new study from HP Wolf Security reveals that printer security is routinely neglected, with businesses failing to carry out firmware upgrades.

Only 36% of IT and security decision-makers apply printer firmware updates promptly, even though IT teams spend an average of 3.5 hours per printer, per month managing security issues.

Steve Inch, global senior print security strategist at HP, said an often overlooked aspect of printer security is the fact they’re no longer just “harmless office fixtures”.

“They’re smart, connected devices storing sensitive data,” he said. “With multi-year refresh cycles, unsecured printers create long-term vulnerabilities.”

"If compromised, attackers can harvest confidential information for extortion or sale,” Inch added. “The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”

Printer security is becoming a nightmare

Security gaps are appearing at every stage of the product lifecycle, researchers found, with only 38% of respondents saying procurement, IT, and security teams collaborate to define printer security standards.

Six-in-ten believe this lack of cross-functional collaboration puts their organization at risk.

Meanwhile, 42% said they don't involve IT or security teams in vendor presentations, with 54% failing to request technical documentation to validate security claims, and 55% failing to submit vendor responses to security teams for review.

Nor do they check the printer’s integrity, with more than half saying they can't confirm whether the printer has been tampered with in the factory or in transit.

Moreover, once the printer does arrive, only 35% of IT decision makers said they could identify whether it was vulnerable based on newly published hardware or firmware vulnerabilities.

Only 34% can track unauthorized hardware changes made by users or support teams while just 32% can detect security events linked to hardware-level attacks.

Another key security risk highlighted by the study centers around when printers reach end of life. A majority (86%) of respondents said data security is a barrier to reuse, resale, or recycling.

More than a third said they were uncertain whether printers can be fully and safely wiped.

Notably, a quarter of respondents said they play it safe by physically destroying printer storage drives, and one-in-ten destroy both the storage drives and the device itself.

Enterprises need to get their act in order

HP Wolf Security said organisations need to foster closer collaborative ties between IT, security, and procurement teams on this front to bolster security and resilience.

This includes making sure they get security certificates for products and supply chain processes, the report noted.

Similarly, they should apply firmware updates promptly, use tools to streamline printer policy-based configuration compliance, and select printers with built-in secure erasure capabilities to enable safe recycling.

"By considering security at each stage of a printer’s lifecycle, organizations will not only improve the security and resilience of their endpoint infrastructure, but also benefit from better reliability, performance, and cost-efficiency over the lifetime of their fleets,” said Boris Balacheff, chief technologist for security research and innovation at HP.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.