Confidence in Printer Security Down as Print-Related Security Incidences Rise

A recent report on print security from market-research firm Quocirca reveals that confidence in printer security is falling as printer-security incidences and printer data losses increase.

The Quocirca Global Print Security Landscape 2023 report finds that increasing print volumes and growth in hybrid work create security risks, as the average cost of a print-related data breach rises to £743,000 (approximately $947,000).

Quocirca’s survey found that IT decision makers are less confident in the security of their print network than they were a year ago. Only 19 percent are completely confident that their print infrastructure is protected from security breaches and data losses today, a drop from 23 percent in 2022. This is despite the fact that organizations are becoming more mature in their approach to print security, with a greater proportion having implemented key protection and policy measures.

Louella Fernandes, Quocirca Research Director, commented: “It is encouraging that organizations are adopting more print security measures and growing in maturity, although this is not fully translating to confidence.

“With 70 percent of organizations remaining dependent on print and 68 percent expecting growth in office print volumes as employees return to the office, work is still needed to ensure that print security gets the right degree of attention. Print-related breach and data loss risk remains high, so businesses must continue working to address gaps. However, our research shows that progress may be impeded by differing perceptions of print security risk between CIOs and CISOs,” Fernandes said

Quocirca’s Print Security Landscape 2023 is based on the views of 507 IT decision makers in the U.S. and Europe. The findings also include:

• 42 percent of organizations report suffering a cybersecurity incident in the past year, rising to 55 percent in mid-market companies and 51 percent in the finance sector.
• 61 percent say they experienced a data loss related to unsecured printing, rising to 63 percent in the U.K. and 67 percent among retail businesses. Although some breaches involve malicious device compromise, many are attributed to human errors such as printouts left in printer output trays.
• 39 percent say it’s becoming harder to keep up with print-security demands.
• The average cost of data breaches has risen to £743,000 (approximately $947,000) from £631,915 (approximately $805,000) in 2022.
• 79 percent expect to increase print-security spending over the coming year, rising to 86 percent in the U.S., and 85 percent in professional services and retail organisations.

Approaches to Print Security Maturing in the U.S. and Europe

Quocirca now classes more than a quarter (27 percent) of organizations in its research sample as Leaders in its Print Security Maturity Index, an increase from 18 percent in 2022. These organizations have implemented six or more measures to protect their print infrastructure. A further 59 percent are Followers who have adopted two to five measures, and the remaining 15 percent are Laggards, with only one or no measures in place.

Quocirca’s study also reveals regional variations in print-security maturity, with the U.S. having a higher proportion of Leaders (31 percent) than the U.K. (27 percent), France (26 percent), and Germany (18 percent). Germany has the most Laggards – firms that have implemented one or no measures – at 29 percent. Company size is also a factor; 30 percent of firms with more than 1000 employees are Leaders, while only 23 percent of smaller businesses reach that level.

CIOs and CISOs Disconnected on Print Security

Chief intelligence officers (CIOs) and chief information security officers (CISOs) have differing views on the level of challenge and risk associated with staying ahead of print-security issues. CISOs are more positive – only 28 percent say it’s become harder to keep up with print-security challenges, compared to 50 percent of CIOs, and an overall average of 39 percent.

Similarly, only 45 percent of CISOs are concerned about the risk of unsecured printers, compared to 72 percent of CIOs. These figures indicate that the two key influencers over security and data protection in the enterprise are not aligned in their perception of the risk residing in print infrastructure.

According to Quocirca’s Fernandes: “Our research identified a significant disconnection between the views of CIOs and CISOs on print security, which may be preventing companies from determining the true level of risk. Independent, in-depth risk assessments are a vital tool to give senior leaders objective evidence of print-security gaps across devices and document workflows and enable consensus on the actions needed to protect the enterprise.”

Maturity and Managed Print Services (MPS) Adoption Relate to Levels of Reported Data Losses

Almost half (47 percent) of print-security Leaders reported one or more data losses due to unsecure printing, but this rose to 65 percent among Followers, and 68 percent among Laggards. Almost two-thirds (63 percent) of firms operating a mixed printer fleet reported at least one breach, while only 56 percent of those operating a standard fleet experienced a breach.

According to Fernandes: “There is a clear opportunity here for MPS vendors to reduce breach risk by moving clients to a managed, single-vendor fleet. Interestingly, however, users of MPS were more likely to report security breaches than those with no MPS. This may be due to the fact that MPS is more likely to uncover a data breach.”

In fact, MPS users are generally happier with the security capabilities of their supplier than those not using MPS. Thirty-nine percent are very satisfied, compared with 23 percent of non-MPS users. Satisfaction is much higher in the U.S. (50 percent are very satisfied), and lowest in Germany, where only 17 percent are very satisfied.

Fernandes concludes: “As more employees return to the office and the long-term shape of hybrid working unfolds, businesses need to work to improve confidence in print security. Now is an ideal time to draw on the expertise of suppliers and conduct comprehensive print security assessments, allowing organizations can gain the insight they need to address security gaps and move forward with greater certainty.”

Quocirca’s Print Security Landscape 2023 includes recommendations for buyers and suppliers of print infrastructure and services. It also contains detailed information about the security provision of print vendors Brother, Canon, Epson, HP Inc., Konica Minolta, Kyocera, Lexmark, Ricoh, and Xerox. For more information, visit Quocirca here.