Putting print security on the C-Level agenda
Data breaches are rarely out of the headlines and compliance pressure, such as the introduction of GDPR, means security remains high on the corporate agenda. Cyber threats and data breaches are no longer the sole domain of the IT department, they must be considered at board level as the repercussions are simply too big to ignore.
Businesses of all sizes are potentially exposed to reputational, legal and financial losses as the result of cyber attacks. The increasing sophistication of attacks and the emergence of insider threats means businesses face a battleground to balance business productivity with the need for privacy and security. One area of the IT environment which is often overlooked is the print infrastructure. The majority of organisations rely on print to support business-critical processes, meaning it can be the gateway to valuable, confidential and sensitive information.
Quocirca’s Print Security Landscape 2019 Report reveals evidence of this tension between productivity and security. It shows that print security is becoming a greater concern to businesses with 59% reporting a print-related data loss in the past year and print-related incidents comprising 11% of security events overall.
To understand how organisations are responding to print-related threats, Quocirca’s print security maturity index assesses an organisation’s print security posture on the basis of their adoption of key elements of print security best practice. The results of the index showed just 27% of organisations could be classed as print security leaders, with 17% laggards and the rest classed as followers. It is therefore imperative that businesses become more print security conscious, particularly as they look to close the paper to digital gap in their business processes. This ultimately requires print security to move higher on the C-level agenda.
Manufacturers respond to security threats
In response, print manufacturers are elevating awareness of print security risks. Today most offer a diverse range of product offerings encompassing built in hardware security, print security solutions and comprehensive security and risk assessments.
HP has cemented its lead as a visionary for print security, driving industry standards and offering one of the most comprehensive hardware, software and services portfolios. Nevertheless, most competitors are hot on their heels in developing their print security propositions. Leading players are moving to a secure-by-design approach, where security is built in from the ground up on new hardware.
What is setting the leaders apart in the market is their investment in security services such as assessments, monitoring and analytics. As the threat landscape becomes more sophisticated, machine intelligence will be key in being able to respond to or predict threats. This will enable an organisation to enhance their print security posture and mitigate potential risks.
Our top-level research findings show that businesses in the US and Europe remain reliant on printing, with 87% expecting it will still be important in two years’ time. This dependence creates risk, however, with 66% ranking print in their top 5 risks, second only to cloud-based services at 69%.
Print security spend is on the rise
In response to increasing threats, 77% of businesses are increasing their print security spend. An average of 11% of security budget is currently devoted to printing and we expect the absolute amount spent will increase. There’s good reason to invest in protection as the costs of breach are significant – an average of £313,000 per annum, plus less tangible costs such as lost productivity also a factor.
Knowing where to spend that growing budget is essential. Here we found a perception gap between what are believed to be the highest risks, and the factors that actually cause breaches. While the top perceived security threat is malware (cited by 70% of respondents), the most common cause of breaches is accidental actions of internal users – inadvertent insider threat – involved in 32% of breaches. This misconception could lead to too much weight being given to some threats and not enough to others. Organisations must take a data-driven assessment approach to identifying areas of weakness in processes and technology, before developing policies, procurement strategies and user education programmes to mitigate them.
Managed Print Services have a positive impact
Those who are getting to grips with print security tend to be MPS users. Overall 62% of organisations are using an MPS to gain access to print management and security skills which are often lacking in-house. This figure rises to 76% for print security leaders (as measured by Quocirca’s index) compared with just 44% for the laggards.
When it comes to the key activities that support best practice print security management, overall 70% of organisations have carried out a security assessment, 51% have a formal print security policy, 48% apply regular firmware updates, 40% use pull printing, 37% use secure mobile printing and 36% third-party device testing.
Print industry vendors are responding to the growing demand for robust print security. Our report details the strategy and approach taken by key manufacturers and ISVs to give customers the security, visibility and efficiency that they need from trusted partners. As devices become more powerful and handle more data, manufacturers must embed security that will serve for the lifecycle of the product and integrate with wider IT security tools. In an evolving threat environment this entails automated patching and security updates to future proof these potential network ingress points against attack.
As businesses adjust to the risk of data breaches as a cost of doing business, organisations should take a more robust strategy being developed around identifying, managing and mitigating risks. In today’s ever expanding threat landscape , every organisations must be vigilant and proactive about securing their data. Managing risk begins with understanding the threat environment, assessing risk and defining incident response plans. Ultimately, print security needs to be top of the board agenda. There is no room for complacency, given the far-reaching repercussions – legal, financial and reputational – of print related data losses.