The humble printer, once a buzzing hive of enterprise activity, was largely eclipsed by electronic document management years ago. Yet the oft-overlooked office workhorse retains a foothold in the modern IT estate, posing potential security risks for lax organizations.
“Printers are no longer just harmless office fixtures – they’re smart, connected devices storing sensitive data,” Steve Inch, global senior print security strategist at HP Inc., said in a press release accompanying a report published by the vendor last month. “The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”
Many organizations are leaving the door wide open for malicious actors, according to HP’s survey of more than 800 enterprise IT and security decision-makers. Despite devoting an average of 3.5 hours per month to printer management, only 36% of respondents said their organizations install firmware updates promptly.
Failure to remediate known device vulnerabilities is also a rampant problem, HP found. Just over one-third of respondents said they can track unauthorized printer hardware changes or identify device vulnerabilities based on published security recommendations.
In 2023, the FBI and Cybersecurity and Infrastructure Security Agency warned PaperCut users that bad actors were exploiting a vulnerability in the print management software. The exploits began after the vendor released a patch.
“You cannot ignore the print infrastructure and expect that malicious bad actors are going to ignore it as well,” Boris Balacheff, chief technologist for security research and innovation at HP, told CIO Dive. “If you want to have a decent enterprise security posture, you have to have a decent print infrastructure security posture, too.”
Part of the problem is a lack of visibility. Enterprise printers often elude centralized management, which makes it difficult for IT and security leaders to keep track of every unit, according to Balacheff. When mergers and acquisitions add to an already dispersed fleet, the challenges multiply.
“We find companies where printers are still managed by facilities or real estate — nowhere near IT,” Balacheff said. “You’ve got doors, you’ve got lights and you’ve got printers.”
Shadow IT poses unnecessary security risks, regardless of whether it’s an application or a networked device.
“You wouldn't dream of exposing data to a computer that wasn't managed properly,” said Balacheff. “The printer is just like a computer you need to protect on the network — it's an IoT device and it is always on.”
The persistence of print
While demand for printers has flagged as legacy fleets are retired in favor of paperless alternatives, reliance persists in specific verticals, including finance, healthcare, government, legal and retail.
Expectations that the enterprise printer will soon be relegated to the IT scrapheap are, at best, premature, Keith Kmetz, program VP for imaging, printing and document solutions at IDC, said in an email.
“Many organizations are attempting to cut back on their print infrastructure, but this is a reduction, not an elimination,” Kmetz said.
Manufacturers shipped nearly 79 million printers and multifunction peripherals that perform printing, scanning and copying tasks last year, according to IDC research. The firm expects the market to gradually contract by 10% in the next five years. Yet the industry will still ship an estimated 70 million units in 2029.
Print’s staying power reflects a mix of human preferences, regulatory requirements and IT capabilities. Some organizations lack the technical infrastructure to shift entirely to digital processes. Others prefer print for aesthetic value and other reasons.
“Physical paper-based documents are harder to ignore than the bombardment of digitally based content we receive every day,” Kmetz said. “The paper document is a call to action.”
Nevertheless, printers have fallen off the C-suite radar in many organizations — and out of security oversight.
“Let's face it, print is not the sexiest thing to sell all the time to a CIO,” John Bruno, president and COO at Xerox, said during a Q1 2025 earnings call in May, for the three months ending March 31. The company saw revenue in its print division drop 8.6% year over year to $1.4 billion in Q2 and has been pivoting to IT and digital services since initiating an organizational overhaul in January 2024.
HP experienced a less severe decline of 4% in printer revenue to $4.2 billion during the second quarter of its 2025 fiscal year, which ended April 30. The company expects revenue for its printer division to continue to decline through the end of the year but has nonetheless invested in the rollout of its first quantum-resilient enterprise printer, President and CEO Enrique Lores said during HP’s Q2 earnings call in May.
“Security budgets are not spent on buying equipment, but IT is going to have to deal with any issues that exist in the future of the network,” Balacheff said. “The issues you have to manage through the life of the printer are not things that were necessarily thought about ahead of time.”
Many enterprises procure printers under lease or managed service contracts that last between three and five years and dictate refresh cycles, according to Kmetz. Unserviced legacy units can spend far longer churning out pages in corners of the business where IT doesn’t travel.
“For devices not under a contract, there’s probably a more ‘if it’s not broke, don’t fix it’ mentality,” Kmetz said. “In such instances, it’s common to find printers and MFPs that are 10-plus years old.”
