60 per cent of businesses have had a print-related breach in the past 12 months and the insider threat is the biggest cause. That’s according to research and a new report from analyst firm Quocirca, which today published the results of its latest Global Print Security Report, containing detailed analysis of primary research conducted among 250 enterprises in the UK, France, Germany and the US. It also provides recommendations for IT decision makers and comprehensive analysis of the security offerings of key vendors and ISVs.
Print-related breaches are costing an average of £313,000 per year, the study found, with 60% of organisations experiencing at least one print-related data loss in the past 12 months. The majority of breaches stem from accidental actions by internal users i.e. insider threat.
Despite a reported 11% of all security incidents being related to print infrastructure, the research found that attempts to mitigate print risks lack maturity. Only 27% of businesses achieve print security leader status in Quocirca’s Print Security Maturity Index.
Key research findings:
- 91% of organisations consider print to be important today and 87% expect its importance to continue over the next two years.
- 66% of organisations rank print in the top 5 risks that could lead to security breaches, second only to public cloud services (69%).
- 73% of organisations are concerned or very concerned about the risk of print-related data breaches.
- 11% of all security incidents are print-related, equating to nine incidents per year on average. 60% of businesses have suffered at least one print-related data loss in the last 12 months.
- 77% of businesses say they are increasing print security spending, with 11% of overall security budgets allocated to print infrastructure.
- Businesses are most worried about malware infecting print devices, but the majority of breaches result from human error.
- Organisations using managed print services (MPS) are more secure with 76% of print security leaders taking advantage of MPS.
Perception gap: insider threat is higher than malware risk
The study found a perception gap where print security risks are concerned. The top perceived risk is malware, rated as the highest concern by 70%. However, the most common cause of actual breaches is accidental actions of internal users, involved in 32% of incidents. This perception gap could lead to too much focus on some risks and too little on others. It highlights the importance of user education as a pillar of print security strategy.
Commenting on the findings, Quocirca Research Director Louella Fernandes said: “Our research consistently shows that businesses remain reliant on print, but the way it is used is changing. Print infrastructure is vulnerable to all the threats associated with IoT devices, but also to risks linked to hard copy output.
“The number of print-related of breaches reported by the organisations we surveyed is concerning and the lack of security maturity shows that businesses can and should do more. With the financial, legal and reputational consequences of data breaches escalating, print security is intrinsic to an organisation’s security posture and a risk that should be managed at boardroom level.
“Organisations must ensure that they are addressing the right threats with a combination of education, policy and technology as they aim to close the paper-digital gap in business processes.”
Print Security Maturity Varies
Quocirca’s Print Security Maturity Index ranked organisations on their adoption of the foundations of print security best practice. These include spending on print security; the use of security assessments; the use of pull printing; having a formal print security policy; secure mobile printing; third party testing of printing devices and printer firmware updates.
The index found that only 27% of organisations are print security leaders, 56% are followers and 17% are laggards, whose complacent approach to print security puts them at high risk of a breach. The US had most leaders, while France had the most laggards. Retail, which relies on in-store printing and paper despatch notes for online sales, has the most leaders, finance the least.
MPS linked to better security
The study found a positive link between businesses that use managed print services and improved security. Overall 62% of organisations are using MPS to gain access to print management and security skills which are often lacking in-house. This figure rises to 76% for print security leaders compared with just 44% for the laggards.
Print vendors and ISVs are responding to increasing concern about print security by moving towards a security-by-design approach and ensuring that products can integrate with broader security management tools.
Louella Fernandes commented: “Security is becoming a primary decision factor for organisations as they aim to mitigate the risks of their print infrastructure to protect corporate and customer data. As the amount of data across the network grows, vendors must futureproof devices and provide advanced monitoring and management tools to give businesses better control and peace of mind.”
The Global Print Security Landscape Report contains detailed analysis of primary research conducted among 250 enterprises in the UK, France, Germany and the US. It provides valuable recommendations for IT decision makers and comprehensive analysis of the security offerings of key vendors and ISVs. It is sponsored by Brother, HP, Ricoh, Xerox, Ringdale and Y Soft.
An executive summary is available at https://quocirca.com/content/quocirca-global-print-security-landscape-2019