HP Inc. (NYSE: HPQ) has released a new report revealing the critical cybersecurity risks associated with failing to secure devices throughout their lifecycle. The study, which surveyed over 800 IT and security decision-makers (ITSDMs) and more than 6,000 work-from-anywhere (WFA) employees, highlights the growing concern around platform security—securing hardware and firmware for devices such as PCs, laptops, and printers. The findings show that 81% of ITSDMs believe hardware and firmware security must be a priority to prevent exploitation, yet 68% report that investment in this area is often neglected during the total cost of ownership (TCO) calculation, leading to security vulnerabilities, costly issues, and inefficiencies.
The report outlines key concerns in five stages of the device lifecycle. In the supplier selection phase, 34% of ITSDMs say a supplier has failed a cybersecurity audit in the past five years, with 18% terminating contracts due to serious failures. Additionally, 60% of ITSDMs express concern over the lack of IT and security involvement in device procurement, putting organizations at risk. During onboarding and configuration, over half of ITSDMs admit to issues with BIOS password management, with 53% failing to regularly change these passwords throughout a device’s lifecycle.
The report also highlights challenges in ongoing device management, where over 60% of ITSDMs don’t update firmware immediately after new releases, and 57% cite “Fear Of Making Updates” (FOMU). Despite this, 80% of ITSDMs believe the rise of AI will lead to faster exploits from attackers, making prompt updates essential. The study further notes that lost or stolen devices cost organizations an estimated $8.6 billion annually, with 20% of WFA employees reporting lost or stolen PCs, often taking an average of 25 hours to notify IT.
When it comes to second-life device management, 47% of ITSDMs say data security concerns prevent them from reusing, recycling, or reselling PCs, laptops, and printers, contributing to an e-waste problem. In fact, 70% of WFA employees have at least one old work device, with 12% leaving their devices behind when changing jobs, presenting additional security risks.
Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc., warns that purchasing devices is a long-term security decision with far-reaching consequences. The lack of prioritization of hardware and firmware security during procurement can lead to increased risks and costs. To address these issues, HP recommends that IT, security, and procurement teams work together to establish security requirements, validate vendor claims, and ensure secure device onboarding, management, and decommissioning practices.
The report concludes that a more comprehensive approach to device lifecycle management is essential for improving platform security. HP Wolf Security’s recommendations include ensuring secure zero-touch onboarding, using tools to monitor and manage device configuration, and prioritizing secure data erasure during decommissioning to reduce data security risks.
For further insights and recommendations, download the full report “Securing the Device Lifecycle: From Factory to Fingertips, and Future Redeployment.”