HP(US:HPQ) GlobeNewswire News Room·2024-12-12 09:00Core Insights - HP Inc. emphasizes the critical importance of securing hardware and firmware throughout the device lifecycle to enhance cybersecurity posture [1][4][5] Group 1: Cybersecurity Concerns - A global study involving over 800 IT and security decision-makers and 6000 work-from-anywhere employees reveals that 81% of ITSDMs believe hardware and firmware security should be prioritized to prevent exploitation of vulnerable devices [2] - Despite this, 68% of ITSDMs report that investment in hardware and firmware security is often neglected in the total cost of ownership, leading to significant security challenges and inefficiencies [2][3] Group 2: Device Lifecycle Findings - Supplier Selection: 34% of ITSDMs indicate that a supplier has failed a cybersecurity audit in the past five years, with 18% terminating contracts due to serious failures [3] - Onboarding and Configuration: 53% of ITSDMs acknowledge that BIOS passwords are either shared too broadly or not strong enough, and they rarely change these passwords throughout the device's life [3] - Ongoing Management: Over 60% of ITSDMs do not promptly apply firmware updates, with 57% experiencing fear of making updates [3][9] - Monitoring and Remediation: Organizations incur an estimated $8.6 billion annually due to lost and stolen devices, with one in five employees reporting loss or theft of their devices [3][10] - Second Life and Decommissioning: 47% of ITSDMs cite data security concerns as a major barrier to reusing or recycling devices, contributing to an e-waste epidemic [3][12] Group 3: Recommendations for Improvement - HP Wolf Security recommends that organizations ensure collaboration between IT, security, and procurement teams during the supplier selection process to validate security claims [18] - For onboarding, organizations should seek solutions that enable secure zero-touch onboarding and management of firmware settings [18] - Ongoing management should focus on tools that allow remote monitoring and rapid deployment of firmware updates to minimize vulnerabilities [18] - Monitoring and remediation strategies should include capabilities for remote data erasure and audit log monitoring to identify security risks [18] - For second life and decommissioning, organizations should prioritize devices that can securely erase sensitive data to facilitate safe disposal [18]