HP: Device Security Failures Cost Firms US$8.6bn

Share
HP report reveals that device security failures are costing organisations £8.6bn annually worldwide
HP's study highlights procurement's role in tackling device security failures, costing organisations US$8.6bn globally. How can procurement mitigate risks?

The latest study from HP reveals that organisations lose US$8.6bn annually due to security breaches originating from end-user devices. This report underscores the growing need for organisations to integrate device security into procurement strategies as they acquire hardware and systems.

Procurement teams play a pivotal role in selecting secure technology, ensuring suppliers meet cybersecurity standards and minimising vulnerabilities from the outset.

The HP Wolf Security Report examines how device security failures impact organisations globally. With end-user devices such as laptops, printers and desktops serving as entry points for cyberattacks, inadequate procurement practices contribute to these breaches. Failure to consider security requirements when procuring devices can expose organisations to costly risks, including downtime, regulatory fines and loss of sensitive data.

Youtube Placeholder

Ian Pratt, HP’s Global Head of Security, says: “The costs we’re seeing here are just the tip of the iceberg. Organisations need to think of device security as a business-critical investment rather than an afterthought.” This statement reinforces the need for procurement teams to adopt security-first approaches when purchasing devices.

Procurement's role in mitigating security risks

The report highlights that nearly 68% of organisations admit to suffering significant financial or operational damage due to device-related breaches.

Procurement departments have an essential role in mitigating these risks by embedding cybersecurity into supplier contracts, purchasing policies and hardware evaluations.

Procurement teams must collaborate with IT and security departments to set stringent standards for devices entering the organisation. This includes sourcing devices with robust built-in security features, such as endpoint protection, secure boot processes and encrypted firmware.

Suppliers must demonstrate compliance with international cybersecurity standards and provide assurances on device security updates, patches and lifecycle management.

Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc

Buying PCs, laptops or printers is a security decision with long-term impact on an organisation's endpoint infrastructure. The prioritisation, or lack thereof, of hardware and firmware security requirements during procurement can have ramifications across the entire lifetime of a fleet of devices.

Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc

The findings also indicate that many organisations prioritise cost savings during procurement without fully evaluating the long-term security implications of their purchases. While this approach may reduce short-term expenses, it increases exposure to breaches that lead to costly recovery efforts and reputational damage.

The study further highlights the human element in device security failures, with employee behaviours exacerbating risks. However, procurement processes can mitigate this by sourcing devices with automated security features that reduce reliance on user actions.

For instance, purchasing devices with pre-installed malware detection systems or automated firmware updates helps address these challenges.

Key facts
  • Lost and stolen devices create an annual cost burden of $8.6 billion for organisations
  • 71% of IT leaders report increased difficulty managing platform security due to remote working
  • One in five remote workers have experienced device loss or theft, with an average 25-hour delay before notifying IT

Strategic procurement for secure and resilient devices

To tackle the US$8.6bn global cost of security failures, organisations must embed device security as a core component of procurement strategies. Adopting a 'secure by design' approach during the procurement process ensures devices meet security specifications before deployment.

HP’s study recommends a combination of actions to bolster resilience, including choosing vendors with end-to-end security features and prioritising trusted supply chains. Procurement teams should evaluate suppliers based on their ability to deliver secure devices while providing transparency around manufacturing processes, software integrations and patch management.

Michael Heywood, Business Information Security Officer for Supply Chain Cybersecurity at HP Inc

You will always need to choose technology providers you can trust. But when it comes to the security of devices that serve as entry points into your IT infrastructure, this should not be blind trust.

Michael Heywood, Business Information Security Officer for Supply Chain Cybersecurity at HP Inc

Ian adds: “Procurement needs to move beyond just buying devices and ensure they are selecting the most secure solutions for long-term operational resilience. Security should never be an afterthought.”

To strengthen device security procurement strategies, organisations should:

  1. Include device security criteria in tender and supplier selection processes.
  2. Ensure suppliers adhere to recognised security certifications and frameworks, such as ISO 27001.
  3. Audit and monitor supplier cybersecurity capabilities throughout contracts.
  4. Integrate Total Cost of Ownership (TCO) evaluations to account for security risks.

These steps ensure procurement aligns with organisational security goals, helping reduce the frequency and impact of device-related breaches.

Alex Holland, Principal Threat Researcher in the HP Security Lab

Post-breach remediation is a losing strategy when it comes to hardware and firmware attacks. These attacks can grant adversaries full control over devices, embedding deep within systems. Traditional security tools are blind to these threats as they tend to focus on the OS and software layers, making detection nearly impossible.

Alex Holland, Principal Threat Researcher in the HP Security Lab

Procurement as a defence mechanism

The HP Wolf Security Report makes it clear: failing to consider security in procurement decisions is costly. Procurement teams have the power to influence device security by working closely with IT and security stakeholders, setting clear security standards and holding suppliers accountable.

Grant Hoffman, Senior Vice President of Operations and Portfolio at HP Solutions

IT teams are hoarding end-of-life devices because they lack the assurance that all sensitive company or personal data has been fully wiped - which in itself can pose data security risks and negatively impact ESG goals.

Grant Hoffman, Senior Vice President of Operations and Portfolio at HP Solutions

As security risks rise, organisations must see procurement as a critical defence mechanism. By prioritising secure devices during procurement, firms can protect their systems, data and bottom lines from costly breaches.

As Ian concludes: “Organisations need to think of device security as a business-critical investment rather than an afterthought.”


Explore the latest edition of Procurement Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.

Discover all our upcoming events and secure your tickets today. 


Procurement Magazine is a BizClik brand.

Share

Featured Articles

How SAP India's Social Procurement Initiative Drives Change

SAP India has launched a social procurement initiative, seeking to encourage corporate buyers to source from these social enterprises

Managing the Retail Lifecycle with Honeywell and Verizon

The solution will streamline retail procurement and customer operations, combining Honeywell's industry-leading hardware with Verizon's 5G connectivity

Procurement Strategies Driven by Cleantech Investment Surge

S&P Global reveals an unprecedented cleantech investment shift, with renewable technologies outpacing fossil fuels and driving procurement strategies

WEF: The Role of Equity in Green & Digital Transformation

Sustainability

Three New Judges Join The Global PSC Awards 2025

Technology & AI

How Coupa Helped AkzoNobel put end-Users in Control

Digital Procurement