HP: Supply Chain Security Failures are Costing Billions

Share
HP report reveals that device security failures are costing organisations £8.6bn annually worldwide
HP's report highlights the US$8.6bn cost of device security failures and the critical role procurement and supply chain management play in reducing risk

Device security failures are costing organisations US$10.9bn annually worldwide, according to a report from HP, and continue to highlight significant vulnerabilities within procurement and supply chain processes.

The data underscores the urgent need for organisations to address security when sourcing and managing technology suppliers.

HP Wolf Security's study examines the financial and operational consequences of end-user device breaches. Devices such as laptops, desktops, and printers serve as key entry points for cyber attacks and failures in procurement and supply chain management often expose organisations to these threats.

Poor visibility into supply chains, inadequate supplier assessments and prioritising cost over security during procurement contribute to significant vulnerabilities.

Youtube Placeholder

Ian Pratt, HP’s Global Head of Security, says: “The costs we’re seeing here are just the tip of the iceberg. Organisations need to think of device security as a business-critical investment rather than an afterthought.”

This statement highlights the need for procurement and supply chain teams to adopt security-first approaches when sourcing technology.

Securing the supply chain: A procurement priority

HP's report reveals that 68% of organisations have experienced financial or operational harm from device-related security breaches. Procurement and supply chain managers play a pivotal role in addressing these risks by embedding cybersecurity requirements into supplier contracts, procurement frameworks and ongoing vendor management.

With devices being central to business operations, organisations must prioritise secure sourcing practices. Procurement teams need to work closely with IT and security leaders to establish supplier security standards that include end-to-end device protection, firmware security and regular software updates. Supply chain transparency is critical, with procurement professionals needing assurances that vendors adhere to cybersecurity standards throughout the product lifecycle.

Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc

Buying PCs, laptops or printers is a security decision with long-term impact on an organisation's endpoint infrastructure. The prioritisation, or lack thereof, of hardware and firmware security requirements during procurement can have ramifications across the entire lifetime of a fleet of devices.

Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Inc

The report also highlights the risks posed by complex, global supply chains. Devices and components often pass through multiple vendors, which increases the risk of tampering, counterfeit parts, or unpatched vulnerabilities. Implementing supply chain risk management practices, such as vendor audits and security certifications, helps mitigate these issues. Procurement teams must ensure suppliers comply with recognised frameworks like ISO 27001 or NIST cybersecurity standards to reduce risks at every stage.

A common failing noted in the report is the tendency to focus on cost savings during procurement. While cutting costs may provide short-term benefits, this often leads to the acquisition of devices lacking robust security features, which increases long-term exposure to breaches. By balancing cost considerations with security requirements, procurement can reduce the risk of significant financial and reputational damage.

Key facts
  • Lost and stolen devices create an annual cost burden of $8.6 billion for organisations
  • 71% of IT leaders report increased difficulty managing platform security due to remote working
  • One in five remote workers have experienced device loss or theft, with an average 25-hour delay before notifying IT

Building Resilience Through Secure Procurement and Supply Chains

The HP Wolf Security study outlines the actions organisations must take to mitigate the US$8.6bn cost of device security failures. Embedding security as a core requirement in procurement policies ensures that devices meet safety standards before deployment, reducing downstream risks.

Organisations are encouraged to adopt “secure by design” principles in their procurement and supply chain processes. This means selecting suppliers who prioritise security, provide transparency into their manufacturing processes and commit to regular updates and patches. Device security should no longer be treated as an afterthought but as a non-negotiable procurement criterion.

Michael Heywood, Business Information Security Officer for Supply Chain Cybersecurity at HP Inc

You will always need to choose technology providers you can trust. But when it comes to the security of devices that serve as entry points into your IT infrastructure, this should not be blind trust.

Michael Heywood, Business Information Security Officer for Supply Chain Cybersecurity at HP Inc

Pratt reinforces this, stating: “Procurement needs to move beyond just buying devices and ensure they are selecting the most secure solutions for long-term operational resilience.”

To address these challenges, organisations must:

  1. Integrate cybersecurity requirements into supplier contracts and procurement frameworks.
  2. Evaluate supply chain transparency and ensure devices come from trusted sources.
  3. Require suppliers to adhere to recognised security certifications, such as ISO 27001 or NIST standards.
  4. Conduct regular audits to assess vendor compliance with security requirements throughout the supply chain.
  5. Implement Total Cost of Ownership (TCO) analysis to account for long-term security risks.

These strategies ensure procurement and supply chain teams align their practices with the organisation’s broader cybersecurity goals. By doing so, they minimise vulnerabilities stemming from poorly secured devices while building a more resilient operational environment.

Alex Holland, Principal Threat Researcher in the HP Security Lab

Post-breach remediation is a losing strategy when it comes to hardware and firmware attacks. These attacks can grant adversaries full control over devices, embedding deep within systems. Traditional security tools are blind to these threats as they tend to focus on the OS and software layers, making detection nearly impossible.

Alex Holland, Principal Threat Researcher in the HP Security Lab

Addressing procurement and supply chain gaps

The findings of the HP Wolf Security Report serve as a stark reminder of the critical role procurement and supply chain management play in device security. Failures in these processes expose organisations to costly breaches, operational disruptions, and reputational damage.

Grant Hoffman, Senior Vice President of Operations and Portfolio at HP Solutions

IT teams are hoarding end-of-life devices because they lack the assurance that all sensitive company or personal data has been fully wiped - which in itself can pose data security risks and negatively impact ESG goals.

Grant Hoffman, Senior Vice President of Operations and Portfolio at HP Solutions

Procurement and supply chain professionals must embrace their role as key players in cybersecurity by embedding security standards into sourcing strategies, managing supply chain risks, and holding vendors accountable for compliance.

Ian concludes: “Organisations need to think of device security as a business-critical investment rather than an afterthought.”

With a more secure procurement and supply chain strategy, organisations can protect themselves from the growing cost of device-related security failures.


Explore the latest edition of Supply Chain Digital Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.

Discover all our upcoming events and secure your tickets today. 


Supply Chain Digital is a BizClik brand.

Share

Featured Articles

Shippeo: A Leader in Real-Time Transportation Visibility

Shippeo has raised US$30m in its latest funding round led by Woven Capital, helping the firm to accelerate its growth in North America and APAC

Walmart and IBM: Enhancing Last-Mile Delivery for Retailers

Retail powerhouse Walmart has joined forces with IBM to integrate Walmart GoLocal, its white-label delivery service, into IBM Sterling Order Management.

IBM: How to Elevate Procurement Teams' ESG Analytics

Experts from IBM explain how innovations in procurement are shaping supply chain sustainability efforts through strategic applications of technology

Blue Yonder: Evolving Europastry's Logistics Network

Digital Supply Chain

Circular Economy: Shaping Sustainable Global Supply Chains

Sustainability

Amazon's Radical Approach to Sustainable Transportation

Logistics