When I heard this argument for the first time over a decade ago I thought it would never be a thing.
I was to be proved wrong!
A few years ago, I was hired to figure out how a perpetrator got into a corporate network.
Like so often, my blue-chip/fortune 500 colleagues had failed to find the loophole where the criminals had entered the network.
To be honest, being confronted with An attack on a system through a printer was new for me too.
That being said: this Vector is quite exotic, and is not often found in the wild.
However, it exists! So, why not take the printers in your organization into the upgrade cycle, and thereby categorically rule out attacks through printers, and other network connected devices?