Kiteworks recently unveiled new research that exposes a rapidly expanding security blind spot across the manufacturing sector: legacy web forms embedded in supplier portals, warranty systems, RMA processes, and customer intake workflows.
The 2025 Data Security and Compliance Risk: Data Forms Survey Report reveals that these commonly overlooked interfaces have become a primary attack vector for adversaries attempting to infiltrate manufacturing organizations—and the regulated industries they serve.
While many manufacturers continue investing in OT security, production systems, and IP protection, attackers are increasingly exploiting digital forms that move sensitive data between manufacturers, suppliers, OEMs, and customers. According to the report, 88 percent of organizations experienced at least one web-form security incident in the past 24 months, and 44 percent suffered a confirmed data breach traced to form submissions.
Tim Freestone, CMO at Kiteworks state, “When a supplier portal, warranty registration form, or RMA interface is compromised, the blast radius extends far beyond the manufacturer. It can expose automotive design files, aerospace specifications, healthcare procurement data, and partner credentials. Legacy web forms were built for convenience, not security.”
Survey findings show manufacturers routinely collect highly sensitive information through web forms, including:
- 61 percent collecting authentication credentials.
- 58 percent collecting financial records.
- 36 percent collecting payment card data.
- 29 percent collecting government ID numbers.
Manufacturers also route IP, engineering drawings, supplier pricing, and production data through older portals that often lack modern encryption, logging, and validation. These environments have become prime targets for:
- Bot attacks (61%).
- SQL injection (47%).
- Cross-site scripting (39%).
- Session hijacking (28%).
- Man-in-the-middle attacks (21%).
Supplier portals, warranty workflows, RMA systems, and dealer interfaces often operate independently across business units and external partners. Many were built years before modern threats emerged, leaving security teams with limited visibility into data flows.
While 82 percent of organizations have real-time threat detection, only 48 percent have automated incident response, creating critical delays. Mobile exposure is also rising: 71 percent of organizations receive more than 20 percent of submissions from mobile devices, but mobile-specific controls remain inconsistently implemented.
The Shift to Secure Data Forms
Kiteworks recommends replacing legacy web forms with secure data forms that provide:
- FIPS 140-3 validated encryption and field-level protection
- Data sovereignty enforcement with region-specific deployments.
- Centralized governance across all supplier, customer, and partner forms.
- Real-time monitoring paired with automated response.
- Continuous, automated compliance evidence generation.
Secure data forms route all submissions through a Private Data Network rather than inboxes or ungoverned databases, giving manufacturers visibility and control over one of today’s most exploited supply-chain attack surfaces.
Learn more at www.kiteworks.com.
