Commonly overlooked interfaces have become a primary attack vector for adversaries attempting to infiltrate manufacturing organizations and the regulated industries they serve, according to 2025 Data Security and Compliance Risk: Data Forms Survey Report released by Kiteworks.
“Manufacturers sit at the center of global supply chains—and attackers know it,” says Tim Freestone, CMO at Kiteworks. “When a supplier portal, warranty registration form, or RMA interface is compromised, the blast radius extends far beyond the manufacturer. It can expose automotive design files, aerospace specifications, healthcare procurement data, and partner credentials. Legacy web forms were built for convenience, not security. They simply cannot meet today’s requirements for sovereignty, encryption, and supply-chain compliance.”
Key takeaways:
· While many manufacturers continue investing in OT security, production systems, and IP protection, attackers are increasingly exploiting digital forms that move sensitive data between manufacturers, suppliers, OEMs, and customers.
· According to the report, 88% of organizations experienced at least one web-form security incident in the past 24 months, and 44% suffered a confirmed data breach traced to form submissions.
· Survey findings show manufacturers routinely collect highly sensitive information through web forms, including 61% collecting authentication credentials; 58% collecting financial records; 36% collecting payment card data; and 29% collecting government ID numbers.
· Manufacturers also route IP, engineering drawings, supplier pricing, and production data through older portals that often lack modern encryption, logging, and validation. These environments have become prime targets for bot attacks (61%), SQL injection (47%), cross-site scripting (39%), session hijacking (28%), and man-in-the-middle attacks (21%).
· Manufacturers face rising compliance expectations from OEMs, global customers, and regulators: CMMC 2.0 applies to 14% of organizations in defense and aerospace supply chains; 85% say data sovereignty is critical or very important; and many must simultaneously satisfy GDPR, PCI DSS, export controls, and customer-mandated security attestations.
· Supplier portals, warranty workflows, RMA systems, and dealer interfaces often operate independently across business units and external partners. Many were built years before modern threats emerged, leaving security teams with limited visibility into data flows.
· While 82% of organizations have real-time threat detection, only 48% have automated incident response, creating critical delays. Mobile exposure is also rising: 71% of organizations receive more than 20% of submissions from mobile devices, but mobile-specific controls remain inconsistently implemented.
