A new Kiteworks survey reveals that legacy web forms in manufacturing supply chains are increasingly exploited by cyber attackers, prompting urgent calls for secure data form adoption amid rising compliance pressures.
New Kiteworks Survey Reveals Manufacturers Face Growing Supply-Chain Exposure as Legacy Web Forms Drive Data Breaches Across Supplier Portals and Customer Interfaces
Kiteworks Report Finds 85% of Manufacturers Hit by Web-For...
Continue Reading This Article
Enjoy this article as well as all of our content, including reports, news, tips and more.
By registering or signing into your SRM Today account, you agree to SRM Today's Terms of Use and consent to the processing of your personal information as described in our Privacy Policy.
m Security Incidents; Data Sovereignty, CMMC Requirements, and Legacy Portal Risks Accelerate Shift to Secure Data Forms
San Mateo, CA | December 4, 2025 , Kiteworks today announced new research that exposes a rapidly expanding security blind spot across the manufacturing sector: legacy web forms embedded in supplier portals, warranty systems, RMA processes, and customer intake workflows. The 2025 Data Security and Compliance Risk: Data Forms Survey Report reveals that these commonly overlooked interfaces have become a primary attack vector for adversaries attempting to infiltrate manufacturing organizations, and the regulated industries they serve.
While many manufacturers continue investing in OT security, production systems, and IP protection, attackers are increasingly exploiting digital forms that move sensitive data between manufacturers, suppliers, OEMs, and customers. According to the report, 88% of organizations experienced at least one web-form security incident in the past 24 months, and 44% suffered a confirmed data breach traced to form submissions.
“Manufacturers sit at the center of global supply chains, and attackers know it,” said Tim Freestone, CMO at Kiteworks. “When a supplier portal, warranty registration form, or RMA interface is compromised, the blast radius extends far beyond the manufacturer. It can expose automotive design files, aerospace specifications, healthcare procurement data, and partner credentials. Legacy web forms were built for convenience, not security. They simply cannot meet today’s requirements for sovereignty, encryption, and supply-chain compliance.”
Manufacturers Collect High-Value Data, And Attackers Are Exploiting It
Survey findings show manufacturers routinely collect highly sensitive information through web forms, including:
- 61% collecting authentication credentials
- 58% collecting financial records
- 36% collecting payment card data
- 29% collecting government ID numbers
Manufacturers also route IP, engineering drawings, supplier pricing, and production data through older portals that often lack modern encryption, logging, and validation. These environments have become prime targets for bot attacks (61%), SQL injection (47%), cross-site scripting (39%), session hijacking (28%), and man-in-the-middle attacks (21%).
Supply-Chain and Regulatory Pressures Intensify
Manufacturers face rising compliance expectations from OEMs, global customers, and regulators:
- CMMC 2.0 applies to 14% of organizations in defense and aerospace supply chains
- 85% say data sovereignty is critical or very important
- Many must simultaneously satisfy GDPR, PCI DSS, export controls, and customer-mandated security attestations
“Manufacturers cannot rely on legacy forms and hope audits won’t uncover gaps,” said Patrick Spencer, SVP of Americas Marketing and Industry Research at Kiteworks. “OEMs increasingly require verifiable controls for every data entry point. If a supplier cannot guarantee data residency, encryption standards, and continuous compliance, they risk losing business.”
Legacy Portals and Distributed Systems Create Blind Spots
Supplier portals, warranty workflows, RMA systems, and dealer interfaces often operate independently across business units and external partners. Many were built years before modern threats emerged, leaving security teams with limited visibility into data flows.
While 82% of organizations have real-time threat detection, only 48% have automated incident response, creating critical delays. Mobile exposure is also rising: 71% of organizations receive more than 20% of submissions from mobile devices, but mobile-specific controls remain inconsistently implemented.
The Shift to Secure Data Forms
Kiteworks recommends replacing legacy web forms with secure data forms that provide:
- FIPS 140-3 validated encryption and field-level protection
- Data sovereignty enforcement with region-specific deployments
- Centralized governance across all supplier, customer, and partner forms
- Real-time monitoring paired with automated response
- Continuous, automated compliance evidence generation
Secure data forms route all submissions through a Private Data Network rather than inboxes or ungoverned databases, giving manufacturers visibility and control over one of today’s most exploited supply-chain attack surfaces.
About Kiteworks
Kiteworks empowers organizations to effectively manage risk in every send, share, receive, and use of private data. The Kiteworks platform provides a Private Data Network that unifies, tracks, controls, and secures sensitive data moving within, into, and out of the enterprise. Trusted by over 1,500 global enterprises and government agencies, Kiteworks helps manufacturing organizations ensure compliance, reduce supply-chain risk, and protect their most valuable information assets. Learn more at www.kiteworks.com.
Media Contact:
Kiteworks Public Relations
[email protected]
(650) 800-1234
