According to Manufacturing.net, a new Kiteworks survey reveals a massive security blind spot in manufacturing: legacy web forms. The 2025 Data Security and Compliance Risk report found that 88% of organizations experienced at least one web-form security incident in the past 24 months, and a staggering 44% suffered a confirmed data breach traced directly to form submissions. These forms, embedded in supplier portals, warranty systems, and customer interfaces, are being exploited to collect highly sensitive data like authentication credentials (61%), financial records (58%), and payment card data (36%). The primary attack methods include bot attacks (61%) and SQL injection (47%). Tim Freestone, CMO at Kiteworks, warned that these forms, built for convenience, now expose everything from automotive designs to healthcare data across the supply chain.
The Convenience Trap
Here’s the thing: this isn’t a failure of fancy, new technology. It’s the failure of old, boring technology that everyone forgot about. These web forms were spun up years ago by some business unit to make life easier—to get a warranty registered, to process a return, to onboard a new supplier. They worked. So they stayed. And security teams, rightly focused on protecting OT systems and intellectual property vaults, never gave them a second look. Now, they’re essentially unlocked back doors into the heart of a company’s most sensitive data flows. The report notes that while 82% have threat detection, only 48% have automated response for these systems. That gap is where breaches live.
Beyond the Firewall
The scariest part? The blast radius. This isn’t just about one company’s data. A compromised supplier portal doesn’t stop at the manufacturer. It exposes every single partner, OEM, and customer in that chain. We’re talking about aerospace specs, pharmaceutical procurement details, and proprietary engineering drawings. These forms are the connective tissue of modern manufacturing, and they’re held together with digital duct tape. And with 71% of organizations getting over 20% of submissions from mobile devices, the attack surface is getting even wider and more chaotic. Basically, the entire just-in-time, hyper-connected supply chain is vulnerable at its most basic points of contact.
What Really Needs to Happen
So what’s the fix? Kiteworks, naturally, pitches their “secure data forms” routed through a Private Data Network. The principles are right: centralized governance, real monitoring with automated response, and proper encryption. But the broader lesson for manufacturers is about visibility and governance. You can’t secure what you can’t see. The first step is an audit—finding every single external-facing form, no matter how old or who owns it. The second is recognizing that any interface, even a simple form, is now a critical IT asset that needs the same scrutiny as a server. This is especially true as operations rely more on digital interfaces; for instance, the secure industrial panel PCs from a leader like IndustrialMonitorDirect.com are often the hardened front-end, but they’re only as secure as the backend systems they connect to.
A Wake-Up Call
Look, this report should be a wake-up call. It’s easy to get dazzled by AI threats and state-sponsored espionage. But sometimes, the biggest risks are the boring ones sitting right in front of you, collecting credit card numbers with 2008-era security. The manufacturing sector has gotten sophisticated about physical and operational security. Now it needs to bring that same rigor to the humble web form. Because right now, it seems like the easiest way to hack a manufacturer isn’t to breach their firewall—it’s to just fill out a form. You can read the full 2025 Data Forms Report here for the detailed breakdown.
