Cyber attackers have learned something that many manufacturers have yet to fully absorb: The fastest path into a heavily regulated enterprise often runs through its supply chain.

Banks, defense contractors, healthcare systems and energy companies invest heavily in their own security. Their suppliers frequently do not.

Manufacturing sits at the center of this dynamic. The sector connects to nearly every other industry through supplier portals, partner integrations, customer interfaces and the forms that enable these relationships. When those forms are compromised, the damage extends far beyond the manufacturer.

New survey data quantifies the exposure. Eighty-five percent of manufacturing organizations experienced at least one web form-related security incident in the past 24 month, while 42% confirmed an actual data breach traced back to form submissions. 

What Makes Manufacturing Forms Valuable

The data profile in manufacturing differs from financial services or healthcare. There’s less payment card volume, and less protected health information. But the data is valuable in ways that create different — and sometimes larger — risks. Collection rates tell part of the story:

• 61% of manufacturing organizations collect authentication credentials via forms,
• 58% collect financial records,
• 36% collect payment card data, and
• 29% collect government ID numbers.

The rest of the story involves what doesn’t appear in standardized data categories: intellectual property, trade secrets, engineering specifications, production schedules, supplier pricing and customer technical requirements. These flow through warranty registration forms, relationship-management (RMA) portals, supplier onboarding workflows, and partner intake processes every day.

Manufacturing companies handle high-value intellectual property, credentials and trade secrets while acting as suppliers or partners to heavily regulated industries. A breach at a tier-two automotive supplier can expose design specifications for vehicles not yet in production. A compromised aerospace parts manufacturer can leak technical data subject to export controls. A medical device supplier's warranty portal can provide a pathway into hospital procurement systems.

Attackers target manufacturing not just for what manufacturers have, but for who they are connected to.

Compliance Is More Than GDPR and PCI

Manufacturing security leaders often think of compliance in terms of General Data Protection Regulation (GDPR) for international operations and Payment Card Industry Data Security Standard (PCI DSS) for payment processing. The regulatory environment has grown considerably more complex.

The baseline requirements include GDPR and PCI, but industry-specific rules vary significantly by subsector. Automotive manufacturers face different requirements than industrial equipment producers. Electronics companies navigate export controls that aerospace suppliers know intimately.

Cybersecurity Maturity Model Certification 2.0 has changed the landscape for manufacturers in defense supply chains. Fourteen percent of all survey respondents fall under CMMC 2.0 requirements, with the highest concentration in defense, aerospace and manufacturing. Forms that handle controlled unclassified information must meet specific security, encryption and audit requirements. Legacy portals built a decade ago cannot satisfy these standards without significant rework — or replacement.

Export controls and supply-chain compliance initiatives add a layer. Manufacturers that ship internationally, source components globally, or serve customers in regulated industries face documentation and data-handling requirements that legacy forms were never designed to address.

Data sovereignty expectations are high. Eighty percent of manufacturing organizations rate sovereignty as critical or very important. Global operations mean data crosses borders constantly, through supplier portals, customer interfaces and partner integrations. The ability to control where data resides, how it moves and who can access it has become a competitive requirement.

Where the Attacks Happen

The report documents a consistent attack pattern. Manufacturers report high exposure to bots and Structured Query Language (SQL) injection, with attackers targeting specific form categories:

• Supplier portals, where partners submit credentials and contractual information;
• Warranty registration forms, which collect customer data and product details;
• RMA forms, which capture device information, purchase history and support requests, and 
• Embedded forms on legacy portals, which have persisted for years without updates.

These aren’t the systems that appear in operational technology (OT) security assessments or industrial control network reviews. They’re business systems — often managed outside the security team's direct oversight — that happen to contain exactly the information attackers want.

Legacy systems remain a primary weak point. Older portals and OT-adjacent systems lack modern input validation, encryption standards and logging capabilities. They were built for functionality during an era when web form attacks were less sophisticated. They persist because replacing them requires coordination across procurement, IT, operations and sometimes external partners.

The report characterizes manufacturing as having a broad and distributed attack surface across suppliers, operations and legacy systems. That breadth is the challenge. Security teams can’t monitor what they don’t know exists. Forms proliferate across business units, acquired companies and partner relationships without central visibility or consistent controls.

The Certification Gap

Manufacturing shows a particular pattern in security certification and control adoption.

ISO 27001 adoption is strong. Manufacturers understand the value of foundational security frameworks. But System and Organization Controls (SOC) 2 Type II coverage varies significantly, and zero-trust adoption remains lower than in financial services, technology or government.

The certification profile reflects an industry that has prioritized certain security investments while leaving gaps in others. ISO provides a framework for security management, but it does not automatically extend protection to every supplier portal, warranty form and legacy interface in a manufacturing environment.

The report lists manufacturing's key certifications simply as "ISO," in contrast to "ISO/SOC/PCI" for financial services, or "HIPAA/ISO" for healthcare. This is not a criticism of manufacturing security programs. It reflects the reality that manufacturers face different compliance drivers than sectors where customer-facing audits demand SOC 2 reports, or where regulatory requirements mandate specific certifications.

The gap creates risk. Enterprise customers increasingly require supply-chain security attestations. Defense contracts demand CMMC compliance. Automotive OEMs flow security requirements down to suppliers. Manufacturers without consistent form security across their infrastructure struggle to satisfy these expectations — and may lose business to competitors who can.

Centralizing Control Across a Distributed Environment

The structural challenge in manufacturing is distribution. Forms exist across supplier portals, customer interfaces, internal operations and partner integrations. They run on different platforms, managed by different teams, built at different times to different standards.

Secure data forms address this by centralizing governance without requiring manufacturers to rebuild their entire infrastructure.

All forms — supplier onboarding, warranty registration, RMA processing, customer intake — are created from approved templates with input validation, field-level encryption and secure transmission built in. New forms meet security standards by default. Existing forms can be replaced incrementally, starting with the highest-risk interfaces.

Controlled routing ensures that form submissions travel through a private data network to approved destinations. Data flows become visible and auditable. Direct posting to ungoverned email inboxes or legacy databases stops. Security teams gain the observability they need to monitor form activity across the organization.

Compliance evidence becomes continuous. Unified logging captures form submissions, access events and data flows in a single system of record. Controls map to ISO 27001, PCI DSS, CMMC 2.0, and customer contractual requirements. Audit preparation shifts from manual evidence gathering to automated reporting.

Data sovereignty becomes manageable. Deployment options enforce residency rules at the form level, satisfying customer requirements and regulatory expectations without custom engineering for each geography or partner relationship.

Manufacturing security has historically focused on protecting production systems and intellectual property at rest. The survey data shows that forms — the interfaces where manufacturers connect to suppliers, customers, and partners — represent an equally significant risk. The organizations that extend their security programs to cover this surface will satisfy the supply-chain security requirements that customers and regulators increasingly demand. The ones that don’t will remain the path of least resistance for attackers who have learned that the fastest way into a secure enterprise is through its manufacturing partners.

Frank Balonis is chief information security officer and senior vice president of operations and support at Kiteworks.