November 06, 2025
When something breaks, most IT teams or providers are quick to show up with a fix. But the real question isn't what got fixed, it's what went unseen. And if your tech partner isn't telling you about the risks, the gaps, or the stuff they're "getting to soon," then you're not really being protected. You're being patched.
I was speaking with a CFO from a growing auto-parts firm. They'd been with the same IT provider for years. "We trusted them," she said. "But then we got audited by one of our key customers, and no one could tell me where our logs/log reviews were. Our partner said, 'We thought you didn't need that.'"
They had the tools. They had the contract. But what they didn't have was an understanding of our compliance requirements. The kind of understanding that protects our customer relationships and that saves reputations.
"Trust isn't built on fixes. It's built on what gets flagged before it breaks." — Theresa Payton, former White House CIO
A feature in Industry Week this October backed that up. The article noted that 57% of downtime or security failures in small to mid-sized manufacturers came from gaps that were technically "known" but never escalated. In other words, someone on the tech side knew—but didn't say.
What your IT partner should be telling you—but might not:
· That your backup system hasn't passed a test in three quarters
· That your shared admin passwords haven't been changed since onboarding
· That your firewall rules are five years out of date
· That end-of-life hardware is still running key systems
· That MFA (multi-factor authentication) is only active on email—but not your ERP or vendor portal
I met another controller in July who thought they had MFA installed on all of their devices. Turns out it was not "yet" installed on key servers; a ransomware attack exposed the vulnerability on a legacy system, and they had two weeks of downtime. They incurred a $65,000 remediation bill to get their systems restored to full use.
"Silence in tech isn't golden—it's risky." — James Clear, author of Atomic Habits
Questions to ask your current partner or internal team this week:
· What's one risk you've known about that hasn't been resolved?
· Which systems are overdue for updates—and what's our plan?
· Where do you feel stretched or under-resourced—and how can we help?
· What's the one blind spot that's keeping you up at night?
If the answers feel vague, rushed, or canned—it might be time to ask if your partner is really a partner, or just another vendor with a ticket queue.
Interested in a conversation or want to learn more? Contact us here.
