What Insurance and Auditors Now Expect from Your Manufacturing IT Stack

As the year wraps up and you start thinking about holiday gatherings, you're also likely juggling another end-of-year reality: managing the risk from insurance renewals and 3^rd party audit questions. If your IT stack isn't ready, those conversations tend to go from routine to uneasy fast.

I was talking with a CFO of a tooling manufacturer last week. He was sipping coffee in the break room and said: "We focused all year on operations and machine uptime. We didn't think of IT when the auditor asked for our backup logs and neither did our insurer when they asked for evidence of patching." He paused. "Now we're updating our policy at higher rates and explaining to clients why we missed the deadline."

"Risk isn't just about what you didn't catch it's about what you didn't prepare for." — Mary Barra, CEO of General Motors

In the October 2025 edition of Manufacturing Risk Review, writer Susan Cheng pointed out that 71% of manufacturing insurance claims tied to cyber or operational loss included an element of "IT stack unreadiness" expired software, untested backups, lack of vendor access logs. It's a cost born not of catastrophe, but of neglect.

And in the September issue of Audit Insights Weekly, Mark O'Donnell reported that auditors are increasingly asking for not only system logs, but also proof of cross‑department ownership IT, quality, finance all together. "When a file is in one system and responsibility in another," he wrote, "you get findings even when no failure occurred."

Here's what you should ask your team now:

· Are our audit logs complete, dated, and stored in one place?

· When did we last test our backup and recovery—can we show a drill?

· Does our insurance provider have a copy of our patch schedule or system health report?

· Are vendor access events logged and reviewed monthly?

· If called in by auditors on January 4, can you answer within 24 hours?

Red flags we see in plants like yours:

· Core systems running on unsupported software, no patch schedule.

· Vendor logins are untreated as risk, no approval trail, no monitoring.

· Insurance renewal requested proof, and you responded with "we'll send it later."

· Audit queries delayed because IT said, "we'll gather it by end of quarter."

· Backup system never tested beyond "here's the process" stage.

Here's the thing: too many teams treat insurance and audit prep like a checkbox at year end. But that's backward. When your IT stack is truly ready, audit and insurance become part of your strength, not surprises.

Finally, as the holidays approach, I want to pause and say this: I am deeply grateful for the clients like you who trust us to protect your facilities, your teams, and your reputations. To our team who has shown up, stayed late, and seen us through another year—thank you. We'll be ready for whatever 2026 brings, together.

Interested in a conversation or want to learn more? Contact us here.