Introduction
As part of our Resurgence in Manufacturing webinar series, Forvis Mazars recently held a discussion regarding the cyberthreat landscape, organizational risk, and the importance of business continuity planning, cybersecurity strategies, and disaster recovery planning for manufacturers.
During the conversation, we polled our more than 500 attendees regarding their security posture and preparedness for disaster events.* As the volume and complexity of cyberthreats, e.g., artificial intelligence (AI)-driven phishing, identity-based intrusions, and advanced malware, are increasing rapidly, many organizations struggle to keep up with the speed and sophistication of attacks. AI is both a threat used by attackers and an opportunity for advanced defense against attacks. Many attendees are still learning about the level of preparedness at their organization, and, in their opinion, the ways in which resources are deployed for such incidents may need improvement.
Below are the four polling questions, the breakdown of responses, and our approach to these critical issues.
Polling Responses
How would you describe your current level of involvement in business continuity or disaster recovery planning?
Many of our clients are just starting to develop extensive business continuity and disaster recovery plans and many more are learning what is working and what isn’t through continual examination of their programs. It is important to examine business needs for critical operations, such as how information technology solutions and resources support the ability to effectively deliver products and services. Organizations must proactively identify strategies that help recover revenue potentially lost due to a disaster or technology downtime.
Organizational leaders should have a holistic view of what their resilience stance is across the enterprise and look for information bottlenecks or “black boxes” that could impact resilience efforts. Organizations should also hold third-party contractors, vendors, and critical members of the supply chain accountable for aligning their resiliency practices with expectations.
For organizations just beginning their resilience journey, consider starting with a business impact analysis. This analysis should focus on understanding how business processes support organizational goals, and begin identifying strategies meant to strengthen the organization’s ability to respond to and recover from disruptions to those processes.
Which area of business continuity or disaster recovery are you most interested in improving?
Poll data indicates that cybersecurity and data protection, as well as operational resilience, remain the top priorities for organizational improvements related to business continuity and disaster recovery. With our clients, we encourage a focused effort to survey business processes and information systems that directly impact operational resilience to gain an understanding of organizational risk and prioritize effort for improvement.
As we’ve seen, cyberattacks are increasingly more complex and sophisticated. The modern threat landscape consists of generative AI (GenAI) being applied to phishing, identity-based intrusions, advanced malware, automated reconnaissance, and automated exploitation. These attacks occur at a speed and scale that create tremendous challenges for humans to keep up. The evolution of threats is outpacing traditional security capabilities. To maintain operational resilience, security operations teams must examine how to effectively respond to these evolving AI-enabled threats and consider how to responsibly adopt AI as a component of the cyber operations strategy. Understanding the adoption or augmentation of AI is critical for future success.
Even with the adoption of agentic AI, the goal is not to be a total replacement of an existing human operations team. Rather, AI adoption is an opportunity to enhance capabilities, keeping the humans in the loop, and force-multiplying an existing process to gain operational efficiency, supporting the goal of resilience. Humans still play a critical role. People will provide business context, unique situational knowledge, and understanding of the nuances of security operations as they exist within an organization’s specific business.
How confident are you in your organization’s ability to proactively monitor and mitigate cybersecurity threats?
Despite the need for continuous surveillance and improvement due to the increasing sophistication of the attacks, our responders are somewhat confident in their organization’s ability to proactively monitor and mitigate a cybersecurity threat. Organizations, for the most part, are confident in their ability to identify anomalous or suspicious activity and that they will take the appropriate action.
What is your biggest challenge in implementing or maintaining a continuity program?
Lack of leadership prioritization and limited internal expertise or experience and resources can significantly hinder the development and maintenance of effective continuity programs. Companies often struggle to keep plans current and aligned with critical business processes and recovery strategies. To address these challenges, companies may wish to consider the services of professional consultants for support.
For our clients, they lean on us to help with the process of evaluating the current state of their contingency programs, helping develop strategies and road maps for program improvement, and assisting with the execution of various program workstreams to help increase preparedness and audit readiness. We help facilitate tabletop exercises to test and strengthen incident response plans and train leadership. We also recommend adopting recognized control frameworks, e.g., NIST and SOC 2, for improving security controls.
When companies are evaluating risk, they need to examine the size and complexity of their organization, the interrelated parts such as supply chain, and the customer base, as these factor into an overall risk profile. As noted in the polling results, companies are reflecting on the key functions in their organizations and the importance of documenting, evaluating, and understanding the risks and responses. Using technology-based controls, companies must look at what detective mechanisms are in place and what preventative mechanisms should be in place. This will ultimately help companies determine residual risk and their business continuity, disaster recovery, IT posture, and incident response into specific cyber risks.
Tabletop Exercises
As noted earlier, one of the simplest ways for organizations to evaluate their cyber risk is through a tabletop exercise with a group of multidisciplinary leaders from the company. This would include senior leadership, the IT team, physical security personnel, human resources, and the legal team. During the exercise, narratives are developed around hypothetical yet typical scenarios. The group can identify weaknesses in the plans and, in turn, strengthen them.
For example, an effective cyber resilience posture requires a “human-in-the-loop” approach, as AI augments, but does not replace, human expertise. The tabletop work is helpful in building a robust approach to cybersecurity events via AI. Human judgment, situational awareness, and cross-functional leadership are critical for effective cyber and organizational resilience. Collaboration with consultants and external professionals can help address resources and gaps.
How Forvis Mazars Can Help
If you’d like to discuss a particular topic, e.g., AI use cases, incident response, or polling data, or would like more information on our services to help your organization become more prepared, please reach out to one of our professionals.
*Data collected from approximately 530 individuals who attended our Resurgence of Manufacturing: Cyber & Organizational Resilience webinar on October 27, 2025 and answered several poll questions. Most middle-market companies represented are manufacturing organizations, but others span a range of industries with an interest in the state of the manufacturing industry. Participants were nearly evenly split between associate/manager/supervisor level and participants holding higher positions, listing themselves as directors, assistant controllers/controllers, C-suite, and VP/executive director. Only people who responded were included in the results shown.