“It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third party suppliers in the supply chain. Attackers will target the most vulnerable part of a supply chain to reach their intended victim,” warns the report.