If your systems are breached it will as likely as not be caused by someone you know and trust. Probably not intentionally but by their opening a random phishing e-mail or not updating their systems; using weak passwords or writing down all their passwords in a book that gets stolen with the briefcase and could be potentially worth thousands!
As a rule, you will accept emails and messages from your friends, family, customers and suppliers. So even if you take responsibility for your systems, processes and protocols this might be in vain if those you work with do not take the same care you do.
Many larger businesses will now insist that their contractors and sub-contractors can prove Cyber due-diligence. They may even insist on some form of formal evidence of compliance such as Cyber Essentials. Perhaps you should be doing the same.
We tend to work in ‘bubbles’. A huge series of interlinked bubbles. If you can encourage all those in your bubble to pay attention and deal with the most destructive cyber threats then they will be protecting themselves – and you!