I think the key thing is looking at the supply chain risks. That's one of the things we highlighted in the national cyber-threat assessment. Businesses need to be particularly conscious of the supply chain they're engaging in and the companies they're engaging with, and they need to put proper security provisions into their contracts, so that they can hold them accountable and make sure they get proper breach notification, etc.
Lowest cost is something we always say is not usually compatible with cybersecurity. Businesses need to find the best, most capable cybersecurity firm that can protect their data as well.