The idea of tying it to government procurement came from the U.K. cyber essentials program, which is what some of our program was modelled after. They dramatically improved their supply chain security for the U.K. national government. The benefit to the rest of the country is that they had a more secure SMB sector. This is a great starting point.
We've seen the benefits of good hygiene. The efforts by Ukraine and the United States government to prepare for the conflict we now see has significantly reduced the impact of Russia's efforts in that country. Good hygiene and good left of boom saves us a lot of misery.
I've been on the phone with a small or mid-sized business. It was a hardware store. They'd been hit by ransomware. This was the worst three days of that owner's life. It turned out to be weeks to fully recover. They were back to pen and paper. Had they only had more help and resources or an incentive to invest in security and the help to do it, they could have avoided that bad day.
The last thing I'll mention about supply chain is that you never know how a supply chain vulnerability will play out. It was tax software in Ukraine that led to the crippling in 2017 with the massive wiper malware called NotPetya. It was a small tax software firm.
Small and mid-sized businesses can have an oversized impact. We just don't know how the combination will come out.