When considering cybersecurity risk, is it truly enough for supply chain managers to focus solely on their own organization?