​In recent years, there has been a significant increase in the number of cyber attacks and their intensity on organizations. The origin of some of these attacks is in the supply chain of the attacked body.
According to the defense theory, the organization has a responsibility to ensure that it manages the cyber risk to which it is exposed from its service providers.
Therefore, the organization must refer to the cyber risk management process to protect the supply chain while examining potential cyber risks arising from contracting with a specific supplier and this, among other things, by defining secure work processes and implementing and implementing controls to reduce the organization's exposure to cyber risks.

Management begins with the preliminary mapping and classification of the organization's assets, followed by the mapping of the suppliers with whom the organization will decide to contract. The supplier must be evaluated regularly and continuously, using a set of criteria and a predetermined measurement method. The organization must conduct a comprehensive briefing on data protection aspects for all the supplier's employees who are expected to be part of the contract with the organization.