Your organisation is not only susceptible to risks originated by factors associated with your organisation but also risks introduced by third party suppliers and customers.
Despite staff education and internal security controls you can never be sure that your staff will not act on the instruction of a supposedly known entity.
You should consider including your key third party suppliers to our Domain Impersonation Monitoring service, to block receiving emails from their impersonated domains. In the event of a third-party breach affecting you we are happy to offer assistance to you and all affected parties.