The security of a firm is impacted not only by what happens inside it but also by what happens inside the firms that are its providers. This keynote examines the case of two leading commercial services providers (one in Perú and the other in New Zealand) and compares and contrasts their security readiness. It also presents two real security incidents and explains how come one of them was a security defeat and the other a victory.