When a hacker infiltrates your personal checking account to pilfer money, your bank, in most cases, will assume liability and resolve the matter of missing money. When a business account is hacked, however, the business owner is held liable. The reasoning? Banks feel that owners should have proper security measures in place to protect their assets. Basically, as a business owner, it’s your responsibility, not the bank’s.
But that sentiment is slowly swaying in favor of the businesses. Two recent court rulings have found banks to be liable for funds stolen by hackers, many of whom have targeted small businesses for their unsophisticated, or complete lack of, cybersecurity measures.
The Boston-based First Circuit Court of Appeals ruled earlier this month that Ocean Bank in Maine lacked reasonable safeguards against hackers who siphoned nearly $600,000 from an account held by Patco Construction Company Inc., a Maine contractor and builder.
Separately, a federal district judge in Detroit last year ruled that a bank owned by Dallas-based Comerica Inc. was on the hook for $561,399 in funds stolen from accounts held by Experi-Metal Inc., a custom metals shop in Sterling Heights, Mich. Experi-Metal was the victim of a phishing scheme that lured an employee into providing account access information, according to court documents.
online pharmacy wellbutrin with best prices today in the USA
These rulings come at a time when small businesses need them most. The June 2012 Symantec Intelligence Report shows 36% of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. “There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones.
It almost seems attackers are diverting their resources directly from the one group to the other,” said Paul Wood, cyber security intelligence manager, Symantec.
Will banks’ liability for cyber attacks spread from these few, small business cases mentioned here? It seems like a lofty and unrealistic expectation. But hey, I doubt anyone ever thought legal action would be taken against banks for not protecting the assets of their business clients. The tables may be turning.
In the example of Experi-Metal as the small business in which it sounds like it was established that one of their employees was duped into providing an online banking login to the fraud suspects, it is preposterous to hold the bank responsible. In this day and age, even small businesses should be carrying cyber insurance policies. This should be a mandate when obtaining or renewing a business license.
A financial institution can no longer compete without offering online services, but they should not be held responsible for everything that occurs on the online services with this example of negligence by an employee of the small business customer.
Unfortunately, appealing the decision also creates additional legal fees.