Some Banks Held Liable for Cyberattacks Against Small Business Accounts
When a hacker infiltrates your personal checking account to pilfer money, your bank, in most cases, will assume liability and resolve the matter of missing money. When a business account is hacked, however, the business owner is held liable. The reasoning? Banks feel that owners should have proper security measures in place to protect their assets. Basically, as a business owner, it’s your responsibility, not the bank’s.
But that sentiment is slowly swaying in favor of the businesses. Two recent court rulings have found banks to be liable for funds stolen by hackers, many of whom have targeted small businesses for their unsophisticated, or complete lack of, cybersecurity measures.
The Boston-based First Circuit Court of Appeals ruled earlier this month that Ocean Bank in Maine lacked reasonable safeguards against hackers who siphoned nearly $600,000 from an account held by Patco Construction Company Inc., a Maine contractor and builder.
Separately, a federal district judge in Detroit last year ruled that a bank owned by Dallas-based Comerica Inc. was on the hook for $561,399 in funds stolen from accounts held by Experi-Metal Inc., a custom metals shop in Sterling Heights, Mich. Experi-Metal was the victim of a phishing scheme that lured an employee into providing account access information, according to court documents.
These rulings come at a time when small businesses need them most. The June 2012 Symantec Intelligence Report shows 36% of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. “There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones. It almost seems attackers are diverting their resources directly from the one group to the other,” said Paul Wood, cyber security intelligence manager, Symantec.
Will banks’ liability for cyber attacks spread from these few, small business cases mentioned here? It seems like a lofty and unrealistic expectation. But hey, I doubt anyone ever thought legal action would be taken against banks for not protecting the assets of their business clients. The tables may be turning.