Cyber-crime is on the increase, with the recent attack on the NHS causing significant operational difficulties at a national level. Although it has been around for a long time, the attacks are becoming more effective and now pose a real and current threat to business continuity.
In summary, businesses would be well advised to to consider taking the following steps to mitigate the risks of cyber-crime and bank fraud immediately:
1 Check the security of your computer systems – consider engaging professional assistance or retaining ethical hackers to test for weaknesses.
2 Check what protections your bank or financial institutions offer and ensure that these are implemented.
3 Provide guidance and training to staff about cyber-crime, including policies for use of off-site devices by staff such as phones or iPads to access social media.
4 Ensure that your accounts team are fully aware of the risks of cyber-crime and the ways in which fraudsters can perpetrate their crimes.
B P Collins currently acts for victims of cyber-crime frauds including a client who suffered two different attacks costing the business over £150,000.
The difficulty with cyber-crime is that once it has been discovered, it is likely that the funds have long since disappeared to fraudsters operating abroad and the payments will probably be irrecoverable from the fraudster at that time. Then the only options for recovery may be your general insurers, any specific cyber-crime insurance, or a claim against the banks for negligence.
Your normal public liability policy may not cover losses caused by cyber-crime, although you should check the position here.
You may have taken out specific cyber-crime insurance – and a very high percentage of businesses and professionals are now considering this in earnest. However there may be issues with the cover, and the burden of proof for making claims, and/or the relationship between the policy and your existing public liability policy. Many promise technical support in the aftermath of an attack, rather than compensation for the actual loss. It may be better to take out cyber-crime insurance with the same insurers who provide your public liability or professional negligence insurance to avoid some of these risks.
You can also consider bringing a claim against your bank or financial institutions. However, as you will have signed the bank’s terms and conditions, it will try to limit both its duty of care and liability to you.
It is a little known fact that the banks have the resources and duty to monitor their customers’ banking activities as part of their duty to protect customers under the Lending Code, the FCA’s Banking Conduct of Business Rules, and the Payment Services Regulations 2009.
Accordingly a claim for negligence and breach of duty might be taken against the bank if they failed to properly monitor an account for unusual or irregular payments, which bore the hallmarks of cyber-crime or banking fraud; if they fail to immediately notify a customer of any suspicions arising from unusual or irregular payments; if they fail to take all reasonable steps to recover fraudulent payments once notified; and, if they fail to make a customer aware of what protections the bank offers to its customers to prevent cyber-crime and banking fraud.
5 Tighten up your internal procedures for the authorisation of payments to be made, particularly when your senior executives are absent from the office.
6 Check your public liability insurance policy for cover for cyber-crime.
7 Consider taking out specific cover for cyber-crime insurance.
8 Review your terms and conditions to try to limit your exposure to claims against you for cyber-crime issues arising from glitches which may be passed to third parties by your computer systems.
9 Consider making claims against your bank for loss and damage.
If you need help on any of the issues identified in this article contact Nick Hallchurch of B P Collins’ dispute resolution team.