#payment #business_email_compromise #stolen
Cybersecurity is one of the headline-grabbing news and attracts lots of eyeballs. It is mostly talked about and getting more and more limelight in the boardroom.
Hong Kong High Court considered a cyberfraud case (Emirate Distributors Ltd v. AALL & Zyleman Co Ltd  HKCFI 851) and it was mentioned in a digest of Dentons Hong Kong Law Firm. A Management Company admitted that it owed a duty of care to the Plaintiffs to exercise reasonable care, skill and diligence in carrying out the payment instructions from the Plaintiffs.
Pursuant to fraudulent instructions sent by imposters, the Management Company effected remittances in a total sum of US$1,898,000. Ultimately, damages to be paid by the Management Company were reduced by 50% in light of the Plaintiffs’ contributory negligence.
In common law, duty of care is defined as a legal obligation which is imposed on an entity or individual requiring adherence to a standard of reasonable care while performing any acts that could foreseeably harm others. Duty of care doctrine in cybersecurity is equally the legal obligation which is imposed on a company to adhere to a standard of reasonable care while entrusted with safeguarding client’s data and confidential information. Therefore, directors of a company are responsible to harden the company’s cybersecurity posture to protect the data it held. Directors are also held responsible to learn more how to ensure the company’s data are in good hands.
In the mentioned court case, the cost when breaching duty of care is USD 949,000 plus interests.