Cybersecurity breaches are a growing threat to businesses of all sizes and industries, especially when they involve fraudulent wire transfers or business email compromises. Artificial Intelligence is increasing the types and sophistication of attacks and creating an even more challenging environment for businesses to navigate.
In a recent presentation for The Bond Buyer, I shared insights on how to prevent, detect, and respond to these types of cyberattacks and what to expect if litigation arises.
Implementing robust cybersecurity policies and procedures, such as multi-factor authentication, encryption, firewalls, antivirus software, and employee training, is the best way to avoid becoming a victim of cyber fraud. I also recommend conducting regular audits and reviews of the security systems and practices and updating them as needed to keep up with the evolving threats.
However, even with the best cybersecurity measures, there is no guarantee that a breach will not occur. Therefore, it’s crucial to have a plan in place to react quickly and effectively if a fraud is discovered. Potential steps for a business to take in the event of a cyber fraud incident include:
- Contact cyber counsel immediately. Contracting cyber counsel will help safeguard communications protected by the attorney-client privilege and ensure that the appropriate legal actions are taken.
- Check your cyber liability insurance coverage. This will determine whether you have any potential claims or defenses and whether you need to notify the insurer or comply with any policy requirements.
- Consider informing law enforcement. In some cases, this may be required by law, or it may be beneficial to seek their assistance or cooperation. However, it may also entail risks or challenges, such as disclosing sensitive information or losing control over the investigation.
- Notify your bank and the recipient bank. This may help freeze or recover the misdirected funds, or at least trace their movement. While you may be frustrated with the level of cooperation you receive from banks with which you have no relationship, your bank may be able to help.
- Conduct a forensic investigation. This will help determine the source and scope of the breach and identify any vulnerabilities or remedial actions. The level and scope of the investigation may vary depending on the circumstances and the potential litigation exposure.
If the fraud results in a dispute between the parties involved, such as the payer and the payee or the buyer and the seller, there are three main options for resolution: walking away, negotiating, or litigating. The choice of option will depend on various factors, such as the amount of money at stake, the strength of the evidence, the relationship between the parties, and the cost and risk of litigation.
If litigation ensues, be mindful that these cases are unpredictable and fact-intensive, and there is not much case law to guide the courts or the parties. Courts may apply different legal standards to determine who is liable for the fraud and whether damages are owed. The courts will look at various factors, such as the level of cybersecurity protection, the suspiciousness of the emails, the efforts to verify the payment instructions, and the speed of recovery attempts, to assign blame and responsibility.
Cyber fraud is a serious and complex issue requiring proactive and reactive measures to prevent, detect, and resolve. Businesses should consult with cyber counsel to develop and implement effective cybersecurity strategies and prepare for the legal and practical challenges that may arise from a cyber fraud incident.