WHO BEARS THE RISK OF LOSS WHEN YOUR BUSINESS EMAIL IS HACKED? AN OVERVIEW OF BUSINESS EMAIL COMPROMISE SCAMS AND THE POTENTIAL RISKS

According to one study, ninety-three percent of organizations are at risk of being infiltrated and, on average, it takes only two days to infiltrate a company's local network. 1 Last year alone, business email compromise was the number one reported scam in financial losses nationally resulting in $2.4 billion in losses.2 In light of these risks, it is important to understand these types of scams, who bears the risk of loss in the event this occurs, and implement procedures to minimize the risks. Despite the prevalence of business email compromise cases, there is no specific law dealing with these types of transactions. [...]courts have looked to Articles 3 (Negotiable Instruments) and 4A of the Uniform Commercial Code, as well as breach of contract law, including Article 2 (Sale of Goods) and agency rules. Analyzing these facts under Article 3, the court found that the seller was not negligent in handling its email account and that the buyer did not exercise "reasonable care after receiving conflicting e-mails containing conflicting wire instructions by calling [the seller] to confirm or verify the correct wire instructions." [...]the court found that the buyer was liable to pay twice for the goods. The court further found plaintiff's attorney had not exercised ordinary care since he was aware there had been at least one fake email regarding the settlement payment. [...]the court held that plaintiff was liable for the loss and that defendant had not breached the settlement agreement since it substantially performed, even though it remitted payment to a fraudulent account.