hooded figure on a laptop with 0s and 1s superimposed in blue lines. cybercrime concept.

Our specialist professional negligence team has seen an increase in individuals making negligence claims against their professional advisers, having been victims of cybercrime, due to breaches in their professional advisers’ security systems.

This article looks at the professional negligence claims process for individuals who have been affected by fraudsters.

Can you make a claim against a company for a cybercrime breach?

A claim may be made against the company, firm or partnership who had the data breach that helped the fraudster to commit the cybercrime, if the organisation was negligent in putting in place or adhering to security policies and suchlike.

What about claiming against the bank that allowed the transaction?

There is an increasing body of law that suggests that a victim of cybercrime may also be able to make a claim against the bank that facilitates the transfer to the fraudster.

The key case is Barclays Bank plc v Quincecare Limited [1992] 4 All ER 363. Whilst this is by no means a new case, more and more cases are being brought that rely on what has become known as the Quincecare duty, and judges are demonstrating a willingness to treat this case as good authority.

The Quincecare case

In the original Quincecare case, the bank, Barclays, loaned money to Quincecare.

Sometime later, the chairman of the company withdrew this money and spent for his own ends. The bank sued the company for the balance of the loan and the company responded by bringing a counterclaim against the bank, for following the chairman’s dishonest instructions in circumstances where the bank was aware that he might be withdrawing the money for improper purposes.

The Court held that a bank may be held liable for the losses suffered by its client, if it executes an order when it has reasonable grounds for believing that the order is an attempt to misappropriate funds.

This established what has become known as the Quincecare duty: the duty of banks not to execute an order where they reasonably believe such an order to be fraudulent.

How does this apply to cybercrime cases?

This would be applicable to a cybercrime case where a client has been deceived by a fraudster and asks its bank to transfer money to them, and there is some part of the transfer that is sufficient to lead the bank to think that the transfer might be fraudulent.

The threshold to be met by a claimant in showing that the bank breached their duty is fairly high, as the Court is hesitant to impose too high a burden on the banks to check every transaction that they undertake. Indeed, there is only one reported case of a bank being found in breach of the Quincecare duty.

However, our experience in cases of this type is that a report of cybercrime to a bank sometimes results in an offer by the bank to repay a portion of the lost funds. So, it may be the case that the lack of reported successful claims against banks is due to banks seeking to reach an early settlement.

What to do if you’re affected by cybercrime

If you are the unfortunate victim of cybercrime, it may be that you can pursue a claim against your professional adviser and you may also be able to consider a claim against your bank if they had reason to believe the transfer was fraudulent.

We advise you to seek legal advice. If you’d like to discuss this with our expert professional negligence team, please get in touch.

You can read also more about professional negligence claims here.