Return to overview
2 min read

Who is responsible for the damage in a cyber attack?

2 min Read
May 11, 2021
By: Eye Security
By: Eye Security
7 March 2024

In 2021, the Central Netherlands court made a striking decision. and Brabantia came into conflict after a hacker pretended to be an employee of Brabantia. The criminal made a request to change the account number that used to transfer the money from sold products. accepted this request and changed the account number. In the period that followed, €750,000 was transferred to the criminal. 

"Please note that as of today we have a change in our bank account details for incoming payments. From now on, all incoming payments must have been transferred to our branch account in Spain. We would appreciate if you could update your details."

The judge ruled that lacked healthy suspicion, because the email was drafted in poor Dutch and the request to change the Dutch account number to a Spanish one was not logical for a company established in the Netherlands.  

Striking case 

These kinds of issues are more common in the digital domain. It is not always clear who bears the costs that follow a cyber attack or fraudulent action. In this case, a Brabantia employee's account was hacked, causing the email to come from a legitimate email address. According to the court, the fact that Brabantia did not have its digital security in order, as a result of which had received the request from a trusted email address, was not sufficient to shift liability.  

How do you prevent this? 

A cyber attack involves a lot of damage. Aside from research costs, ransoms and the cost of shutting down your business, the media attention and additional reputational damage can cost an SME. It is even more sour if you also end up in a liability conflict with, for example, your IT supplier. Shouldn't he have protected you from that ransomware attack? And do you actually know whether your IT supplier is properly secured?  

The above case could have been prevented by having the basic security measures in place. For example, Brabantia should have enforced two-step verification on its employees, so that the hacker could not have gained access to the employee's account. At the same time, could have made employees aware of cybercrime and what to pay attention to in such cases with training.  


  • Enforce two-step verification on every application, tooling or website used in the company
  • Train your employees regularly on recognising phishing emails and fraudulent requests
  • Make agreements with your IT suppliers  about what they offer in the field of security, where the responsibilities lie and how action is taken in the event of an incident
  • Take out cyber insurance that protects your company against the high costs of a cyber attack

With an all-in-one package from Eye you protect your company against cyber attacks. We monitor your systems and cloud environments for suspicious traffic, train your employees with phishing simulations and advise you several times a year. Read more about affordably securing your business here or request a free consultation right away.

Let's talk

Curious to know how we can help?

Get in touch
Share this article.