The main legal issue involved the court determining whether the investment company (PSG Wealth Financial Planning) had a contractual obligation to protect their client (Gerber) against financial losses caused by cybercrime, specifically when a fraudster hacked the client’s email and instructed PSG to transfer funds to the fraudster’s account.

Court’s decision and reasoning

The court ruled in favour of the plaintiff, Gerber, holding that the investment company had a contractual obligation to use resources, procedures, and appropriate technological systems to eliminate the risk of financial loss due to theft or fraud as far as reasonably possible. The court found that PSG did not fulfil its contractual obligations to protect Gerber against cybercrime.

Implications for others

This judgment emphasises that companies, especially financial institutions, must protect their clients from cybercrime and financial losses. If they don’t, they may face liability for the losses their clients suffer.

Lessons learned

The judgment underlines the importance of implementing robust cybersecurity measures and procedures to protect clients against cybercrime. Companies should proactively address and mitigate potential cybersecurity risks, as they may face responsibility for any losses their clients suffer due to insufficient security measures.

What could you do about it?

To avoid finding themselves in a similar position to the losing party, financial institutions should:

  • Review their contracts to check what their contractual obligations are.
  • Put extra controls in place before paying out on the instructions of a client. For example, phoning the client to check that they did indeed wish the financial institution to transfer money.
  • Regularly review and update their cybersecurity policies and procedures.
  • Invest in appropriate and up-to-date security technologies to protect against cyber threats.
  • Train employees on cybersecurity best practices and the company’s policies.

By taking these steps, companies can show their commitment to protecting clients from cybercrime and minimise the risk of financial losses due to cyberattacks.

Details of Gerber v PSG Wealth Financial Planning

  • Universal citation: ZAGPJHC 270
  • Case number: 36447/2021
  • Full name: Gerber v PSG Wealth Financial Planning

Please note: The summary of this judgment is not intended for a general audience. It is specifically drafted for the members of the Michalsons Programmes.