By the time the fraud was uncovered, almost $600,000 had been transferred from the Patco account although $240,000 was stopped in the process of the transaction after the alarm was raised. Patco sued Ocean Bank for failing to detect the fraudulent activity and the irregular nature of the transactions. Patco additionally claimed that Ocean Bank had failed to implement "best" security practices of requiring customers to use multifactor authentication processes.

Judge John Rich presiding commented that whilst Ocean Bank could have done more to authenticate transactions the law does not require banks to implement the "best" security processes but they must merely make it clear to all customers when they sign up about the level of security provided and the level of liability that the bank will assume.

Judge Rich also noted that Ocean Bank's level of security was comparable to that at other banks and that ultimately. Patco was responsible for the loss, because it had not better secured its account credentials.

The decision will raise further questions about the levels of security that banks and financial institutions can be reasonably required to provide customers and is likely to be seen as setting precedent for liability in circumstances where the customers system has been hacked and banking information stolen.

Figures from the US show small and medium-sized businesses have lost hundreds of millions of dollars in recent years to such activity, known as fraudulent ACH (Automated Clearing House) transfers- a trend which is now being seen with increasing regularity in the UK.

"Today we operate in an information dependent economy where the intrinsic value of data has risen above and beyond that of perhaps even money itself. Data is voice and communications, data underpins business assets and transactions -- and essentially, data is money. If the recent Zeus-related hacking episode in Maine, USA teaches us anything, it is that a deeply embedded business-grade anti virus suite should be a fundamental requirement for businesses of all types, from start-up businesses to banks and other commercial operations alike. While the bank in this case did eventually catch up with the hack that was carried out, a more automated and precision engineered anti malware layer would generally have caught the perpetrators 'in the act' at a far earlier stage within the business, preventing the cybercriminals getting their hands on the businesses bank details. AVG recommends that no business trades without business level anti virus and anti malware provisioning at any time," said Robert Gorby, global head of small business propositions at AVG.

UK-based industry surveys continue to suggest that as many as one in seven small businesses still do not have any IT security solutions. Those that do take some precaution are often still caught short, as many businesses simply renew their security solutions without checking that the products they are buying protect against the latest threats.

The danger is that all too often small business owners assume they are too small to attract the attention of hackers. The opposite is unfortunately often true with at least one in four small businesses already having experienced a security breach.

The truth in fact is that the threats facing businesses are so much more varied and sophisticated than simple traditional viruses, and it's not just big name multi- national businesses that are the targets.

"Online security is one of those things like your children's health - you don't look for budget service providers to ensure it. When it comes to securing my data, my company's IP, and my communications, I want to know that I have the best IT people on my team, and they are always one step ahead of the black shirts," said Julie Meyer, CEO of Ariadne Capital.