CYBERCRIME-INDUCED PURE ECONOMIC LOSS
Introduction
The Supreme Court of Appeal (SCA) decision in Edward Nathan Sonnenberg Inc v Judith Mary
Hawarden concerned whether attorneys could be held delictually liable for a client’s loss caused by
a cybercriminal intercepting email communications and diverting payment of purchase monies. The
case is significant in South African delict law because it revisits the requirements for wrongfulness
in claims for pure economic loss arising from omissions, particularly in the modern context of
business-email-compromise (BEC) fraud.
1. The Facts
Ms Hawarden purchased immovable property for R6 million in May 2019. She paid a R500 000
deposit to the estate agent after receiving an email containing banking details together with a
warning about cybercrime risks and advice to verify those details telephonically. She did so
successfully.¹
Edward Nathan Sonnenberg Inc (ENS) was later appointed as conveyancers to effect transfer of the
property. During August 2019 ENS sent Ms Hawarden emails containing its banking details for
payment of the balance of the purchase price. Unknown to both parties, Ms Hawarden’s email
account had been compromised by a cybercriminal days earlier. The criminal intercepted and
altered the emails, substituted fraudulent banking details, and removed a warning letter from the
bank. Ms Hawarden then transferred R5.5 million into the fraudsters’ account.²
Ms Hawarden sued ENS in the Gauteng Division of the High Court for recovery of the money. She
alleged that ENS and its employees owed her a legal duty to warn her about the dangers of BEC
fraud and to advise her on precautions to avoid falling victim to it. The High Court accepted this
argument and held ENS liable in delict for her pure economic loss caused by an omission. ENS
appealed to the SCA.
2. The Legal Question
The central legal issue before the SCA was:
Whether ENS owed Ms Hawarden a legal duty, the breach of which rendered it delictually liable for
her pure economic loss, in circumstances where the loss resulted from a cybercriminal intercepting
her emails rather than from any defect in ENS’s systems.³
More specifically, the Court had to determine whether the wrongfulness element of a delictual
claim based on omission had been established.