Skip to content
Briefing

Cyber fraud and causation: Court of Appeal clarifies the scope of contractual duties and the approach to causation

The Court of Appeal has provided important guidance on causation and confidentiality clauses in the context of cyber fraud cases in Logix Aero Ireland Ltd v Siam Aero Repair Company Ltd [2026] EWCA Civ 510. The decision confirms that standard confidentiality clauses will not ordinarily impose a contractual duty to prevent fraud, and that orthodox causation principles continue to apply even in complex, multi-stage fraud scenarios.

Background

Logix Aero Ireland Limited (Logix) agreed to purchase two Pratt & Whitney 127 aircraft engines from Siam Aero Repair Company Limited (Siam Aero) under a Letter of Intent (LOI), with the transaction to be completed through sale and purchase agreements (SPAs).

The parties conducted negotiations primarily by email. In late July 2024, a third-party fraudster intervened in the email exchanges, having obtained access to a genuine Siam Aero email by unknown means. The fraudster used spoof email addresses with minor variations (e.g., “.co” rather than “.com”). As a result, both parties believed they were communicating directly with each other, when in fact their emails were being intercepted, altered and relayed by the fraudster.

Through this process:

  • Draft and executed SPAs and invoices were manipulated.
  • Siam Aero’s genuine bank details were replaced with the fraudster’s details.
  • Logix transferred the purchase price to a bank account controlled by the fraudster.

The fraud was only identified after payment had been made to and subsequently disbursed from the fraudster’s account. Logix obtained without notice interim relief in France, seizing the engines and claiming it had acquired title to them. Logix then brought proceedings in England seeking to recover its loss from Siam Aero.

The claim

Logix’s claim was based on an alleged breach of the confidentiality clause in the LOI. It argued that Siam Aero had disclosed transaction documents and information to the fraudster (albeit unwittingly); in doing so, it had breached its obligation not to disclose confidential information to third parties; and it had thereby enabled the fraudster to manipulate the transaction documents and redirect payment to themselves.

Logix alleged that Siam Aero’s breach of the confidentiality clause had caused its loss.

The High Court struck out Logix’s claim, finding that it had no real prospect of success. The Court held that it was arguable that there had been a breach of the confidentiality clause, but the claim that Siam Aero had caused the loss was unsustainable. Logix received permission to appeal the issue of causation only.

The legal issues

The Court of Appeal was required to consider whether Siam Aero’s assumed breach of the confidentiality clause had caused Logix’s loss, or whether the fraud had broken the chain of causation.

In substance, the issues turned on whether Siam Aero’s conduct could be said to be the effective cause of the loss.

The Court of Appeal’s decision

The Court of Appeal dismissed the appeal for the following reasons.

Breaking the chain of causation

Where a party owes a contractual duty to take care to ensure that an intervening and voluntary act is not permitted, it will be liable if it fails to take such care. However, the Court of Appeal found that the existence of this contractual duty is not a freestanding answer to whether the chain of causation is broken, but requires: (a) that the breach of contract is the effective cause of the loss (see next section); (b) that the loss is within the scope of duty assumed (e.g. to prevent forgery or as in this case, cyber fraud); and (c) is not too remote.

The Court of Appeal rejected Logix’s contention that London Joint Stock Bank v Macmillan1 is authority for the proposition that the intervention of a third-party fraudster does not break the chain of causation and that the contract breaker remains liable, subject only to the issue of remoteness of loss. There needs to be a specific contractual duty to prevent the very fraud which was in fact perpetrated. In this case, there was no specific contractual duty in the confidentiality clause to prevent cyber fraud.

Effective cause of the loss

The Court of Appeal agreed with the Court at first instance that the intervention of the fraudster occurred before any assumed breach of contract by Siam Aero (following an initial assumed breach by Logix in responding to the very first doctored email). The assumed breach by Siam Aero was part of the opportunity for the fraud rather than the cause of the fraud.

The Court of Appeal also emphasised that the fraud depended on the conduct of both parties, each of whom had unwittingly provided information in the compromised email chain. In those circumstances, singling out Siam Aero’s communications as causative of the loss was artificial.

The relevance of the confidentiality clause

The confidentiality clause was primarily aimed at protecting the parties from damage by reason of their documents falling into the hands of competitors and being used for commercial advantage.  There was nothing in the confidentiality clause which imposed a special duty to protect the other party from being deceived by fraudsters gaining sight of information and manipulating it. It follows that it would also have been open to the Court at first instance to have found (i) that the loss suffered by Logix was outside the scope of the duty assumed by Siam Aero in entering the LOI and (ii) that Logix’s loss would have been too remote.

The Court of Appeal also found that Logix’s claim would have faced other significant obstacles: it was far from clear that Siam Aero was in breach of the confidentiality clause by disclosing its own information, including its own bank account details, to a third party; and there might also have been a question whether (if it were otherwise liable for such a breach) Siam Aero could have claimed that its liability was caused by Logix’s own breach of the confidentiality clause, giving rise to a defence by way of circuity of action.

HFW comment

The legal arguments in this case were aimed at recovering loss from the contractual counterparty (who may be able to pay) rather than the fraudster (who had long since dissipated the stolen funds). The Court of Appeal settled those arguments by applying orthodox principles of causation and finding that standard confidentiality clauses do not carry any special obligation to prevent fraud.   

The facts of this case are also a reminder of the importance of vigilance when dealing with high-value transactions, and the need to have robust systems and controls in place when transferring funds. They illustrate the increasingly subtle methods used by cyber fraudsters and the importance of providing regular training for staff to keep awareness high. Staff also need to be comfortable to report any suspicions – or even mistakes – quickly so as to minimise any potential losses.

Thiseas Efthymiou, Trainee Solicitor, co-authored this briefing.

Footnote

  1. London Joint Stock Bank Limited v Macmillan and Arthur [1918] AC 777
Published
01 July 2026
Reading Time
8 minutes