Besides, if you've denied him access, and he's on the
computers anyway, he's illegally using your resources. I think
your liability concerns go away in this scenario.
I've lost the context of what is meant here by liability; however,
I've found an interesting court case, from 1932. It concerns liability
for the cargo of a barge lost in a storm -- a loss that likely would
have been avoided if the tugboat had been equipped with a radio
receiver to hear a weather forecast.
But here there was no custom at all as to receiving sets; some had
them, some did not; the most that can be urged is that they had
not yet become general. Certainly in such a case we need not
pause; when some have thought a device necessary, at least we may
say that they were right, and the others too slack.
We hold [against] the tugs therefore because [if] they had been
properly equipped, they would have got the Arlington reports. The
injury was a direct consequence of this unseaworthiness.
(The T.J. Hooper, 60 F.2d 737 (2d Cir. 1932))
That is, the tugboat owners were held liable for not taking a precaution
that, though reasonable, wasn't even customary in their industry. (Only
one tugboat line equipped its ships with radios.) I wonder what level
of security a court would hold to be necessary if a third party suffered
some losses because of the actions of a hacker.