It may sound obvious, but it's usually your fault if an account in your control is used to do crime. There are tests of reasonableness, and employees are usually not held personally liable for errors made in fulfillment of their job duties, but if you own the business, the loss falls on you.
A lawyer learned this the hard way recently when a Virginia court ruled that funds stolen via his compromised email were his and his client's liability, and that no future payments are required. The Florida Cyber Lawyer has a great writeup.
Getting scammed doesn't happen to each of us every day, but it would have taken this lawyer an hour to do the easy fixes that would have almost completely prevented email compromise and dramatically reduced his risk of falling for other scams. Spending an hour to save $63k is excellent ROI.