Liability for any loss resulting from unauthorized Internet banking transactions rests with the customer if they have "used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and antispam software on [the] computer, are up-to-date."

Grandpa, why's Grandma getting arrested?
Because she didn't patch Windows Timmy.

I don't have a good feeling about this. Lets say Grandma leaves her garage unlocked and Eve takes some tools out of it and uses them to break into a bank. Is Grandma "Liability for any loss" because she "does not have appropriate [locks] installed and up-to-date?"

Is Grandma criminally negligent for not keeping her computer up-to-date? Civilly?

I wonder how this applies to Phishing. If Grandma falls for a phishing scheme and didn't spend money on an anti-phishing filter, is she liable?