It partly depends on the company policies in force. If there is a policy that says "never open attachments" and sayts that doing so is treated as gross mis-conduct, then a company might have a case. But I am not a lawyer!
A defence might be that the company didn't take reasonable precautions to protect its systems.... but I am not a lawyer.
There are products that will quarantine any e mail with any attachment that require positive confirmation that the e mail is expected and genuine before it is released, which puts the onus directly on the user to validate the sender before opening anything.