How do you know who to sue in the first place?

I will say that sometimes it is the hosting companies fault - As a matter of fact, 24 hours ago my webhost was hacked "Bylenis was here". Initially I thought it was one oc my scripts, sql injection, etc. My index.php was being overwritten. However, I can't get access to my cpanel either. I checked to see what other sites were on my shared server, and low & behold their sites were hacked the same way - meaning the server had been hacked.

So I have yet to hear from my hosting company, which is strange considering I usually hear back from them within a short time period. I am interested in hearing their response as to whether they accept responsibility or give a canned statement.

Do you use cPanel control panel? If so, it's possible your hosting provider didn't secure this software well enough...

Have you defined how the hacker got into your site, does your hosting provider have firewalls that prevent this, did the heck an FTP or a panel. All of this is important factors in help you. Just so you know, almost every hosting provider has a Terms of Service which covers them from lawsuits like this, my advice, if you keep getting hacked, is to change your hosting provider to one that has a better means to secure you website.