In the middle of February the Federal Cabinet decided upon a draft to cast into binding law the provisions of the Basel II agreement regarding a bank´s equity capital. According to this agreement a company´s IT security forms part of the operational borrower risks to be taken into account when determining his creditworthiness.
In practice this means that from January 1st 2007 inadequate security precautions in the IT field (e.g. outdated virus protection, insufficient access right administration) are to be considered as risks which lead to a lower rating. This in turn leads to higher costs for loans, possibly even to the loss of creditworthiness. Although loans to SME lower than 1 million are to be subject to less strict requirements and can be assigned by banks to a retail-portfolio, inadequate IT structures in SME might be nevertheless seen negatively by banks.
Managing directors neglecting IT security, according to the expert on the field of electronic data processing and computer law, Marion Janke, may even be possibly hold responsible for damages by investors and associates on the grounds of a breach of duty. Marion Janke in a detailed article on the subject available on the legal portal Internetrecht-Rostock.de explains possible risks of liability. Comprehensive advice on IT security together with a 50 page PDF guide free of charge for smaller companies are provided by the Bundesamt für Sicherheit in der Informationstechnik.