The German financial regulator has published a brief survey of IT security in German which reveals, in its own words, that “cyber-criminals are relatively lazy.” The survey looks at solutions to problems that do not exist yet and the ways in which German banks are gearing up for the fight against cyber-crime.

Most IT-related losses and damage are caused accidentally – at IT service providers or internally at banks - through faulty hardware or the shorcomings of bank staff who are particularly error-prone during the current epidemic because working conditions and workflows are no longer what they used to be.

The document provides readers with an overview of the status quo, the use of cyber-insurance in crisis management and cyber-resilience with TIBER-DE – a future means by which "ethical hackers" can attack financial entities in Germany. The survey concludes that “the danger is real and it is growing.” Lastly, no document of this kind from a German regulator would be complete without a passionate call for the pan-European supervision of information security and cloud computing. It is to be found at https://www.bafin.de/SharedDocs/Downloads/EN/BaFinPerspektiven/2020/bp_20-1_cybersicherheit_en.pdf?__blob=publicationFile&v=5

Meanwhile, a document called "Supervisory Requirements for IT in German Asset Managers" (Kapitalverwaltungsaufsichtliche Anforderungen an die IT or KAIT for short), which BaFin published in German last year, is now also available in English. This describes the principle-based "minimum requirements" that German asset managers with authorisation pursuant to section 20 KAGB have to satisfy. They are to be found at https://www.bafin.de/SharedDocs/Downloads/EN/Rundschreiben/dl_rs_1911_KAIT_en.html