While the number of robberies at banks, savings banks and even post offices has fallen by 95 per cent over the past three decades, the number of financial crimes committed via the internet is rising steadily.

In the "Risk Barometer" of the industrial insurer AGCS, which is part of Allianz, managers and security experts worldwide see cyber attacks as the greatest threat to companies. This puts them ahead of business interruptions, natural disasters and pandemics - although business interruptions and cyberattacks are often linked. For the "Risk Barometer", the insurer surveyed a total of 2,650 experts in 89 countries last autumn, including over 1,200 senior managers of large companies with an annual turnover of more than 500 million dollars.

Current examples of stolen data repeatedly show just how real the danger of a cyber attack is. The most recent example is the International Red Cross (IDE), which had sensitive data stolen, some of which belonged to vulnerable people. Following the attack, IDE Director General Robert Mardini was forced to appeal to the hackers "not to publish, distribute or sell the data".

Ransomware attacks, in which hackers use malicious software to paralyse entire computer networks in order to steal and encrypt data, have become particularly widespread. The malware required for this can be purchased as a "service" on the darknet. Large companies are affected time and again - even though Russia only recently dismantled the notorious hacker group "Revil" at the request of the USA. "Revil" is suspected of being behind thousands of ransomware attacks.

In addition to blackmail, criminals also repeatedly attempt to divert money flows. For example, email accounts are hacked in order to start correspondence, unnoticed by the owner of the mailbox, in an attempt to instruct transfers to previously unknown accounts.

Another example is CEO fraud. Employees receive an email that purports to come from a superior. In the email, the fake boss asks for a small favour - often a quick transfer of a large sum of money. Such attacks are well prepared by the fraudsters. They familiarise themselves with the company in advance, look at social media accounts and try to contact people via supposedly harmless phone calls. Only then do they make contact with their victims via fake emails and ask for assistance with a supposedly urgent, confidential money transfer. Fraud attempts of this kind also occur time and again at REWE Group. The fact that criminals have not been successful so far is also due to the fact that the people affected were particularly vigilant. It is therefore all the more important to treat unusual requests with scepticism and not to reply to the emails. If in doubt, it is better to apply the dual control principle once again or ask your line manager whether everything is legal.