Organizations are particularly at risk because criminals hope to get their hands on high amounts of money. Especially in times of crisis, when employees are insecure and organizations are already weakened, phishing attacks become more frequent. During the corona crisis, for example, new phishing tactics, in which cyber criminals used this insecurity, were constantly coming up. That is one of the reasons why you should act as early as possible and include the human factor in your IT security strategy – for example, by improving your employees’ cyber security awareness. Different compliance frameworks like the ISO 27001 or the GDPR demand continuous training of employees in IT security – in the case of ISO 27001 even a form of simulated social engineering attack.