Organizations warned of "significant lag" in deepfake protection investment
Defenses are failing to keep up with the rapidly growing attack vector, with most organizations being overconfident
Deepfake attacks are on the rise and causing big financial losses, but organizations are largely unprepared.
In its second annual AI Deepfake Threat Report, enterprise comms security provider Ironscales found that 85% of cybersecurity and IT leaders at mid-range and large enterprises have experienced at least one deepfake attack in the last year, 10% more than the year before. Four-in-ten experienced three or more attacks.
And of these, 55% incurred monetary losses, which averaged $280,000; although 61% lost $100,000 or more, nearly 20% lost at least $500,000, and more than 5% lost more than $1 million.
The two most common threats are static images and email-based attacks, at 59% each. However, other attack vectors are catching up quickly, with audio or voice manipulations rising from 25% to 52%; videos from 33% to 45%, and both live video manipulation and live voice-only calls increasing from 30% to 41%.
However, budgets aren't keeping pace with the threat.
"In light of the above findings, it should come as little surprise that deepfake defense is rapidly becoming a top priority for security teams. However, we are seeing a significant lag in actual investment," the researchers warned.
"While both current and anticipated investment in deepfake defense is increasing, the gap between concern and action reflects market dynamics: deepfake defense solutions are relatively new to the market, and many organizations are waiting for more mature, proven technologies before committing budget, even as losses mount."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Organizations are offering deepfake training, the report found – but it's not always terribly helpful. While 88% have provided training in the last year, up from 68% the year before, only 8% saw first-try simulation pass rates of 80% or above, and the first-try deepfake-simulation pass rate average was just 44%.
However, despite the fact that 94% of respondents expressed at least some level of concern about the threat deepfakes currently pose to their organizations, and over 63% said they were very concerned, an overwhelming 99% claim to be confident in their defences.
"This disconnect might be dismissible as just a matter of question design if organizations were otherwise performing well in defending against these threats. On the contrary, though, as we've seen throughout this report, organizations are not faring well thus far in the fight against deepfakes," the researchers said.
"So, what's behind this seeming preparedness paradox? Some possible explanations include professionals' wishful thinking about their organizations investing more and improving their defensive capabilities, an underestimation of more widespread prevalence, or plain old wishful thinking."
To effectively fight the threat, said Ironscales, organizations should focus on three critical areas: training that addresses the full spectrum of deepfake sophistication; detection technologies that match the pace of AI advancement; and incident response processes that account for the unique challenges of synthetic media.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
UK wants an AI-powered anti-hacking systemNews GCHQ is building a national cyber defence capability powered by AI – though it may take five years
-
GitHub internal repositories exfiltrated via malicious VS Code extensionNews The breach has been claimed by the TeamPCP hacking group, which said it is offering the data for sale
-
Small businesses can't get cyber strategies up and running – here's whyNews SMBs are turning to outside help to shore up security as internal strategies fall flat
-
Using AI to code? Watch your security debtnews Black Duck research shows faster development may be causing risks for companies
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
Middlesbrough Council boosts cybersecurity spending, strategy in response to repeated cyberattacksNews Councils across the UK have publicly struggled with maintaining services in the face of major cyber disruption