Deepfakes: The looming digital threat reshaping global business security

Joy Agwunobi

The rapid evolution of deepfake technology, fuelled by advancements in generative AI (GenAI), is fast emerging as a significant threat to businesses worldwide. What once appeared to be an impressive demonstration of artificial intelligence’s capabilities has now evolved into a major operational risk, endangering not only public figures but also the core functions of organisations globally.

With the continued development of GenAI, the production of synthetic media, including convincingly realistic fake images, audio recordings, and videos  has become increasingly easy, fast, and disturbingly accessible. Today, virtually anyone with a smartphone and access to basic AI tools, many of which are freely available or inexpensive, can create highly convincing deepfakes, effectively blurring the line between truth and fiction.

The expanding capabilities of deepfake technology have heightened the potential for misinformation and malicious activity. The risks now extend beyond personal reputational damage to encompass corporate sabotage and even threats to national security. While much public attention has centred on the targeting of celebrities, religious leaders, and political figures, businesses are becoming increasingly vulnerable to fraud, scams, reputational attacks, and even stock market manipulation.

A recent analysis by cybersecurity firm SurfShark underscored the urgent need for companies to strengthen their digital defences. According to the report, 179 deepfake-related incidents were recorded globally in the first quarter of 2025 alone — marking a concerning 19 percent increase compared to the total number of incidents reported throughout 2024.

SurfShark’s data also detailed the escalation of deepfake threats over the past several years. Between 2017 and 2022, only 22 incidents were officially recorded. However, by 2023, that figure nearly doubled to 42 cases. The trend accelerated sharply in 2024, with deepfake incidents rising by 257 percent to reach 150 cases.

In terms of preferred formats used by cybercriminals, video deepfakes remain the most common, accounting for 260 reported incidents since 2017. This is followed by image-based deepfakes, with 132 recorded incidents, and audio deepfakes, with 117 cases.

Thomas Stamulis, chief security officer at SurfShark, stressed that the threat posed by deepfakes to businesses is growing exponentially. Stating “With the ability to realistically mimic voices and faces, attackers can impersonate executives to authorise fake transactions or issue fraudulent instructions, especially in remote work environments.”

He further warned that deepfake videos could be weaponised to depict companies engaging in harmful behaviours, damaging reputations, or influencing stock prices. “In some cases, fake public announcements featuring a CEO’s face and voice can be used to spread disinformation, causing panic or confusion among stakeholders. People have to be cautious, as losing trust in the information we hear and see can significantly impact personal privacy, institutions, and even democracy,” he added.

In addition to SurfShark’s findings, global consulting giant KPMG has raised similar concerns in its latest report titled “Deepfake Threats to Companies.”  The firm warned that deepfakes could dramatically amplify costs associated with fraud, regulatory penalties, and brand reputation damage. KPMG outlined several critical threat vectors that businesses must guard against:

Financial fraud and identity impersonation

Deepfakes are increasingly being used to impersonate high-ranking executives during video calls or phone conversations—a tactic often referred to as “vishing.” Such deceptions can lead to unauthorised disclosure of sensitive information or fraudulent financial transfers. Insurance companies are also at risk, as claims supported by deepfake-generated imagery could slip through automated claims processes, bypassing human scrutiny.

Disinformation and market manipulation

The potential for deepfakes to spread false or defamatory information about businesses is enormous. In an era where social media can make content viral within seconds, a deepfake showing a CEO making inflammatory remarks or announcing false financial news could wreak havoc on stock prices, sow distrust among stakeholders, and inflict lasting reputational harm. KPMG cautioned that competitors, or even nation-states, might deploy such tactics to disrupt economies or destabilise corporate rivals.

Advanced social engineering attacks

Cybercriminals are leveraging deepfakes to refine social engineering schemes. By creating convincing synthetic identities—such as a CTO requesting access to a technology system—they can trick employees into granting entry to secure networks, planting malware, or exfiltrating critical data.

Other emerging risks

Beyond fraud and disinformation, deepfakes open the door to a spectrum of new threats. Many companies are also vulnerable to extortion from AI fabricated incriminating content, brand misuse, potentially leading to legal liabilities, fines, loss of trust and business. Remote hiring practices could open the door for either criminals or under-qualified candidates, using deepfakes to give synthetic identities a convincing face and voice – even going so far as to conduct interviews.

The firm outlined several practical measures that organisations can take to safeguard against the growing threat of deepfakes. It stressed the need for ongoing assessments to identify processes vulnerable to deepfake attacks, such as automated claims or media-based authorisation. By understanding these risks, companies can design processes to evaluate media in real-time or post-attack. Regular audits of digital assets The firm also recommended that businesses collaborate with service providers who specialise in deepfake research, which would enhance their ability to monitor and spot fraudulent content.

KPMG also recommended investing in AI technologies for detection, such as predictive algorithms and anomaly detection. These tools can proactively spot deepfake threats and integrate into media-related processes. Strengthening identity and access security, and adopting a zero-trust architecture, are critical for defense.

Beyond technology, human awareness remains crucial. KPMG emphasised  that workforce education must be ongoing and scenario-based, preparing employees, leadership teams, suppliers, and even customers to spot and report suspicious activity.

The firm also highlighted the importance of staying up-to-date with regulatory changes. As deepfake technology continues to evolve, regulations surrounding its use, particularly in relation to fraud and other criminal activities, are still developing. It is crucial for companies to monitor regulatory changes and integrate them into both national and international operations.

Additionally, KPMG argues for strong internal governance around AI usage. Companies should set strict guidelines on the approval and application of AI and deepfake technologies internally, ensuring that creative or customer service uses of AI do not become unwitting vulnerabilities.

The firm recommended that organisations implement a  zero-trust security framework,  strengthen identity and access management, including executive passcodes for sensitive communications — with an added “duress code” in case an executive is coerced.

While, the same AI advancements driving deepfake proliferation can also power defences. KPMG noted that by collaborating with cybersecurity specialists and deploying counter-AI tools, companies can enhance their resilience against manipulation, fraud, and reputational sabotage.

“While the sophistication of deepfakes is growing, companies that integrate cybersecurity, legal, communications, and risk management functions stand the best chance of detecting and neutralising threats early.Building broad awareness, investing appropriately, and leveraging the right technologies will help organisations secure their futures against this evolving menace,” KPMG noted.