Defend Against Deepfake Cyberattacks

Use a cyberthreat assessment approach to determine your organization's exposure to deepfake attacks.

Analyst perspective

Zero trust programs built on people and process are essential to defend against deepfakes.

Deepfakes have quickly shifted from curiosity to critical enterprise threat. They allow attackers to convincingly impersonate executives, vendors, or colleagues, bypassing traditional defenses and targeting the human trust that underpins communication. A single deepfake can cause financial fraud, expose sensitive information, or erode confidence in leadership. CIOs, CISOs, and CSOs now face an urgent and unfamiliar challenge.

Existing frameworks acknowledge deepfakes but provide little practical direction. Detection tools are emerging, but they are inconsistent and cannot serve as a silver bullet. This is not just a technical problem; it is a business resilience issue. Organizations must start by understanding where they are most exposed, which processes, individuals, and transactions are vulnerable, and what the impact would be if a deepfake were successful.

Our perspective is that effective defense requires a holistic, business-centric program built on people, process, and technology. By embedding verification practices into daily workflows, training staff to recognize threats, and strategically layering in detection technology, organizations can restore confidence in communication. Info-Tech's Deepfake Threat Assessment Tool enables leaders to map and prioritize potential risks, providing the clarity needed to design defenses that protect both assets and reputation.

Alexander Toti
Research Analyst, Security & Privacy
Info-Tech Research Group

Executive summary

Your Challenge

Deepfakes now allow attackers to impersonate executives, vendors, or employees with unsettling accuracy, creating a serious threat to enterprise communication.

A single successful attack can result in fraudulent transfers, exposure of sensitive data, or damage to customer trust that takes years to rebuild.

CIOs, CISOs, and CSOs must ensure communications remain trustworthy in an environment where traditional signals of authenticity no longer apply.

It is crucial to understand what deepfake scenarios are likely to happen and be prepared to defend against them.

Common Obstacles

Current cybersecurity frameworks and standards acknowledge deepfakes but provide little actionable guidance, leaving leaders without a clear path forward.

Detection technologies are emerging but remain inconsistent, resource-intensive, and costly, which makes adoption difficult for many organizations. These focus more on being reactive rather than proactive.

Human behavior compounds the risk, as employees tend to trust familiar voices and faces while resisting verification steps that they feel add friction to everyday work.

Info-Tech's Approach

The Deepfake Threat Assessment Tool helps organizations map their unique exposure by scoring likelihood and impact across common attack scenarios.

Info-Tech's framework builds defenses across people, process, and technology, ensuring that verification practices, employee training, and detection tools work together.

The goal is to give CIOs, CISOs, and CSOs a clear, business-centric strategy that strengthens resilience and preserves trust in digital communication. Leaders should understand and be prepared for the risks coming their way.

Info-Tech Insight

Deepfakes are ultimately a problem of trust and cannot be solved by technology alone. Understanding the cyberthreats posed by deepfakes to your organization and adopting a zero trust mindset during transactions are critical first steps to defending against them.

Your challenge

As a security leader, you need to preserve trust in every communication channel as deepfakes erode traditional signals of authenticity.

• Deepfakes now allow attackers to impersonate executives, vendors, or employees with unsettling accuracy, creating a serious threat to enterprise communication.
• A single successful attack can result in fraudulent transfers, exposure of sensitive data, or damage to customer trust that takes years to rebuild.
• For CIOs, CISOs, and CSOs, the challenge is ensuring communications remain trustworthy in an environment where traditional signals of authenticity no longer apply.
• It is crucial to understand what deepfake scenarios are likely to happen – and to be prepared to defend against them.

Deepfakes are a costly threat

Deepfakes have moved from novelty to enterprise risk. Nearly half of all organizations reported a deepfake attack in the past year (Regula, 2024), and global losses surpassed US$200 million in Q1 2025 alone (Fordham Now, 2025). The speed of adoption by criminals shows that this is no longer a hypothetical threat but an urgent reality for CIOs, CISOs, and CSOs.

The financial impact of a single incident can be severe. Deepfake voice scams cost organizations an average of US$600,000, with some cases exceeding US$25 million from one fraudulent transaction (Business Wire, 2024). For leaders, the question is not whether their organization will be targeted but whether they are prepared when it happens.

The damage extends beyond money. Deepfakes erode trust in leadership communications, expose organizations to regulatory penalties, and cause reputational harm that can take years to repair. With deepfakes now accounting for 6.5% of all fraud attempts (Signicat, 2025), organizations that fail to prepare risk losing far more than just dollars – they risk credibility.

62% of organizations hit by deepfake attacks in 2025 (Regula, 2024).

US$600,000 is the average loss per incident – some cases exceed US$25 million
(Business Wire, 2024).

The risk of deepfakes is high

Committing a deepfake attack is getting easier

60 seconds
As little as 60 seconds of recorded audio and video is all attackers need to create realistic deepfake clones (NPR, 2023).

Deepfakes are extremely hard to detect, and attackers are bypassing technology by exploiting human trust.

Blueprint deliverable

Use this blueprint to identify potential deepfake threats to the organization, assess your current controls, and rank the overall risk of potential scenarios.

Key deliverable:

Deepfake Threat Assessment Tool

Use the Deepfake Threat Assessment Tool to:

• Identify potential deepfake scenarios that will impact your organization.
• Assess your current processes and preparation for potential attacks.
• Rank the overall risk of potential deepfake scenarios and pave the way for the next steps of risk mitigation.

Insight summary

Deepfakes are a problem of trust

Deepfakes are ultimately a problem of trust and cannot be solved by technology alone. Understanding the cyberthreats posed by deepfakes to your organization and adopting a zero trust mindset during transactions are critical first steps to defending against them.

People are the first line of defense

Trained employees are the strongest safeguard. When staff know how to spot red flags such as unusual channels or urgent secrecy, they can stop attacks before damage occurs. A culture that supports questioning instructions gives people the confidence to act as defenders rather than targets.

Processes generate confidence

Zero trust must extend beyond networks and systems to human communication. No voice, video, or message should be assumed authentic without verification. Clear workflows such as secondary confirmations, code words, or out-of-band checks reduce human error under pressure and make verification a default behavior.

Technology supports vigilance

Detection tools add value but cannot be relied on alone. AI deepfakes evolve too quickly for technology to solve the problem outright. When used correctly, tools amplify human vigilance by flagging anomalies and supporting verification steps.

You have to earn the trust

Organizations that embed verification into every interaction will transform deepfakes from a looming threat into a manageable risk.

Case study: Ferrari – stopping a deepfake CEO scam

Trained and prepared employees on the frontline are the best defense against deepfakes.

Challenge

In July 2024, Ferrari faced a deepfake attempt targeting one of its senior executives. Attackers used WhatsApp voice messages that convincingly mimicked CEO Benedetto Vigna, pressing for secrecy around a supposed acquisition. The goal was to manipulate the executive into compliance and bypass normal checks.

Solution

Instead of complying, the executive recognized several red flags: the request came from an unfamiliar number, the tone of the message felt slightly mechanical, and the urgency was unusual. Drawing on prior awareness training, the executive asked a personal verification question about a book the real CEO had recommended. The impostor could not answer, and the executive ended the call immediately.

Results

No sensitive information was shared and the scheme collapsed without financial or reputational loss. This case shows how a vigilant, empowered employee can be the decisive line of defense against sophisticated scams. It reinforces the importance of training, clear verification protocols, and encouraging staff to trust their instincts when something feels off.

Blueprint benefits

Deepfake risk assessment checklist

Follow this checklist to ensure you are creating a successful risk assessment for your organization.

Download the Deepfake Threat Assessment Tool

1. Leverage Info-Tech's list of deepfake scenarios along with their attack vectors and descriptions to decide on which scenarios are applicable to your organization.
2. Assess your organization's risk factors and answer each question based on your organization's current controls and processes.
3. Choose whether to adjust or leave predetermined weightings and analyze which scenarios pose the highest risk to your organization.
4. Enter these scenarios into your risk register and plan to adjust training, controls, and processes to mitigate the threat of these scenarios.

What are deepfakes?

• A deepfake is an image, video, or audio recording that has been synthetically altered using AI to make it appear real, even when it is not.
• The most common deepfakes today are video impersonations – where a person's face or voice is swapped with another's – often used in scams, misinformation, or manipulated media.
• Deepfakes are created using AI techniques such as generative adversarial networks (GANs), which learn from real images and voices to generate lifelike synthetic content.
• While some are used for harmless entertainment or research, malicious deepfakes can enable fraud, reputational damage, and disinformation, undermining public trust.

"The threat of deepfakes and synthetic media comes not from the technology used to create it, but from people's natural inclination to believe what they see" (Department of Homeland Security, 2022).

Why a risk assessment?

A structured assessment provides the clarity needed to build targeted, cost-effective defenses.

Identifies Where You're Most Exposed
Deepfake risks vary by organization – a risk assessment highlights which roles, communication channels, or processes are most vulnerable to impersonation or manipulation.

Prioritizes Effort and Investment
By scoring likelihood and impact, leaders can focus resources on the most critical deepfake scenarios instead of spreading defenses too thin.

Aligns People, Process, and Technology
The assessment bridges technical and human factors, ensuring that awareness training, verification workflows, and detection tools reinforce each other.

Builds Executive Confidence and Accountability
Documented risks and mitigation priorities support governance discussions, budget decisions, and ongoing reporting to the board or risk committee.

Info-Tech Insight

You can't defend what you haven't defined. A deepfake risk assessment transforms uncertainty into actionable insight.

Value of this research

• The Deepfake Threat Assessment Toolhelps organizations systematically evaluate where they are most exposed to AI-driven impersonation threats. Its value lies in creating structure, consistency, and visibility – transforming deepfake risk management from a reactive discussion into a measurable, repeatable process.
• The tool streamlines scenario identification, risk scoring, and prioritization, helping leaders focus resources where they matter most.
• Value can be measured through efficiency gains (faster completion and clearer prioritization), improved decision confidence (stronger executive alignment on risks), and risk reduction outcomes (fewer incidents or faster response times).
• By proactively mitigating high-impact deepfake risks, organizations also avoid the potential financial losses, operational disruptions, and reputational damage that can result from a successful impersonation attack.
  Reassessing periodically with the tool allows security teams to track maturity and demonstrate continuous improvement in trust resilience over time.
• These outcomes can be quantified through KPIs:
  • Efficiency gains, measured by reduced average incident response time and faster completion of risk assessments.
  • Decision confidence, tracked through executive alignment surveys or risk committee approval rates.
  • Risk reduction outcomes, reflected in fewer deepfake incidents, lower financial losses, and improved mean time to detect (MTTD) and respond (MTTR).

Deepfake threat risk assessment

Identify

Assess

Prioritize

Mitigate

Step 1: Identify deepfake threat scenarios

Addressing the most applicable deepfake scenarios is the first step in defending against deepfake attacks.

• Info-Tech's Deepfake Threat Assessment Tool provides organizations with the 20 most applicable deepfake scenarios industry-wide, along with attack vectors and detailed descriptions to help understand which may be a threat to your organization.
• These scenarios have been researched in depth, derived from references such as:
  • The Open Web Application Security Project (OWASP)
  • NIST Cybersecurity Framework (CSF)
  • Deloitte Insights
• The scenarios include a diverse breadth of topics that are likely to happen based on future AI trends and historical relevance.

Info-Tech Insight

Understand and prepare for specific threats to create more precise and targeted processes to defend against attacks rather than just putting in broad measures.

1.1 Identify applicable deepfake threat scenarios

1. Review the list of 20 defined deepfake threat scenarios provided Tab 2.
2. Read each scenario's description and associated attack vectors (e.g. voice, video, text).
3. Determine which scenarios are applicable to your organization based on operations, exposure, and digital presence.
4. Use the drop-down in the "Applicable?" column to mark "Yes" or "No" for each scenario.

Step 2: Assess your organization's risk factors

Answer each question based on your organization's current operations.

• After identifying the scenarios that are most applicable to your organization, the next step is to assess your organization's controls, processes, and general practices. Info-Tech has developed a list of questions to help assess where your organization stands in relation to defending against deepfakes.
• Each risk factor question helps assess the risk level of specific deepfake scenarios happening within your organization. Each question has different levels of answers that determine if your risk of a deepfake attack is Very Low, Low, Medium, High, or Extreme.
• Answering all risk factor questions will help determine the likelihood of certain deepfake scenarios happening. It is important to remember that these answers are not the final answers. After assessing your organization, you may feel the need to address certain risk factors, and if your organization's practices change, your answers will as well.

Info-Tech Insight

By answering these questions, you will understand exactly how well your organization is prepared for these scenarios, leading to better preparation to improve processes and employee readiness.

1.2 Assess organizational risk factors

1. Review the 25 predefined risk factor questions on Tab 3.
2. Select an appropriate response from the drop-down for each question based on your organization's current controls.
3. Each response will automatically generate a numerical risk score from 1-5.
4. Ensure all responses are completed to produce an accurate organizational risk profile.

Step 3: Prioritize relevant deepfake scenarios

Prioritize which deepfake scenarios pose the largest risk to the organization.

• After completing the risk factor questions, prioritize the scenarios based on their risk to the organization.
• On Tab 4, Risk Assessment, you will see each scenario's historical relevance and threat complexity. Info-Tech has predetermined these factors, but you can edit them if you need to. After selecting the weightings of the historical relevance and threat complexity, you get a personalized likelihood of the deepfake attack happening to your organization.
• You can then determine the impact of the scenario on your organization. Use the "Weight for Final Risk" column to choose how much the risk is influenced by the likelihood and impact of the scenario.
• This will provide you with the final risk of the specific deepfake scenarios so you can prioritize which scenarios you would like to focus on based on their level of risk to the organization.

Info-Tech Insight

Not all deepfake threats are equal. Prioritize based on business impact, not fear. Structured weighting of historical relevance and threat complexity turns subjective concern into objective, defensible prioritization.