Learn why GetApp is free

68% of UK companies now have a deepfake response plan due to growing AI cybersecurity threats

Published on 13/08/2024 Written by David Jani.

Newer and more sophisticated cyberattacks, such as deepfakes, have been hitting the headlines recently, and fears are growing about their ability to impersonate employees and undermine security. How can businesses protect themselves from the threat of deepfakes?

hackers try to access a UK business mobile phone

Artificial intelligence (AI)- generated biometric fraud used to be the stuff of fiction, yet today, it is a reality for UK businesses. The emergence of new, more sophisticated cyberattack methods, such as AI-assisted deepfakes, phishing, or ransomware, increases the chances of identity theft and impersonation attacks, leaving company leaders at a crossroads.

In fact, aggravating security concerns have led businesses to reassess their cybersecurity strategy. Findings already show that 81% of UK companies have increased digital security expenditures over the last 18 months. How can these efforts extend to protect against the dangers of AI deepfakes, and how are companies tackling these risks today?

What is a deepfake?
A deepfake is a form of fraud in which cybercriminals use machine learning and deep learning processes to create artificial images, videos, and vocal audio to realistically impersonate an individual.

To find out, we surveyed 2,648 IT and cybersecurity professionals globally in May 2024, including 254 UK respondents in GetApp’s Executive Cybersecurity Survey.* We examined how the rise of new AI-driven impersonation attacks is causing companies to reevaluate their cybersecurity and network monitoring protections.

Key insights
  • 92% say they are satisfied with biometrics as a security measure, yet 47% of UK IT and cyber professionals say they have privacy concerns about using biometric authentication and 42% fear its potential use in identity theft. 
  • 68% say they work in companies that have a dedicated deepfake defence plan.
  • 81% indicate that their companies have increased investment in cybersecurity over the last 18 months.

UK companies trust biometrics but doubts are creeping in

Biometric authentication is quite common in UK companies. We found that 65% of IT professionals from the UK say that this is a requirement to increase cybersecurity in their workplace. Meanwhile, 22% of respondents say that biometric security is used but it is an optional step.

Chart of how biometrics are implemented globally as well as in UK companies

Significantly, these security measures are still proving valuable for those who are actually using them, with 92% of UK respondents expressing satisfaction with the results. However, notable concerns are creeping in, especially regarding privacy and identity theft.

Graph detailing the biggest challenges of using biometric authentication

Considering that 87% of UK respondents surveyed rely on biometric technology to stay secure, the rise of deepfakes is unsurprisingly a cause for consternation. In total, 69% say they are concerned about the potential for AI to be used for biometric identity fraud.

Biometrics aren’t the only pieces in the cybersecurity puzzle

Putting all your eggs in one basket can leave you with no options if things go wrong. Therefore, adding an extra step of security verification besides biometrics authentication can help allay anxieties about cybersecurity protection. 

Recent breaches affecting 560 million Ticketmaster users’ data offer an important lesson in practice. Hackers involved in this cyberattack took advantage of specific users of one of the company’s cloud providers who had not enforced multi-step authentication on their accounts, allowing them to steal users’ names, phone numbers, and partial credit card details. [1]

This is just one of the many cyberattack incidents that validate the use of multi-factor authentication (MFA) across a business, rather than only a single-factor option.

Deepfake response plans are becoming a business priority 

Cyberthreats like deepfakes can create a strong psychological impact in an organisation, given their ability to impersonate trusted individuals and financial losses they can open companies to. Companies can still defend against them but acting quickly and decisively is crucial.

As with any form of crisis management, it is vital to plan ahead and prepare an action strategy. Many companies have already started to work on this in response to anxieties. Based on our survey, 68% of UK respondents said their company has prepared a deepfake response plan in case of an attack.

Did you know?
According to recent research from Ofcom, the threat of deepfakes is very real in the UK right now, with 43% of people over 16 years old saying that they have seen at least one deepfake online in the last six months. The communications watchdog also highlights that nearly nine out of ten people aren’t confident in their ability to spot deepfakes. [2]

UK companies are devising more ways to prepare employees to respond to cyberattack-related challenges. Firstly, there is an increased focus on employee training to teach them the signs of fraud and generate awareness of attacks that use deepfakes. 

Simulating attacks can also help build awareness and preparedness for deepfake threats. GetApp’s 2023 Phishing Attacks Survey shows this kind of training to be very effective in preventing phishing attacks. In that case, 88% of senior leaders surveyed in the UK responded, saying these measures have effectively reduced phishing incidents.

Deepfake prevention in UK companies and globally

Whilst many in our UK sample have a plan in place and are working proactively to prevent fraud via AI-generated deepfakes, British companies are a little behind the global curve in terms of prevention measures. Some practices, such as the previously mentioned simulation exercises, could prove differentiators in responding to a deepfake attack. As UK companies lag behind, more time and resources may prove necessary to correct these gaps. 

Signs you might be talking to a deepfake

Hackers targeting senior management and employees using deepfake on video calls have made it crucial to increase awareness against it. To protect your business against such attacks, you should look out for some common features of deepfake videos, which include:

  • Jerky unnatural body movements 
  • Blurring around facial features
  • Unnatural eye-movements
  • Unusual coloration
  • Inconsistent audio

Additionally, if you are in doubt about the person you are speaking to, you can make it easier to spot deepfakes by asking them to turn their head 90° to the side to see a profile view of their face. This can disrupt the software algorithm that projects another face onto the speaker as it has to adapt to a shape it is not as used to working with.

7 cheap ways to protect your business against security threats

Newer developments in cybersecurity require businesses to invest more time and money to save themselves from advanced threats, such as deepfakes and synthetic biometric fraud.

Our survey results show that UK businesses are making significant monetary investments to ensure effective protection against cybersecurity. Among the IT and cyber professionals we surveyed in the UK, 81% say their company’s cybersecurity investments have risen over the last 18 months. However, before investing more money to prepare the business against security vulnerabilities, companies can run through some quick fixes.

As the graph below shows, measures as simple as updating software more frequently or improving password policies can help businesses plug many holes in their security defences.

Graph of new policies introduced after a cyberattack

This leaves the question of where the priorities lie for businesses to take action on sealing up gaps to defend against new technological threats. Here, we list seven measures that companies could deploy:

1. Develop a deepfake plan

Despite considering effective cybersecurity strategies to fight against deepfake attacks, around a third (32%) businesses in the UK don't have a deepfake plan in place or are unsure about it.

The plan itself should ideally consider ways to strengthen protection against deepfake attacks by prioritising staff awareness and training. Additionally, it is important to prepare a crisis plan that details steps to take should an attack begin to succeed so proper procedures are in place.

2. Provide multiple layers of protection

As evidenced by the Ticketmaster deepfake fraud and cyberattacks, having multi-factor authentication (MFA) on your systems is key. This ensures safety against potential threats even if one form of identification and authentication is breached.

MFA software is an important inclusion to achieve this, which could combine entry systems like passwords, memorable information, or even biometrics. Whilst we’ve seen concerns about the security of biometrics, they still offer a great deal of protection and should be considered for at least one step of authentication. When selecting a viable system, it can help to look out for software providers who offer features such as enhanced fraud detection and low-code integrations.

3. Audit security at a network level

Growing volumes of sophisticated attacks necessitate leaders reviewing their company's network security. Any vulnerabilities in security infrastructure could easily allow a cyberattack to succeed. We found that 44% of our UK sample whose senior execs were targeted by cyberattackers are prioritizing improvements to their network security, and this is key to underpinning security.

Network security software should be standard in every company. It protects against cyberattacks and data loss by detecting and blocking threats such as viruses, malware, and unauthorised access. It also improves network integrity and availability, resulting in a more stable and secure IT infrastructure.

4. Enforce software update schedules

Leaving software unpatched can have severe consequences for security. This is notable as almost half (48%) of UK professionals surveyed work in businesses that prioritised this course of action after being targeted by a cyber breach.

Deploying patch management software that scans software for updates and ensures they are automatically updated can help. This will ensure that your tech stack remains fully patched, updated, and secure with the latest security protections.

5. Strengthen password policies

A good password policy is a company-wide concern. This is ever more important to ensure each step of security helps navigate technical challenges, especially as trust in biometric verification drops. Moreover, an effective password policy has become even more vital as AI tools emerge that can crack passwords with greater ease. [3]

Implementing self-service password reset (SSPR) software tools can be useful in this regard. They can help ensure staff regularly update their passwords and set parameters for the level of complexity a password must have.

6. Provide adequate training to executives

Senior executives are a prize target for scammers due to their levels of access and oversight over major transactions and decisions in a company. New threats such as deepfakes require extra commitment to this goal.

Security awareness training software can prove practical for executives and other staff, offering up-to-date guidance on how to spot and respond to the latest threats.  

7. Encrypt data appropriately

Unprotected data is a goldmine for cybercriminals. It can also be used to socially engineer a cyberattack on your business. Therefore, it is especially essential to ensure that business data is stored and shared securely.

Having a strong data encryption solution is key. This makes the data harder to access and interpret without the right authorisation, so even if a hacker gets away with information, they may not be able to use it.

Preparation instead of panic is key

There’s no getting around the fact that the threat of biometric information fraud and deepfake cybersecurity attacks is likely to cause concern for businesses. However, there is much that can be done to stop them while shoring up security all around, even against more established dangers. This is especially true in the UK, as companies are slightly underprepared in some key areas to defend against deepfakes compared with global averages.

Additionally, preparedness needs to be company-wide. Company owners and senior management are more likely to be targets for deepfake scammers and cybercriminals than regular staff members. In our second look at our 2024 Executive Cybersecurity Survey findings, we will examine how companies can better protect senior leadership.

Looking for cybersecurity software? Check out our catalogue.


Survey methodology

*GetApp's Executive Cybersecurity Survey was conducted in May 2024 among 2,648 respondents in the U.S. (n=238), Canada (n=235), Brazil (n=246), Mexico (n=238), the U.K. (n=254), France (n=235), Italy (n=233), Germany (n=243), Spain (n=243), Australia (n=241), and Japan (n=242). The goal of the study was to explore how IT and cybersecurity professionals are responding to the rising threat of biometric fraud. Respondents were screened for IT and cybersecurity roles at companies that use security software and have more than one employee. Respondents were screened for involvement in, or full awareness of, cybersecurity measures implemented at their company.

Sources

  1. Ticketmaster confirms hack which could affect 560m, BBC
  2. A deep dive into deepfakes that demean, defraud, and disinform, Ofcom
  3. AI can identify passwords by sound of keys being pressed, study suggests | Artificial intelligence (AI), The Guardian


This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

About the author

David is a Content Analyst for the UK, providing key insights into tech, software and business trends for SMEs. Cardiff University graduate. He loves traveling, cooking and F1.

David is a Content Analyst for the UK, providing key insights into tech, software and business trends for SMEs. Cardiff University graduate. He loves traveling, cooking and F1.