Half of Executives Expect More Deepfake Attacks on Financial and Accounting Data in Year Ahead
NEW YORK, Sept. 17, 2024 /PRNewswire/ — Over half of C-suite and other executives (51.6%) expect an increase in the number and size of deepfake attacks targeting their organizations’ financial and accounting data – otherwise known as deepfake financial fraud – during the next 12 months, according to a new Deloitte poll. That increase could impact more than one-quarter of executives in the year ahead, as those polled report that their organizations experienced at least one (15.1%) or multiple (10.8%) deepfake financial fraud incidents during the past year.
According to Deloitte, deepfake financial fraud is a category of cybercrime that leverages deepfake technology with the intent of defrauding organizations or individuals of cash assets or otherwise causing financial losses.
Polled executives at organizations that faced deepfake financial fraud in the past year expect higher than average increases in similar events for the year ahead, with those experiencing just one fraud event expecting the biggest increase in fraud (67.1%). Executives at organizations experiencing multiple fraud events during the past 12 months also expect above-average increases in the year to come (59.6%).
“Deepfake financial fraud is rising, with bad actors increasingly leveraging illicit synthetic information like falsified invoices and customer service interactions to access sensitive financial data and even manipulate organizations’ AI models to wreak havoc on financial reports,” said Mike Weil, digital forensics leader and a managing director, Deloitte Financial Advisory Services LLP. “The good news is that concern about future incidents seems to peak after the first attack, with subsequent events tempering concerns as organizations gain more experience and become better at detecting, managing and preventing fraudsters’ deepfake schemes.”
Learnings vary by executives, based on organizational deepfake financial fraud experiences
According to the poll, executives whose organizations faced a singular deepfake financial fraud incident in the previous year are most likely to increase employee education about new threats as a means of preparing their workforces (30%). That said, respondents at organizations that experienced more than one deepfake financial fraud event in the past year are more likely to establish new policies and procedures to help workforces prepare for deepfake-related fraud schemes (25.2%) as their primary risk approach.
Regardless of respondents’ experiences with deepfake fraud, few lean into detection technologies as a primary line of defense. The likelihood of using such technologies does, however, increase incrementally with the number of attacks experienced in the past year (no attacks = 6.8%; one attack = 8.8%; more than one attack = 15%).
Surprisingly, 9.9% of polled executives say their organizations do nothing to guard against deepfake fraud targeting their accounting and financial data.
“Knowledge of evolving deepfake fraud schemes is evolving quickly,” continued Weil. “But as illicit actors’ techniques advance, they become more impervious to human detection, technologies and tools. In the years ahead, it’ll become more critical for organizations to both identify and address deepfake risks, not the least of which will be those efforts targeting potentially market-moving accounting and financial data to perpetrate fraud.”
Despite undertaking risk management approaches, just under half of polled executives (46.5%) say they are confident in their organizations’ ability to manage deepfake-related financial fraud threats. The poll also found that taking actions to manage deepfake fraud has a 2.5x effect on trust levels in associated risk management efforts compared to organizations that take no actions (taking actions = 60.1% confident; no action = 24.3% confident).
One-fifth (20.1%) of polled leaders report no confidence at all in their organizations’ ability to respond effectively to deepfake financial fraud.
“As AI transforms the global information ecosystem, organizations need to take a holistic view of the related trust implications by deeply analyzing their own trustworthy AI use as well as bad actors’ potentially nefarious use of the technology,” said Michael Bondar, global Enterprise Trust leader and a principal, Deloitte Transactions and Business Analytics LLP.
“By infusing trust in AI use for accounting and financial data, organizations can activate robust governance models enabled by technology and supported by well-rehearsed response playbooks and processes. They can be proactive by performing regular controls gap audits, aligning to regulatory requirements as well as demonstrating industry trend awareness in this rapidly evolving space. And, for those organizations planning significant business milestones like IPOs, M&A deals and product launches, it’s important to closely consider how AI use can impact organizational trust levels,” concluded Bondar.
About the online poll
More than 1,100 C-suite and other executives were polled during a recent webcast, titled “Generative AI and the fight for trust,” on May 21, 2024. Answer rates differed by question.
About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 8,500 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters by creating trust and confidence in a more equitable society. We leverage our unique blend of business acumen, command of technology, and strategic technology alliances to advise our clients across industries as they build their future. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s approximately 457,000 people worldwide connect for impact at www.deloitte.com.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
View original content to download multimedia:https://www.prnewswire.com/news-releases/half-of-executives-expect-more-deepfake-attacks-on-financial-and-accounting-data-in-year-ahead-302250391.html
SOURCE Deloitte