Nearly a quarter of Australian businesses faced deepfake security incidents last year, according to a report by ISMS.online, a compliance platform.
The report, which surveyed 506 information security leaders across sectors such as finance, technology, healthcare, manufacturing, education, and energy, found that 24% of organisations experienced deepfake-related issues in the last 12 months.
Deepfake technology, though newer compared to traditional threats like social engineering and malware, has swiftly become a major concern for businesses.
ISMS.online’s report explained that these technologies enable cybercriminals to carry out business email compromise (BEC) attacks by imitating the voice and appearance of senior executives to deceive employees into transferring funds.
Another report, recently released by an active insurance provider, noted that 56% of cyber claims in 2023 resulted from funds transfer fraud (FTF) or BEC.
ISMS.online’s survey results come as the Australian government seeks to establish the nation as a global cybersecurity leader through its Australian Cybersecurity Action Strategy. Additionally, the Australian Prudential Regulation Authority (APRA) recently sent a directive to all APRA-regulated entities, emphasising the importance of data backups in ensuring cyber resilience.
Despite these efforts, the compliance platform’s report found 75% of surveyed organisations reported incidents linked to supply chain partners, with 39% citing partner data as the most frequently compromised over the past year.
In response to these challenges, 66% of businesses plan to increase their spending on securing supply chain and third-party vendor connections over the next year, with 79% expecting to boost their overall information security budget.
Emphasising training and awareness, nearly half (46%) of the respondents have intensified employee education programs in the last year to counteract sophisticated cyber threats.
Despite these measures, more than a third (36%) of businesses admitted that employees use personal devices (BYOD) without adequate security protocols, increasing vulnerability to targeted attacks such as deepfakes.
Michelle McCarthy, head of Asia-Pacific at ISMS.online, said the survey results highlight the need for robust information security measures.
“To see nearly a quarter of businesses already impacted by deepfake attacks is worrying. These findings, alongside the vulnerabilities associated with third-party suppliers, show that businesses must ensure they have a strong information security posture. It’s promising that the majority are planning further financial investment into their information security and supplier management,” she said.
Although deepfakes pose a significant risk, 84% of businesses believe AI technology is enhancing their information security, with 69% planning to increase investment in AI and machine learning security applications.
“AI and deepfake technologies have evolved rapidly and continue to do so at pace. As businesses consider implementing AI tools in their information security operations, they must align with the global regulations that will undoubtedly come into force over time. Standards like ISO 42001, which encompasses AI use, will help organisations show their ethical, compliant approach to AI to their customers, regulatory bodies, and partners,” McCarthy said.
The research was commissioned by ISMS.online and conducted by Censuswide, an independent market research firm. The survey included 1,526 respondents working in information security across the UK (502), the US (518), and Australia (506), with the fieldwork carried out between March 22, 2024, and April 2, 2024.
