Deepfakes Are No Laughing Matter
- Eric Zeman
- April 2021
The Emerging Risks Special Section is sponsored by Finys. Click on the microphone icon to listen to the Finys podcast.
Deepfakes are a relatively new phenomenon and companies are struggling to understand what they are and how to assess their true risk and exposure.
Deepfakes rely on artificial intelligence to manipulate recorded audio and video. The first applications targeted movies, mostly for entertainment purposes. Recently, however, deepfakes have been used to alter facts and details, and spread misinformation.
“This makes deepfakes a real dangerous tool, and obviously social media is making them more vicious as this medium can spread deepfakes much faster,” said Fred Eslami, associate director North American property and casualty, AM Best.
Deepfake and related technologies will initially spread from video and will be a major contributor to digital identity theft, predicts Darren Thomson, head of cybersecurity strategy at CyberCube. “Targets will likely include executives with the power to initiate and approve wire transfers.” Politicians and other public figures are also on deck for attacks.
Fraudulent money transfers due to social engineering and other cyber techniques are already on the rise. Deepfake technology will only increase the odds of successful cyberattacks because people often believe what they see on video and hear via audio, according to CyberCube.
For example, in March 2019, criminals used artificial intelligence-based software to mimic the voice of a chief executive and then demand a fraudulent transfer of €220,000 (US$243,000). The criminals were successful.
The real question is how to cover deepfakes. Best's Eslami says, “Whether or not deepfakes are covered under cyber (identity theft), CGL, E&O (crime) or the media liability policies that were designed with social media exposure in mind, is a tricky question. It remains to be seen how policy language will be evolving and changed over time to cover or exclude the deepfakes.”
Lori Bailey, global head of cyberrisk at Zurich Insurance Group, said risk managers should ensure that a comprehensive security awareness training program is in place to educate employees at all levels about such tactics and ensure that steps are taken to validate identities of individuals to avoid falling victim to such schemes.
“At the heart of it, the deepfakes are really frightening,” concluded Best's Eslami, “as they have the potential of threatening our social and political fabric as well as financial structure.”