Skip to main content

Accounting Standards

Executives Expect More Deepfake Attacks on Accounting and Financial Data

More than half of C-suite and other executives (51.6%) expect an increase in the number and size of deepfake attacks targeting their organizations’ financial and accounting data.

Data-Hacking1

More than half of C-suite and other executives (51.6%) expect an increase in the number and size of deepfake attacks targeting their organizations’ financial and accounting data – otherwise known as deepfake financial fraud – during the next 12 months, according to a new Deloitte poll. That increase could impact more than one-quarter of executives in the year ahead, as those polled report that their organizations experienced at least one (15.1%) or multiple (10.8%) deepfake financial fraud incidents during the past year.

According to Deloitte, deepfake financial fraud is a category of cybercrime that leverages deepfake technology with the intent of defrauding organizations or individuals of cash assets or otherwise causing financial losses.

Polled executives at organizations that faced deepfake financial fraud in the past year expect higher than average increases in similar events for the year ahead, with those experiencing just one fraud event expecting the biggest increase in fraud (67.1%). Executives at organizations experiencing multiple fraud events during the past 12 months also expect above-average increases in the year to come (59.6%).

“Deepfake financial fraud is rising, with bad actors increasingly leveraging illicit synthetic information like falsified invoices and customer service interactions to access sensitive financial data and even manipulate organizations’ AI models to wreak havoc on financial reports,” said Mike Weil, digital forensics leader and a managing director, Deloitte Financial Advisory Services LLP. “The good news is that concern about future incidents seems to peak after the first attack, with subsequent events tempering concerns as organizations gain more experience and become better at detecting, managing and preventing fraudsters’ deepfake schemes.”

Learnings vary by executives, based on organizational deepfake financial fraud experiences

According to the poll, executives whose organizations faced a singular deepfake financial fraud incident in the previous year are most likely to increase employee education about new threats as a means of preparing their workforces (30%). That said, respondents at organizations that experienced more than one deepfake financial fraud event in the past year are more likely to establish new policies and procedures to help workforces prepare for deepfake-related fraud schemes (25.2%) as their primary risk approach.

Regardless of respondents’ experiences with deepfake fraud, few lean into detection technologies as a primary line of defense. The likelihood of using such technologies does, however, increase incrementally with the number of attacks experienced in the past year (no attacks = 6.8%; one attack = 8.8%; more than one attack = 15%).

Surprisingly, 9.9% of polled executives say their organizations do nothing to guard against deepfake fraud targeting their accounting and financial data.

“Knowledge of evolving deepfake fraud schemes is evolving quickly,” continued Weil. “But as illicit actors’ techniques advance, they become more impervious to human detection, technologies and tools. In the years ahead, it’ll become more critical for organizations to both identify and address deepfake risks, not the least of which will be those efforts targeting potentially market-moving accounting and financial data to perpetrate fraud.”

Despite undertaking risk management approaches, just under half of polled executives (46.5%) say they are confident in their organizations’ ability to manage deepfake-related financial fraud threats. The poll also found that taking actions to manage deepfake fraud has a 2.5x effect on trust levels in associated risk management efforts compared to organizations that take no actions (taking actions = 60.1% confident; no action = 24.3% confident).

One-fifth (20.1%) of polled leaders report no confidence at all in their organizations’ ability to respond effectively to deepfake financial fraud.

“As AI transforms the global information ecosystem, organizations need to take a holistic view of the related trust implications by deeply analyzing their own trustworthy AI use as well as bad actors’ potentially nefarious use of the technology,” said Michael Bondar, global Enterprise Trust leader and a principal, Deloitte Transactions and Business Analytics LLP.

“By infusing trust in AI use for accounting and financial data, organizations can activate robust governance models enabled by technology and supported by well-rehearsed response playbooks and processes. They can be proactive by performing regular controls gap audits, aligning to regulatory requirements as well as demonstrating industry trend awareness in this rapidly evolving space. And, for those organizations planning significant business milestones like IPOs, M&A deals and product launches, it’s important to closely consider how AI use can impact organizational trust levels,” concluded Bondar.