Deepfake fraud has expanded on a pervasive scale. At high volumes and low cost, increasingly targeted AI-enabled attacks now impersonate senior executives during what look like entirely routine interactions. They are also occurring with enough conviction to deceive internal teams into authorising major decisions or revealing sensitive information.
Over a third of UK businesses reported being targeted by AI-related fraud, including deepfakes, in the first quarter of 2025 alone, up from 23% the previous year.¹ Where once the threat was emerging, it is now very much present and accelerating.
The mechanics are well-documented. In Q3 2025, Resemble AI recorded 980 corporate infiltration cases involving real-time manipulation during video calls² – a figure that points to industrialised targeting, not isolated incidents.
What makes this shift significant is not the sophistication of the tools, it is the change in attack logic. Fraud has moved from breaking into systems to talking its way in. Synthetic voices, fabricated video and AI-generated messages are being used to weaponise ordinary workflows: payment authorisations, supplier updates and urgent leadership requests. The point of failure is no longer the firewall. It is the moment a person makes a decision under time pressure and trusting what they see and hear. That dramatically changes what effective fraud prevention actually looks like.
The problem with recognition-based controls
Whether consciously or not, most organisations still rely on familiarity as a control. Employees recognise voices, faces and email styles, and they trust seniority, while responding to urgency. Deepfake attacks are precisely designed to exploit these instincts, and to do so in the moments when people are least likely to pause and verify.
The result is that technically well-secured environments remain vulnerable. It does not matter how robust your infrastructure is if the human layer can be bypassed through a convincing video call. Security that stops at the system boundary leaves decision-making (the actual point of exposure) largely unprotected.
Gartner predicts that by 2026, 30% of enterprises will no longer consider standalone identity verification and authentication solutions as reliable in isolation³. The implication is significant and there is now widespread industry acknowledgement that technical controls alone cannot close the gap.
Building a shared intelligence picture
Gaining an advantage over AI-enabled fraud requires connecting weak signals before they become serious incidents. Most attacks begin with subtle, easily overlooked indicators: an unusual payment request, a slight shift in communication style, or a supplier update that arrives through an unexpected channel. In isolation, each looks like noise, but when viewed together, they point to a clear pattern.
That kind of pattern recognition only becomes possible when signals from across the business, people, identity systems, suppliers, sites and digital platforms, are brought into a single shared picture. But when every function is working from fragmented information, the early warnings stay invisible until it is too late.
Specific decision points within a business are often targeted consistently because they combine speed with trust. Examples are payment changes, supplier onboarding, urgent approvals or last-minute process deviations. Treating these moments as signals, and not just operational friction, is what allows organisations to intervene early rather than having to investigate afterwards.
Redesigning how decisions get made
Three disciplines consistently make the difference in organisations that manage this well.
The first is slowing the moment down. Verification based on context and process is far more reliable than recognition of a voice or a face. Introducing deliberate pauses and independent confirmation steps, particularly at high-stakes decision points, actively disrupts the urgency tactics that AI-enabled attacks depend on.
The second is escalating when patterns repeat. A single unusual request might be noise. But multiple similar approaches across different channels or time periods point to intent, and justify a structured investigation rather than an isolated response.
The third is reconstructing what happened. Understanding who made a contact, through which channel and why the approach succeeded, will prevent recurrence. Incident learning only works when the full chain of events is documented and analysed, not just the outcome.
When reporting is straightforward and culturally supported internally this will work well. Employees, finance teams, and supply chain contacts all encounter fragments of risk before central security functions do. So, reducing the friction between when a first concern is flagged and a meaningful response is delivered, is one of the most effective controls available.
Protecting decisions, not just systems
The challenge posed by deepfakes and AI-enabled impersonation is not primarily a technology problem. Organisations that treat it as one will keep investing in defences that attacks are specifically designed to circumvent.
Resilience ultimately depends on how well an organisation connects signals, supports judgement in context and acts consistently under pressure. Those that build an intelligence-led approach – feeding incident insights back into training and enhancing detection with structured investigation – will find that confidence in managing risk increases, and disruption falls over time.
The goal is not to prevent every attempt. It is to ensure that the decisions made inside your organisation are as well-protected as the systems surrounding them.
Sources
- Keepnet Labs, Deepfake Statistics & Trends 2026 (updated March 2026): https://keepnetlabs.com/blog/deepfake-statistics-and-trends
- Bright Defense, 150+ Deepfake Statistics (March 2026): citing Resemble AI Q3 2025 Deepfake Incident Report: https://www.brightdefense.com/resources/deepfake-statistics/
- Gartner, Predicts 2024: AI & Cybersecurity: Turning Disruption into an Opportunity (press release, February 2024): https://www.gartner.com/en/newsroom/press-releases/2024-02-01-gartner-predicts-30-percent-of-enterprises-will-consider-identity-verification-and-authentication-solutions-unreliable-in-isolation-due-to-deepfakes-by-2026
Matt Horne
Matt Horne is Director of Intelligence and Investigations at Clue Software where he supports organisations in tackling crime and risks. A former Deputy Director at the UK’s National Crime Agency (NCA), Matt is also the current Chair of the National Security Committee at TechUK.
