More than two-thirds of B2B marketing leaders (68%) are concerned that executives will be victimized by deepfakes, but the majority of them (80%) don’t have a crisis response plan to follow should those fears come true.
That’s according to a new report from Forrester, “Deepfakes: The Hidden Threat CMOs Can’t Ignore,” which surveyed 205 marketing leaders around the world.
“It reminds me of cybersecurity 10 or 15 years ago,” says Karen Tran, principal analyst at Forrester. “A lot of companies were super aware about cybersecurity and believed it was a risk. They just didn’t think that an attack would happen to them. That’s the same with deepfakes; the perception is that it happens to someone famous. Most people think it wouldn’t happen to their company because they don’t think they’re famous enough.”
In the age of artificial intelligence, deepfakes—i.e., synthetic audio, video, or visual components that manipulate a real person’s likeness or voice to create fake content that seems authentic—are increasingly easier to create.
“Our likenesses are everywhere; it doesn’t take very much to capture someone’s image or voice,” Tran explains. “We’re very vulnerable to this. There are free tools that exist for deepfakes—and some that cost very little—and they’re getting better and better all the time.”
Deepfake attacks can severely impact organizations. In 2024, for example, an employee of a multinational finance firm was duped into forking over $25 million to cybercriminals who created a deepfake of the company’s CFO on a video call. That same year, a high school principal was placed on leave after a disgruntled athletic director created a deepfake that made it appear the principal made racist remarks.
Such attacks are much harder on relatively unknown individuals than world-famous ones. While Warren Buffet could use his massive platform to quickly deny a deepfake and make the issue go away in short order, under-the-radar individuals have to defend themselves much more vehemently, Tran said.
In many ways, it’s no longer a question of whether your organization will be impacted by deepfakes but when. To prepare for that inevitability, Tran suggests following these three best practices.
1. Be transparent. As technology evolves, more brands are leveraging so-called positive deepfakes to engage customers more effectively. Some video platforms, for example, enable marketers and sales reps to create avatars of themselves, using artificial intelligence to generate short video messages that look real. “These are great tools to use, but companies need to be very thoughtful about ethics and transparency,” Tran says.
Whenever your organization is deploying deepfake technology, make sure your audience is aware. Disclosing such information helps build trust; concealing it does the opposite.
2. Create a response plan. According to Forrester, the average organization takes seven days or longer to respond to an external incident. If your organization is hit with a successful deepfake attack, waiting a week to respond could cause irreparable damage to your brand’s reputation.
While figuring out how to respond to a deepfake attack isn’t necessarily a marketer’s job, marketing leaders should proactively reach out to their CISO and legal teams to develop a crisis response plan that can guide your actions after a deepfake incident—when every minute matters.
3. Build a culture of vigilance. With deepfake attacks on the rise, brands should work to create cultures of heightened awareness that encourage employees to question authority. A main reason why deepfake attacks work is because criminals impersonate bosses; when a boss asks an employee to do something, the employee tends to oblige.
By letting employees know that they should second-guess certain asks that seem out of place—particularly when money’s involved—your organization can further protect itself from would-be cybercriminals.
Network
