A “deepfake” is a sophisticated digital forgery of an image, sound, or video. The forgery may be so good that a human is unlikely to detect the manipulation. The goal is to mislead and deceive, making it appear as though a person has said or done something when that is not the case. Supported by advances in artificial intelligence, deepfakes have proliferated across the internet as the technology becomes less expensive and more accessible.
Risks for Businesses
Businesses have always taken great strides to protect the “CIA” triad of information security — confidentiality, integrity, and availability. Attacks on data integrity are a recent phenomenon.
Nation-states, competing businesses, disgruntled employees, criminals, and anonymous saboteurs may use deepfake technology to disrupt business operations or facilitate fraud.
Deepfakes can also have a severe impact on a company’s reputation. A deepfake posted on social media could easily go viral and spread worldwide within minutes. Though a company might ultimately prove it was the victim of a deepfake, the damage to its reputation will already have been done, potentially resulting in lost revenues.
Protecting Data Integrity
For those businesses that fall victim to a deepfake, cyber insurance policies may provide relief for some financial loss.
Cyber insurance policies often offer broad cyber event management coverage for the cost of crisis communications and computer forensic specialists responding to an incident, and to cover the cost to replace, restore, or recreate the data.
Cyber policies are also expanding to include coverage for attacks on a company’s reputation from adverse publicity after a cyber incident or privacy breach.
Whether a cyber policy responds to a deepfake ultimately depends upon the circumstances of the incident and the terms and conditions of the policy. Risk managers should carefully review their policies and work with their insurance advisors and legal counsel to assess potential exposures and coverages for this evolving threat.