Deepfakes are the second most common cybersecurity incident for U.S. companies

PRESS RELEASE

New York, NY – May 20, 2024 – According to a study by , deepfakes are now the second most common cybersecurity incident faced by organizations in the past year, just behind malware infections ISMS.onlinethe auditor-approved compliance platform. Amazingly, more than a third of all companies in the US experienced a deepfake security incident in the last 12 months.

ISMS.online’s “State of information securityThe report surveyed 518 people in the U.S. who work in information security across 10 sectors, including technology, manufacturing, education, energy, utilities and healthcare.

Key findings include:

· 35% of U.S. companies have experienced a deepfake security incident in the last 12 months, making it the second most common cybersecurity incident in the country.

· 37% of U.S. companies say managing third-party risk is currently the top data security challenge, with 43% saying partner data has been the most compromised in the last 12 months.

· More than a third (39%) said financial allocations to securing supply chain and third-party connections will increase by up to 25% in the coming year.

· Nearly three-quarters (73%) of US respondents believe AI and ML are improving cybersecurity, although only 26% have taken initiatives to use these new technologies in the last 12 months. Additionally, 25% say managing and securing new technologies like AI and ML is challenging.

The most likely scenario for threat actors to use deepfakes today is Business Email Compromise (BEC)-style attempts. Attackers use AI-powered voice and video cloning technology to trick recipients into transferring company funds. However, there are potential use cases for information/credential theft, reputational damage, or even bypassing facial and voice recognition authentication. And with partner data (43%) cited by U.S. respondents as the most at-risk data in the past 12 months, more companies need to be vigilant about the risks posed by their third-party vendors and suppliers, especially this one background new, sophisticated attacks.

Luke Dash, CEO of ISMS.online, commented: “It is deeply concerning to see how many organizations are at risk from both deep fake and third-party risks.” To address these increasing and more complex threats, organizations must continue to be robust and “Build effective cybersecurity foundations, especially as advanced technologies such as AI and ML become available to support data security initiatives.”

American respondents are using AI and ML technologies to combat threats, even though they are still in their early stages. Only a quarter (26%) have taken initiatives in the last 12 months, although a much larger majority (73%) agree that AI and ML will help improve data security programs. Despite the positive attitude towards AI and ML, 25% of respondents cite managing and securing new technologies such as AI, ML and blockchain as the biggest challenge and only around a third (36%) intend to increase spending on cybersecurity in the EU by up to 25% % to increase next 12 months.

Dash continued: “It is still unclear how new, advanced technologies like AI and ML will change the data security landscape. However, we are sure that governments around the world will push for more regulation, not less. Standards like ISO 42001, which addresses AI, will help organizations provide assurance to partners, customers and regulators. These standards are truly essential to building a better business, longevity and financial success.”

About ISMS.online

ISMS.online is revolutionizing the way companies around the world approach privacy and information security compliance. The cutting-edge SaaS platform provides a comprehensive roadmap for robust and scalable governance, risk and compliance for organizations of all sizes and maturity. With a global presence and over 25,000 users, including enterprise customers such as Moneycorp, Siemens and Ricoh, ISMS.online simplifies complex processes across over 100 standards and regulations, enabling companies worldwide to easily secure and scale compliance.

Research methodology

ISMS.online commissioned the leading independent market research company Censuswide to carry out the research. Using a sample of 1,526 respondents working in information security in the UK (502), US (518) and Australia (506), the study uncovers the top information security and compliance challenges faced by organizations in these regions are. The field research took place between March 22, 2024 and April 2, 2024.