Less than a third of organizations are prepared for deepfake attacks

Nearly 40 percent of organizations admit they are underprepared for AI-driven threats such as automated attacks, deepfake-based videos, and voice scams, according to new research from LevelBlue.

The new findings show that while awareness of these dangers is growing, many companies remain vulnerable and lack confidence in their ability to defend against them.

The report, titled Data Accelerator: Social Engineering and the Human Element, shows that human behavior is still a constantly weak link in cybersecurity, something we’ve regularly reported on.

With AI increasing the believability and scalability of attacks, social engineering tactics are becoming both harder to spot and more damaging to businesses worldwide.

According to the research, 41 percent of organizations have seen a higher volume of cyberattacks over the past year. Despite this, just 29 percent of respondents said they feel prepared to defend against an AI-powered attack, while only 20 percent described their defenses as “highly effective”.

Deepfake weaknesses

Specific weaknesses were also revealed. While more than half of organizations reported readiness for threats such as business email compromise or phishing, preparedness dropped sharply when it came to deepfakes and synthetic identity attacks, with only 32 percent confident in their defenses.

Employee awareness remains a critical challenge, as 59 percent of organizations said staff struggle to distinguish between authentic and manipulated content.

Action gap

Investment patterns also show a gap between awareness and action. Only 20 percent of organizations were confident in their employee education strategies, and less than one-third engaged external training experts over the past year.

Resources are instead more often directed toward broader cyber resilience processes or generative AI tools designed to strengthen defenses.

“Establishing a culture of cyber resilience is imperative for organizations to effectively prepare for the emergence of more sophisticated social engineering attacks,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “These attacks exploit human behavior, so without the proper investment into education and training, including cyber resilience processes and engaging cybersecurity consultants, organizations and their employees remain vulnerable.”

Despite growing interest in AI as a defensive tool, only 24 percent of organizations said they were highly effective at applying it to cybersecurity. Investment in additional protective frameworks was also limited, with just 13 percent allocating resources to Zero Trust Architecture, a strategy designed to limit the impact of compromised credentials.

Are you surprised to see organizations struggling to prepare for AI-driven threats? Let us know in the comments.

Image credit: Wrightstudio/Dreamstime.com