Deepfake Drama and the Need for Cyber Insurance
Series 3 of popular TV drama, The Capture, has recently ended and again highlighted the threats posed by deepfake technology in a gripping and tense way. But how are such threats creating dramas for everyday SMEs on a daily basis, thanks to the sophistication of cybercrime? Why does this make cyber risk management and cyber insuranceessential?
AI – a big reason to have cyber insurance in place
Deepfake technology is an unwelcome bi-product of our new AI world, which is already making cybercrime more effective. AI is one of the most powerful tools in the cybercriminal’s arsenal, enabling more large-scale, swifter and successful attacks. Automated tools can now handle processes that previously required advanced technical knowledge. Scams are more convincing and cybercrime is now an industry in its own right. Cyber insurance has never been more necessary.
AI systems are capable of generating phishing campaigns in an instant. They can similarly devise effective malware that can change code every few seconds, to try to infiltrate computers and bypass standard anti-virus software.
AI and message tailoring
Generative AI tools are also adept at analysing publicly accessible data, such as social media profiles, company websites or online databases. Having absorbed all this data, they can create highly personalised phishing messages, to target individuals or organisations. Messages now have a greater sense of authenticity than in the past; regular communication styles are mimicked with ease. Large language models can ‘pen’ the grammatically perfect emails that scammers traditionally and typically failed to produce.
Automating all of these processes means attackers can launch thousands of tailored attacks simultaneously, dramatically increasing their chances of success. Almost 83% of phishing emails are now AI-generated[1], adding a new level of sophistication to attacks.
The rise of deepfake attacks
Deepfake technology takes things to another level. Cybercriminals now have the tools to generate highly realistic audio or video impersonations of CEOs, managing directors, colleagues and even family members. Videos and audio tracks are used to trick victims into transferring money or revealing highly sensitive data. Social engineering has been strengthened by AI, with people being manipulated far more easily.
AI-powered deepfake phishing increased by 138%, year on year, in 2025[2], adding a new complexity to the cyber threat and more challenges within detection and mitigation. Deepfake technology is all about exploiting an individual’s trust and belief in what they are seeing and hearing, which is what makes it such an effective method of attack.
Convincing phone calls from your company boss, urging you to make an urgent financial transfer, or provide confidential information, could be just minutes away. Employees need to be on their guard, particularly when AI is analysing so much data in the background, to build detailed profiles of individuals, their relationships and their style of communication.
Impersonation fraud, be that through fake customer service agents or fake representations of company representatives, grew by 92% globally, in 2025.[3]
The rapid development of AI tools is reshaping the cyber threat landscape. This is making cybercrime both an individual and corporate challenge, putting many of us under a constant threat based around digital deception. Companies need to have stand-alone and comprehensive cyber insurance in their locker.
Cyber insurance claims rose by 48% in 2025, along with premiums[4], for very good reason. AI is heightening the risk and making attacks highly likely.
Where do cybercriminals focus?
The average time to detect and contain a breach is now somewhere around 181 days (2025)[5], dependent on which source you reference. This is plenty of time for a cybercriminal to harvest the data they require.
Manufacturing is the number one sector under attack (25% of attacks), followed by financial services and insurance (20%).[6] However, no company should believe it is immune. Dark web sales listings for stolen data rose by 26% in 2025, as cybercrime marketplaces mushroomed. Stolen credentials are being sold for an average of $15 per user account, making any piece of data lucrative.[7]
Windows-based systems are the most exploited operating system, featuring in 58% of attacks. However, the Mac OS system is also becoming more vulnerable, experiencing a 28% increase in attacks. Mobile devices are now, however, the primary entry point for 29% of cyber-attacks.[8]
Cyber risk mitigation
Analysing the risk to the business, no matter how large or small, is essential. Fighting new AI and deepfake attacks requires strong mitigation tactics, coupled with training programmes and policies with regard to password access and password setting. Having multi-factor authentication processes in place is also key.
Whilst cybersecurity experts are scrambling to keep on top of the threat, they warn that organisations must adopt more resilient cybersecurity strategies. Defence mechanisms must be combined with stronger employee awareness training and the introduction of robust identity verification processes. Notably, phishing simulation training has been shown to reduce employee click-through rates to an average of just 6% in 2025.[9]
The need for cyber insurance
What is also vital, is the back-up that comes from cyber insurance. Sophisticated AI tactics are now being wrapped up in online ‘kits’, on sale on the Dark Web, which help the beginner launch an attack with ease and yet do so with great aplomb and a high chance of success.
In this worrying climate, cyber insurance needs to be the safety net that will identify the causes of a breach, rectify and clean up systems and compensate businesses for downtime and other impacts. This includes the reputational damage that can accompany a breach.
Talk to one of our Gauntlet insurance brokers today, to learn of the insurance options available to you. Call the Leeds team on 0113 244 8686, or choose a broker from our broker map here.
Photo by Markus Spiske on Unsplash
[1] https://www.brside.com/blog/ai-generated-phishing-vs-human-attacks-2025-risk-analysis
[2] https://sqmagazine.co.uk/cybercrime-statistics/
[3] (as in 2)
[5] https://www.totalassure.com/blog/average-time-to-detect-cyber-attack-2025
[6] (as in 2)
[7] (as in 2)
[8] (as in 2)
[9] (as in 2)
Gauntlet Risk Management Ltd is authorised and regulated by the Financial Conduct Authority (FCA) under firm reference number 308081. You may check this on the Financial Services Register by visiting the FCA website, www.fca.gov.uk/register/ or my contacting the FCA on 0800 111 676. Registered Office: Gauntlet House, 15 Acorn Business Park, Killingbeck Drive, Leeds, LS14 6UF. Company Registration No 03726095.