The Explosive Rise of Deepfake Cybercrime
In the age of generative AI, the line between real and fake has never been blurrier. Deepfakes—synthetic media manipulated by AI to mimic real people—have evolved from novelty to a potent weapon in the hands of cybercriminals. Whether it’s cloned voices or fabricated video calls, these tools are now central to a new wave of fraud.
Early in 2025, a European energy conglomerate lost $25 million early in 2025 when a deepfake audio clone of the CFO was deployed by a cybercriminal to issue live instructions for an urgent wire transfer. The voice sounded exactly right, and the funds were gone within hours.
In fact, deepfake files surged from 500,000 in 2023 to over 8 million by 2025—a staggering 1,500%+ increase. And Deepfake-related fraud now accounts for 6.5% of global fraud attempts, with a 2,137% rise in incidents over three years. (Keepnet Statistics and Trends – 2025.)
Why Deepfakes Undermine Traditional Cyber Defenses
Unlike malware or brute-force attacks, deepfakes exploit human psychology—not system vulnerabilities.
Many are trusting of an email that looks like it is coming from a well-established organization. The challenge is stopping scam emails in the first place, and detecting when something is real, or a scam. Yet less than 0.1% of people can reliably detect real-time deepfakes; even automated tools succeed less than 25% of the time. (iProov.com)
Real-World Impact: Deepfake Scams in Action
The consequences are no longer theoretical.
Deepfake scams now occur every 5 minutes globally, with average losses exceeding $500,000 per incident. In Hong Kong, a $25 million fraud was executed using AI-generated impersonation of a company executive. Keepnet Statistics and Trends – 2025.)
The Expanding Threat Landscape
Deepfake technology is just the tip of the spear. Threat actors now deploy entire ecosystems of AI-driven tools, including:
- Romance, investment, and impersonation schemes
- Custom phishing kits and fake websites
- Malware development and counter-forensics
- CVE reconnaissance and exploit obfuscation
- Text-to-speech and synthetic voice scams
- AI-powered inbound voice response systems
These platforms enable scalable, convincing fraud campaigns that are harder to detect and easier to execute.
Fraud Types and How to Handle: Insurance Coverage, Etc.
Specific types of deepfake frauds and tips for handling them include:
Social Engineering Fraud:
Most policies are agnostic to whether the scammer is human or AI. What matters is whether the transaction was legitimate and manipulated.
Tip: Maintain a verification “call tree” for clients and vendors. Always confirm wire instruction changes through multiple trusted channels.
Funds Transfer & Computer Fraud:
Cyber insurance coverage typically applies if:
The system was compromised without authorization, and the stolen assets belonged to the Named Insured.
Tip: Never share system access credentials outside approved protocols. Ensure MFA and endpoint detection are active and documented.
Phishing & Credential Theft:
Third-party coverage often requires a formal complaint or demand letter, as well as documentation of how stolen data caused harm
Tip: Know your policy’s trigger requirements and reporting deadlines for third-party claims.
Reputational Harm:
Some policies cover lost revenue tied to adverse media events—but proof is essential.
Tip: Submit a notarized proof of loss with financial documentation linking the media event to income decline.
General Coverage Advice:
- Review your declarations page and endorsements regularly.
- Ask your broker about coverage for AI-driven threats.
- Disputes? Submit to your State Insurance Commissioner.
Cyber Insurance: A Crucial Safety Net:
Modern policies are evolving to meet the AI threat. Be, Know, Do:
- Be aware of the differences between social engineering fraud, funds transfer fraud, computer fraud, phishing, and other named perils in your Policy. Legacy policies may exclude voluntary funds transfers.
- Know the coverage limits and sub-limits including the key terms and definitions which may vary from Policy to Policy. New AI-focused policies might cover deepfake fraud, crisis response, and regulatory costs.
- Do have an incident response playbook and partner with your Insurance Carrier and Integreon to solidify your overall cyber readiness. Insurers now require incident response plans and staff training as prerequisites.
Post-Incident Support: Be Ready Before It Happens
Don’t wait for a breach to build your response team. Know who to call, and where possible, secure them as a partner ahead of time for:
- Third party IT support to help identify the scope of, contain, eradicate and recover from an incident. Confirm with your broker and underwriting team that your incident response vendors are approved panel providers or added to your Policy by endorsement.
- Cyber insurance coverage: Know who to call and what documentation to provide when submitting a claim. Request information from your broker about the claims process so that your insurance coverage is fully integrated with your incident response plan.
- Data mining to identify affected entities: When a breach occurs it is crucial to thoroughly investigate the incident. Partner with Integreon to ensure that your data privacy investigation is customized to your business and legally defensible.
- Notification services to meet legal and regulatory obligations: Appropriate notification services including all required credit monitoring, call center support, and mailing as a capstone for comprehensive incident response.
Deepfakes are not just a technological novelty—they’re a transformative force in cybercrime. For cybersecurity professionals, legal teams, and insurance handlers, the challenge is clear: adapt or be outmaneuvered. The tools exist, the coverage is evolving, and the stakes have never been higher.
If you’re unsure about your policy’s readiness for AI-driven threats, now is the time to ask the hard questions. Also, prepare for a cyber incident now, so you are ready to act in the most expeditious and cost-effective way possible. Read our blog, “Best Practices for Controlling Cyber Incident Response Costs”, or download Integreon’s full guide on reducing cyber incident response costs for the legal industry.