30 October 2025 • Cyber security
Deepfakes are increasingly becoming a huge cyber risk for organizations. We’ve all seen videos like the one below, where famous people are shown saying the most outlandish stuff. You could often easily see that it was a fake, which made it somewhat funny. But as weeks and months pass by, the AI models that create these videos get better at deceiving us.
In this article, we’ll explain what deepfakes are, why they pose such a serious risk to businesses, and how you can prepare your employees through deepfake awareness training.
Let’s start at the beginning.
What are deepfakes and why are they dangerous?
Deepfakes are synthetic media (video or audio) generated or manipulated using artificial intelligence to make people appear to say or do things they never actually said or did. Faces can be swapped and voices can be cloned to sound eerily convincable. A deepfake can convince others that a person has said or done things they never did. Like eating spaghetti at the beach.
Over the years, we’ve all learned to not always trust what we read. However, people haven’t yet learned to distrust everything they see and hear. This is currently being exploited by cyber criminals. Whether it’s a fake video of a CEO making a controversial statement, or a cloned voice urgently requesting sensitive information, deepfakes can cause real-world damage
Key risks of deepfakes for organizations
Deepfakes create multi-layered threats for businesses. The main risks include:
CEO fraud and financial loss
One major threat is deepfake-powered CEO fraud. Criminals use a cloned voice or video of a senior executive to trick employees into transferring money. These attacks are already happening. For example:
- In 2019, a UK energy firm lost $243,000 after a deepfake voice call from a “CEO”.
- In 2020, fraudsters used deepfake voice technology to steal $35 million.
- In 2024, a UK engineering firm lost over £20 million after a fake video call impersonated a high-level executive.
Employees naturally tend to obey urgent requests from leadership, especially under pressure. Deepfakes exploit this instinct, bypassing usual verification procedures.
Reputational damage and disinformation
Deepfakes can also be weaponized to destroy reputations. Imagine a fake video of your CEO making racist remarks—or fake evidence that your product is unsafe—going viral online. Even if later disproven, the damage to trust and public perception can be irreversible.
Europol warns that deepfakes could be used to spread false information about companies, creating shareholder panic, customer boycotts, or even regulatory investigations.
Targeted phishing and social engineering
Deepfakes take social engineering to a whole new level. Instead of a suspicious email, imagine receiving a convincing video call from your “IT department” asking you to log into a phishing page. Or a voice message from your “CFO” requesting urgent confidential information.
- Vishing (voice phishing) and video phishing are rising threats.
- Attackers need only a short audio clip (e.g., from social media) to clone a person’s voice convincingly.
Deepfakes create emotional authenticity, making it harder for employees to detect fraud based on instinct alone.
In private life, many people have already been targeted by deepfakes from their children or parents. If your son’s unmistakable voice tells you he is in danger and needs money now, are you calm and aware enough to double-check his identity?
Why traditional security awareness is no longer enough
Most companies offer annual security awareness training, covering phishing, password hygiene, and basic cyber hygiene. But that’s no longer sufficient against deepfakes:
- Deepfakes are a new, rapidly evolving threat. Employees must learn to question even trusted sources like videos and phone calls.
- Most traditional training programs don’t even mention deepfakes.
- Research shows that even after being warned about deepfakes, people are poor at detecting them.
- Traditional security training is static, while deepfake techniques evolve monthly.
- Deepfake incidents require new procedural responses, like verifying suspicious calls via alternate channels and having clear reporting mechanisms.
Without specific deepfake awareness training, employees may fall for attacks because they underestimate how convincing synthetic media can be.
Practical tips: preparing employees for deepfake incidents
Here’s how organizations can start preparing today:
- Awareness campaigns with real examples: Show employees real-world examples of deepfakes. Comparing real vs. fake videos helps build healthy skepticism. They key here is repetition. A yearly training is forgotten after mere weeks.
- Teach detection skills: Train staff to spot subtle inconsistencies (e.g., mismatched lip movements, odd lighting, monotone voices).
- Define clear reporting procedures: Employees should know how to verify unusual requests and report suspicions without fear of blame.
- Use technical tools: Explore software that can detect synthetic media or implement two-factor verification for sensitive requests.
How to offer effective deepfake security awareness training
Guardey helps organizations build ongoing cyber resilience with user-friendly, gamified security awareness training that includes deepfake awareness:
- Gamification: Employees earn points, badges, and compete in friendly leaderboards, making learning fun and memorable.
- Continuous learning: Instead of one annual session, Guardey offers weekly or monthly microlearning, helping employees stay updated as deepfake threats evolve.
- Relevant content: Guardey tailors scenarios to each customer’s sector, making the lessons highly relatable.
Guardey’s continuous, gamified model encourages employees to think critically about what they see and hear, building lasting habits of skepticism.
→ Learn more about Guardey during a demo
Conclusion: act now to stay ahead
Deepfakes are not science fiction anymore. Left and right, cyber criminals are trying to deceive employees into doing things that can harm your organization’s finances or reputation. Investing in recurring training is the only option to prepare your employees.