Asia-Pacific executives continue to ignore deepfakes and executives still have a reactive mindset towards cybersecurity, says Information Technology (IT) consultancy Accenture.
A deepfake refers to convincing fake images, videos and audio recordings created by using artificial intelligence (AI).
Executives in Asia-Pacific ranked deepfakes the least of their cybersecurity concerns, according to Vinod Shankar, security lead for Southeast Asia at Accenture.
He said underestimating this risk can be problematic as threat actors accelerate their use of AI and generative AI to quickly create and launch deepfake attacks.
Mr Shankar was citing Accenture's Pulse Survey, a quarterly survey of 2,800 executives from 18 countries and 22 industries, of which 700 were from large enterprises across Asia-Pacific including Australia, China, India, Japan and Singapore. The survey was conducted between July and September 2024.
The high financial and reputational risk to individual organisations was made apparent by the highly visible case of a Hong Kong company that was scammed due to a deepfake of the company's chief technology officer. This case resulted in a loss of US$25 million.
Threat actors are spending more on higher quality deepfakes, with prices reaching up to $20,000 per minute for high-quality videos.
According to Accenture's Cyber Intelligence (ACI) researchers, there has been a 223% increase from the first quarter of 2023 to the first quarter of 2024 in the purchasing and sale of deepfake-related tools in major dark web forums.
As technologies advance, the threats will become more complex, as it becomes harder to distinguish between authentic and falsified identities, according to the ACI researchers.
It is important that regional executives safeguard against deepfakes by integrating advanced security features, enforcing strict controls, and providing comprehensive employee training, said Mr Shankar.
Implementing strict verification protocols for communications involving financial transactions and sensitive information is also necessary, and conducting regular tabletop exercises and penetration testing can help identify vulnerabilities and assess readiness for attacks.
According to Accenture's latest Pulse of Change Asia Pacific Quarterly Outlook, when it comes to cybersecurity, regional executives are most concerned about third-party risks such as cyberthreats targeting their supply chains.
They are also concerned that cybercriminals are getting closer to using quantum computing to crack the most common encryption methods used to secure digital data, and they worry about the impact of deepfakes.
Moreover, the survey also found Asia-Pacific executives feel less prepared than their global peers. Some 48% said they felt completely prepared to defend themselves, compared with 57% in Europe and 54% in North America.
Deterrence measures are being put in place worldwide including legislation to address these kinds of cyber-risk such as Singapore's recent ban on the publication, boosting, sharing and reposting of deepfake content during the country's elections.
Mr Shankar told the Bangkok Post that Thailand's digital economy is booming, accounting for around 6% of national gross domestic product (GDP), or roughly $36 billion in 2023. This figure is projected to nearly double to 11% by 2027, propelled by rapid digital adoption across public and private sectors, especially in the wake of the coronavirus pandemic. This growth intensifies the need for robust security, with increased digital exposure heightening cyber-risks.
While chief executives in Thailand and across Southeast Asia are aware of these risks, some still lack confidence in their organisation's ability to prevent or respond to cyberthreats effectively, he said.
"We see this frequently in our work across the region: a significant cyber event often serves as the catalyst for chief executives to allocate more resources and broaden cybersecurity responsibilities beyond just a chief information security officer and IT teams," said Mr Shankar.
However, a reactive mindset still prevails, with nearly half of leaders viewing cybersecurity as an episodic issue rather than an essential, ongoing business enabler.
Only 15% of boards dedicate adequate time to cybersecurity discussions, highlighting a clear need for proactive, strategic investment in cybersecurity across Thailand and Southeast Asia, he said.