Deepfakes Pose $40 Billion Threat to US Businesses by 2027

The single most alarming fact about deepfakes is that they're projected to cause $40 billion in fraud losses in the US by 2027, up from $12.3 billion in 2023. This staggering growth indicates that deepfakes are no longer a niche security issue, but a material business and financial risk that demands immediate attention.

Steve Piper, the founder and CEO of CyberEdge Group, notes that deepfakes are accelerating the breakdown of trust in phone and video calls, two of the most relied-upon channels in corporate workflows. Attackers combine speed and scale to exploit these communication channels faster than organizations can verify trust. Piper, who's also the Editor-in-Chief of Security Buzz, emphasizes that with deepfakes, deception is inexpensive, scalable, and continuous. He didn't mince words when discussing the severity of the issue.

According to the ACAMS '2026 Global AFC Threats' report, more than half of organizations cite outdated data and legacy IT systems as a high or very high risk to anti-financial crime programs. This is particularly concerning in the financial services sector, where deepfake attacks can have devastating consequences. Deloitte Insights projects that US fraud losses facilitated by generative AI will grow at a compound annual growth rate (CAGR) of 32% from 2023 to 2027. This growth rate won't slow down anytime soon, and it's crucial for organizations to take notice.

Organizations are exploring various fraud detection technologies, including behavioral pattern analysis, device and contextual intelligence, and multilayered verification strategies. However, many are hampered by their own internal infrastructure, as traditional identity verification and security controls were designed for static signals, not adaptive deception. The limitations of detection technology are only part of the problem. Human defenses fare no better under real-world conditions. An iProov study found that just 0.1% of participants were able to reliably identify deepfake content, even in controlled conditions where they knew what to look for.

This statistic is alarming, and it highlights the need for organizations to rethink their approach to security.

The challenge of deepfakes isn't just detection; it's organizational readiness. In the CyberEdge 2026 'Cyberthreat Defense Report,' 37% of cybersecurity professionals expressed concern about deepfake impersonation. Yet, even as awareness grows, many organizations remain ill-prepared to defend against it. To combat this, organizations must shift their focus from spotting the fake to slowing and containing the abuse of trust. They can't rely solely on detection technologies, as they're not foolproof.

One way to achieve this is by redesigning everyday workflows that attackers rely on, so that even a successful impersonation can't achieve its goal. This can be done by introducing friction where trust is implicit, such as neutralizing urgency with deliberate delay or separating authority from approval through escalation rules. It's also crucial to define which channels are trusted for which requests and to require multi-person approval based on the type and impact of the request. By doing so, organizations can reduce the risk of deepfake attacks and protect their business from the growing threat of generative AI-powered fraud.

As the threat of deepfakes continues to evolve, it's essential for organizations to invest in detection technologies with realistic expectations of roughly 55% average accuracy. They must plan security around imperfect detection rather than perfect protection. By doing so, they can reduce the risk of deepfake attacks and protect their business from the growing threat of generative AI-powered fraud. This approach won't eliminate the risk entirely, but it'll help mitigate it.

The impact of deepfakes on businesses will be significant, and it's crucial for organizations to take proactive steps to protect themselves. By understanding the risks and limitations of detection technologies, organizations can develop effective strategies to combat deepfakes and reduce the risk of generative AI-powered fraud. They shouldn't wait until it's too late, as the consequences can be severe.

As Steve Piper notes, deepfake risk is a failure of trust architecture: who is trusted, through which channels, and under what conditions. By shifting focus from spotting the fake to slowing and containing the abuse of trust, organizations can build resilient systems that remain safe even when detection is imperfect and trust is convincingly misused. This approach requires a thorough understanding of the organization's security infrastructure and its limitations.

In the US, the threat of deepfakes is particularly concerning, given the country's reliance on digital communication channels. As the use of deepfakes continues to grow, it's essential for businesses to stay vigilant and adapt their security strategies to combat this emerging threat. They can't afford to be complacent, as the risk is real and it's growing by the day.

The Nigerian connection to this story is limited, but the threat of deepfakes is a global issue, and organizations in Nigeria aren't immune to this risk. As the use of digital communication channels continues to grow in Nigeria, it's essential for businesses to be aware of the risks associated with deepfakes and take proactive steps to protect themselves. They shouldn't underestimate the severity of the issue, as it can have far-reaching consequences.

The threat of deepfakes is a significant concern for businesses, and it's essential to take proactive steps to protect against this emerging threat. By understanding the risks and limitations of detection technologies, organizations can develop effective strategies to combat deepfakes and reduce the risk of generative AI-powered fraud. They'll need to invest in detection technologies, plan security around imperfect detection, and shift their focus from spotting the fake to slowing and containing the abuse of trust. It's a complex issue, but with the right approach, organizations can mitigate the risk and protect their business.