Deepfake fraud has already cost individual companies tens of millions — but K2 Integrity’s Matt Flegg argues the more significant development is regulatory. The UK’s Economic Crime and Corporate Transparency Act exposes large firms to unlimited fines for failure to prevent deepfake-enabled fraud, while the updated corporate governance code requires board-level declarations of control effectiveness covering cyber and fraud channels.
Deepfakes are crossing new risk thresholds: from online curiosities to enterprise-scale fraud, market-moving disinformation and executive impersonation on live video calls. In recent public cases, attackers cloned the faces and voices of senior leaders to induce fund transfers, resulting in massive losses.
Other potential vectors include altering vendor details or seeding reputational crises. The tools are cheap, the attacks fast and the impact material. However, regulators are stepping in. The UK’s Economic Crime and Corporate Transparency Act (ECCTA) and updates to the corporate governance code (Provision 29) are driving fresh expectations around controls, disclosure and accountability.
The evolution of deepfakes
While image manipulation dates back centuries, the digital deepfake story really took off in 2014, with academic breakthroughs in generative…
