The insurance industry is just beginning to look at offering policies specifically focused on business interruption or reputational damage caused by the use of deep fake technology.
Frauds using deep fakes got more attention in early 2024 when U.K. engineering company Arup suffered a
Deep fakes have yet to make a substantial impact on cyber insurance because other vulnerabilities are much easier for cybercriminals to exploit, according to Matthew McCabe, U.S. and Canada cyber product leader at Marsh, an insurance brokerage and risk management firm.
"If a threat actor comes out with a deep fake, most likely they're hunting a big target," he said. "That's going through a lot more trouble for a simple garden variety breach."
Losses attributable to deep fakes has not been significant enough to cause insurers to exclude them from cyber breach insurance, but they remain a significant threat, McCabe added.
Monetary losses due to a deep fake scam may be covered under other forms of commercial insurance, according to Courtney Horrigan, partner in the insurance recovery group at Reed Smith, an international law firm.
"There are crime coverages that will cover companies if their employees fall victim to a deep fake demand, the same way as if they fall victim to a crypto demand," she said. "Right now, reputational damage usually has to be tied to an intrusion into the company's computer system in order to be covered."
Commercial insurers have begun offering coverage for AI-related issues, if not for deep fakes outright, in the form of optional endorsements, according to Horrigan. Existing reputational damage coverage may see expansion to include deep fake scams. "It's certainly very similar to the ransomware exposures that have been covered by the market over the past several years," she said.
Coverage against deep fake scams will have a cost, however, Horrigan added. Commercial insurers may demand new security training that covers deep fakes in the same way catching phishing emails requires security training. "There may be more training as to what to look at in a video or audio recording," Horrigan said. "Independent verification products might be out there to help locate deep fakes, and it's certainly something that policyholders are thinking about as they go into their renewals at this point."
