Cyber resilience starts with understanding the threat landscape. In my role at Polpeo I hear leaders ask, “How can businesses protect against deepfake scams?” and “What are the biggest AI cybersecurity threats for businesses?” The answer combines culture, training and robust processes.
We’re living in a time when cyberattacks are more frequent than ever, artificial intelligence is cheap and easy to use, and deepfake scams are occurring on an industrial scale. Leaders across organisations of all sizes are worried about how their business would handle these newer forms of cyberthreats.
The rise of AI poses opportunities and risks
AI can be amazing for business, but it also has a dark side. The World Economic Forum says disinformation, including deepfakes, is the number-two concern of global CEOs for the next two years. Recent incidents, such as Meta’s AI leaking confidential data to an employee and a 2025 case where AI deleted an entire database, illustrate the urgency. As leaders, we must put safeguards in place and train teams to protect themselves and the wider business.
Employees can be a point of vulnerability
People are fallible. We’re vulnerable to social engineering attacks, deepfakes, phishing and the spread of misinformation. A notable example is the finance worker at Arup Engineering who transferred $25m to a deepfake scammer, believing the request came from the CFO. From Polpeo’s work with several organisations, I know cyberattacks now use increasingly sophisticated social engineering scams to gain system access.
There are things you can do
The scale of threats can feel overwhelming, but practical steps can minimise risk.
Social engineering attacks are harder to carry out when employees feel supported, can ask “silly” questions and challenge authority without fear. Promote a culture of openness and run education programmes such as the NPSA “It’s OK to Say” initiative.
Less sophisticated deepfake attacks may still show giveaways: odd speech patterns, body language inconsistencies or rendering artefacts. Pressure to act quickly is a common tactic. Train staff to pause, verify and challenge anything that feels off, especially those who are new to the company or working within a strict hierarchy.
Require multiple sign-offs for financial transactions and confidential data releases. Clear procedures create extra barriers and ensure no one feels uncomfortable challenging a request.
Technology will continue to evolve, and cybercriminals will always find new ways to exploit it. By strengthening culture, sharpening employee awareness and tightening processes, leaders can build the cyber resilience needed to protect their organisations and people.
