Senior execs increasingly exposed to deep fakes and digital cloning

Senior executives are more visible, identifiable and exposed than ever before and criminals are exploiting this, with half of UK businesses targeted by fraudsters impersonating senior leaders in the past year, according to new research from global insurance broker Gallagher.

From LinkedIn profiles and company websites to social media posts and public speaking engagements, senior leaders’ roles, movements and personal details are now widely accessible online, giving fraudsters the information they need to convincingly impersonate executives, manipulate employees and target organisations directly.

According to Gallagher this growing visibility is fuelling a surge in executive impersonation, extortion and digital deception, with average incident costs where there is an impact exceeding £758,000. In the most serious cases, the damage is far greater, with organisations reporting losses of £1.1 million to £5 million from a single incident.

“Executive risk is no longer confined to physical threats. Today’s attacks are just as likely to happen through inboxes, phone calls or video, using AI and publicly available information to manipulate employees and bypass controls,” said Jonathan Rae, executive director, crisis management at Gallagher.

“As the line between digital and physical threats continues to blur, organisations must recognise that executive exposure has increased significantly, and ensure their protection keeps pace,” he added.

Just over half of organisations experienced at least one executive impersonation or deception attempt in the past year, while 56% of business leaders say the frequency of these incidents has increased, indicating the threat has become a mainstream business risk.

Criminals are increasingly exploiting the public profile and authority of senior leaders. Fraudsters pose as CEOs, CFOs or senior colleagues using fake email addresses, cloned voices, or AI-generated video, pressuring employees into authorising payments, sharing sensitive information or bypassing internal controls.

These attacks succeed because they exploit trust and authority, according to Gallagher. Employees are far more likely to act quickly when a request appears to come from a senior executive, especially when combined with urgency, time pressure, or the impression that the executive is travelling or unavailable.

Deepfake attacks

AI-enabled deception is the number one concern for directors, cited by 51% of senior leaders, overtaking more traditional digital and physical security risks. Businesses seem unprepared for this risky digital landscape with 45% of firms saying they are highly exposed to phishing and social engineering, where fraudsters send fake emails or messages designed to trick people into sharing information or making payments.

Meanwhile, 40% report high exposure to deepfake scams, where technology is used to mimic someone’s voice, image or writing style to make the deception seem genuine. Similarly, 38% of firms reported virtual extortion or impersonation as a major risk, where fraudsters pretend to be a senior leader or a trusted contact to pressure someone into urgently sending money or sensitive information.

Beyond the financial fallout

These incidents don’t just create monetary damage, they affect how the business fundamentally operates and its people, shaking confidence across an organisation. Nearly half of organisations report increased staff anxiety following an extortion attempt and 46% say the incident caused operational disruption.

There are also legal or regulatory impacts, with 39% of organisations reporting they had taken legal advice or had to report the incident to their industry regulator because it could trigger legal reporting obligations, expose the organisation to regulatory scrutiny, or involve potential breaches of data protection, financial conduct or governance requirements.

Marlon Pinto, investigations director at Gallagher, said his company is increasingly approached by clients that have deliberately been sought out by fraudsters who have used a range of tactics to find out information on the individual and their circumstances, which they then use for criminal purposes:

“This can be targeting the individual themselves through blackmail once they have information on them that they would not want known publicly, or through spoofing a close business associate in an attempt to get them to transfer funds. Fortunately, in a number of circumstances we have been able to track down the perpetrators and get monies paid back, but it is by no means an easy process,” he added.