Boom in deepfakes

Every second company is a victim of cybercrime

Cybercrime is becoming more frequent. A survey of 1158 Austrian companies by the consulting firm KPMG shows that more than one in two companies (54%) were victims of so-called disinformation campaigns last year, 42% even several times. There has also been a shift in the types of attack, with the frequency of deepfakes increasing by 119%. Every sixth cyber attack was successful.

Disinformation campaigns are increasingly being used by attackers as a distraction: companies are deliberately put into an exceptional situation - perfectly orchestrated by the attackers - which requires the full attention of employees and crisis management, while the cyber attack can take place completely unnoticed in the background, explained KPMG partner Robert Lamprecht on Wednesday.

Boom in deepfake forgeries
Deepfakes are also becoming increasingly common. These are realistic-looking video, audio or image content that has been created or edited using artificial intelligence. However, phishing attacks, malware and CEO/CFO fraud, in which attackers manipulate companies into transferring money using a false identity, are still the most common. Ransomware attacks, in which data is encrypted and then a ransom is demanded for its release, became rarer last year, but the survey results show that one in three companies (33%) has paid such ransom demands at least once. This was significantly more than in the previous year.

The KPMG survey "Cybersecurity in Austria" was conducted for the ninth time this year in February and March among representatives of small, medium-sized and large companies from various sectors.

According to the survey, cyber attacks are also becoming more accurate: while one in ten attacks was successful in last year's survey, one in six was successful in the current survey. On the one hand, companies are better equipped in terms of cyber security, but at the same time, the perpetrators are also arming themselves and taking a close look at the measures taken. Attackers are becoming more professional and their technical means more effective. Established protection mechanisms and awareness-raising measures are no longer as effective under these new circumstances, said KPMG partner Andreas Tomek. Investments in cyber security are essential for survival.