Ironscales

Over 61% of organizations that have lost money in a deepfake attack reported losses in excess of $100,000.

Over 40% of organizations faced three or more deepfake attacks.

Recorded audio/voice manipulations currently account for 52% of deepfake threat vectors.

The percentage of respondents who were 'very concerned' about the threat deepfakes pose to their organizations increased by over 15% from last year.

11.6% of organizations have provided no deepfake-related cybersecurity training.

Static image manipulation attacks represent 59% of deepfake threat vectors.

Nearly 19% of organizations that have lost money in a deepfake attack reported having lost half-a-million dollars or more.

94% of IT professionals expressed at least some level of concern about deepfake-related threats to their organizations.

Only 8.4% of organizations saw first-try deepfake simulation pass rates of 80% or above in deepfake-related cybersecurity training.

73% of respondents were 'very confident' in their organizations' defenses against deepfake attacks in 2025.

Live voice-only call deepfake attacks currently account for 41% of deepfake threat vectors.

88% of organizations have provided deepfake-related cybersecurity training.

Over 63% of respondents reported being “very concerned” about the threat deepfakes pose to their organizations.

Deepfake-related incidents targeting organizations increased 10% year-over-year.

The percentage of organizations that said deepfake defense will be a top priority was 43% in 2024.

71% of organizations say deepfake defense will be a top priority for their cybersecurity strategies over the next 12-18 months.

Recorded video deepfake manipulations currently account for 45% of deepfake threat vectors.

Live video manipulation deepfake attacks currently account for 41% of deepfake threat vectors.

The percentage of respondents who were 'very confident' in their organizations' defenses against deepfake attacks increased by over 30% in just one year.

The first-try deepfake-simulation pass rate average for organizations was 44% in deepfake-related cybersecurity training.

99% of respondents claim confidence in their organizations' defenses against deepfake attacks.

85% of organizations experienced one or more deepfake-related incidents in the past 12 months.

55% of organizations targeted by deepfake attacks suffered financial losses averaging more than $280,000.

Mean financial losses for organizations targeted by deepfake-related incidents stand at over $280,000.

99% of organizations say that deepfake defense will be important to their cybersecurity strategies over the next 12-18 months.

Over 5% of organizations targeted by deepfake-related incidents have lost $1 million dollars or more.

Only 37% of organizations said they are already investing in deepfake defense.

Email-based deepfake attacks represent 59% of deepfake threat vectors.

1% of organizations said they had no plans to invest in deepfake defense.

Each missed phishing email costs an average of $36.29 to investigate and remediate.

SEG miss rates range from 38.4 to 101 phishing emails per 100 mailboxes monthly.

Secure Email Gateways (SEGs) are missing an average of 67.5 phishing emails per 100 mailboxes every month. This analysis is based on actual phishing emails that bypassed SEG defences and were detected by the IRONSCALES email security platform.

Organisations with fewer than 100 mailboxes experience up to 7.5x more missed phishing attacks than large enterprises.

Each missed phishing email takes 27.5 minutes of analyst time

Over 65% of missed phishing emails across SEGs are vendor scams and credential theft.