Deepfake Statistics 2026: Verified Benchmarks, Trends & Risks

In 2026, 62% of organizations report a deepfake incident (Gartner, n=302), with 41% hit on audio calls and 35% on video (n=297, G00847786).

The latest deepfake statistics show attacks are no longer edge cases. Gartner's 2025 AI Risk Management Survey (n=302) found 62% of organizations experienced a deepfake incident in the prior 12 months (Gartner press release, September 2025). Gartner's 2026 CISO role-based survey (n=297, G00847786) reports 35% faced deepfake plus social engineering on a video call (G00847786, n=297).

62% of breaches involve the human element (Verizon DBIR 2026, p. 12). Only 10% of security leaders prioritize deepfake recognition in awareness programs (G00840741, n=65).

Keepnet's Extended Human Risk Management Platform (xHRM) pairs multi-channel simulations with Secure Behavior Management (SBM) outcomes: reporting speed and repeat-failure cohorts, not completion exports alone.

We see programs invest in email templates first and leave voice and video verification as an executive-only policy.

When we talk to security leaders about deepfakes, the gap is training priority: Gartner shows 62% affected (n=302) but only 10% prioritize deepfake recognition.

About the author: Ozan Ucar, Founder and CEO of Keepnet, writes on human-risk management, multi-channel phishing simulations, and deepfake defense for enterprise security teams.

That gap is the story: attackers moved to voice and video; most programs still train for inbox phishing. This page collects deepfake statistics and trends; use the checklist at the end to turn numbers into verification workflows. See what is deepfake phishing for attack mechanics.

What this means for security leaders

Board conversations should pair deepfake incident rates with approval-flow design. If wire transfers or credential resets still trust a video face alone, statistics are background noise. Require second-channel verification before any payment triggered by voice or video.

Deepfake attacks sit inside a wider phishing landscape. For APWG volume, DBIR breach rates, and US/UK splits, see phishing statistics 2026.

Deepfake attacks by channel (Gartner 2026 CISO survey)

Gartner's 2026 CISO role-based survey (n=297) found 41% of organizations experienced a deepfake combined with social engineering on an audio call, and 35% on a video call (Gartner G00847786). That is a different sample than Gartner's 2025 AI Risk Management Survey (n=302, 62% any deepfake incident). Report both with survey labels, not as one blended percentage.

Gartner deepfake and identity figures (2025-2026)

Why deepfake detection alone is not enough

G00847786 warns that deepfake detection is probabilistic, benchmarks are immature, and creation tools evolve faster than point products. Security leaders should pair media inspection with process controls: out-of-band verification, layered authentication, and experiential simulations that train employees to pause before wire transfers or credential resets triggered by voice or video.

For Keepnet's multi-channel simulation approach, see Gartner Go-To Vendor recognition and Agentic AI security awareness training.

AI across the attack kill chain (CrowdStrike 2026)

CrowdStrike Figure 8 compares AI-related incidents across kill-chain stages in 2024 vs 2025. These are incident counts, not deepfake prevalence alone, but they show where adversaries operationalized GenAI fastest.

CrowdStrike 2026 GTR: AI threats across the kill chain (2024 vs 2025)

Forum users mentioned ChatGPT 550% more than any other model throughout 2025 (CrowdStrike 2026 Global Threat Report, p. 15). Pair with Gartner deepfake incident rates when you justify video-call verification, not inbox training alone.

What kill-chain data means for security leaders

Deepfake statistics without kill-chain context underfund the right controls. Voice and video verification policies should reference execution and collection-stage AI growth, not only synthetic media headlines.

Executive summary: deepfake statistics 2026

Last updated June 2026. This page lists verified deepfake statistics for security leaders. Every figure below names a publisher, report, and sample size where applicable. Projections are labeled separately from observed data.

On this page

• Executive summary
• How we verify statistics
• Statistics by industry
• Prevalence (Gartner)
• Voice & contact-center (Pindrop)
• Financial impact & cases
• US & UK snapshot
• FAQ
• Sources

How we verify statistics

Every figure on this page names a publisher, report title, and sample size (n=) for surveys, or is labeled projection/forecast. We do not blend Gartner n=302 and n=297 into one percentage. Vendor telemetry (Pindrop, Sumsub) reflects analyzed calls or verification attempts, not a global census.

• 62% of organizations experienced a deepfake attack in the prior 12 months (Gartner AI Risk Management Survey, n=302, September 2025 press release).
• 41% audio-call and 35% video-call deepfake plus social engineering (Gartner 2026 CISO Role-Based Survey, n=297, G00847786).
• 10% of security leaders prioritize deepfake recognition in awareness programs (Gartner G00840741, n=65, March 2026).
• 62% of breaches involve the human element (Verizon DBIR 2026, p. 12).
• >1,300% rise in deepfake fraud attempt frequency in contact centers analyzed in 2024 (roughly one per month to seven per day; Pindrop 2025 Voice Intelligence + Security Report, 1.2B calls).
• 11% of first-party identity fraud schemes involved deepfakes (Sumsub Identity Fraud Report 2025-2026, 4M+ fraud attempts analyzed).
• $25M lost in the Arup Hong Kong video-call deepfake scam (January 2024; Financial Times and company confirmation).

Prevalence and incident rates (Gartner)

The Gartner channel table above reports 41% audio and 35% video for deepfake plus social engineering (n=297, G00847786). Separately, Gartner's September 2025 press release (n=302) found 62% experienced any deepfake attack involving social engineering or exploitation of automated processes in the prior 12 months, 32% faced an attack on AI applications via prompt manipulation, and 29% experienced an attack on enterprise GenAI application infrastructure.

Do not blend those percentages into one headline number. They measure different populations and question wording.

Deepfake statistics by industry

Pindrop's 2025 Voice Intelligence + Security Report (1.2B calls analyzed) breaks synthetic voice fraud by sector. Banking (+149%), retail (+107%), and insurance (+475%) figures below match Pindrop's June 2025 press release; retail's 1-in-127 call rate is from the same source. Use as sector signals, not global market share.

Deepfake / synthetic voice fraud by industry (Pindrop 2025 VIS Report)

Voice and contact-center fraud (Pindrop 2025)

Pindrop analyzed more than 1.2 billion customer calls for its 2025 Voice Intelligence + Security Report. Contact-center fraud is where deepfake voice attacks scale fastest because legacy knowledge-based authentication still dominates.

• 680% year-over-year rise in deepfake activity in 2024 (Pindrop 2025 VIS Report).
• >1,300% increase in deepfake fraud attempt frequency in 2024 (from about one per month to seven per day; same report).
• 26% increase in overall fraud attempts in 2024, exceeding Pindrop's prior 4% projection (same report).
• 475% increase in synthetic voice fraud in insurance contact centers in 2024 (same report).
• +162% projected growth in deepfake-related fraud in 2025 (Pindrop forecast, same report).
• $44.5B projected contact-center fraud exposure in 2025 (Pindrop forecast, same report).

For voice-phishing context, see vishing statistics 2026, the deepfake vishing simulation, and multi-channel phishing simulations for voice and deepfake testing.

Identity fraud mix (Sumsub 2025-2026)

Sumsub's Identity Fraud Report 2025-2026 analyzed more than 4 million fraud attempts across consenting customers. Deepfakes sit inside a broader shift toward multi-step, AI-assisted identity fraud.

• 11% of first-party fraud schemes involved deepfakes (Sumsub Identity Fraud Report 2025-2026).
• +180% year-over-year growth in sophisticated fraud as a share of all identity fraud (10% in 2024 to 28% in 2025; same report).
• 2.2% overall identity fraud rate in 2025 vs 2.6% in 2024 (same report; sophistication rose while headline rate fell slightly).
• +94% year-over-year increase in deepfake attempts in the United Kingdom (Sumsub Identity Fraud Report 2025-2026).

Financial impact and documented cases

Observed losses and projections should stay separate. Case studies anchor the risk; vendor forecasts size contact-center exposure.

• $25M transferred across 15 payments after a deepfake video conference impersonating executives (Arup, Hong Kong, January 2024; Financial Times, May 2024).
• €220,000 lost via deepfaked CEO voice call (UK energy firm, 2019; widely reported by BBC and police statements).
• $12.3B to $40B projected generative-AI-enabled fraud in the United States from 2024 to 2027 (Deloitte Center for Financial Services projection; not deepfake-only).

Identity verification and detection limits

G00847786 treats deepfake detection as necessary but insufficient. Pair technical signals with process controls and employee verification habits.

• 1 in 5 biometric fraud attempts were deepfakes in the past year, per IDV vendors cited in G00847786 (Entrust 2026 Identity Fraud Report).
• 30% of enterprises will consider standalone identity verification unreliable in isolation by 2026 (Gartner prediction, February 2024).
• 40% of enterprises may no longer treat face-biometric IDV as sufficient alone by 2027 (Gartner strategic planning assumption, G00847786).
• 50% of organizations reported reputational harm from mis-, dis-, and malinformation in the past three years (Gartner Readiness for a World Without Truth Survey, n=200, cited in G00847786).

Regional snapshot: United States and United Kingdom

United States

• 859,532 internet crime complaints to FBI IC3 in 2024 with reported losses exceeding $16.6B (IC3 2024 Annual Report; not deepfake-specific).
• $3.05B in BEC losses reported to IC3 in 2024 (IC3 2024; see Keepnet phishing statistics 2026 for context).

United Kingdom

• +94% year-over-year rise in deepfake attempts (Sumsub Identity Fraud Report 2025-2026).

Deepfake trends to watch in 2026

• Live-call impersonation moves from executive fraud to finance, HR, and vendor payment workflows.
• Multi-step attacks combine deepfake voice or video with email or SMS urgency (see Sumsub sophisticated fraud shift).
• Contact centers remain the highest-volume voice fraud surface (Pindrop telemetry).
• Identity verification pipelines face more synthetic document and face-swap attempts alongside live deepfakes.
• Security programs still under-invest in deepfake recognition despite 62% incident prevalence (Gartner n=302 vs G00840741 n=65 gap).

How to protect your organization

1. Build strong verification processes

Require out-of-band confirmation for payments, credential resets, and payroll changes triggered by voice or video. Never treat a convincing face alone as proof.

2. Train employees on deepfake risks

Use experiential scenarios, not slide-only awareness. Gartner G00840741 shows only 10% of leaders prioritize deepfake recognition today; close that gap with role-based drills for finance and HR.

3. Run realistic deepfake simulations

Quarterly simulations beat annual compliance checkboxes. See Keepnet Phishing Simulator and Gartner Go-To Vendor recognition for multi-channel deepfake testing.

4. Deploy detection technology with limits

Use deepfake detection where it fits your stack, but assume scores are probabilistic. G00847786 recommends layered authentication and content provenance checks alongside media inspection.

5. Establish rapid reporting and response

Document who approves exceptions, how to escalate suspicious live calls, and how to freeze payments within minutes. Pair with deepfake phishing playbooks for security operations.

Quick checklist for CISOs and security leaders

• Add deepfake phishing to threat models and board metrics (incident rate, not training completion alone).
• Require independent verification for financial transactions initiated on voice or video.
• Run at least one deepfake simulation per quarter.
• Enable fraud detection for voice and video channels with human review on high-value actions.
• Monitor vendor and partner payment workflows for impersonation risk.

Free deepfake phishing simulation

Benchmark reporting behavior with a 30-day free deepfake simulation from Keepnet. No credit card required.

What the Trend Data Should Change

Trend pages are useful only when they shape decisions. Deepfake growth should not lead teams to panic or buy random tools. It should lead them to tighten identity checks around payments, executive requests, hiring, and any workflow that currently trusts voice or video on its own.

The most important shift in 2026 is operational: approval flows should assume that a convincing face or voice can be faked. Evidence, context, and second-channel verification matter more than presentation quality.

Keepnet Checklist

• Review which workflows still rely on voice or video as primary proof.
• Add secondary verification to payment, HR, and executive approval flows.
• Train teams on realistic social-engineering scenarios, not only synthetic media theory.
• Document who can approve urgent exceptions and how those approvals must be verified.

Related reading

• KnowBe4 alternatives (2026): multi-channel SAT comparison for enterprise teams
• Gartner Go-to Vendor (deepfake): Keepnet recognition for deepfake and AI disinformation defense
• Phishing statistics 2026: verified DBIR, APWG, and IC3 benchmarks
• How deepfakes threaten your business: attack types and executive examples

Sources

• Gartner G00847786: Cybersecurity Threat: Deepfake Identity Impersonation (Akif Khan, 28 May 2026).
• Gartner press release, 22 September 2025: Generative AI attacks survey (n=302 cybersecurity leaders).
• Gartner G00840741, March 2026: 6 Ways to Transform Your Cybersecurity Awareness Program (n=65).
• Gartner, February 2024: prediction that 30% of enterprises will consider standalone IDV unreliable by 2026.
• CrowdStrike, 2026 Global Threat Report (Year of the Evasive Adversary), Figure 8 and p. 15-16.
• Verizon 2026 Data Breach Investigations Report (human element statistic).
• Pindrop, 2025 Voice Intelligence + Security Report (June 2025 press release).
• Sumsub, Identity Fraud Report 2025-2026 (November 2025 press release).
• Deloitte Center for Financial Services: generative AI fraud projection to 2027.
• FBI IC3, 2024 Internet Crime Report.
• Financial Times, May 2024: Arup deepfake video conference fraud ($25M).