The Controls That Used to Work And Why They No Longer Do

For nearly a decade, the standard BEC defense stack looked like this: email authentication via DMARC, SPF, and DKIM; employee training to recognise suspicious requests; a callback policy to verbally confirm unusual transactions; and a wire transfer approval threshold above which a second approver was required.

Every layer of that stack shared one fatal assumption: that a human adversary composing a fraudulent email or placing a fraudulent call would leave detectable traces. Awkward phrasing. An unfamiliar sender domain. A voice that sounds marginally wrong. Terminology your CFO would never actually use.

Generative AI has systematically eliminated every one of those tells.

IBM’s Cost of a Data Breach Report 2025 documents that 1 in 6 breaches now involve attackers actively using AI, with the two dominant applications being AI-generated phishing at 37% of AI-assisted attacks and deepfake impersonation at 35%. Phishing already ranks as the most common breach vector at 16% of all incidents, carrying an average remediation cost of $4.8 million per attack. ^[1]

Microsoft’s 2025 Digital Defense Report reinforces the picture: AI-driven forgeries grew 195% globally, with synthetic media now convincing enough to defeat biometric selfie verification checkpoints. ^[2] BEC was the outcome in 21% of all successful attacks, surpassing ransomware at 16%, despite representing just 2% of total observed threat volume. ^[2] That ratio matters: low in frequency, catastrophic in financial consequence, and AI-powered at every stage of the kill chain.

The callback policy deserves particular scrutiny because it is the control most CISOs cite when asked how they would intercept a voice-clone attack. CrowdStrike documented a 442% increase in voice phishing between the first and second half of 2024, and confirmed that H1 2025 vishing volume had already exceeded all of 2024’s full-year figures. ^[3] 

A callback policy stops a fraudulent email. It does not stop a synthetic voice from answering the verification call itself. When the attacker controls both the initiating channel and the confirmation channel simultaneously, the callback is not a defense. It is an additional attack surface.

The Threat Has Industrialized Beyond the Sophisticated Actor

The persistent misconception is that deepfake BEC remains a high-investment attack reserved for large enterprise targets. Every primary data source from 2025 and 2026 contradicts that assumption directly.

A convincing voice clone requires as little as three seconds of publicly available audio. Every earnings call, conference keynote, investor presentation, and podcast appearance your executives have ever recorded sits indexed and accessible on the open internet as ready-made training data. The tooling costs less than $20 on dark web markets and requires no technical expertise to operate.

Gartner’s September 2025 survey of 302 cybersecurity leaders across North America, EMEA, and Asia/Pacific found that 62% of organisations had already experienced a deepfake attack within the prior 12 months, while 32% said they experienced an attack on AI applications that leveraged the application prompt. ^[4] These are documented past-12-month experience rates, not projections.

Gartner separately confirmed the structural consequence: by 2026, 30% of enterprises will no longer consider standalone identity verification and authentication solutions reliable in isolation due to AI-generated deepfakes. Gartner’s VP Analyst Akif Khan stated it without qualification: organisations “will not be able to tell whether the face of the person being verified is a live person or a deepfake.” Every CISO using video verification as a high-value transaction control needs to sit with that statement.^[5] 

Deloitte’s Center for Financial Services projects U.S. AI fraud losses reaching $40 billion annually by 2027, compounding from $12.3 billion in 2023 at a 32% annual growth rate. ^[6] 

Against that trajectory, the FBI IC3’s 2025 Annual Report recorded $3.046 billion in BEC losses across 24,768 documented complaints. ^[7] Researchers consistently place actual BEC losses at five to seven times the reported figure, given endemic underreporting. The documented number is the floor, not the ceiling.

Four Controls That Replace Perception With Process

Gartner’s top cybersecurity trends for 2026 state explicitly that existing security awareness efforts continue to fail to reduce risk as GenAI adoption accelerates, recommending a decisive shift toward adaptive behavioural programs built around AI-specific scenarios. ^[8] 

Training remains relevant, but only as a contribution to a process architecture that functions independently of whether an employee detects anything wrong at all.

Eliminate single-channel authorisation for every high-value financial action. Every wire transfer, vendor banking change, and credential reset above a defined threshold must be verified through a pre-registered, out-of-band number stored in your internal systems before this transaction is initiated. Not the number in the email. Not the number on the caller ID. 

The number your organisation recorded independently of this request entirely. This breaks the core mechanism every voice-clone BEC attack depends on, costs nothing to implement, and requires no vendor engagement to initiate.

Enforce a non-negotiable 24 to 48-hour hold on all vendor banking changes. The February 2024 Arup case, in which $25.6 million moved across 15 separate wire transfers after a deepfake video call featuring a synthetic CFO and fabricated colleagues, succeeded entirely because manufactured urgency eliminated the verification window. A mandatory hold is structural, not discretionary. No attacker who has built artificial time pressure into the attack benefits from a policy that disregards urgency completely by design.^[7]

Integrate AI-native deepfake detection into your video conferencing stack. CrowdStrike’s 2026 Global Threat Report confirmed that 82% of all 2025 detections were malware-free, with adversaries moving exclusively through legitimate credentials and trusted SaaS integrations. ^[9] Real-time synthetic media detection embedded directly into Zoom, Microsoft Teams, and Google Meet is no longer a forward-looking investment consideration. It is a present operational requirement. IBM’s data shows organisations using AI extensively in security operations resolve breaches 80 days faster and save $1.9 million per incident on average compared to those operating without it. ^[1]

Deploy phishing-resistant MFA across every financial system without exception. Microsoft’s 2025 Digital Defense Report found that phishing-resistant MFA blocks over 99% of identity-based attacks, while 80% of MFA-bypass breaches originate from session-token theft via adversary-in-the-middle toolkits engineered specifically to defeat SMS and app-based OTP methods. FIDO2 hardware tokens and passkeys eliminate the session-token intercept vector that standard MFA implementations leave permanently exposed.^[2]

The Governance Framing Boards Need to Hear

The FBI’s 2025 IC3 Annual Report formally tracked AI as a fraud category for the first time in its 25-year history, logging 22,364 complaints and $893 million in documented losses. ^[7] That formal documentation carries regulatory weight that extends well beyond statistics. It establishes that AI-enabled BEC is a known, publicly warned-against, government-documented threat vector with a verifiable loss record.

When a successful deepfake BEC attack occurs against an enterprise operating without out-of-band verification, without vendor banking change holds, and without phishing-resistant MFA on financial systems, the question regulators, auditors, and cyber insurers will ask is not whether the attack was technically sophisticated. 

It is whether the controls formally recommended across the FBI, Gartner, IBM, and Microsoft guidance were in place at the time. The absence of documented controls against a formally documented threat class is an increasingly standard basis for coverage disputes and regulatory exposure. That argument, backed by that evidence, belongs in front of every board before the next incident occurs.

Conclusion

The obsolescence of traditional BEC defenses is not an emerging risk. It is a present operational condition confirmed by primary data from every major threat intelligence institution simultaneously. IBM has documented AI involvement in 1 in 6 breaches right now. ^[1] 

CrowdStrike has measured a 442% surge in AI-powered voice phishing in a single calendar year. ^[10] Gartner has surveyed 302 security leaders and found 62% already been hit by deepfake attacks in the prior 12 months. ^[4] Deloitte has traced the financial destination of this trajectory to $40 billion in U.S. losses by 2027. ^[6]

The controls that stop these attacks are not technically complex or prohibitively expensive. A pre-registered out-of-band callback number. A mandatory hold on vendor banking changes. Phishing-resistant MFA on financial systems. 

Real-time detection on video conferencing platforms. None requires a new budget cycle to initiate. What they require is the recognition that the threat model has permanently shifted, and that any defense architecture built on the assumption that humans can detect synthetic deception is no longer fit for purpose.

The CISO’s mandate in 2026 is to build processes that work regardless of whether the deception is ever detected. That is the only standard the current threat environment will accept.

References

1. IBM Security and Ponemon Institute (2025). IBM Report: 13% of Organizations Reported Breaches of AI Models or Applications, IBM Newsroom, 30 July. 
2. Microsoft Corporation (2025) Microsoft Digital Defense Report 2025, Microsoft Security Insider, October. 
3. CrowdStrike (2026) 2026 Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface, CrowdStrike Press Release, 24 February. 
4. Gartner, Inc. (2025). Gartner Survey Reveals Generative AI Attacks Are on the Rise, Gartner Newsroom, 22 September. 
5. Gartner, Inc. (2024) Gartner Predicts 30% of Enterprises Will Consider Identity Verification and Authentication Solutions Unreliable in Isolation Due to AI-Generated Deepfakes by 2026, Gartner Newsroom, 1 February. 
6. Deloitte Center for Financial Services (2024). Generative AI Is Expected to Magnify the Risk of Deepfakes and Other Fraud in Banking, Deloitte Insights, 29 May. 
7. Federal Bureau of Investigation Internet Crime Complaint Center (2026) 2025 Internet Crime Report, FBI, Washington D.C., April. 
8. Gartner, Inc. (2026). Gartner Identifies the Top Cybersecurity Trends for 2026, Gartner Newsroom, 5 February. 
9. CrowdStrike (2026) CrowdStrike 2026 Global Threat Report, 24 February. 
10. CrowdStrike (2026) 2026 Global Threat Report: China’s Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises, 27 February.