Deepfakes can be a severe credit negative for companies, says Moody’s

Advances in AI will likely result in more pernicious disinformation campaigns against companies

by NG MIN SHEN

AS CYBER security threats continue to grow in range and levels of sophistication, companies’ businesses and credit quality are at stake as advances in artificial intelligence (AI) have made easier the creation of deepfakes — doctored but highly realistic videos and images — designed to damage their reputations.

In a recent report, Moody’s Investors Service Inc said advances in AI technology will likely result in more pernicious disinformation campaigns against companies, posing credit risks for targeted organisations due to the greater potential for tarnished reputations and lost business.

“Imagine a fake but realistic-looking video of a CEO making racist comments or bragging about corrupt acts. Advances in AI will make it easier to create such deepfakes and harder to debunk them. Disinformation attacks could be a severe credit negative for victim companies,” Moody’s assistant VP-cyber risk analyst Leroy Terrelonge said.

Deepfake campaigns can be a severe credit negative for targeted companies by damaging their reputations to a point that customers cease patronising them, investors increase their cost of capital, and skilled talents reconsider employment opportunities.

Until now, disinformation campaigns against companies and other targets tended to be easily debunked and therefore have been typically short-lived.

In contrast, AI disinformation campaigns will take longer to disprove as the technology is quickly improving, thus debunking will likely require the development of new forensic techniques, and may at some point become very challenging.

“Given the pace of advances in the technology, debunking will likely require the development of new forensic techniques, or may at some point become humanly impossible,” Moody’s warned.

Malaysia is no stranger to cyber security risk incidents too.

According to national cyber security specialist CyberSecurity Malaysia, there were 2,977 cyber security incidents involving fraud, intrusion and malicious code recorded in the country between January and April 2019.

Combating deepfakes will require a combination of technology and education, Moody’s said.

To reduce exposure of deepfake campaigns in the short term, companies can actively monitor social media platforms and websites for disinformation, as well as ask content hosts to remove identified deepfakes.

Companies can also publish their own content to debunk false claims, while over the longer term, technical and educational measures to rein in deepfake disinformation campaigns could also mitigate risk.

In line with recent cyber security-related incidents, MSIG Insurance (M) Bhd has launched Cyber SafeGuard, an insurance product designed to protect businesses of all sizes from the growing range of cyber risks proliferating in the Asean region.

The product provides standard financial protections as well as immediate access to expert operational and technical support in the event of a security breach, the general insurance company said in a recent statement.

Cyber SafeGuard was developed by MSIG Malaysia in collaboration with cyber insurance specialist MS Amlin, whereby both parties are members of Tokyo-based general insurer firm MS&AD Insurance Group Holdings Inc.

“Cyber security is a growing concern, particularly for small- and medium-sized enterprises (SMEs) who are being increasingly targeted. While most big listed companies now have decent cyber security systems in place, many smaller businesses do not have the same level of resources to dedicate to security. Cyber criminals often see SMEs as potential stepping stones into the systems of their larger customers in the supply chain,” MSIG Malaysia CEO Chua Seck Guan (picture) said.

The insurer has seen a growing tendency of cyber criminals to focus on smaller professional services businesses, such as accounting and law firms, in order to use their data for extortion and espionage purposes.

Hackers are also now extending their net beyond online retailers to healthcare, education, and food and beverage companies in order to harvest potentially sensitive customer data.

The potential cost of dealing with such breaches has risen significantly in the wake of increased personal data protection legislation in many markets.

“This means that any Malaysian firm with international customers could face massive legal claims in the event of a data breach. The costs of dealing with a cyber security incident — particularly for SMEs — could have a major impact on cashflow and potentially ruin businesses completely,” Chua said.

The group’s standard Cyber SafeGuard cover includes support for the appointment of an expert information technology forensics company, the cost of a public relations consultant to assist with the management of any reputational damage, the cost of a legal firm to advise on legal obligations, restoration costs, interruption losses, liability claims, extortion loss and regulatory costs.

The product is available to businesses of all sizes, with the premium charged to depend on the scale of coverage required, as well as the current status of the business in relation to its data management and business continuity systems.