What are the best weapons in the battle against deepfakes?
Download The Business Of podcast on your favourite podcast platform.
UNSW Business School's Eric Lim argues that reputation and character combine to form the strongest defence businesses have against the deepfake threat
Executives, brands and public figures worldwide are confronting a threat that did not exist in its current form just a few years ago: the deepfake. Powered by artificial intelligence (AI), these fabricated videos, images and audio clips can replicate a person's appearance and voice with enough precision to deceive almost anyone who watches them. In 2024, a deepfake attack occurred somewhere in the world at a rate of one every five minutes. The technology is no longer expensive, difficult or rare. Widely available tools can now produce convincing deepfakes for just a few dollars, driving down the cost of fraud and making scams easier to scale.
For businesses, the numbers are sobering. A 2024 survey by identity verification firm Regula found that businesses across industries lost an average of US$450,000 to deepfake fraud, with financial services firms bearing the heaviest burden at an average of $603,000 per affected organisation. Those figures cover only direct financial losses, without accounting for reputational harm, legal costs, or operational disruption. And Deloitte's Center for Financial Services projects that generative AI-enabled fraud losses could reach US$40 billion in the United States by 2027 (up from US$12.3 billion in 2023) – a compound annual growth rate of 32%.
Against this backdrop, Eric Lim, an Associate Professor in the School of Information Systems and Technology Management at UNSW Business School, offers a solution that may surprise leaders who assume the answer lies in better technology. Rather, A/Prof. Lim suggests the most powerful line of defence begins with the character of individuals and a foundation of trust.
What, exactly, is a deepfake?
"Deepfakes essentially use AI technology, or, actually, the innovative technologies we see these days, to create fake realities,” said A/Prof. Lim, who was recently interviewed by Dr Juliet Bourke, Adjunct Professor in the School of Management and Governance at UNSW Business School for The Business Of, a UNSW Business School podcast. “It could be a video, an image that has been doctored, and so on and so forth, with some intentions behind it, whether for entertainment or simply because people have malicious intent in creating those deepfakes and disseminating them."
Deception in media is nothing new. Paintings have been forged for centuries, photographs manipulated for decades, and propaganda has always found ways to distort reality. However, the difference today is the conditions under which it spreads. "People are concerned with the velocity at which these fakes evolve, and also, they are concerned with the ease with which these fakes appear and are created," A/Prof. Lim said.
"I think these are the two main factors that people are worried about, rather than the existence of fakes, which has always been there. There is easy access to all these tools. You can easily just pay a subscription of $20 and create a fake brand of a company doing something that is damaging to itself, or create a persona that is related to a company, so that the ease with which these fakes are created is probably causing a lot of disturbance in the minds of businesses."
The motivations behind the fakes
Not every deepfake is created with criminal intent, and A/Prof. Lim draws a clear distinction between those produced for entertainment and those engineered for harm. "My assumption is that they are predominantly divided into two intentions. One intention is that it could be entertaining, which means, basically, ‘I think this is funny. I want to put it out on social media and make people laugh,'” said A/Prof. Lim. The other motive is malicious, in the sense that there is an intention to profit from creating deepfakes.
The malicious category carries real consequences. In Australia, for example, a deepfake video featuring finance journalist Alan Kohler and Commonwealth Bank CEO Matt Comyn, went viral. They appeared to argue during an interview, with Mr Comyn supposedly promoting a secret investment platform. But the footage was fabricated. It looked like the ABC and sounded like the ABC. It was engineered to drive unsuspecting viewers toward a fraudulent scheme.
"I believe that that was intentionally malicious, in the sense that people who created that deepfake were probably trying to benefit from it by driving traffic to that fake investment platform that Matt supposedly was investing in,” said A/Prof. Lim.
Reputation as the first line of defence
Given the scale and sophistication of deepfakes, businesses might expect the solution to involve technology or intensive training programmes. A/Prof. Lim, however, suggests the most durable protection is the trust an individual or organisation has already built.
"I think it comes down to your track record, your reputation, in a sense, how resilient your reputation is. If you demonstrate, as an individual, that you are a trustworthy person, that means you go about your life, and when you're not perfect, no one is perfect, you carry out your actions, and if you get something wrong, you correct yourself, you admit your mistakes, and so on and so forth. People are more willing to trust you,” he explained.
“But if you're the opposite, when you're caught misbehaving or making a mistake, you just kind of double down and say, 'I wasn't wrong,' people are less likely to believe that."
"I think it comes down to your track record, your reputation, in a sense, how resilient your reputation is"
ERIC LIM
To illustrate, A/Prof. Lim drew on one of the most studied examples of corporate crisis management: the Johnson & Johnson Tylenol case of 1982. "I'm not sure if you remember the case of Johnson and Johnson, where they pulled all their Tylenol off the shelves, because there were a few cases where the Tylenol had been tampered with, and people who had bought it died from that poisoning. So, it was a deliberate sabotage event,” said A/Prof. Lim.
“Johnson & Johnson was seen as decisive; they were seen as being more concerned with the lives and the safety of their customers than profit, in the sense that they were willing to take a hit by pulling everything off the shelves at a moment's notice. So, I think that event gave them a huge, formidable, resilient reputation."
When character is tested in public
Another example is Italian Prime Minister Giorgia Meloni, who was targeted by a deepfake. In response, she chose a direct, public approach: she posted the fabricated content on X and called it out for what it was.
A/Prof. Lim said there is a strategic logic to her approach, with one important caveat: "If she already had a stellar reputation or has a track record, then by coming out to own it, and to say that I have nothing to hide or go check it out, I think that's brilliant. But if you already have a sordid reputation and you put it out there, it's just kind of like drawing more attention to yourself, and people are more likely to believe that than not."
The same dynamic applies to corporate figures and public personalities. A/Prof. Lim points to the contrast between those who sustain long careers and those who damage their own standing despite fame and access. "You can see a lot of Hollywood stars just self-destruct by doing very silly things over and over again to the point where they become a toxic asset, and no one wants to touch them,” he observed.
“All the Hollywood studios just avoid them, whereas you get stars that have staying power. You get stars like Keanu Reeves, who I think has a great reputation, as he seems down-to-earth. That has to be coupled with your own personal understanding of what authenticity means."
A layered problem requires a layered response
While A/Prof. Lim said the individual must at the centre of the solution to deepfakes, he noted that no single defence is sufficient: AI-based detection that calculates the probability a piece of content is fake, blockchain systems that allow anyone to trace a statement or publication back to its verified origin, and the kind of institutional track record that gives audiences a basis for scepticism before any technical check is even run. Each layer compensates for the limits of the others, because no one defence, however sophisticated, can cover every angle of an attack that is itself constantly evolving.
Subscribe to BusinessThink for the latest research, analysis and insights from UNSW Business School
His research includes work on decentralised identity systems, a blockchain-based mechanism that enables individuals and organisations to control their verifiable digital identities. The technology would tie content back to its source, enabling anyone to confirm whether material has been tampered with.
Unlike centralised platforms such as Facebook or X, where accounts can be restricted or removed at a company's discretion, a decentralised identity cannot be shut down by a third party. "Imagine if you have a presence in those platforms, and you have made a name for yourself, you have created this brand for yourself, and suddenly you're shut down, your whole livelihood is gone. So that's the danger of a centralised platform: with a decentralised one, no one can really shut you down,” he said.
Despite these technological options, A/Prof. Lim is candid about the limits of any technical approach. Technology and education help, but they do not eliminate the threat. "We can all learn from the examples we have had in protecting against cybersecurity threats. You see technological solutions, and so on and so forth, but it still happens, no matter how advanced your technical defences are, or how much education you provide to your people in the company,” he said.
“I guarantee that they will happen again. So, same thing, deepfakes, it's a never-ending war. So, where do you start? That's why my proposal is to start with the individual, because that's the only defence you can control."
Why we are losing the ability to detect the fake
Beneath A/Prof. Lim's technological analysis raises a more fundamental concern. He argues that what makes society so vulnerable to deepfakes is a broader erosion of the capacity to identify what is genuine.
The Edelman Trust Barometer, an annual measure of institutional confidence, has tracked a long decline in trust toward traditional authorities: governments, corporations and media organisations. Influencers and online personalities have accumulated followings that rival or exceed those of established institutions.
A/Prof. Lim reads this shift as a symptom of something deeper. "The turning to influencers is actually a response to the failure of our institutions, our politicians. We just feel that we can't trust them anymore,” said A/Prof. Lim, who believes the deepfake problem is as much a cultural one as a technological one. The reason fabricated content finds so many willing believers is that society has lost its collective instinct for authenticity: the capacity to sense, without a detection tool, that something is genuine or wrong. Restoring that instinct, he asserts, would do more to blunt the impact of deepfakes than any algorithm.
Learn more: Could decentralised identities stop cybersecurity breaches?
Key takeaways for business leaders
A/Prof. Lim's research, experience and analysis highlight the need for a clear framework to counter the deepfake threat:
Reputation is key. The most effective protection against a damaging deepfake is a track record of transparent, accountable conduct built before any crisis occurs. Businesses that have demonstrated genuine trustworthiness over time give their audiences a baseline against which fabricated content appears implausible.
Respond to threats from a position of integrity. As the Italian PM Meloni example shows, publicly owning a deepfake is only a viable strategy if the organisation or individual already commands credibility. Businesses should assess whether their standing is strong enough to support a direct public rebuttal before deploying one.
Accept that no single defence is sufficient. Technology, training and institutional reputation each contribute to resilience against deepfakes, but none provides a complete answer. Organisations should build layered defences across all three domains while understanding the limits of each.
Monitor decentralised verification technologies. Blockchain-based provenance tools are emerging as a practical mechanism for anchoring official communications to a verifiable source. Businesses with material brand exposure should follow and trial these technologies as they develop.
Treat character as a governance issue. Who represents a company and how they conduct themselves in public life are now material risk considerations. Board-level attention to authentic leadership and cultural integrity is no longer merely an ethical aspiration; it is a business continuity concern.
Start with the individual. "When you're authentic, I'm not saying that you're going to get it right, but at least it increases your probability of getting it right," said A/Prof. Lim, who observed that, in a world where the fake has become indistinguishable from the real, probability is worth everything.