Executive exposure: 7 in 10 directors in Irish organisations are “concerned” about AI-enabled attacks 1 in 6 Irish executives report high exposure to kidnap-for-ransom risks

Seven in ten (71%) senior Irish business leaders are concerned about the risk of AI-enabled deception being used in fraud or extortion against their organisation, according to new research from Gallagher, the insurance broking and risk management firm.

The Gallagher Executive Protection Report, which is based on a survey conducted by Censuswide of 1,000 senior decision-makers across the UK and Ireland, asked respondents how concerned they are about deepfakes and AI-enabled deception being used in attacks. The findings show that 71% of Irish leaders are concerned about this to some degree, making it the single biggest concern for directors and senior leadership teams.

Deepfakes and impersonation – top executive threats

When asked to identify the threats that most concern directors and senior business leaders, the survey respondents ranked:

• Deepfake or AI-enabled deception as the top concern (49%), followed by
• Phishing and social engineering attacks (41%), and
• Reputation manipulation or fake news (41%)

In addition, when asked about their organisation’s exposure to specific risks:

• 33% said they have high exposure to deepfake or AI-enabled deception
• 33% reported high exposure to digital impersonation attacks.

Gallagher say these types of attacks typically involve fraudsters impersonating senior executives using fake emails, cloned voices or AI-generated video to pressure employees into transferring funds or sharing sensitive information.

Michael Cunningham, Head of Financial Lines at Gallagher, commented on the findings,

“What’s striking is how quickly AI-enabled deception has moved to the top of the risk agenda for senior leaders. These are not theoretical threats, they are already impacting organisations, with a significant proportion of senior leaders reporting direct exposure to deepfake and impersonation attacks.

The combination of widely available information and increasingly sophisticated technology means it is becoming easier for criminals to convincingly replicate senior executives and exploit internal processes.”

Physical vs digital threats

While digital threats are the primary concern, the Gallagher research shows that both Irish and UK based organisations continue to face physical security risks.

When decision makers in Irish organisations were asked about their exposure to a range of threats:

• 24% reported high exposure to physical assault or robbery risks
• 26% cited high exposure to travel-related security risks
• 16% reported high exposure to kidnap-for-ransom risks.

Business response

The Gallagher survey also asked organisations what measures they have in place to manage these risks. It found that:

• 52% have social media and privacy protocols in place
• 50% use payment verification and anti-fraud controls
• 40% provide training on deepfake or digital threats

However, fewer organisations have more specialised protections:

• 28% have personal or travel security arrangements
• 15% have kidnap and ransom or executive protection cover
• 6% have none of these measures in place

Mr Cunningham continued:

“Many organisations have taken important steps, particularly around fraud controls and awareness training, but the findings suggest there is still a gap when it comes to more advanced or targeted protections.

“As digital and physical risks continue to converge, organisations need to take a more holistic view of executive protection. That means not only strengthening internal controls but also considering how visible their senior leaders are and what information is publicly accessible. Ultimately, the threat landscape is evolving quickly, and organisations need to ensure their approach to risk management evolves with it.”