Fake Buffett, Real Reputation Risk: How Deepfakes Are Reshaping the Cyber Landscape

How deepfakes are threatening businesses’ reputations and cyber resilience.

In November 2025, Warren Buffett, business mogul, billionaire and CEO of Berkshire Hathaway, was widely seen in TikTok videos promoting specific stocks, cryptocurrency investments and other similar activities.

Except it wasn’t him.

It was a deepfake, an AI-generated video using Buffett’s likeness to convince users to fall for crypto giveaways and investment schemes. The bad actors behind the scam wanted to exploit Buffett’s name for their own gain, at the expense of his reputation.

So realistic were these deepfakes to the untrained eye, that one channel referenced within the fake video amassed over 17,000 subscribers.

Of course, Buffett has the resources and backing to address something like this in real time and have it corrected — which is exactly what his company did. But not every business can rest on its multi-billion-dollar CEO status to right the wrongs of a deepfake reputational plunder.

“More and more cybercriminals are realizing they can cause this kind of harm for organizations much smaller and much less equipped to handle it than Berkshire Hathaway. And so, we want to offer active protection to our client base, because we think we do see it becoming more prevalent every day,” said Michael Phillips, head of cyber portfolio underwriting, Coalition.

Deepfake Fallout: The Harm That Comes from Misinformation

AI-generated videos spreading misinformation have two main purposes: to swindle the end-user, most often driven by a monetary gain, or to harm the reputation of the subject.

John Farley, cyber liability practice lead, Gallagher

“Deepfake technology allows a threat actor to take actual audio or video and manipulate it to create synthetic media,” said John Farley, cyber liability practice lead, Gallagher.

“When they’re able to do that, they’re able to make someone appear to do or say something that they never did. Threat actors can use this to create a false narrative about an individual or an organization, and that can certainly lead to reputational harm.”

But it’s more than that, Farley said.

“It can impact virtually every aspect of society,” he stressed. As an example, he pointed to the judicial system. “We rely on video and audio to determine someone’s guilt or innocence, and now it almost becomes flipped. Are we going to have to prove a negative in that scenario? You could look at how a deepfake video could impact a publicly traded organization in terms of their stock price, at least in the short term.

“There are massive implications for not only an organization, but for society at large,” Farley said.

The scale of the problem is growing rapidly. According to a study released by Deepstrike, a professional hacking organization that tests systems for vulnerabilities, “The volume of deepfake content shared online is exploding. After an estimated 500,000 deepfakes were shared across social media platforms in 2023, that number [wa]s projected to skyrocket to 8 million by 2025.

“This is consistent with a growth rate where the volume of deepfake videos increases by 900% annually. This isn’t linear growth; it’s a viral proliferation that outpaces nearly every other cyber threat.”

Accessibility and Believability Rising

Businesses can face backlash and lose the trust of their customer base. The individual at the center of the deepfake may suffer reputational damage, and the financial fallout can bring operations to a halt.

Plus, it’s increasingly becoming easier for cybercriminals to trick people into believing their lies.

“More cybercriminals are turning to deepfake technology because organizations are more prepared against the traditional types of cyber threats,” said Phillips, referencing phishing attempts or ransomware events.

“If the technology you have at your company is very secure, then it’s much harder for a cybercriminal to have that way in, so they need a different way to cause harm,” he said.

“Deepfakes enable cybercriminals to cause different types of harm than they historically have, and so what we’re seeing is that more and more cybercriminals are motivated to cause harm that’s not directly about stealing money but is also about stealing trust and really harming enterprise value.”

In essence, deepfakes are being used as social smear campaigns, often with the hope of building distrust between an organization and its consumer base.

“The common thread is that deepfakes reduce friction for the attacker. They shortcut trust. Instead of convincing you with a story, the attacker shows you ‘proof,’ and people act faster. That is why verification controls and escalation protocols matter as much as technical detection,” added Ryan Kratz, head of cyber, North America, MSIG USA.

Michael Phillips, head of cyber portfolio underwriting, Coalition

We might think detecting an AI-manipulated image or video should be easy, however the unfortunate truth is, this technology is keeping pace. Coupled with that, attackers are well aware of the staying power of the internet, and once a video is online, it’s unlikely to go away completely.

“The quality [of technology] is improving and the barrier to entry is dropping. What is changing is not only realism, but also volume and targeting. It is becoming easier to generate content that matches a specific person, context, and moment,” said Kratz.

Another area that gives strength to deepfakes is access.

“[Cybercriminals] no longer have to know how to code in Python and PowerShell,” said Kyle Lutterman, VP, cyber product leader & cybersecurity risk engineering, Arch Insurance. In the traditional cybercrime world, where bad actors send phishing emails or vishing calls, a basic understanding of coding malware has been needed.

But now, anyone with internet access and the ability to type a good prompt can create AI-generated images.

The Cyber Overlap

While reputation can hang in the balance should a deepfake plague an individual, experts agreed this is something that bleeds into the cybersecurity space, particularly because of the means and technology used to create these images.

“From a risk standpoint, the key is that deepfakes are not just ‘misinformation.’ They are often a delivery mechanism for fraud, extortion, and social engineering, and that is where cyber and crime overlap becomes very real,” said Kratz.

Cyber insurance provides a level of crisis management services for things like ransomware, phishing and other “traditional” attacks companies can face. But now cybercrime has evolved to include deepfake technology, meaning many are looking to make sure their cyber insurance reacts accordingly.

“First and foremost, each cyber insurance policy has its own terms and conditions, so you need to be mindful of any coverage implications around deepfake incidents,” said Farley.

But, he cautioned, there is nuance in each policy. For example, “In the scenario where your CEO is imitated via deepfake technology and there is no unauthorized access to a network, you may or may not have coverage, because some policies may require an unauthorized access to your network to trigger coverage.”

Threat actors are generally using deepfake technology to carry out social engineering crimes, which is typically covered under a cyber policy. Additionally, “We have had … developments in the market where we’ve had carriers come out and affirmatively state that they are covering these deepfake attacks through endorsements just to clarify coverage,” Farley added.

But a thorough review of policy language around deepfakes should be conducted in order to better protect against this risk.

Protecting Against the Risk of Deepfakes

Case in point, the team at Coalition understood very clearly the cyber implications of an AI-generated deepfake and even went so far as to create a coverage endorsement designed to protect against that very thing.

“We’ve started seeing more macro or high-level targeted campaigns in which C-suite members, board members, other senior executives at enterprises around the world are being targeted by deepfakes that harm their credibility, their brand value, that disrupts operations and trust within the organization and between an organization and its clients,” Phillips explained. “That’s what led us to develop our deepfake response endorsement, something that can respond to that kind of pressure.”

Reputational risk insurance and D&O coverage are two other prominent coverages that can bulk up resilience against deepfake harm.

“From an insurance perspective, this is a good reminder for buyers to stress-test how their cyber, crime, D&O, and media-related coverages work together, because deepfake events do not respect policy silos,” said Kratz.

Ryan Kratz, head of cyber insurance, MSIG USA

Then there are the proactive measures businesses should take, particularly when it comes to spotting and eliminating deepfake risk.

“You can’t really control if someone outside your organization has a philosophical difference in your business’s operations and chooses to do a smear campaign,” said Lutterman. “That’s completely out of your hands. But in terms of deepfakes being used to leverage network access, or potentially a funds transfer, training employees is vital.”

As generative AI tools become cheaper and more accessible, experts said deepfake incidents will likely shift from headline-grabbing scams to routine elements of cybercrime. For organizations, that means reputation management, employee training and insurance coverage will need to evolve just as quickly as the technology itself.

“Deepfakes will get better, there’s no question. We need to make sure organizational controls and insurance architecture are keeping pace,” Kratz said. &

Autumn Demberger is a freelance writer and can be reached at [email protected].

Beyond the Surface: How Video Analysis Is Transforming Workplace Ergonomic Risk Management

Musculoskeletal disorders continue to plague American workers. New diagnostic approaches are giving safety leaders practical tools to identify and address ergonomic risks before they result in injuries and costly claims.

By: The Hartford | April 1, 2026

Musculoskeletal disorders remain one of the most significant occupational health challenges facing American businesses. These injuries — from back strains to repetitive stress conditions — don’t just impact workers; they create substantial financial consequences for employers through medical costs, lost productivity, and workforce disruption. Yet many organizations struggle to identify ergonomic risks before they manifest as actual injuries.

For decades, ergonomic assessments have relied primarily on in-person expert evaluation, a resource-intensive approach that may not be feasible for companies with limited safety budgets or those operating across multiple locations. As workplace safety leaders search for more accessible, data-driven methods to evaluate job tasks and implement preventive measures, new technologies are emerging to bridge this gap.

“Our mission is to help our customers thrive as businesses,” said Dan Campany, Head of Risk Services at The Hartford. “While risk transfer and insurance is an important financial backstop and safety net, we’re going to help prevent bad things from happening whenever possible by working with the customer.”

Understanding the Hidden Costs of Ergonomic Risk

Dan Campany, Head of Risk Services, The Hartford

When organizations think about the cost of workplace injuries, they typically focus on direct medical expenses and workers’ compensation claims. However, the true financial impact extends far beyond these obvious line items.

“If someone gets injured, who’s going to do that job now, and are they able, trained, and skilled, or do we need to rehire?” Campany said. “Will the person in that role be as productive? Is there another job that’s not going to get done because we had to shift somebody over to do this job? Will production slow down? And how about morale?”

These indirect costs — administrative burden, productivity losses, retraining needs, and morale impacts — can dwarf the direct medical expenses. Additionally, the human element cannot be overlooked. Employees are a company’s most valuable asset, and preventing injury helps protect both worker wellbeing and organizational performance.

The challenge is that many ergonomic risks remain invisible without proper assessment tools. A worker may be repeatedly performing a task with problematic body mechanics, gradually increasing injury risk without generating any visible warning signs until an incident occurs. This is where diagnostic technology becomes valuable.

Technology as a Diagnostic Starting Point

Recent advances in artificial intelligence and computer vision have created new possibilities for ergonomic assessment. These technologies can analyze video recordings of workers performing job tasks, calculating strain on specific body parts and quantifying injury risk in ways that are easy to understand and act upon.

“How it works is we take a short video — a minute or two — of an individual employee performing a job function,” Campany explained. “The AI analyzes the video using principles from biology and physics. It evaluates the position of the body, the motion of the body, and the force exerted on the body.”

This analysis generates a numerical risk score along with a visual representation that brings risk to life for organizational leaders. “The system generates a numerical score from one to ten to indicate the degree of risk, which is also converted into a color-coded system of red, yellow, and green,” Campany said. “When you view the video, we superimpose an avatar, and the various parts of the body on that avatar appear in red, yellow, or green depending on the degree of strain exerted during the process of performing that job function.”

The visual nature of this output makes ergonomic risk tangible and actionable. Rather than abstract discussions about ergonomic principles, safety leaders can see exactly which body parts face elevated strain during specific tasks.

However, it’s important to understand what this technology does and does not do. Video analysis and AI are diagnostic tools — they identify where risks exist, but they are not replacements for expert guidance on solutions.

“The computer vision technology is really a diagnostic tool, and it has some advantages in terms of how we facilitate productive conversations with customers,” Campany said. “However, it does not replace the expertise of the ergonomist in determining what to do about an identified risk of injury. Ergonomists are still essential for developing solutions and recommendations that can be put in place to make improvements. It’s purely a diagnostic tool.”

Matching Solutions to Organizational Needs

One of the barriers to ergonomic improvements has historically been access — specialized ergonomists are expensive resources that may not be feasible for smaller organizations or for lower-priority job tasks. A one-size-fits-all approach to ergonomic services doesn’t serve diverse business needs.

Recognizing this, organizations are now offering tiered service models that match the complexity of the risk to the appropriate level of expertise and service delivery.

“We have different models we can deploy,” Campany said. “We have a computer vision capability that is available to customers on a self-serve basis. They can download the application, shoot the video themselves, upload it to us, and our ergonomists can virtually analyze it and engage with the customer to make recommendations.”

For organizations with minimal ergonomic complexity or a small number of jobs to assess, self-service video analysis provides an accessible entry point — and importantly, at no additional cost to insured customers. This democratizes access to ergonomic diagnostics.

For more complex situations, organizations can draw on generalist risk consultants who have been trained and coached by specialist ergonomists. And for the most sophisticated operations with multiple complex exposures, specialist ergonomists can be deployed directly.

“We look at the potential severity of the risk, the complexity and volume of jobs to be assessed, and the complexity of the solutions or risk mitigation mechanisms,” Campany said. “Based on these factors, we mix and match these various models.”

From Diagnosis to Measurable Results

The real value of any risk management approach emerges when it produces tangible improvements. Consider a recent manufacturing facility case where ergonomic risks were driving substantial claims costs.

“We had a manufacturing facility recently where half of their annual claims were related to ergonomics,” Campany said. “Based on the diagnostics with our computer vision tool, our recommendation was that they implement a mechanical lift system.”

This mechanical lift — augmenting a task that had been performed manually — delivered remarkable results. “We took something that was physically challenging and introduced a mechanical lift for assistance. This improved efficiency and lowered the time of that part of the process, resulting in a significant return for the customer,” Campany explained.

But the financial benefits extended well beyond this direct operational improvement. By engineering out the exposure that was causing half of the facility’s claims, the organization achieved remarkable improvement in cost of risk. Additional savings from reduced lost time and retraining exposure added more benefits. Total return on investment exceeded the investment in the mechanical lift system.

“It also improved morale and reduced the risk of injury to a human being in that situation down to close to zero,” Campany added.

This example illustrates a critical principle: ergonomic improvements are not just safety initiatives — they are operational improvements that enhance efficiency, reduce costs, and improve employee satisfaction simultaneously.

Organizations that approach ergonomic risk systematically see compounding benefits. Rather than addressing all potential risks simultaneously, strategic prioritization allows organizations to focus on high-impact improvements first, then move sequentially through subsequent priorities.

“We may have four, five, or six jobs with a customer that we want to work on, but we start with the one that’s the biggest risk, the highest priority,” Campany said. “We diagnose, recommend, and implement a solution, then remeasure the task to show the delta between before and after the improvement. Then we move on to the next priority.”

Sustaining Improvements Over Time

While engineering controls — like the mechanical lift example — can permanently eliminate certain ergonomic risks, not all risks can be fully engineered out. In these situations, behavioral change and sustained reinforcement become essential.

“In situations where we can’t totally engineer out the risk — we can’t eliminate the risk down to zero — the solution is more about behavioral changes, coaching, or training,” Campany said. “In those situations, there is a need to monitor over a period of time to ensure we don’t regress to old behaviors and that we’re continuously reinforcing the right behaviors.”

Regression in behavioral change is well-documented. Just as drivers tend to gradually revert to previous habits after receiving feedback about their driving scores, workers naturally drift back to familiar patterns unless exposed to consistent reinforcement.

Emerging approaches in behavioral economics are beginning to address this challenge more effectively. “Behavioral economics is just starting to make its way into our conversations with customers,” Campany said. “It’s the idea of not just measuring, monitoring, and coaching, but incentivizing and rewarding behaviors. This is an emerging part of our value proposition and toolkit in this space.”

When diagnostic tools identify risks, and organizational systems are in place to implement solutions and sustain behavioral change, the intersection of technology and expertise produces meaningful outcomes: safer workers, reduced claims, improved productivity, and stronger organizational performance.

To learn more, visit IoT Capabilities for Risk Management | The Hartford.

The information provided in these materials is intended to be general and advisory in nature. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice. The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation. Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations contained herein are as of April 2026.

The Hartford Insurance Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford®, and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at www.thehartford.com.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with The Hartford. The editorial staff of Risk & Insurance had no role in its preparation.

The Hartford is a leader in property and casualty insurance, group benefits and mutual funds. With more than 200 years of expertise, The Hartford is widely recognized for its service excellence, sustainability practices, trust and integrity.

Fake Buffett, Real Reputation Risk: How Deepfakes Are Reshaping the Cyber Landscape