76% of UK organizations have faced deepfake attacks. Most weren’t ready

Three-quarters of UK organizations have already been targeted by deepfake attacks, according to research. Not as a theoretical risk. Not as a tabletop exercise. As actual incidents — personalized phishing emails enhanced with AI-generated content, fraudulent voice and video designed to bypass human judgment.

According to recent industry research, only 40% feel very prepared to defend against the next one.

Further, that pattern holds across every category of threat, not just deepfakes. Ransomware, compromised credentials, software vulnerabilities — perceived risk keeps climbing while preparedness falls further behind.

For ransomware specifically, 63% of security professionals now rate it a high or critical threat for 2026, while just 30% say they're very prepared. The spread between perceived threat and preparedness is growing. It’s getting worse.

Clearly, something is going wrong. And it isn’t a small issue (in scale or in implications).

AI is compressing timelines

AI is compressing timelines When threat actors get hold of a security patch, AI tools let them reverse-engineer what vulnerability it fixed — and build a working exploit — in roughly 72 hours. That figure comes from what we're observing in practice, not from a lab.

It’s still the norm for organizations to run patch deployment processes built around weekly or monthly cycles. Test in dev. Schedule a maintenance window. Coordinate with business units. By the time a patch reaches production, the exploit may already be circulating.

The India AI Impact Summit in February brought 91 countries together to discuss governance frameworks — guardrails, accountability, responsible deployment. All of these are important conversations.

But while policymakers work through principles, attackers are already using AI operationally: automating phishing campaigns, generating convincing synthetic content and probing for weaknesses faster than any human team can manually track.

More bad news on the threat/preparedness front: 48% of security professionals classify synthetic digital content as a high or critical industry threat. Only 27% say they're very prepared to deal with it — a 21-point readiness shortfall on a threat that's already active.

Stressed teams can’t outpace machine-speed attacks

The threat/preparedness gap isn’t due to apathy. One in four organizations reports a critical shortage of IT talent and skills. Among security professionals specifically, 43% report high levels of job-related stress, and 79% say that stress affects their physical and mental health.

These numbers have a direct operational impact. Manual triage, manual coordination, manual patching — every handoff adds delay, and every delay gives attackers more room. Asking already-stretched teams to simply work faster won't close that margin.

The volume and velocity of AI-driven threats have outgrown what manual processes can absorb.

Automation has to carry more of the load

65% of IT professionals predict AI and automation will improve overall IT service quality, and 86% say AI-powered technology is key to making IT organizations more efficient. The way I see it, the confidence is there. But adoption is lagging behind it.

There are a few commonalities I can see among organizations that seem to have figured things out. They've invested in automated deployment pipelines that compress patch timelines from weeks to days.

They've layered their defenses so systems waiting for patches aren't sitting exposed. And their leadership treats cybersecurity as an operational priority. For context, if cybersecurity pretty much only surfaces during quarterly compliance reviews, that’s not an operational priority.

Research supports the successful patterns among those organizations. Within most mature organizations — those with advanced cybersecurity programs — 77% say they're very confident their team could prevent or stop a damaging security incident.

That kind of confidence comes from sustained investment in automation, exposure management and skills development. (As opposed to working harder within the same broken processes.)

How to put this into action

I don’t want to rant about the problem and end things there. There are practical things that can be managed to improve an organization's defenses, and they don’t all involve dramatic changes. For starters:

• Measure the time between when a critical patch drops and when it's fully deployed across your environment. If that number is measured in weeks, your process needs work. Attackers can weaponize a patch in roughly 72 hours. If your deployment timeline is measured in weeks, the maths isn’t working in your favor.
• Automate where you can. Ring deployment — phased rollouts that validate patches in low-risk environments before pushing to production — compresses timelines without gambling on stability.
• Invest in your people. The talent shortage is real, but upskilling existing staff on AI-driven security tools closes the skills deficit faster than waiting for the hiring market to catch up.

Overall, treat preparedness as something measurable, not a gut feeling. Track it. Report it. Act on it.

We've featured the best secure email provider.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit