Hybrid Warfare, Disinformation: Underestimated Cyber Threat

2 min read

Deepfakes, AI-generated disinformation, and targeted reputational attacks: by 2026, hybrid threats will blur the lines between cyberattacks, information warfare, and economic crime. Why every company is at risk and what CISOs can do about it.

Disinformation as an attack vector

The notion that disinformation is only a problem for governments and elections is dangerously wrong. In 2025 and 2026 a clear trend emerges: targeted disinformation campaigns against companies are on the rise – either as a standalone attack vector or as a complement to traditional cyberattacks.

Real-world scenarios include: a deepfake video of the CEO announcing a profit warning; AI-generated whistle-blower reports of alleged data breaches circulating on social media; fake reviews and testimonials that erode trust in a product.

“Hybrid threats blur the line between war and peace. Companies must understand they are already part of the battlefield.”ENISA Threat Landscape, 2024

The anatomy of hybrid attacks

Hybrid warfare stitches together multiple attack methods into a coordinated campaign:

1. Phase 1 – Reconnaissance: social-media profiles of senior executives are analysed, voice samples and video footage are harvested, and weaknesses in corporate communications are identified
2. Phase 2 – Preparation: deepfakes are produced, fake accounts are seeded on relevant forums and LinkedIn, and compromised or fabricated insider information is obtained
3. Phase 3 – Attack: a technical cyber incident (e.g., ransomware) and a disinformation campaign are launched simultaneously. While the IT team tackles the technical breach, the reputational crisis escalates in the media
4. Phase 4 – Amplification: AI-driven bot networks spread the disinformation, and algorithmic amplification on social platforms drives reach

Fact: According to Europol, the number of AI-generated deepfake videos rose by 550 percent year-on-year in 2025.

Why traditional security measures fall short

Traditional IT security protects systems and data – not reputation and trust. Firewalls, EDR, and SIEM do nothing against a viral deepfake tweet. Most companies remain exposed to the reputational security gap.

The challenge: defending against disinformation requires collaboration across IT security, corporate communications, legal, and executive leadership. Few organisations have established processes for this.

Deepfakes: Quality Becomes the Problem

The technical quality of deepfakes reached a point in 2025/2026 where they are barely distinguishable to the human eye. Real-time deepfakes in video conferences—CEO Fraud 2.0—have been documented:

• A financial services provider in Hong Kong lost the equivalent of €25 million in 2024 after fraudsters used a deepfake video call to impersonate the CFO
• In Germany, multiple cases emerged in 2025 where deepfake voices of managing directors were used to authorize fraudulent transfers
• Current detection tools achieve a 70 to 85 percent success rate—too low for reliable automated protection

Fact: According to the FBI, the average damage caused by deepfake-enabled CEO fraud in 2025 was €4.7 million per incident.

Countermeasures for Businesses

Six concrete steps every company should implement:

1. Deepfake Awareness Training: Train employees in key roles (finance, executive assistants) to recognize deepfake risks
2. Verification Protocols: Introduce multi-channel verification for critical decisions (transfers, personnel matters, press releases)—never act on a video call or voice message alone
3. Media Monitoring: Automated monitoring of social media, news portals, and dark-web forums for brand mentions and potential disinformation campaigns
4. Content Authenticity: Implement C2PA standards (Coalition for Content Provenance and Authenticity) for official corporate communications
5. Crisis Communication Plan: Pre-prepared statements and processes for disinformation attacks—response time is critical
6. Cross-functional Incident Response: Expand the IR team to include communications and legal, with specific playbooks for hybrid attacks

Conclusion

Hybrid threats blur the lines between cyberattacks, information warfare, and economic crime. For CISOs, this means expanding their scope of responsibility: alongside systems and data, reputation and trust must also be protected. Those who dismiss disinformation as “not my problem” become easy targets.

Key Facts

Phishing Volume: More than 3.4 billion phishing e-mails are sent worldwide every day.

Detection Rate: Only 3 percent of employees report suspicious e-mails to the IT department.

Frequently Asked Questions

How do I spot a deepfake in a video conference?

Watch for subtle artifacts: unnatural lip-sync, odd lighting shifts, missing micro-expressions, and lag during rapid head movements. Detection is less important than prevention: establish verification protocols for critical decisions—call back on a known number or confirm via a separate channel.

Are hybrid attacks only a risk for large enterprises?

No. Midsize companies are especially vulnerable because they often lack dedicated communications teams that can respond quickly to disinformation. They are also targeted as suppliers or partners to indirectly harm larger firms.

What role does AI play in countering disinformation?

AI-powered tools can automate social-media monitoring, detect bot networks, and flag deepfakes with 70 to 85 percent accuracy. However, the technology is not yet reliable enough for fully automated defense. The most effective approach today combines AI monitoring with human review.

Editor’s Reading Picks

• Cyber Warfare 2026: When States Arm Themselves Digitally
• OT Security 2026: 119 Ransomware Groups Target Industrial Facilities

Source for header image: Hartono Creative Studio / Pexels

Print article

About the author: Tobias Massow

More articles by Tobias Massow

Also available in

FrançaisEspañolDeutsch

Read article

KI