Cyber Threats 2021: A Year in Retrospect

Monitoring risks to stay ahead of the curve

Over the past 12 months, global cyber threats like ransomware, 0-day vulnerabilities, and operations furnished by digital quartermasters continued to rise. These threats increasingly put organisations around the world at risk — financially, logistically, and intellectually — but, at the same time, organisations have more opportunities to build solutions that can help them thwart such threats and lessen their severity.

By building robust cybersecurity strategies with the incorporation of threat intelligence, companies today can build the capabilities they need to detect or prevent most attacks — and stay resilient in the face of something unexpected. With that in mind, every year, our global threat intelligence team tracks and reports on the strategic and technical aspects of the most pressing cyber threats, spanning geographies and sectors. The result is what you’ll find here: PwC’s comprehensive, well-researched, and highly insightful annual report on the cyber threat landscape.

Key findings

Our analysis in this report is based on intelligence gleaned from PwC’s incident response engagements and our managed security operations services around the world. It’s founded on our in-house intelligence expertise on cyber attacks and targeting from a wide variety of threat actors. Our reach gives us unparalleled understanding of the global threat landscape, including the cybercrime economy. Our research delves into the motivations and techniques of major threat actors globally, who seek to steal intellectual property, disrupt critical infrastructure, commit financial crime as well as obtain access to government networks.

At PwC, we work as a community of solvers, bringing together our people, capabilities, and technology to support our clients in building trust and delivering outcomes for their businesses. Here are the five key cyber threat trends we observed in 2021, and the ones we believe are worth paying attention to in 2022 and beyond.

In 2021, many more zero-day vulnerabilities were disclosed when compared to past years. And, more notably these zero-day vulnerabilities were quickly weaponized by threat actors, often to compromise other organisations. The abuse of zero-day exploits was also interlinked with other observations: the impact of digital quartermasters and surveillance activity against civilian targets.

Based on our in-house monitoring and analysis, the most prominent cybersecurity threat we saw facing organisations in 2021, across geographies and sectors, continued to be ransomware — powered by the prominence of ransomware as a service (RaaS), affiliate schemes, and malware delivery systems (like TrickBot, IcedID, and QakBot). The majority of incidents were financially motivated; the number of victims almost doubled; and double extortion (i.e., the leaking of stolen data, or the threat to do so), became standard procedure, adding privacy, regulatory, and reputational risks to the crisis of business disruption caused by data encryption.

While supply chain attacks weren’t a new trend in 2021, they continued to be an integral part of how sophisticated threat actors operate. The threats in this area often target third parties, masking backdoors with legitimate digital certificates, directing malicious traffic through trusted companies, and using established organisations to spread malware. 

Digital quartermasters, or groups that supply malicious tools like malware to other groups, have been traditionally associated with providing technology to military units. But in 2021, we also saw more “commercial quartermasters,” or companies selling offensive security capabilities such as spyware, 0-day exploits, and related capabilities to more customers based in numerous countries.

A rising number of state-sponsored threat actors performed espionage and intrusion activities of civilian targets in 2021. Most concerning, they increasingly targeted vulnerable groups including minorities, civil right activists, dissidents, politicians, and journalists, often through NGOs, social movements, and faith-based organisations, posing a significant threat to achieving a secure digital society for all.

Download the reports

Year in retrospect report

Year in Retrospect Report

In our annual Year in Retrospect Report, we bring you our latest insights to help you understand the motivations of attackers and cyber threats impacting your organisation.

Download the main report

Technical annex report

Technical Annex Report

This Technical Annex supplements our Cyber Threats 2021: A Year in Retrospect report, which examines the overarching and thematic cyber threat trends from 2021.

Download the technical annex

Our services

Our threat intelligence services cater for organisations at various stages of maturity – whether they are developing an in house threat intelligence function, supplementing their existing function with threat data feeds or outsourcing the entire collection, analysis and distribution of threat intelligence.

For more information on how we can assist your organisation please click here.

Cybersecurity threat intelligence services

Contact us

Umang Handa

Umang Handa

Partner, National Cybersecurity Managed Services Leader, PwC Canada

Tel: +1 416 815 5208

Cristina Onosé

Cristina Onosé

Lead, Privacy Advocacy and Thought Leadership, PwC Canada

Tel: +1 416 687 8104

Kris McConkey

Kris McConkey

Global Threat Intelligence Lead Partner, PwC United Kingdom

Tel: +44 (0)7725 707360

Rachel Mullan

Rachel Mullan

Global Threat Intelligence Lead, PwC United Kingdom

Sveva Vittoria Scenarelli

Sveva Vittoria Scenarelli

Cyber Threat Intelligence Senior Analyst, PwC United Kingdom

Jason Smart

Jason Smart

Global Threat Intelligence Lead, PwC Australia

Tel: +44 (0)7718 979 308

Allison  Wikoff

Allison Wikoff

Global Threat Intelligence Lead, PwC United States

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Kris  McConkey

Kris McConkey

Cyber Threat Operations Lead Partner, PwC United Kingdom

Tel: +44 (0)7725 707360