Cyber Threats 2021: A Year in Retrospect

What are the biggest threats to your business?

The PwC report “Cyber Threats 2021: A Year in Retrospect” shows that attack scenarios in the digital space are becoming more complex, better organised, and increasingly difficult to identify. PwC's Global Threat Intelligence team has identified several worrying trends based on extensive data sets from global projects, such as incident response cases, managed threat hunting services, or post-incident analysis of cyberattacks as well as many other sources.

Companies must prepare for the fact that cyber criminals are getting ever more organised. Of particular concern is the growing level of coordination, with many different attacker groups efficiently and professionally sharing their tools and skills.

Download the reports

The report’s key findings

In 2021, the cyber threats were truly global in nature. Many new threat actors made their debut, while existing ones became more targeted and sophisticated in their operations. The threats affected organisations across the globe in many ways, from ransomware attacks that brought down national critical infrastructure and food processing plants, to espionage actors operating in the Asia pacific regions, and the ever-growing threat of zero-day vulnerabilities. CEOs worldwide state that cyber risks are the biggest danger to businesses in 2022, and about half of the CEOs surveyed in “PwC’s Global CEO Survey 2022” name cyberattacks the leading threat to growth.

The top five cyber threat trends we observed in 2021 and which we believe are important to watch out for in 2022 and beyond are:

Ransomware attacks continued to be the biggest threat to corporate cybersecurity in 2021 – across all regions and industries. The number of reported ransomware attacks, in which criminals attempt to extort companies, increased from 1,300 in 2020 to 2,435 in 2021. This rise is due to a growing number of threat actors, fuelled by the rise of Ransomware-as-a-Service (RaaS) arrangements and affiliated schemes, lowered barriers to entry, as well as the pace and frequency of publicly reported attacks: more organisations paid ransom demands, which boosted the ransomware economy.

Compared to past years, many more zero-day vulnerabilities (a vulnerability in a system or device that has been disclosed but is not yet patched) were detected in 2021. Most importantly, these zero-day vulnerabilities were often used by threat actors to harm other organisations or were interlinked with activities of digital quartermasters and surveillance activities against civilian targets.

Our Global Threat Intelligence team also discovered more evidence on the existence of so-called "quartermasters" last year. Digital quartermasters are organisations that equip specific attacker groups with the necessary tools such as malware for complex cyberattacks. Quartermasters have been traditionally associated with providing technology to military units. But in 2021, we noted an increasing number of commercial quartermasters, i.e., companies selling offensive security capabilities such as spyware, zero-day exploits, and related features to more customers in numerous countries.

Supply chain attacks were not a new trend in 2021, but they continued to be a staple in the modus operandi of sophisticated threat actors. Attacks in this field often target third parties, mask backdoors with legitimate digital certificates, route malicious traffic through trusted organisations, and use established organisations to spread malware. Notably, such attacks are often taking place via small- and medium-sized third-party organisations which sometimes do not apply the same security standards as larger enterprises.

With the growing proliferation of powerful digital espionage tools, in 2021, a rising number of state-sponsored threat actors performed espionage and intrusion activities on civilian targets. In this context, the surveillance of minorities, civil right activists, dissidents, politicians, and journalists poses a significant threat to society. Such surveillance activities mostly target specific individuals, but the companies and organisations associated with these people – for instance NGOs or social movements – are often also targeted by the attack groups, not least because in some cases they provide access to the victim.

“Cybercriminals are stepping up their activities and have the will, motivation, technology, and tools to inflict damage on a large scale. Businesses must therefore increase their efforts to prepare for and protect their operations against attacks.”

Johannes DohrenCyber Threat Intelligence Lead, PwC Switzerland

Download the reports

Year in Retrospect Report

In our annual Year in Retrospect Report, we present our latest findings to help you understand the motivations of attackers and cyber threats affecting your business.

Download the main report

Technical Annex Report

This technical annex complements our “Cyber Threats 2021: A Year in Retrospect Report”, which analyses the overall and thematic cyber threat trends for 2021.

Download the technical annex

Our threat intelligence services

Our threat intelligence services cater for organisations at various stages of maturity – whether they are developing an in house threat intelligence function, supplementing their existing function with threat data feeds or outsourcing the entire collection, analysis and distribution of threat intelligence.

How we can assist your organisation