Cyber Threats 2019: A Year in Retrospect

Every year the PwC Global Threat Intelligence team tracks and reports on hundreds of cyber attacks targeting a range of sectors and regions.

In 2019, the cyber threat landscape became increasingly complex due to the proliferation of financially motivated cyber activity, intelligence operations navigating the currents of powerful interests and international politics, and information operations attempting to manipulate the news agenda.

Key Findings


We witnessed a convergence of the physical and cyber domains. Mirroring this association in phishing campaigns in particular, threat actors often delivered timely and relevant malicious lure documents to victims in order to infect them. PwC observed tit-for-tat operations on the side of longer-term intelligence collection efforts, threat actors’ overlapping interests turned into cases of fourth-party collection, as well as an increased focus on surveillance by espionage-motivated threat actors.

Supply Chain attacks

Since 2017, we have seen an uptick in sophisticated threat actors targeting third parties. Threat actors mask backdoors with legitimate digital certificates, direct malicious traffic through trusted companies, and use established organisations to spread malware. In 2019 we observed a continuation of this trend.

Threats to mobile

One of the defining trends of 2019 was the growing number of threat actors that turned to mobile malware and trojanised mobile applications. There were numerous threat actors active in this space, and in many cases mobile malware was used to target specific demographics, groups, or even individuals.

Cyber crime

Cyber criminal activity continued to be an extremely significant threat to commercial organisations and enterprises. The cyber criminal market effectively consolidated around large, established players who were behind some of the largest cyber criminal operations.

Our services

Our threat intelligence services cater for organisations at various stages of maturity – whether they are developing an in house threat intelligence function, supplementing their existing function with threat data feeds or outsourcing the entire collection, analysis and distribution of threat intelligence.

Subscription services

Subscription services which inform defences and aid responses to attacks.

Threat intelligence reporting:

  • Technical reporting on new targeted attack campaigns.
  • Strategic reporting on a regional, sector and threat actor basis.

Threat intelligence data:

  • High confidence feed of single value indicators. Associated with targeted attacks.
  • Contextualised with relationships to threat actors, reports and other indicators.
  • Accurate network IDS and disk detection signatures.
  • Formats supported include Suricata, OpenIOC and YARA.

Directed research and assessments

Retained access to PwC threat analysts for ad hoc requests. Directed research allows you access to strategic and tactical threat intelligence that can inform enterprise level decision making and strategic business objectives, tailored to best fit your needs. We perform a wide range of both proactive and reactive research; dedicated threat analysis for bespoke research into the threats affecting you:

  • Bespoke research – reporting on threat actors, campaigns, malware or malicious indicators of interest.
  • Ad hoc analysis – e.g. malware and spear phishing email analysis, including IDS and host based signature development.
  • Analysis support – when required, we can provide second and third line intelligence support to assist with complex triage and incident response investigations.

Consulting services

Services which enhance your ability to consume, apply or produce intelligence.

  • Maturity assessment – analysis of current threat intelligence capability, measured against best practice and standards.
  • Threat intelligence programme development – our team has years of experience in developing intelligence capabilities. We offer services which can assist you in the creation or enhancement of your own threat intelligence capability, by combining our technical expertise with practical and actionable business strategy.
  • Threat modelling – mapping relevant threat actor intent and capability to IT environments.

Contact us

Kris  McConkey

Kris McConkey

Cyber Threat Operations Lead Partner, PwC United Kingdom

Tel: +44 (0)7725 707360

Follow us