Cybercriminals share and sell information freely, while cyber defenders face the challenge of gathering data scattered across organizations and jurisdictions. Additionally, factors such as commercial sensitivity, protection of privacy and other legal requirements can make it difficult for cyber defenders to share information, limiting efforts to create friction for cybercriminals. The Cybercrime Atlas’s decision to rely on OSINT alleviates several of these challenges:• Reduces data-sharing and privacy concerns • Includes many rich data sources • Facilitates collaboration between experts in different countries • Allows the Cybercrime Atlas community to tap into a diverse group of experts, helping to build a more complete understanding of cyberthreats and criminal activities How does the Cybercrime Atlas work? The true value of the Cybercrime Atlas lies not only in collaboration, but in the diversity of perspectives it brings together. Industry, law enforcement and academia each contribute unique insights to the challenge. By fostering cross-border, cross-sector public-private collaboration, we can turn fragmented knowledge into actionable intelligence, disrupt cybercrime more effectively and strengthen the collective resilience needed to protect society as a whole. Hazel Diez Castaño Chief Information Security Officer, Santander Mapping cybercrime with OSINT Foundational research Deep diveStage 01 Stage 02 Stage 03 Attribution and disruption prospects Link analysisWhy start with OSINT? Alleviates data sharing and privacy concernsRich data sources No access restrictionsCrosses borders Free to access Stage 04FIGURE 6 Atlas research: start with open source intelligence (OSINT) Cybercrime Atlas Impact Report 2025 14