In November 2024, the Cybercrime Atlas launched an applied research group known as Cybercrime Atlas Research and Mapping. This began with a core group drawn from Banco Santander, Group-IB, Binance and OrangeCyberDefence. In the second half of 2025, this expanded to include Mastercard, Recorded Future, Lemon Cash, SpyCloud and Scitum, and applied research institutions like TNO Nederlands.As Cybercrime Atlas research builds out, the information collected will identify where criminals are most vulnerable to disruption by highlighting single points of failure – or “choke points” – in their activities.8 This can support cyberthreat mitigation by participating organizations and identify opportunities for collective disruption of cybercriminal activities in partnership with the public sector. Operational collaborationIncentives Organization and governance ResourcesFIGURE 8 Disrupting cybercrime networks collaboration framework Source World Economic Forum. (2025). Disrupting Cybercrime Networks: A Collaboration Framework . Cybercrime Atlas participants collaborate to build a shared understanding of cybercriminal networks using OSINT. This information then supports community members in creating friction across cybercriminal activities and supports action by public-sector agencies. Participants come from different regions, different types and sizes of organization, or both because of their individual expertise. This mix of skills, cultures and legal contexts requires a balance between strict governance of some areas of activity and significant flexibility in others, so that participants can continue to collaborate despite their differences. For example, the starting point for Cybercrime Atlas information is that it is open-source and shareable. Information only becomes sensitive as assessments of criminal activity are built around it. Because the underlying information is not sensitive, the Cybercrime Atlas was able to start research while relying on already- accepted standards for information classification, such as the TLP. This allowed the Cybercrime Atlas community to build rules around the needs and activities of the community as it developed. A strong emphasis was put on information security from the outset, but the reliance on OSINT allowed the community to avoid time-consuming deliberations over the legality of sharing information generated by the collaboration between participants. This allowed for speedy set-up and the development of standard operating procedures by the Cybercrime Atlas expert community itself.BOX 3 Governing the Cybercrime Atlas collaboration: balancing formal and informal structures Cybercrime Atlas Impact Report 2025 16