Collaboration and incentives can shift the economics of cybercrime. Here's how

Cybercrime is a fast-growing and costly threat, affecting citizens, businesses and governments worldwide. Cybercrime damages are estimated to be significant – up to several trillion dollars annually with projections suggesting this could double in just a couple of years.

Cybercrime activity has evolved into a borderless, efficient economy where criminal collaboration often outpaces the structures built to defend against it. Artificial intelligence (AI) is also lowering barriers to entry and enabling attackers to tailor campaigns at high speed and scale.

Traditional reactive approaches struggle to keep up. The global community – public, private and civic – now faces a critical question: how do we create systemic deterrence in a landscape where adversaries can innovate faster than institutions can respond?

This is not simply a technical problem. One promising answer is emerging: strengthen collaboration and build new incentive models that mobilize a broader segment of society to safely disrupt cybercrime at scale. Community intelligence, public-private partnerships and incentivized reporting can help shift the economics of cybercrime away from the attackers.

Today’s cybercriminals operate through ransomware collectives, “Cybercrime-as-a-Service” markets, and professionalized “enterprises” that give them low risk, high rewards and global reach. These syndicates span roles such as reconnaissance, initial access brokerage, laundering and the development of tailored malware.

Defenders, by contrast, often rely on voluntary cooperation, limited intelligence sharing and national legal frameworks that do not align neatly with a borderless digital system. At the same time, law enforcement faces jurisdictional constraints, private-sector organizations cannot always share attribution data and many potential partners lack the resources to fully participate.

The result is a widening gap between the economics of cybercrime and the global community’s ability to disrupt it.

Despite this, recent events have demonstrated important progress. Multistakeholder coalitions have shown that coordinated efforts can map and dismantle criminal infrastructure more effectively than any actor working alone. Public-private task forces, cross-border operations and shared analytical platforms are yielding arrests, infrastructure takedowns and better visibility into cybercriminal networks.

These successes show that while cybercrime cannot be countered by any single institution or sector, effective disruption is possible through shared intelligence, common frameworks and aligned public and private resources.

A leading example of such an effort is the World Economic Forum’s Cybercrime Atlas, a community of cyber defenders creating new insights into the cybercriminal landscape, mapping cybercriminal networks to support the systematic disruption of cybercriminal activities and shaping the online environment by creating evidence-based recommendations to make it safer.

However, many collaborative initiatives still depend on voluntary participation and lack clear, sustained incentives for organizations or individuals to continue to contribute over time. The challenge now is not simply launching partnerships, but ensuring that they are resourced, scalable and built for long-term impact.

Across sectors, incentive structures can consistently shape behaviour. Cybercriminals understand this well. Their economic models depend on a steady pipeline of recruits, the promise of quick profits and the perception that the risk of consequences is low.

Defenders, however, have historically underused incentive mechanisms. Reporting channels are often slow, inaccessible or limited to specialized communities. Citizens and ethical hackers are unsure how to share information safely and organizations under pressure can deprioritize intelligence sharing even when they recognize its value.

Fortunately, a new class of incentive-based collaborative models is emerging to address this gap. These approaches seek to empower individuals and communities to safely report suspicious activity, create scalable channels to direct validated intelligence to law enforcement, strengthen deterrence by increasing the likelihood that cybercriminal activity results in consequences and sustain participation by aligning incentives with long-term resilience.

One example is the development of cybercrime bounty programmes that allow citizens, researchers, and organizations to submit information on cybercriminal activity safely and anonymously. When coupled with expert validation and cooperation with law enforcement, such bounties can help turn isolated observations into coordinated disruption and send a signal that malicious actions are more likely to carry consequences.

Community reporting has long played a role in preventing physical crime. Adapting this approach to cybercrime opens new possibilities. When paired with expert analysis and structured investigative channels, community-led intelligence can become an engine for resilience.

However, the success of such models rests on three elements. Firstly, we need trusted, anonymous reporting mechanisms so that people can come forward without fear of retaliation, legal uncertainty or exposure. Secondly, expert analysis needs to transform and validate raw tips into actionable intelligence, with human expertise supported by automation and AI. Finally, strong partnerships with law enforcement must be in place so that validated intelligence leads to investigations, arrests and prosecutions, including across borders.

This model reflects a broader trend in global security: communities can no longer afford to be passive beneficiaries of protection but must be active participants in collective defence.

Cybercrime has become a global public-policy and economic challenge as much as a technical one. The lesson emerging from international dialogues is clear: collaboration must evolve from voluntary cooperation into structured, scalable systems capable of creating real deterrence to further hold cybercriminals accountable for their actions.

Incentivized reporting, combined with public-private intelligence partnerships and community engagement, represents a promising next stage. Such models can help rebalance the asymmetry between attackers and defenders by increasing the operational costs and risks for cybercriminals. To succeed, however, they need to be inclusive, transparent, evidence-driven and complementary to existing legal frameworks and international processes.

As cybercrime continues to evolve, so must our collective response. The future of cyber-resilience will depend on our willingness to take advantage of technical innovation and human networks, community insight and incentives that mobilize society at scale.

Cybercrime may be borderless, but so too is our capacity to create a more resilient and accountable digital environment. Incentivized, community-driven collaboration offers a concrete way to begin shifting the economics of cybercrime in favor of the defenders.