At the World Economic Forum Annual Meeting 2026, leaders from government, industry, and civil society converged on the growing consensus that cybercrime has evolved into a sophisticated, profitable, and highly adaptive global economy. Addressing it requires more than incremental defensive improvements. It demands structural change.
That challenge was the focus of Fortinet’s accredited session at the forum’s annual meeting in Davos last week. The session, “Incentivizing the Disruption of Cybercrime,” brought together public- and private-sector leaders to examine how collaboration, incentives, and accountability can be operationalized to shift the economics of cybercrime. The discussion built directly on broader Davos themes explored in Fortinet’s earlier blogs, moving from systemic framing to practical execution.
Panelists
The session brought together leaders from government, industry, and civil society, including:
- Michael Daniel, President and CEO, Cyber Threat Alliance (session moderator)
- Derek Manky, Chief Security Strategist and Global Vice President, Threat Intelligence, Fortinet
- Edvardas Šileris, Head of the European Cybercrime Centre (EC3), Europol
- Hayley van Loon, CEO, Crime Stoppers International
This panel reflected the cross-sector collaboration required to disrupt the cybercrime economy at scale, spanning law enforcement, threat intelligence, policy, and community-driven reporting.
Why Incentives Matter in Cybercrime Disruption
A central theme of the panel was the recognition that cybercrime operates as a business. Attackers collaborate efficiently, specialize in roles, and exploit economic asymmetries that keep risk low and reward high. As Michael Daniel observed, “Cybercrime isn’t a collection of lone actors anymore; it’s a functioning economic ecosystem. And like any system, it responds to incentives.”
Panelists emphasized that defenders have historically been challenged in matching the efficiency of the cybercriminals. Intelligence sharing is often voluntary, fragmented, or slowed by legal and reputational concerns. The result is a persistent imbalance between the speed of attackers and the ability of defenders to respond collectively.
The panel reinforced a core conclusion emerging from Davos: Incentives shape outcomes. Cybercriminals understand this well. Defenders must do the same. Shifting the economics of cybercrime requires incentive structures that encourage participation, reward contribution, and sustain collaboration over time.
From Voluntary Cooperation to Structured Collaboration
Panelists agreed that collaboration is already delivering results. Public-private partnerships, cross-border task forces, and shared analytical platforms have enabled arrests, infrastructure takedowns, and improved visibility into cybercriminal networks.
The discussion also surfaced a critical limitation: Many collaborative initiatives still rely on goodwill rather than a durable structure. Without sustained incentives or clear pathways from intelligence to action, participation remains uneven and difficult to scale. As Derek Manky emphasized, “As long as cybercriminals operate with low risk and high reward, we’ll continue to see the same imbalance. The goal is to change that equation by making collaboration easier for defenders and more costly for attackers.”
This is where Fortinet’s long-standing role in public-private collaboration becomes essential. As a founding member of the World Economic Forum’s Centre for Cybersecurity and an active contributor to initiatives such as the Partnership Against Cybercrime and the Cybercrime Atlas, Fortinet helps bridge operational gaps between industry insight and law enforcement action.
Community Intelligence as a Force Multiplier
Another focal point of the session was the role of community intelligence in disrupting cybercrime. Panelists noted that community participation can be a powerful force multiplier, but only when supported by trust, structure, accountability, and anonymity. Hayley van Loon explained: “What consistently motivates people to report isn’t financial reward; it’s protection. Anonymity creates the trust that makes participation possible.”
Effective models require trusted, anonymous reporting mechanisms that protect individuals from retaliation or exposure; expert validation and analysis to transform raw tips into credible, actionable intelligence; and strong law enforcement partnerships to ensure intelligence leads to investigation and disruption.
These principles closely align with insights from Davos, where leaders emphasized that communities can no longer remain passive beneficiaries of protection. In the digital age, resilience depends on active participation across society.
The Cybercrime Bounty: Turning Insight into Action
Cybercrime continues to expose the limits of fragmented legal systems. While attackers move easily across borders, law enforcement agencies must operate within jurisdictional and legal constraints that slow disruption. Brute-force enforcement alone cannot keep pace.
Edvardas Šileris noted that, “Cybercrime doesn’t respect borders, and our response can’t be limited by them either. Effective disruption depends on shared intelligence and cooperation that moves faster than the criminals do.” The discussion reinforced that smarter coordination through trusted partnerships and faster intelligence sharingis essential to counter globally distributed cybercriminal networks.
One of the most concrete examples discussed during the panel was the Cybercrime Bounty program, launched by Fortinet in partnership with Crime Stoppers International (CSI). Drawing on decades of experience in anonymous crime reporting, the initiative applies proven incentive models to cybercrime disruption, combining CSI’s trusted global network with Fortinet’s world-class threat intelligence expertise to deliver a practical, scalable solution that deters and disrupts cybercrime and empowers communities worldwide to safely and anonymously report cybercriminal activity.
Panelists highlighted how the Cybercrime Bounty program enables individuals, researchers, and organizations to report cybercriminal activity safely and anonymously. That information is validated by experts and shared with law enforcement partners to support investigations and takedowns.
Notably, the discussion emphasized speed. Attackers no longer need deep technical backgrounds to succeed. Because AI, automation, and a mature cybercrime supply chain will intrude faster and easier than ever, cybercriminals will spend less time inventing new tools and more time refining and automating techniques that already work. AI systems will manage reconnaissance, accelerate intrusion, parse stolen data, and generate ransom negotiations. At the same time, autonomous cybercrime agents on the dark web will begin executing entire attack stages with minimal human oversight.
In a recent tabletop exercise, Fortinet observed how quickly AI-assisted reconnaissance and exploitation can unfold. While defenders are working to incorporate AI into their workflows, doing so responsibly requires testing, governance, and clear operational controls. Attackers operate without these constraints.
These shifts will exponentially expand attacker capacity. A ransomware affiliate that once managed a handful of campaigns will soon be able to launch dozens in parallel. And the time between intrusion and impact will shrink from days to minutes, making speed a defining risk factor.
Intelligence loses value when it cannot move quickly from observation to action. Incentive-driven reporting, combined with trusted validation and established law enforcement relationships, helps close that gap and increases the likelihood that cybercriminal activity results in consequences.
Mapping the Ecosystem: The Role of the Cybercrime Atlas
Beyond individual reporting, panelists also discussed the importance of understanding cybercrime as a networked ecosystem. The World Economic Forum’s Cybercrime Atlas plays a critical role by mapping criminal infrastructure, relationships, and operational patterns across borders.
Fortinet’s contributions to the atlas help translate large-scale threat intelligence into shared insight that informs coordinated disruption efforts. By visualizing how cybercriminal networks operate, defenders gain a clearer picture of where interventions can have the greatest systemic impact.
This ecosystem-level visibility reinforces a key takeaway from the session: Disruption at scale requires shared context, not isolated data points.
Key Panel Takeaways
Across the discussion and Q&A, several points of alignment emerged:
- Cybercrime is an economic system, not a collection of isolated incidents.
- Voluntary collaboration is no longer sufficient at global scale.
- Incentives must be designed into defensive ecosystems, not added later.
- Community participation is essential, but only when supported by trust and accountability.
- Public-private partnerships are most effective when intelligence flows quickly to action.
These takeaways reinforce the critical shift needed from conceptual agreements to operational execution.
From Davos Dialogue to Durable Impact
The Fortinet session underscored a broader message from the forum’s annual meeting: Cybercrime is now a leadership and governance challenge as much as a technical one. Addressing it requires coordinated action that aligns incentives, mobilizes communities, and strengthens accountability across borders.
Public-private partnerships, community intelligence, and initiatives such as the Cybercrime Bounty program and the Cybercrime Atlas represent practical steps toward that goal. They are not standalone solutions, but together they help rebalance the economics of cybercrime by raising costs and increasing risk for attackers.
As Derek Manky noted, “This isn’t about awareness anymore. It’s about execution, building collaboration that lasts and incentives that actually change behavior.” Discussions in Davos made clear that progress now depends on sustained collaboration beyond the forum itself. Cybercrime may be borderless, but so is the opportunity to dismantle the systems that enable it, if we are willing to build collaboration that endures.
