Dave Burg
Global Head of Cyber Risk
Washington DC
Insider Threat Investigations
Do you suspect insider threats acting within your organisation? Investigate cases of employee and third-party misconduct confidentially, including malicious and negligent digital activities.
Talk to a Kroll ExpertCyber incidents involving insider threats include negligent or malicious employee and third-party misconduct resulting in data leaks, intellectual property theft, fraud and more.
On suspicion of such activity, organisations require highly skilled digital forensics and corporate investigation experts to investigate the incident thoroughly and confidentially, giving decision-makers the evidence they need to appropriately address the situation.
Kroll insider threat investigators include members from various law enforcement and digital forensic backgrounds with a diverse range of experience in conducting insider threat investigations—including carrying out search-and-seizure Anton Piller orders on client and third-party premises, as may be required.
Do you suspect insider threats acting within your organisation? Kroll can help now.
Kroll Benefits
Local, Cross-Disciplinary Investigative Expertise
Kroll’s insider threat investigators combine world-class computer forensic expertise with traditional investigative methodology, including on-site interviews and surveillance, to retrace the behaviour of people who may have had access to protected or proprietary data.
Covert and Confidential Investigations
Insider investigations are often sensitive. Kroll’s investigators bring many years’ experience in conducting covert computer forensic investigations on digital devices, ensuring innocent suspects do not feel targeted and guilty suspects have no opportunity to cover their tracks.
Expert Testimony and Reporting
Where necessary, our investigators can provide additional support and reporting as expert witnesses in legal proceedings. Many of our team bring considerable expert testimony experience in presenting findings to judges, juries and arbitrators, with many having served as special masters at the court’s appointment.
Common Insider Threat Investigations
Data Leaks and Email Tracing
Misdirected emails, misconfigured databases, credential leaks and more can lead to the disclosure or exfiltration of your organisation’s most sensitive data—including that of your employees and customers. Kroll’s digital forensics investigators can follow the digital trails to determine the scope and source of the leak, including those responsible, both negligent and malicious.
Fraud, Corruption and Bribery Investigations
Many jurisdictions strictly legislate against bribery and corruption, including actions taken to improperly influence the actions of another party or the abuse of public or private office for personal gain. An allegation or suspicion of such activity must be investigated independently. Kroll’s insider threat investigators have experience handling many such investigations, delivering comprehensive, unbiased and confidential reports.
Intellectual Property Theft Investigations
Whether pursuing targeted attempts at corporate and industrial espionage or data exfiltration by a departing employee, malicious actors often steal proprietary information for their own use or sale to competitors. Our experts gather evidence from employee devices, servers and cloud storage to identify what intellectual property may have been stolen, how and by whom.
Insider Trading Investigations
Issues regarding insider trading can be difficult to detect, and regulated industries require independent investigations. Our digital forensics experts investigate digital communications and devices to verify the existence of such activity and identify guilty
Talk to a Cyber Expert
Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.
Connect With Us
Incident Response Plan Development
Today, you learn your company is experiencing a serious cyber incident. It could be a ransomware attack, a hacked O365 email account, the theft of PII or PHI, data exposure from misconfigured network settings. What is the first step you should take?
Incident Response Tabletop Exercises
Kroll’s field-proven incident response tabletop exercises provide a customised test of every aspect of an organisation’s cyber response plan.
Optimised Third-Party Cyber Risk Management Programmes
Manage risk, not spreadsheets. Identify and address cyber threats in third-party relationships to ensure compliance with regulations such as NYDFS, FARS, GDPR, etc.
FAST Attack Simulation
Safely perform attacks on your production environment to test your security technology and processes.
Virtual CISO (vCISO) Advisory Services
Kroll’s Virtual CISO (vCISO) services help an organisation’s executives and data security teams safeguard information assets while providing augmented cyber expertise to support and secure business operations, reduce risk, and signal to stakeholders a commitment to data security.
The Rapid Evolution of CLEARFAKE Delivery
Threat Intelligence
The Rapid Evolution of CLEARFAKE Delivery
April 29, 2025
by Ryan Hicks
Restructuring
Beyond Financial Re-Engineering: An Alternative Mindset
April 23, 2025
by Mihir Bhatt, Christian Jarjour
Transfer Pricing
Transfer Pricing Considerations in an Uncertain Tariff World
April 22, 2025
by Stefanie Perrella, Susan Fickling, Jill Weise
Settlement Administration
The Kroll Lens: Monitoring Class Action Settlements–2025, Volume XII
April 21, 2025
by Randall Burkholder, Robert DeWitte, Drew Lewis, Mark P. Rapazzini, Lynn Gatto, Lindsay Hirlinger, Michael Forrest, Meredith Weatherby
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.