Incident Response Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Contact us
/en/services/cyber-risk/incident-response-litigation-support/cyber-incident-response-retainer service

When faced with a cyber incident, your organization must be prepared to respond quickly and effectively to protect your operations, reputation and bottom line. Timely response and notification for cyber incidents is also mandated by many privacy and consumer protection laws. Prepare now with Kroll’s cyber risk retainer.

Kroll’s cyber risk retainer offers maximum flexibility with transparent pricing so you get tangible value for your retainer dollars and gain peace of mind knowing you can depend on Kroll’s prioritized response and global resources in a crisis. You also have options to leverage a wide array of our end-to-end cyber risk solutions to strengthen your overall resiliency.

Incident Response Retainers

Customizable Incident Response Retainer

Kroll knows that for clients, the prospect of preparing for and dealing with a cyber incident is fraught with unknowns. That’s why we created a robust but flexible retainer to adapt to your business, while providing you with the comfort that Kroll’s team of forensic experts will respond to contain and remediate an incident. From preparedness services to breach response, Kroll’s cyber risk retainer services are configurable to your needs and environment regardless of the technologies you use.

A Kroll cyber risk retainer guarantees expedited response as well as notification and proactive services to minimize the impact of an incident. Our retainer options address the pressure organizations feel to maximize the value of cyber security investments with upfront pricing and service structure, delivering

  • Prompt access to an elite, global team of 300+ incident response and breach notification experts
  • Rapid response service levels to provide peace of mind in the event of an emergency
  • Robust preparedness services, including tabletops, simulations, risk assessments, penetration testing, policy reviews and strategic advisory
  • Flexibility to choose from a wide range of cyber services
  • Ability to roll over a percentage of unused credits
  • No minimum hourly usage requirements or lead times
  • Technology-agnostic services can be catered to your specific security stack
  • Rate discounts for hourly cyber security services offered by Kroll

In addition, cyber insurance plays an integral role in mature cyber security programs. Kroll is an approved vendor for over 50 cyber insurance carriers worldwide, with a dedicated insurance team that can help handle claims efficiently.

Choose the Incident Response Retainer Option That Fits Your Organization’s Posture and Need




Remote Support

Incident support contact within four hours (24/7/365)

Incident support contact within six hours (24/7/365)

Onsite Support

In transit within 24 hours of request or SOW signature
(for additional services)

Rollover Credits

Up to 20% of unused services credit may be applied to the following year upon renewal

Rate Discount

15% discount on any additional hourly-based proactive or incident response cyber risk service

10% discount on any additional hourly-based proactive or incident response cyber risk service

Customize Your Incident Response Retainer for Optimal Coverage

Unlike other firms, Kroll gives you the opportunity to customize cyber risk retainers with a wide variety of proactive, response and notification services best suited for your situation and goals. Below are just a few examples of the services available:

Proactive Services

Incident Response Services

Notification and Monitoring Services

Several additional services are available. For a complete list, get in touch with our team.

Peace of Mind and Expert Support Just a Call Away

Kroll manages over 3,200 cyber investigations every year for clients of all sizes and complexities. We also have decades of experience helping clients notify customers affected by breaches. We can help you determine the right cyber risk retainer for you, beyond incident response. For peace of mind and support before and during an incident, speak with one of our cyber experts today.

Connect with us
Matthew Dunn
Matthew Dunn
Managing Director
Cyber Risk
Steve Scarince
Steve Scarince
Associate Managing Director
Cyber Risk
Los Angeles
Ioan Peters is an Associate Managing Director
Ioan Peters
Managing Director
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate operational security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Comprehensive investment banking, corporate finance, restructuring and insolvency services to investors, asset managers, companies and lenders.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

See all insightsExplore insights

SMB Guide to Cloud Security

Jun 24, 2022

by Louis Muniz, Brett Davido


CVE-2021-43702 from Discovery to Patch: ASUS Modem/Router Device Takeover Vulnerability

Jun 21, 2022

by Luke Walker


Webcast Replay – Q1 2022 – Threat Landscape Virtual Briefing: Threat Actors Target Email for Access and Extortion

May 18, 2022


Q1 2022 Threat Landscape: Threat Actors Target Email for Access and Extortion

May 18, 2022

by Laurie IaconoKeith Wojcieszek George Glass


Kroll Launches Strategic Communications Service

Jun 01, 2022


Kroll Partners with Armis to Extend Preparedness and Response for OT and ICS Environments

May 09, 2022


Kroll Responder Recognized in 2021 Gartner Market Guide for Managed Detection and Response Services

Nov 19, 2021


The Australian Cyber Threat Landscape Today and How to Look Ahead

Aug 13, 2021


KAPE Intensive Training and Certification

Online Event Apr 12 - Dec 08, 2022 | Online Event