Colin Sheppard
Regional Managing Director, EMEA
Cyber and Data Resilience
London
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Contact UsKroll Cyber Risk experts respond to over 3,000 security events every year. We manage incidents of all types, complexity and severity for organizations across diverse industries. You can count on Kroll’s unique frontline experience not only in a crisis, but also for proactive planning and mitigation strategies. We are among the top service providers preferred by major cyber insurance companies and offer client-friendly incident response retainers for peace of mind.
Fast and Efficient Deployment via Onsite and Remote Incident Response Capabilities
Whether your incident is the result of a malicious hacker or accidental exposure by an employee, Kroll can help now. Our global network of certified security and digital forensic experts can deploy remote solutions quickly and/or be onsite within hours to help you contain the situation and determine next steps.
Our incident response investigations follow the Kroll Intrusion Lifecycle, a step-by-step guide to the attack patterns our experts have observed through thousands of investigations each year.
Kroll is a leading provider of end-to-end cybersecurity, digital forensics and breach response services, and will help you make informed decisions at every stage, from proactive preparation to consumer notification and remediation. Our goal, working alongside your counsel and insurance carrier, is to smoothly guide you to recovery — one that leaves you standing in the best defensible position, reputation intact, and where business can proceed with minimal disruption.
Common Threats Addressed by Our Incident Response Team | |
|---|---|
Business Email Compromise and Wire Fraud | Insider Threats and Accidental Data Loss |
Advanced Persistent Threats (APT) | Third Party and Vendor-Related Risks |
Malware, Keyloggers, and Backdoors | Cryptocurrency Theft |
Ransomware | Targeted Intellectual Property Theft |
Payment Card Fraud (PCI/PFI) | Web Application Attacks and Password Theft |
Kroll Offers a Continuum of Services for the Multifaceted Nature of Incident Response
- Incident Response Planning: Enhance your organization’s ability to respond to cyberattacks with Kroll’s wide range of assessments, tabletop exercises and intelligence.
- Intelligent Endpoint Detection and Response: Employing a powerful combination of technology and people, this sophisticated solution enables you to detect and respond swiftly to credible threats.
- Cyber Threat Intelligence: Our team aligns Kroll’s technical threat intelligence, analytical research and investigative expertise to improve visibility and effectively hunt and respond to threats.
- Data Collection and Preservation: In the event of an investigation or litigation, Kroll offers cost-effective solutions to identify, isolate and preserve electronic data using forensically sound methodologies.
- Data Recovery and Forensic Analysis: Kroll’s investigators are among the most knowledgeable subject matter experts practicing today; whether data was intentionally deleted or manipulated, they are able to analyze the clues left behind to quickly and defensively uncover critical information.
- Malware and Advanced Persistent Threat Analysis and Remediation: Kroll’s forensic experts analyze malware to determine how it works and identify the scope of impact on your systems.
- PHI and PII Identification: By providing you with a master notification list that clearly identifies the types of PHI or PII involved, we can help you avoid costly over-notification while still delivering targeted messages and remediation services to those affected.
- Data Breach Notification Services: Protect your brand and reestablish trust with the individuals impacted by a data loss by matching the response to the harm caused by a breach.
- Incident Remediation and Recovery Services: Expedite system recovery and minimize business disruption, with services including device and server reimaging, active directory rebuilding, network segmentation, hardware upgrades or replacements, patch management and network hardening.
- Strategic Communications: Deftly navigate a host of risk and reputational landmines caused by a cyber crisis with a full suite of strategic communications support for incident response, preparedness and training.
- Malware Analysis and Reverse Engineering: Further understand any code-related event through our in-depth technical analysis of benign and malicious code.
Benefit From Client-friendly Incident Response Retainers
- Includes proactive and reactive services
- No loss of money at end of term
- No required use of Kroll tools or applications
- No automatic renewals or price accelerations
- Includes data response services that are core Kroll capabilities (e.g., Notification, Call Center, Monitoring and Consumer Restoration)
- Key cyber insurance relationships, including some of the biggest underwriters in the world
Kroll in Action
Containment and Remediation of Cyberattack That Compromised Personally Identifying Information (PII)
Client: Major Company in U.S. Transportation Industry
Client Problem
The client contacted Kroll late on a Friday afternoon that it had suffered a cyberattack. The organization, which served a large national and international clientele, needed to contain and remediate the incident. It also would need to notify persons whose PII had been compromised and report the incident to regulators.
How Kroll Resolved The Problem
- Kroll deployed a response within two hours and had personnel onsite at the client’s headquarters by the next morning. The team eventually scaled from two investigators to 12 within 48 hours over the weekend.
- Upon identifying specific indicators of compromise (IOCs), we were able to eradicate the actor and establish containment; we also provided ongoing monitoring of the containment strategy to help assure effectiveness.
- We created a disposition matrix, whereby we cross-referenced compromised machines with compromised individuals’ data.
Outcome
Our investigators were able to restore the client’s system with minimal disruption to its operations. Additionally, the findings of our disposition matrix enabled the client to refine its notification list with pinpoint accuracy.
Consequently, instead of implementing costly blanket notification (which also often generates intense media coverage), the client was able to notify and address the concerns of a much smaller subset of affected persons. The client ultimately not only dramatically reduced its notification and remediation costs, but also was able to provide regulators with precise details of the incident’s scope and effects.
Fortify Your Response Capabilities
Threats are growing in volume and sophistication and come from multiple directions. Leverage the frontline experience of our incident response and digital forensics team for multifaceted and confident response anywhere, anytime.
Looking for Business Continuity/Disaster Recovery Solutions?
Disruptions can happen anywhere, anytime. As threats grow in the digital sphere, organizations remain vulnerable to onsite attacks, including natural disasters, workplace violence and a range of other physical threats. A well-structured business continuity and disaster recovery plan emphasizes the safety of employees, security of data and the quick recovery and maintenance of essential functions. Reach out to our business continuity experts to develop a comprehensive plan for unforeseeable events that could affect your business.
The State of Cyber Defense: Manufacturing Cyber Resilience
The State of Cyber Defense: Manufacturing Cyber Resilience
Our State of Cyber Defence in Manufacturing report provides a holistic cybersecurity overview of the manufacturing sector, including insights from threat intelligence, data breach statistics, offensive security considerations and insight into the maturity of manufacturing organizations’ cybersecurity programs.
Get your copy for more insights.
Frequently Asked Questions
Connect With Us
Data Collection and Preservation
Improve investigations and reduce your potential for litigation and fines with the strict chain-of-custody protocol our experts follow at every stage of the data collection process.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Office 365 Security, Forensics and Incident Response
Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.
Malware Analysis and Reverse Engineering
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Malware and Advanced Persistent Threat Detection
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
Business Email Compromise (BEC) Response and Investigation
In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.
Kroll Appoints Katherine Keefe to Lead Global Cyber Insurance Industry Capabilities
Press Release
Kroll Appoints Katherine Keefe to Lead Global Cyber Insurance Industry Capabilities
October 18, 2024
Press Release
Kroll Becomes Relativity Gold Provider Partner
September 19, 2024
Kroll in News
Kroll Recognized in 2024 Gartner Market Guide for Digital Forensics and Incident Response Retainer Services for the Fifth Consecutive Year
September 12, 2024
Press Release
Kroll Expands AI Risk Consulting Services
August 27, 2024
Join Kroll at CLOC 2025 in Las Vegas
Cyber
Join Kroll at CLOC 2025 in Las Vegas
May 5 - 8, 2025|Conference
Visit Booth 523 for one-on-one insights on advancing your legal operations through industry-leading transformational programs.
Cyber
Kroll at RSAC 2025 Conference
April 28 - May 1, 2025|Conference
Join Kroll experts at RSAC 2025 in San Francisco. Stop by booth 842 in the South Expo Hall to meet our team.
Threat Intelligence
Kroll at Infosecurity Europe 2025
June 3 - 5, 2025|Conference
Join our Cyber and Data Resilience experts at Infosecurity Europe in London, June 3–5. Stop by stand D45 to meet our team.
Kroll is headquartered in New York with offices around the world.
One World Trade Center
285 Fulton Street, 31st Floor
New York NY 10007
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2025 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.