Cyber Risk

Incident Response Management

Enlist Experienced Responders to Handle the Entire Security Incident Lifecycle

Kroll Cyber Risk experts respond to over 1,000 security events every year. We manage incidents of all types, complexity and severity for organizations across diverse industries. You can count on Kroll’s unique frontline experience not only in a crisis, but also for proactive planning and mitigation strategies. We are among the top service providers preferred by major cyber insurance companies and offer client-friendly incident response retainers for peace of mind.

Fast and efficient deployment via onsite and remote incident response capabilities

Whether your incident is the result of a malicious hacker or accidental exposure by an employee, Kroll can help now. Our global network of certified security and digital forensic experts can deploy remote solutions quickly and/or be onsite within hours to help you contain the situation and determine next steps.

Kroll is a leading provider of end-to-end cybersecurity, digital forensics and breach response services, and will help you make informed decisions at every stage, from proactive preparation to consumer notification and remediation. Our goal, working alongside your counsel and insurance carrier, is to smoothly guide you to recovery — one that leaves you standing in the best defensible position, reputation intact, and where business can proceed with minimal disruption.

Common Threats Addressed by Our Incident Response Team
Business Email Compromise and Wire Fraud Insider Threats and Accidental Data Loss
Advanced Persistent Threats (APT) Third Party and Vendor-Related Risks
Malware, Keyloggers, and Backdoors Cryptocurrency Theft
Ransomware Targeted Intellectual Property Theft
Payment Card Fraud (PCI/PFI) Web Application Attacks and Password Theft

Kroll offers a continuum of services for the multifaceted nature of incident response

Benefit from client-friendly incident response retainers

  • Includes proactive and reactive services
  •  No loss of money at end of term
  •  No required use of Kroll tools or applications
  •  No automatic renewals or price accelerations
  •  Includes data response services that are core Kroll capabilities (e.g., Notification, Call Center, Monitoring and Consumer Restoration) 
  •  Key cyber insurance relationships, including some of the biggest underwriters in the world

Kroll in Action

Containment and Remediation of Cyberattack That Compromised Personally Identifying Information (PII)

Client: Major Company in U.S. Transportation Industry

Client Problem

The client contacted Kroll late on a Friday afternoon that it had suffered a cyberattack. The organization, which served a large national and international clientele, needed to contain and remediate the incident. It also would need to notify persons whose PII had been compromised and report the incident to regulators. 

How Kroll Resolved The Problem

  • Kroll deployed a response within two hours and had personnel onsite at the client’s headquarters by the next morning. The team eventually scaled from two investigators to 12 within 48 hours over the weekend. 
  • We launched our CyberDetectER® Endpoint solution to rapidly determine the incident’s scope and to conduct forensic analysis.
  • Upon identifying specific indicators of compromise (IOCs), we were able to eradicate the actor and establish containment; we also provided ongoing monitoring of the containment strategy to help assure effectiveness.
  • We created a disposition matrix, whereby we cross-referenced compromised machines with compromised individuals’ data.


Our investigators were able to restore the client’s system with minimal disruption to its operations. Additionally, the findings of our disposition matrix enabled the client to refine its notification list with pinpoint accuracy. Consequently, instead of implementing costly blanket notification (which also often generates intense media coverage), the client was able to notify and address the concerns of a much smaller subset of affected persons. The client ultimately not only dramatically reduced its notification and remediation costs, but also was able to provide regulators with precise details of the incident’s scope and effects.

Fortify Your Response Capabilities

Threats are growing in volume and sophistication and come from multiple directions. Leverage the frontline experience of our incident response and digital forensics team for multifaceted and confident response anywhere, anytime.

/en/services/cyber-risk/investigate-and-respond/incident-response-management /-/media/kroll/images/banners/services/jpg/desktop/cyber-risk.ashx service

Related Services

Cyber Risk

Cyber Risk

End-to-end cyber security services provided by unrivaled experts.

Cyber Risk
Cyber Risk

Remediate and Restore

Call center and breach notification services across a myriad of industries and geographies.

Remediate and Restore
Cyber Risk

Investigate and Respond

Identify vulnerabilities, intrusions and data ex-filtrations and provide recommended solutions.

Investigate and Respond
Cyber Risk

Prepare and Prevent

Internal and external assessments to evaluate clients' systems, applications, and facilities.

Prepare and Prevent