Jacob Silverman, CEO, Kroll tells Security Journal Americas why risks, threats and vulnerabilities must be considered from a holistic viewpoint.
Duff & Phelps had 100 employees before it acquired Kroll in 2018. We now have more than 6,300 employees in 39 countries and 78 cities globally.
I’m proud of our growth story and how we’ve evolved our business to meet the changing needs of our clients and the marketplace.Â
Our approach to organic growth is threefold: We expand globally via strategic acquisitions and internal scaling; we deepen core services through talent development and mentorship; and we focus on brand cohesion to offer integrated, multidisciplinary advisory services.
Since I’ve been the CEO of Kroll, we’ve acquired 30 companies, focusing on a combination of financial advisory services, risk advisory services and business services.
In short, it’s the people and the mission. As both a financial and risk advisory firm, we help businesses and their leaders navigate their most critical challenges and opportunities.
The longer answer is the rare combination of purpose, people and possibility. From the moment I joined, I was struck by the integrity and intelligence of the people here.
This is a company built on trust – clients trust us with their most complex, sensitive and high-stakes challenges, and that trust is earned every day by Kroll’s talented professionals.Â
We’ve evolved tremendously over the years, from a boutique advisory firm to the global leader in risk, governance and financial advisory.
While we’ve grown, the entrepreneurial mindset that attracted me in the first place hasn’t changed. Kroll continues to offer a level of agility, client focus and innovation that you typically only see in much smaller firms.Â
We are solving real world problems, whether it is navigating a cyber breach, supporting a valuation tied to a major transaction, or conducting a complex investigation. The impact we make is incredibly motivating.
Finally, I’ve had the opportunity to work with, and learn from, exceptional colleagues at every level. One of my most meaningful roles is mentoring the next generation of leaders and seeing them grow into global experts and trusted advisors. Witnessing and contributing to their journey is deeply rewarding.
The heart of Kroll is its people. We get to build something meaningful with smart, driven, ethical professionals who want to make a difference.
What makes Kroll truly unique is the breadth and scope we bring to the table. Kroll stands apart because we operate at the intersection of both financial and risk advisory, and we do so at a global scale.
We bring deep expertise in financial and transactional matters. Kroll is trusted by boards, regulators, attorneys and investors to deliver clarity and confidence when the stakes are at their highest.
We are equally strong in the world of risk. Our teams provide end-to-end cyber and physical security solutions – from proactive risk assessments and executive protection engagements to cyber-incident response, forensics, penetration testing, insider threat investigations and even crisis communications.
Our experts don’t just understand theory – they’ve been in the room when breaches happen, when reputations are on the line, and when threats become real.Â
Very few firms can claim that they operate with elite-level capability across these domains. Even fewer can connect the dots between them.
That’s where our value lies: in delivering integrated, actionable insight that combines technical rigor, investigative acumen, regulatory awareness and a risk-savvy mindset.Â
Our clients don’t want siloed advice. They want holistic guidance from a partner who sees the full picture. That’s what Kroll delivers and that’s why we continue to earn the trust of organizations around the world.
People are an organization’s number one asset. They are also its number one risk.
Technology is both an enabler and a threat, but not more so than employees, clients and partners. Insider risk is systematically underappreciated and unaddressed.
That doesn’t mean employees tend to be dishonest or nefarious. It’s quite the opposite. But they can make mistakes like falling for a phishing attack.
They can be sloppy by wedging a door open so they don’t have to carry their access credential. Or they could be financially desperate enough to sell company secrets.
In fact, many studies show that in the vast majority of insider incidents, there was no malicious intent. Staff behaved recklessly or were unwittingly compromised.Â
While there is no question that companies should have dedicated insider risk programs to identify anomalous activity and concerning behaviors, there is a much better way to build a committed and trustworthy workforce: Hire right, model appropriate behavior from the top, treat staff respectfully, train all employees consistently through compliance programs and support wellbeing and mental health.
We are in a time of incredibly rapid change and it is only accelerating. Technologies that we are only beginning to understand and harness will fundamentally change the way we live, work and think.
We are in the age of the cloud, SaaS, Proptech, mobile, blockchain and other transformational technology. The changes we will see with AI in its many forms – generative, agentic, analytical, reactive, adaptive and so on – will be monumental.
For example, Agentic AI is being used to search for vulnerabilities, anomalies or threat patterns in systems and networks. It’s using drones or fixed cameras with decision logic to monitor facilities and rolling stock.
It’s automating workflow such as intake, triage and escalation. Adaptive AI is starting to identify anomalous and concerning behavior that might constitute insider risk.
It’s also analyzing geopolitical, social, cyber and other data to anticipate threats, as well as opportunities.Â
Machine learning (ML), a foundational branch of AI, is also shaping risk functions in more focused ways. ML models are already being used to detect fraud, forecast operational risk, model financial loss scenarios and optimize emergency response planning.
These systems improve continuously as they ingest more data, making them especially valuable in dynamic threat environments.Â
Of course, the threats posed by AI and ML have to be carefully managed, involving critical considerations such as governance and ethics, regulatory compliance and bias and transparency.
Though it’s a few years away, quantum computing will have transformative effects on security, including turbocharging AI for threat detection and risk modeling.
However, the risks of quantum are staggering, since the new capabilities will make today’s cryptographic systems child’s play. That’s why Kroll is working at the forefront of this field to protect against adversaries who are trying to harvest our clients’ data now to decrypt it later when quantum is viable.
We are advising clients to immediately inventory their cryptographic assets, assess their data-at-rest vulnerabilities, begin training on quantum threats and prepare for the upcoming Y2Q, as they call the widespread viability of quantum computing.Â
Kroll is deeply embedded in these activities as we work to not only meet our clients’ current needs but also anticipate their needs down the road.
The security universe is split into so many discrete components. Physical security. Cybersecurity.
Business continuity, resilience and crisis management. Personnel security. Loss prevention. Background screening and due diligence.
Brand protection. White collar crime. Life safety. Intelligence. Social media monitoring.
But at the end of the day, security is security. We have to look at risks, threats and vulnerabilities holistically. Adversaries don’t distinguish between threat vectors, methodologies or tactics and neither should we.
Kroll takes a comprehensive expert-driven, experienced-informed approach to risk management that is steeped in intimate knowledge of how businesses function, grow and excel.
Security leaders who adopt this mindset will be best positioned to protect not just their systems and assets, but their people, brands and futures.
This article was originally published in the July edition of Security Journal Americas. To read your FREE digital edition, click here.
