Paul Jackson


Level 3, Three Pacific Place, 1 Queen's Rd East, Hong Kong


Peers and clients say:

"A real expert in cyber law"
"Paul is highly recommended and deserving of inclusion"


Paul Jackson is the regional managing director for Kroll’s cyber risk practice in Asia Pacific. Starting his career in APAC, Paul has more than 30 years of service in some of the region’s highest level of law enforcement such as the Hong Kong Police Force and Interpol, and corporate enterprise, where he has earned a stellar record of achievement as a cyber security practitioner, strategist, and thought leader.

What motivated you to pursue a career in cyber security?

As a police officer with an engineering background, the changing world in the mid-90s made me realise that everything was moving towards digital. This brought with it huge shifts from a security perspective as criminals sought to exploit the new ways of working and communicating. These challenges certainly motivated me to learn how to respond and adapt to the dynamic new environment.

What is it about working in cyber security that you enjoy most?

Nothing in cyber stays the same for long. Staying ahead of the curve means never being complacent and constantly adapting, which never fails to keep life interesting!

How has the role of a cyber specialist changed since you started your career?

The past three decades since I became involved in cyber security and investigation have seen enormous changes. Whilst technology was limited in the early days, so were the tools and training, so early cyber specialists had to do their own research and development of skills. The modern cyber environment is of course far more complex, but with that, the training, certifications, tools and techniques have also evolved, so today’s specialists no longer need to develop their skills alone. The benefits of this are that cyber specialists have access to a huge pool of resources. The downsides are that it reduces the motivation to research and truly understand what is going on under the hood of tools used for security and investigation.

What are the biggest data threats your clients currently face, and how are you helping tackle them?

The biggest threats today are the unknowns. Cyber risks and criminal ingenuity are developing at such a rapid pace that the most overlooked component of any defence is the human component. The software/hardware solutions alone are not the answer. Building this all into an effective governance program with monitoring and detection at the core is something that we do to help our clients achieve a sustainable security posture. Lastly, ensuring that plans are in place for managing potential incidents is key. We assist clients by helping to assess and test their plans and by providing external incident response retainers to ensure that the impact of any breach is minimised.

In a global environment of increased data regulation and legislation, what does increased levels of enforcement from authorities look like from your stance as an expert?

The introduction of new regulations and laws (especially around data protection and privacy) has meant rapid change over the past few years, and the respective authorities are gradually getting to grips with their enforcement. This in turn drives greater corporate responsibility and is having a positive effect on a more proactive approach to cyber security with increased leadership involvement

How do you see your practice developing over the next five years?

The complexities of cyber security mean that an increasing number of companies are turning to practices such as those at Kroll to help build, assess and test programs. This is regardless of whether there is already an in-house capability as validation is key. Boards and executives are aware that one person (or even a small team) cannot know everything, and external expertise is critical. This is where the biggest growth will take place.

What advice would you give to someone starting out in cyber security?

Experience is everything. No course or training can properly prepare you, so find opportunities wherever possible to do internships and learn as much as possible. Never expect to be spoon-fed and demonstrate that you are self-motivated via your own research projects!

Looking back over your career, what has been your proudest achievement?

My proudest achievement has always been building world class teams. Firstly, in the Hong Kong Police, then in JP Morgan which is still regarded as the gold standard in corporate cyber investigations, and now with the APAC leading team in Kroll.