<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Cyber Alerting 101

When it comes to cyber risk, speed matters. The difference between an inconvenient security issue and a costly breach often comes down to how quickly a threat is identified and resolved. That’s why Travelers' alerting system is such a game-changer for policyholders—and for you as their trusted broker.

What Are Cyber Alerts, and Why Do They Matter?

Travelers alerts are real-time email notifications about critical cybersecurity risks detected in a policyholder’s environment. Each alert comes with tailored, step-by-step instructions designed to help your clients reduce their exposure and avoid attacks before they escalate.

A problem many organizations face is one of too much information about threats, rather than too little. It’s common to see automated services that will issue alerts about every threat that has been published on a database like the National Vulnerability Database. But seeing hundreds of alerts every month does not help organizations to prioritize and take action on material threats.

Rather than relying on a single source, our alerts are powered by a combination of: 

  • Travelers’ proprietary threat intelligence and scanning tools

  • Data partnerships with top cybersecurity firms

  • Continuous monitoring of the dark web and known vulnerabilities 

This proactive approach ensures both that alerts are targeted to the kinds of software or hardware being used by an organization, and that our alerts can be delivered as quickly as possible. This combination of targeting and speed can help policyholders prevent or limit the damage of a cyberattack and a costly claim.

Types of Alerts You May See

 

[ICON] Known Threat Alerts

Known Threat Alerts

  • What they are: Risks we already understand well and can identify through routine scans (e.g., open RDP, RDWeb, SMB, Telnet).

  • When they happen: Monthly policyholder scans may detect these exposures.

  • Urgency: Medium — we recommend addressing the exposure within 48 hours.

  • Example: A monthly scan reveals a policyholder has an exposed RDP port. The alert includes suggested actions to shut off web access for that port and/or look for an alternative method of providing remote access.

  • Analogy: It’s as if a routine house check revealed that the lock on a seldom-used basement door is broken. We'd instruct them to keep the door deadbolted or change the lock.  

 

[ICON] Emerging Threat Alerts

Emerging Threat Alerts

  • What they are: Newly discovered cyber risks, such as zero-day vulnerabilities or credible industry-specific threats. Some can be scanned for; others require intel-based correlation.

  • When they happen: Variable—typically 1 to 5 times per month. Impact can range from a single client to thousands.

  • Urgency: High (variable)—depends on the threat, but most require prompt attention.

  • Example: A zero-day vulnerability is discovered in a specific brand of VPN. We alert all policyholders using that brand of VPN, based on our Cyber Risk Scan data, to take action.

  • Analogy: It’s like attackers just figured out a new way to break into houses that are just like your client's homes. Time to make sure all the locks are working—fast. 

 

[ICON] Imminent Threat Alerts

Imminent Threat Alerts

  • What they are: Urgent, high-stakes threats discovered through dark web intelligence, such as stolen credentials for sale, infostealer infections, or ransomware leak site activity.

  • When they happen: Infrequently — alerts are individualized, so the likelihood of any given insured receiving one is low.

  • Urgency: Extremely High. These alerts require immediate action.

  • Example: Our threat intelligence team sees stolen access credentials being sold online and informs the policyholder and their agent or broker immediately with suggested actions (including changing their credentials to all accounts).

  • Analogy: It’s like a threat actor already has a copy of your house keys and is offering them for sale to burglary specialists. Our alert is your client’s signal to “change the locks” now. 

 

What Brokers Need to Know 

When an alert is issued, you’ll receive a summary of which clients were notified. Alerts are divided into two categories:

  • For Your Awareness: No action needed; these are informational.

  • Action Required: We lack contact information for your client and need your help to ensure they take immediate steps to secure their systems. 

 

Our Broker Feedback speaks volumes:

“We don’t often get a look into this side of Cyber coverage, but this is an excellent example of how Cyber differentiates itself as active coverage and how top-tier markets like Travelers play a vital role in preventing Cyber loss. I love real-life examples like this because they’re a reminder of the work we’re doing to keep our clients safe.”

 

Why It Matters 

In an era of escalating cyberattacks, alerting is one of the most potent tools in proactive risk management. It’s not just about identifying threats—it’s about helping policyholders take the right action at the right time.

 

Want to see how alerting sets Travelers apart? 

Stay tuned to our Broker Resources page for real-world stories, guidance, and updates. 

 

This material is for general informational purposes only and is not legal advice. It is not designed to be comprehensive and it may not apply to your particular facts and circumstances. Consult as needed with your own attorney or other professional advisor. This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.  

Cyber customers may receive certain services through external vendors and, if using these services, must agree to the vendors’ terms of use and privacy policies. Travelers makes no warranty, guarantee or representation as to the accuracy or sufficiency of any such services. The use of such services and the implementation of any product or practices suggested by such vendors is at the customer’s sole discretion. Travelers disclaims all warranties, express or implied. In no event will Travelers be liable in contract or in tort for any loss arising out of the use of such services or any vendor products.  

Recommended Blogs

Emerging Risks for Tech E&O Clients in 2025
Cyber Threats: 2022 in Review (& What to Expect from 2023)
Back to School Update: Risk Solutions, New Tech & an A++ Partnership
Can Cyber Risk Prevention Really Work? Yes, And Here’s How
Best Practices for Managing Cyber Risks in Open-Source Software

Recent Articles

Cyber Alerting 101


When it comes to cyber risk, speed matters. Travelers' provides real-time email notifications to alert policyholders of critical cybersecurity risks.

Social Engineering Outgrows the Inbox


Social engineering attacks remain one of the most common ways threat actors gain initial access to an organization’s systems. Learn more in this article.

Q1 '25 Travelers' Cyber Threat Report: Record Attack Activity


Ransomware surged in Q1 with 2,200+ victims—a 35% jump from last quarter. Get the full story in our latest report. Download now.