Policyholder Dashboard Help
      Back to home
      1. Knowledge Base
      2. For Policyholders
      3. Policyholder Dashboard Help

      How Does the Cyber Risk Scan Work?

      How our scan technology helps inform the cyber risk profile of any organization

      The Travelers Cyber Risk Scan is non-intrusive technology built to identify and analyze all elements of an organization's IT system that are publicly visible to the internet.

      This means that we can see the same information that an attacker would see if they were scanning the organization as a potential target. This is a common activity for threat actors: think of it like a criminal pulling on the handles of all the cars on a block looking for one that is unlocked for an easy score. But our technology goes a step beyond identification to link findings with known vulnerabilities to provide recommendations. 

      How the scan works 

      First, the scan must identify all of the publicly visible domains, servers, web-facing applications and other elements associated with the organization. Once identified, the scan compiles key information about these pieces of software or hardware. 

      Some examples of the scan's findings include that a company's website contains certain third-party user tracking technologies that pose a liability risk because of government regulations, or that a version of software being run on a long-forgotten server has known vulnerabilities that could be exploited at any moment. 

      This information is then combined with internet-wide vulnerability and threat research, so that the scan can make an assessment about the level of risk posed by any of the findings. The result of that assessment will be recommendations that can be found on the policyholder's Action Center in their Cyber Risk Dashboard.  

      For instance, the scan may find that a certain version of software is present in the organization's email server, and that might indicate a high risk based on past reports of attack activity on known a vulnerability in that software. The recommendation will be marked as "high risk" and prioritized accordingly in the user's view. 

      In some cases, when a critical risk is identified that requires immediate action, our team will reach out to the policyholder and their broker or agent directly.