Skip to main content

Facing Today’s Cyber Threat Landscape: Turning Threat Intel into Action

Facing Today’s Cyber Threat Landscape: Turning Threat Intel into Action

May 20, 2026

Wednesday 1:00 p.m.-2:00 p.m. ET

Key takeaways

  • In the first quarter of 2026, 84 different criminal groups posted more than 2,400 victim companies on ransomware leak sites on the dark web, according to the Q1 2026 Travelers Cyber Threat Report.
  • The number of ransomware victims posted on leak sites increased by 50% in 2025.
  • More than 85% of Travelers’ cyber claims from August to December of 2025 involved VPNs as the initial point of entry, the report shows.
  • Just as companies are rapidly adopting AI tools, threat actors also are using AI to assist in their attacks.
  • Travelers recommends implementing five cyber readiness practices to help protect your organization from new and evolving threats.

Cyber risk experts and claim professionals joined us for a deep dive into the latest quarterly Travelers Cyber Threat Report and the most important trends we’re seeing across the threat landscape, including ransomware activity. They also took us on an in-depth walk-through of a real cyberattack situation. This webinar helps translate threat intelligence gathered by the Travelers team of experts into practical insights to help explain what these trends mean for real-world operations, where organizations are most exposed and which actions can meaningfully reduce risk.

Q1 ’26 Travelers Cyber Threat Report

Nearly half of U.S. workers now report using AI on the job. But rapid implementations often outpace risk management. The issue: Frameworks built to govern conventional software don’t account for the capabilities of current language models. Get the full story in the Q1 ’26 report.


This program is presented as part of the Travelers Institute’s Cyber: Prepare, Prevent, Mitigate, Restore initiative, which promotes dialogue and education to help leaders prepare for and respond to cyber incidents.

Please note: Due to the nature of the replays, survey and chat features mentioned in the webinar recordings below are no longer active.

Watch webinar replay

Summary

What did we learn? Here are the top takeaways from Facing Today’s Cyber Threat Landscape: Turning Threat Intel into Action:

Ransomware threats are on the rise in concerning new patterns, the Travelers Cyber Threat Report shows.

In the first quarter of 2026, 84 different criminal groups posted more than 2,400 victim companies on ransomware leak sites on the dark web. This is the second-highest number recorded in the history of the report, following the highest number ever in the last quarter of 2025. This is unusual because ransomware activity has historically been cyclical, with each peak followed by a sharp drop, said Lauren Winchester, Head of Cyber Risk Services at Travelers. What does this mean for organizations? “This is a new baseline of elevated activity that organizations need to treat as the operating environment going forward,” she said. Watch at 05:04

Organizations of all sizes across industries are being targeted by ransomware groups, the report shows.

The number of ransomware victims increased by 50% in 2025. Many of these companies mistakenly thought they were too small or inconspicuous to become ransomware targets, said Christine Mapes, Managing Director & Counsel, Bond & Specialty Insurance Claim at Travelers. She noted that Travelers handles claims from businesses of all sizes and industries, ranging from construction to education, healthcare, professional services and wholesale. “The reality is sometimes small to midsized businesses are a target because they may have weaker controls, fewer dedicated staff or slower patching cadence,” she explained, adding that the landscape is changing rapidly. “Volume is up, the attacks are landing and they’re costing more.” Watch at 12:21

Ransomware groups are exploiting weaknesses in virtual private networks (VPNs) to extort organizations.

More than 85% of Travelers’ cyber claims from August to December of 2025 involved VPNs as the initial point of entry, the report shows. The increase in the use of the VPNs for remote work since the pandemic has contributed to this rise, said David Kruse, Director of Insurance Alliances at Arctic Wolf. To use a VPN securely, companies need to enforce practices such as multifactor authentication (MFA), apply critical software updates to patch and remediate vulnerabilities quickly, and monitor logs for suspicious activity, he said. To illustrate this, Mapes shared the case of a manufacturing company that became a ransomware victim when it didn’t update user credentials and enforce MFA on local legacy accounts after a VPN update. “VPNs present almost a bottomless well of opportunities for threat actors to wash, rinse and repeat their attack tactics,” Kruse said. Watch at 16:35

Just as companies are rapidly adopting AI tools, threat actors also are using AI to assist in their attacks.

“The quality and the volume of the business email compromise attacks and social engineering attacks have increased in ways that absolutely call AI into the equation,” Mapes said. Examples range from a grammatically perfect phishing email specifically tailored to a business to a message that uses a clone of a CEO’s voice to request that an employee make a wire transfer immediately. To combat these tactics, Mapes recommends always using a secondary verification channel for any request involving money. “Just pick up the phone and call a known number to verify that what you’re being asked to do is authentic,” she said. Watch at 30:52

Leaders can take practical steps to defend their organizations against cyber threats.

The good news is that even as threat actors exploit AI and other new technology, organizations can rely on tried-and-true best practices. “It’s really still about the basics right now,” Winchester said. For example, it’s crucial to implement these five cyber readiness practices to help protect your organization from new and evolving threats. In addition to enforcing MFA and performing regular software updates, it’s important to leverage endpoint detection and response, have an incident response plan and back up your data. Watch at 41:53

Webinar resources

Speakers

 
Lauren Winchester
Head of Cyber Risk Services, Travelers




 
David Kruse
Director, Insurance Alliances, Arctic Wolf





 
Christine Mapes
Managing Director & Counsel, Bond & Specialty Insurance Claim, Travelers

Host

 Jessica Kearney Headshot  
Jessica Kearney
Vice President, Public Policy, Travelers Institute

Related content

How Travelers Advances Cyber Offerings with Corvus Acquisition

Pete Herron and Madhu Tadikonda of Travelers spoke about the company’s acquisition of Corvus, an industry-leading cyber insurance managing general underwriter, and what this partnership means for Travelers agents, brokers and insureds.

Global Cyber Resilience: Lessons from Former White House and CISA Leader Jeff Greene

Jeff Greene, former Assistant Executive Director for Cybersecurity at CISA and former Chief of Cyber Response and Policy on the National Security Council, joined us to share an insider’s view of today’s evolving cyber threat landscape. Gain actionable insights from a seasoned expert who has helped shape national cybersecurity policy and learn how to better protect your organization in an increasingly complex digital environment.