How Travelers Advances Cyber Offerings with Corvus Acquisition

[MUSIC PLAYING]

(DESCRIPTION)
A laptop appears with a title on its screen: Wednesdays with Woodward (registered trademark) Webinar Series. To the right of the laptop, a red mug features a Travelers umbrella logo. Logo: Travelers Institute (registered trademark), Travelers: 15 Years. 

(SPEECH)
JOAN WOODWARD: Hi, everyone. Thanks so much for joining us. We really appreciate your engagement. I'm Joan Woodward, President of the Travelers Institute, and I'm thrilled to be with you today. Welcome to our webinar series. Welcome back to our webinar series for many of you. 

(DESCRIPTION)
Text: About Travelers Institute (registered trademark) Webinars. The Wednesdays with Woodward (registered trademark) educational webinar series is presented by the Travelers Institute, the public policy division of Travelers. This program is offered for informational and educational purposes only. You should consult with your financial, legal, insurance or other advisors about any practices suggested by this program. Please note that this session is being recorded and may be used as Travelers deems appropriate. 

(SPEECH)
Before we get started, I'd like to share our disclaimer about today's program. I'd also like to thank our webinar partners today. 

(DESCRIPTION)
Wednesdays with Woodward (registered trademark) Webinar Series. How Travelers Advances Cybersecurity Capabilities with Corvus Acquisition. Logos: Travelers Institute (registered trademark), Risk and Uncertainty Management Center at University of South Carolina, Insurance Association of Connecticut, Connecticut Business and Industry Association (C.B.I.A.), Master's in Financial Technology (FinTech) Program at the University of Connecticut School of Business, MetroHartford Alliance, Big I. 

(SPEECH)
The Risk and Uncertainty Management Center at the University of South Carolina, the Insurance Association of Connecticut, the Connecticut Business and Industry Association, the Master's in FinTech Program at UConn, the MetroHartford Alliance, and the Independent Insurance Agent & Brokers of America. Welcome. 

(DESCRIPTION)
Logos: Cyber (registered trademark): Prepare, Prevent, Mitigate, Restore, Travelers Institute (registered trademark), Travelers. Text: Since 2016, the Cybersecurity Education Series has completed 70 programs. Some highlights include 12 webinars, 58 in-person events, 42 cities, 41,645 people reached. 

(SPEECH)
Today's session is part of our Cyber: Prepare, Prevent, Mitigate, and Restore initiative, designed to help small and mid-sized businesses and public sector organizations improve their cyber readiness and resilience. We launched this series back in 2016, and I'm proud to say that today marks our 70th program. That's 7-0, folks. Over the last, just last nine years, hosting 70 events like this. Today, our series attendance, which includes virtual and in-person events, has now surpassed over 40,000 people. 

(DESCRIPTION)
The webinar title slide returns. 

(SPEECH)
So throughout this initiative, we've shared valuable resources from government agencies like the Cybersecurity and Infrastructure Security Agency, or CISA, which is a new agency in the last 10 years or so, a part of Department of Homeland Security. We've also taken organizations to the next level, really to enhance their cybersecurity preparedness. It's all about preparedness. 

Today, we're going to do something a little different. We'll continue this important discussion with an overview of the cyber landscape and actionable steps you can take to mitigate your risk. But we're also going to take a deep dive and look at Travelers' recent acquisition of Corvus. In January 2024, we officially welcomed Corvus, an industry-leading cyber insurance managing general underwriter, into the Travelers family. We'll explore the integration of Corvus into our Cyber Risk Services and what this exciting and innovative expansion of services means for our agents, brokers and our insureds. And with that, let's get started.

(DESCRIPTION)
Speakers. Joan Woodward, Executive Vice President, Public Policy, President, Travelers Institute, Travelers. Pete Herron, Senior Vice President, Management Liability, Bond and Specialty Insurance, Travelers. Madhu Tadikonda, Head of the Specialty Cyber Business Unit, Travelers, Former CEO, Corvus. 

(SPEECH)
I'm honored to be joined today by two of my colleagues and friends, Pete Herron and Madhu Tadikonda. Pete is a Senior Vice President and Head of Management Professional Liability for Bond & Specialty Insurance here at Travelers. His career in insurance includes underwriting and business production for Financial Institutions, Commercial Entities, Public Company Management Liability and management of product development. Previously, he led Travelers' Private and Nonprofit business until 2021, when he moved into his current role. Pete is also a past president of PLUS, the Professional Liability Underwriting Society. So welcome, Pete. Glad to have you here. 

Madhu leads our Specialty Cyber business unit at Travelers, a group that was created following Travelers' acquisition of Corvus in 2024. Madhu was previously the CEO of Corvus and began his insurance career as Head of Data Science for Commercial Insurance/Claims and then as Global Chief Underwriting Officer. He also spent 10 years as a venture capitalist with emphasis on data-driven disruptors in a variety of industries, including insuretech.

So Pete and Madhu, welcome to the program. We're really, really thrilled that you're here.

PETE HERRON: Glad to be here. Thanks, Joan. Thanks, everyone.

JOAN WOODWARD: All right. So, let's talk about this acquisition. While we're familiar with Corvus, there's a lot of folks on the call right now who may not be that familiar and just learning about it. So, Pete, can you start with an overview of Corvus and what factored Travelers' decisions, really, to purchase the company?

PETE HERRON: Yeah thanks, Joan. And let me bring us back maybe a couple of years when we first started thinking about this. In 2022, we were kind of at a pivotal point at Travelers in regards we had a good book of cyber business, we had good staff, good capabilities, good technology, but we wanted to ratchet it up a notch. We wanted to invest in those areas and improve kind of what we already had. Again, we had a good thing. We wanted to make it a better thing and a great thing.

And so about at that same time, we had started to engage with Corvus, and we provided them some capacity for a new continental Europe arrangement that they had. So, that was really our first introduction into Corvus. Started to get to know them a little bit, the founders, Madhu, the team. And that's when we started to say, well, wait a second. We're going to invest money, time, resources, energy into beefing up our capabilities, our team and our technology.

Maybe we should think about doing something a little quicker. Meaning maybe we should partner with an outside third party, or maybe we should acquire an outside third party. So that's really what got us rolling on, boy, is there a quicker way to get to what we want to get to by partnering with somebody or acquiring somebody?

And as we started to think about that, we canvassed the marketplace for who would be a great partner or who would be a great acquisition, frankly. We looked across the marketplace on what all of our options were but really felt like when we got down to it, Corvus not only has the right people with the right capabilities, with the right technology and the right mindset to come into Travelers, but they also had the right culture.

They were a company that had the same focus on underwriting discipline that Travelers had. And we thought, there's a lot of other opportunities out there for us to partner with or acquire that had some of the capabilities and people. But Corvus really, the differentiator was they had the right culture that we thought was going to work really, really well with Travelers.

And so as we got more and more into it, it just seemed to keep making more and more sense. And that was really the start of ultimately the due diligence and then the acquisition.

JOAN WOODWARD: Terrific. Thanks, Pete. I've always been fascinated how these things come together. And I believe when you say the word culture here at Travelers, anybody who knows us knows it's really, really important. And underwriting discipline, which we have mastered, I'll say, at the company is also critically important. So Madhu, from your perspective, what made Travelers an attractive new home for Corvus?

MADHU TADIKONDA: No, it's great, and I can give the mirror image story. First Joan, thanks for inviting me on the panel. I think this has turned out to be a great sort of series for a good dialogue about cyber. And the numbers of listeners and followers even impressed my teenage daughter in terms of social media influence, which is not easy.

JOAN WOODWARD: Wow.

MADHU TADIKONDA: So that's great. Yeah. So she's taking me more seriously. But it's interesting, around that same time I think the Travelers conversations were happening, we at Corvus were having similar discussions about if we really wanted to shape the future of the cyber insurance industry and really have the impact we wanted, what would we need? We were off to a fast start with technology. We had a killer team on the insurance underwriting side, but also risk control and technology.

But really determined it wasn't going to be enough. And if you needed-- we needed a strong partner to make it through the ups and downs that happen in cyber, to evolve the line, and really a strong partner to work with us to make the investments for the long term. And Travelers, I think that there's really four things that stuck out. One, obviously, brand matters in insurance. You build that over 172 years. It's tough to compete against that. And Travelers is obviously first-rate. Related to that, just multi-decade and multiline relationships with customers and brokers, access to that distribution that would be different. And really then third, just an A++ fortress balance sheet that would really help weather through things.

But the culture, I think, really was the fourth one. And we dated a lot of folks, too, and got a good lens into that and a view of that. But there's a bit of the culture, too, that was just an openness and humility. I know there's a lot of brokers and agents on this call who live and breathe M&A all the time. And that cultural fit and the humility to think differently, be honest, get the small details right I think has been sort of through the due diligence through now a big part of the relationship. And as of now, a year and a half in, it's difficult, but we still are one of one when it comes to an incumbent powered with the capabilities of a more modern insuretech. And it's a great advantage coming together.

JOAN WOODWARD: Great. OK. Let's shift to the integration of the company into Travelers and kind of new capabilities that you all bring. So, Pete, back to you. After kind of a year and a half in, what does this mean for our agent and brokers and ultimately, our customers? What are the new opportunities that are now available for them?

PETE HERRON: Yeah, great. We'll start to get that rolling. So first, early days after January of '24, we really wanted to step back and look at the teams more. How do we integrate the teams and what is our go-to-market strategy? What is our engagement strategy with our agents and brokers and customers?

So it took a little time to do that. But I think around summer of '24 is when we introduced our go-to-market strategy. We have a new business unit. It's called our Specialty Cyber business unit. Madhu is the head of that business unit. And that's where our dedicated cyber underwriters are. And so that underwriting team is connecting in with some of our distributors who also have specialty cyber brokers. 

And so that's, of course, a change from the way Travelers used to do it, where most of the cyber, if not all of the cyber that we used to sell, was through our multiline underwriters. They would do cyber in addition to private E&O and Financial Institution business and whatever else. And so that was the first change that happened, the way we connected with our distributors.

We spent a lot of time before we put that back together, formally and informally interviewing our agents and brokers on how do you want us to set up and how do you want us to connect with you? So we took all that information, and that's what went into our go-to-market strategy. So that was one.

Two is really our scan capabilities. Travelers had a scan capability. Corvus had a different scan capability. And we really looked at both of those scan capabilities to say, let's take the best of both worlds so that we have a market-leading overall scan capability. So from our agents and brokers and even customer standpoint, you should know that we've looked at two different models, and we've come out with the best of both worlds, frankly, with those two different models. So we've got two scans that are looking at all of your vulnerabilities, all of your threats and all the other different risks that you might have. So we think that that's a real value-add to our agents, brokers and customers.

And then last but not least, and this is a big one, are some new risk control services that we're introducing on our CyberRisk policyholders. And so our cyber risk control team is led by Lauren Winchester. Lauren Winchester has over a decade in risk advisory services, threat intel services.

And what we're really providing is three things from that team. No. 1, she has a team of in-house experts that are ready and waiting for that call and that engagement with an insured to talk about what are their vulnerabilities? What are their threats? And how do we close those vulnerabilities and threats down? And I can go into in a minute in a little more detail what those experts do.

The next thing is our 24/7 threat monitoring and intel notification process. We issued over 3,000 notifications directly to insureds of critical threats, imminent critical threats that they have. And I know Madhu will get into this in a little bit more. But that was the next capability that we've added to our suite of coverages and services.

And then the last is we are starting to roll out what we call our Cyber Risk Dashboard. So when our insureds buy a CyberRisk policy, they're going to get a notification on how to sign up on this dashboard. They can then log into the dashboard and get things like, well, what is my cyber score? What domains did you look at when you evaluated me? What vulnerabilities did you identify? And we categorized those in high impact, medium impact, low impact.

So focused on the high impact ones. And a whole bunch of other information that's in the dashboard that allows us to engage with the customer to look at the risk profile and hopefully lower the risk profile overall. So, those are a couple things that we've worked on when we came together with Corvus, bring over some of that insuretech capabilities of Corvus into the Travelers book of business that we're now offering to the legacy Travelers customers.

JOAN WOODWARD: OK, great. Thanks for that. So I want to go a little deeper. So let's go further on the underwriting process itself. So, Madhu, can you walk us through and maybe share the pieces that have evolved here?

MADHU TADIKONDA: Yeah, sure. So just as a backdrop, the whole underwriting process for cyber is different. It's not a fixed table, right price the account and then see you in 365 days. And that's not surprising. The risks are always changing, and our policyholders are always changing the systems they're running, what their network infrastructure looks like. And so at the heart of the underwriting process, we kind of referenced the proprietary scan and score.

And what that really is, is now sort of eight years and counting of every incident or claim that we've seen, every incident or claim that we've seen on submissions that we didn't write, and then tied back to what those customers look like before those happened. So it's a pretty rich, textured data source to start looking at what's actually driving frequency and severity.

And because that kind of drives pricing and underwriting, we can be pretty transparent with the policyholder or potential customer of, hey, this is the risk that's driving the decision. And if you remediate this or change this or this is what's giving you something better. And that kind of dialogue with the policyholder and broker is something that's very different and just kind of enriches this conversation when people are trying to figure out what's the why or decision behind something.

The second is we've invested a lot just in a modern tech platform. Speed matters. So getting answers to brokers quickly, auto quoting where we can, highlighting just the key questions that are remaining and making sure that process is frictionless is an ongoing part of underwriting.

And the last part is really we make a very concerted effort in partnership with the brokers to capture contact information as many as possible and fresh at those policyholders. And that's key because on an ongoing basis, we're constantly scanning our policyholders to see what they're running. Pete referenced this. Also looking at vulnerabilities, threats that are emerging in the marketplace and matching those too.

And because we've got a fresh connection and hotline to the policyholders, when something starts emerging, we can reach out to them, and all of that sets up, again, at the time of renewal or the next decision. So it's a very different kind of dynamic underwriting process of continuous gathering of information and interaction with the policyholder, which, again, is what you really need when such a dynamic and changing risk environment.

JOAN WOODWARD: OK, thank you for that. So Pete, actually are these services and capabilities currently available or is there going to be a continued rollout? And I know we have some friends from Canada on our shows all the time. When can they expect these new capabilities?

PETE HERRON: We do have a rollout process to them on the Travelers book of business, the CyberRisk policy book of business. And so we're starting with new customers. We're then rolling it out to renewal customers as they renew in the United States. We're then going to look internationally, whether that be Canada or elsewhere. Later in the year, late summer maybe, third quarter, we're looking at rolling it out. And then we're even looking at our business insurance customers.

Because Madhu and I are both in the group at Travelers called Bond & Specialty Insurance, and we sell a lot of cyber over here. But there's other parts of Travelers that sell cyber also. And so we're looking to connect these services to our business insurance partners, too, later in the year. So we got to do more evaluation of that.

Let me go back to the services, though, because I want to say one really important thing about the services. We're incredibly excited about all the services. Lauren Winchester is fantastic. She's got a great group. We're looking forward to rolling these out and you guys engaging and your customers engaging on these services. But I want to give you a stat that's really important. And I think there's a lot of carriers that sell insurance, and we're one of those great carriers that sell insurance.

But I think it's the services in addition to the insurance product that's really going to set the markets apart. And we really think these services set us apart. And the stats that we've developed that of all of our customers that engage with us on our risk control services, you have a 20% likely-- less likely chance of a breach. And if you do have a breach, on average, the costs are 27% less. So what I'm saying is, as we roll out these services, as our customers engage on these services, they are having a tangible impact on lowering the risk profile to a point where we can show that those customers have a 20% less likely chance of having a claim.

I think that's a game changer. I think that's big time. We're all in this business of selling insurance, and that's great. But if we can lower the profile so that a customer doesn't have a loss, boy oh boy, we've just removed that fairly massive headache before they've even had it. And I'm proud of doing that. I can't do it all the time. I'd love 20% to become 40% less. But for now, I'm just saying engaging with these services has a tangible impact on lowering the profile and lowering the chance of loss.

JOAN WOODWARD: No, I think that's great, especially preparing and preventing for this. And we know there's so many things businesses can do to prepare and prevent it from happening. That's our goal. So it never happens to them. Of course, it is going to happen. There's bad actors. They're changing how they approach these businesses on a daily basis. And it's very hard for people to keep up. But there's a lot of marketing noise out there related to the cyber language. And you usually don't hear about those success stories. So, Madhu, can you give us a real-life example of how you've helped a policyholder recently?

MADHU TADIKONDA: Yeah, sure. Happy to. And I do think in cyber, it'll be a broken record on this, but just speed matters. And ransomware has become a multibillion-dollar industry. It's sort of a weird way to think about it. But like other industries, it has also specialized. So you've got folks that find vulnerabilities, folks that sell that and create an exploit, folks that then sell that and hit every company that's running something. But the point is that takes time. It's 24 hours, 48 hours, 72 hours. But if you can interact with the policyholder in that time, you can either stop a claim or reduce the blast radius.

So, there was an example recently where we found that cybercriminals were selling remote access credentials for one of our policyholders on the dark web. And we were able to match that quickly. And we know that once those appear, you've got, again, that short window to really do something about it. Someone's going to buy it and do something bad with it. But because of our threat intelligence team and the scanning, we were able to get to the policyholder and broker right away.

They found the unauthorized activity on their network and shut it down pretty quickly. And we're sort of estimating without this early warning, it pretty much would have ground their operations to a halt. It was a bunch of critical systems and really put them at risk. And it would have been a quarter-million-dollar claim or more. So again, that interaction and being able to step in quickly is a big one.

And that's just not a one-off. So we've given almost something like 30,000, sorry, 3,000, for 3,000 policyholders have delivered some of these critical alerts of hey, you're in the crosshairs of something bad that could happen. You need to get on this quickly. And we kind of gang tackle that with the brokers and make sure we get to the right people to really act in that window. And so the numbers that Pete's talking about of frequency and severity loss, that's really behind it, of just having those interventions at just the right time.

JOAN WOODWARD: OK, great. So as many people know on this call, Travelers does a Risk Index every year to survey business owners about what they're worried about. And so last year's Risk Index revealed an unprecedented level of concern surrounding cyber threats. So, 62% of businesses we surveyed named cyber risks as their top concern. Pete, given that heightened awareness and concern, how have businesses really reacted to be better prepared for potential attacks?

PETE HERRON: Yeah, I mean, first of all, it was the top concern. Sixty-two percent was the highest of any of the concerns that they had. So of course, we want to take that seriously. And we do take that seriously. We have noted improvement in cybersecurity controls and implementation of those controls in the accounts that we receive. So through the underwriting process, we see the profile of the risks getting better. And that's the good news.

I think on the other side, in the index, surveying these business owners, we found that 93% were familiar with MFA. That's good. I wish the other 7% would also be familiar, but I'll take 93% familiar. But only 63% of the businesses surveyed had implemented MFA with remote access control. That's one type of the MFA. It's a very important piece of the MFA. But 93% are familiar with it. Only 63% implemented it for remote control. And when we get to small accounts, only 48% of the small accounts implemented MFA for remote access.

So while I think we've all made improvements, I think the industry has gotten better as far as customers, insureds, understanding the importance of implementing basic controls, I think there's still room to go, to be honest with you. We've all got more work to do on that. So a little bit of improvement, but there's still a lot of opportunity to continue to push implementing basic cybersecurity controls.

JOAN WOODWARD: So is this higher level of concern and awareness, does that equate to more people pursuing cyber insurance policies? You would think that they're so worried about it that when they find out there's an insurance policy that they could buy, acquire, purchase, is that happening or not?

PETE HERRON: More yes. But still, I think any agent or broker on the call or anybody else will say, again, we've got room to go. Again, based on this survey, two-thirds, actually, only 65% of those surveyed bought insurance. And when we break that down into small, medium and large customers, only 41% of small-sized customers bought and only in the 70% did middle market, mid-sized customers buy.

And so there's still room for opportunity there, whether they think the price point is too high or they don't fully understand the coverage, or they're so confident in their controls and their configuration and their architecture and their access that they don't think it's needed. We all have an opportunity there to continue to educate more and sell more.

JOAN WOODWARD: Yeah. And our partnership at the Travelers Institute with CISA, which is the Department of Homeland Security's agency that worries about cyber and raises threat assessments around cyber, I mean, they love that the insurance industry is really helping to raise awareness, because it helps them do their job to make sure that not only government vendors, people who are businesses that have business with the federal government, but also their vendors and their partners are aware that there is a cyber insurance product they could buy to protect them.

So the government agencies are happy we're doing this, raising awareness. But again, as you say, there is a ways to go and getting people to-- and I also have heard from agents that they might have a hard time selling it, explaining why it's needed to a customer. So it's our job to really lay out why it's important.

OK, so let's talk about the threat landscape now. Because again, it's getting trickier. It's getting harder to detect these bad actors. Madhu, now that we have this heightened awareness, what are the main cyberthreats in the landscape out there currently facing companies?

MADHU TADIKONDA: The two big categories haven't changed too much, which are-- I think we've got a slide-- business email compromise and then ransomware. But within those, it's exactly as you said. There's a cat-and-mouse game and constant evolution.

(DESCRIPTION)
Current Cyber Threat Landscape. Business Email Compromise: 21,442 complaints and 2.8 billion dollars in losses in 2024. 1.2 million dollars average wire transfer, $130K median. Ransomware: $553,959 average ransom payment in Q4 2024; median $110,890. 33% of ransomware victim companies had between 1 and 100 employees. Attackers stole data in 87.6% of ransomware claims. Sources: FBI IC3 2024 Internet Crime Report, BakerHostetler 2025 Report, Coveware Q4 2024 Blog. 

(SPEECH)
So business email compromise really is when a threat actor uses what they call social engineering and email to an employee and is able to get access to information, credentials, get somebody to purchase gift cards, somebody to make a funds transfer. And you might be wondering, in 2025, are people still doing that? And the answer is yes. I ask my mom that all the time when she responds to these things. But it's really a volume game from the bad actor side. So they send lots and lots of these things and they only need a few to hit. And that still comes. 

And one of the law firms we work with gave these stats, which I thought were pretty eye popping, which is over $1 million average wire transfer. Now, the median is $130K. But it means some pretty large fund transfers, outbound fund transfers are happening even today with all the worries and controls. So that's the bad news. And it's something like 3 billion of losses I think the FBI estimated a couple of years ago.

The good news is, I think, and this is a great position for Travelers, we've actually been working with more law enforcement agencies to either freeze funds or recapture those. Now, again, time is of the essence. But those links and partnerships are helping us actually get money back when that sort of stuff happens. But that's something that's not going away. And I'll talk a little bit later about where AI might even be changing that as well. The second is ransomware.

JOAN WOODWARD: Ransomware, yes.

MADHU TADIKONDA: Is ransomware. That's right. And so that usually had been a threat actor coming in, freezing a system and then demanding a ransom payment, usually in bitcoin or cryptocurrency, to then release it. As companies got better with backup data, the threat actors have shifted a little bit where now they freeze or steal data and then threaten to leak that on public sites. And so that includes a reputational risk. It includes potential third-party actions and claims. But that's something that's very worrisome and is how things have moved.

So ransomware is sort of still happening. We'll talk a little bit about some of the drivers later. But the average ransom paid in Q4 was over half a million dollars. And that is still the biggest driver of claims even between the two of this. And I think there's still one myth that ransomware actors really just go after big companies. And as things have gotten scaled and automated, really no one is safe.

My dentist had a ransomware thing. They're really able to hit in a very scaled and efficient way lots of companies and see what hits. And their patterns of how they do this and which software they go after is, again, constantly evolving. So these two categories haven't changed that much. But within them, there's a lot of evolution of what happens. And then obviously, the defense mechanisms we use.

JOAN WOODWARD: Yeah. And I recently learned, I probably should have known this earlier, but you can negotiate with your ransomware bad actor, and they will negotiate with you. I mean, is there a 800 number you call? Are they trustworthy? Tell us that process of negotiating with a ransomware threat.

MADHU TADIKONDA: No, you're exactly right. And again, I think we've kept so much data on this stuff, we know the reliability of which bad actors tend to follow through on things, where they tend to settle relative to initial demands, what that sort of approach ought to be. And then as new crops of threat actors come, we figure that stuff out. But absolutely, there's a real pattern to that and where you can push and have stiff resistance.

I will say some of the threat actors are actually going into companies and figuring out what their insurance policy limits are and then making that demand. So again, they're always one step ahead, and we work through that. But they really are bad actors that are criminals on the other side and have different abilities to negotiate and push that we exploit.

JOAN WOODWARD: So are these criminals, I mean, are they trustworthy? They give their people their data back most of the time, all the time? How does that work?

MADHU TADIKONDA: Yeah, I mean, there is a reputational risk for them too. If you systematically collect a ransom and then to release the data anyway, people will take a different posture. So again, there's the honor among thieves. They have to be credible in following through on their promises. It gets tricky when there's new firms and threat actors that come up that we're not sure who they are or whether they have the same brand name and reliability as other ones. And that's an ongoing process.

JOAN WOODWARD: Good to know that criminals are worried about their reputation. There's so many different ways to think about that.

MADHU TADIKONDA: That's right, that's right.

PETE HERRON: I'd say too, I would just add to that, I mean, that whole line of question and answer, I mean, we could go a lot deeper on that. It's very interesting. There is new crops of threat actors every year. And as a matter of fact, 2024 had the largest additional new group of threat actors than any other year. I think it was 55 new identified threat actors. So every year, there is more. You got to identify are they new new or new recycle kind of thing?

And then what's the reputation? When you pay the money over, the bitcoin over, are you going to get the encryption key and are you going to get the data back? And is it going to be kept secure? So it's a constantly evolving process between the known threat actors and the new threat actors.

JOAN WOODWARD: Yeah. And again, just having someone like Travelers have your back on these things and know how many and their patterns of behavior, that's really important information. And it's a great line of questioning. OK, I want to talk about this new ransomware report that Corvus by Travelers released on Q4 data. Madhu, can you walk us through some of those key findings? Or what's new this quarter?

MADHU TADIKONDA: Yes, I think there is the-- wait for the slide.

(DESCRIPTION)
Key Insights: Ransomware Goes Full Scale. Key insight 1: Ransomware leak site activity reached a new quarterly peak with 1,663 victims posted, breaking a record that had held since Q3 2023. Key insight 2: In 2024, 55 new ransomware groups emerged, a 67% increase in group formation from the previous year. Key insight 3: Q4 data continued to show a shift away from mass-scale vulnerability exploits and toward more repeatable methods of identifying targets, confirming 2024 as a year of "scalability" for ransomware groups. Source: Travelers 2024 Q4 Cyber Threat Report. Logo: Travelers. 

(SPEECH)
So, leak site activity, which is basically what we're talking about, which is that threat to release data, is a new type of way that ransomware is working, which has got a lot more focus. I mentioned it quickly before, but it does also raise third-party issues. Did you handle the data properly? Does that invite other lawsuits based on that? So it's kind of turning it into a first- and third-party risk in some ways. 

The second one is that Pete mentioned. And it really is, I think, a lot of the original ransomware group founders got really wealthy and retired, and they've sort of turned the reins over to others or groups have split up. And that's where a lot of the new crop come in. But we can sometimes trace the heritage of where they came from and that sort of thing.

The last one is that I think sometimes there's a view that there's some mass exploit or some issue that everybody pounces on, and it drives a lot of the losses. That hasn't been our experience in 2024. In fact, we had from-- we're able to see from one of the threat actors that's their playbook of what they were recommending for new entrants to be successful in the field and that kind of thing.

And a lot of it was just tried and true brute force, working through passwords on remote data protocols, just the old tried-and-true things, scanning for any minor vulnerability and going after them. So less of a, hey, this is a critical failure that's going to hit everywhere that everyone pounces on, but lots of smaller ones that are hitting. And again, the repeatable playbooks that folks are using. Again, we can think about ways to defend against that and fortify, but it's interesting how that attack focus has changed over time. But ransomware is high, frequency is high, the payments are high. And we're back to some of the prior year levels of a real challenge there.

JOAN WOODWARD: And I would imagine, too, these bad actors that are in your system, scanning and looking at everything, that's another reminder to people don't put your insurance policy limits in your database there. But they know how much you could potentially pay, because they're seeing your revenue. So they're not going to ask for some crazy amount of money that you can't pay. They're going to ask for something that's within your budget, if you will. Does that make sense?

MADHU TADIKONDA: No, exactly right. And they calibrate their demands to what's the size of this business. They've got their own models running of what the first demand ought to look like. And I think there's a real science to their criminal behavior.

JOAN WOODWARD: OK. I'm going to pause here for a second and take a question from our audience, because there's so many coming in. Again, if you have a question, please put it in the Q&A feature. But Nancy Keahon from Marsh McLennan wants to know, Pete, maybe this is for you, are there special classes of businesses or industries that are particularly targeted or vulnerable to a cyberattack? Can you take that one, Pete?

PETE HERRON: Yeah, sure. And I think we actually even have a slide that might go with this. But IT services and IT consulting and the second bar from the right.

(DESCRIPTION)
A bar chart titled Ransomware attacks by industry: year over year comparison tracks year 2024 with red bars and year 2023 with blue bars. x-axis labels include Construction, Financial Services, Government Administration, Hospitals and Healthcare, IT Services and IT Consulting, and Law Practice. The y-axis represents number of attacks from 0 to 350 in increments of 50. Financial services experienced a slight decrease in attacks in 2024. All other represented sectors experienced an increase in attacks in 2024, with the steepest increase in construction attacks from about 225 in 2023 to about 350 in 2024. Source: Travelers 2024 Q4 Cyber Threat Report 

(SPEECH)
That's showing up a little bit. And you may say, oh, it's up a little bit. But for me, the concern with that bar being up a little bit is IT services and IT consulting can have a much deeper reach than just the IT firm itself, all their customers that they're working with to the extent that they're impacted by the ransomware attack. 

And in 2024, we had some attacks that actually impacted a bunch of different customers. That's why that increase in that bar for 2024, I put a little bit of a spotlight on that, because while it only shows up, I don't know what the percentage is. I don't know-- 10%, 15%. But that could have a much far-reaching impact to the extent that those firms have a whole group of customers that are also impacted by those ransomware attacks. So that's one that's up.

I have to jump to the first bar, which is construction. It's already one of the highest number of attacks than any other industry. But the increase in the number of attacks is huge also. I think that's a 56% increase year over year. So that's very concerning.

And listen, I'm not going to opine exactly why construction is such a great industry to attack. Clearly there's awesome construction companies that really have great controls. But maybe there's construction companies that spend a lot of time and energy and are focused on their project work and their construction work and aren't as focused on their cybersecurity. I don't know exactly, but that's a very concerning industry for the insurance industry. But it's also, of course, concerning for the construction industry, who's getting attacked more.

And then I look at the good old hospital and Medicare-- and health care, I'm sorry, which is up. That's up also considerably. Hospitals and health care has a huge amount of PII. And so that's a real vector for threat actors to go after to get that kind of very sensitive personal identifiable information. And that's up also. So those industries in particular, I think, are probably the most concerning.

JOAN WOODWARD: OK, thank you for that. So let's get to solutions. And this is the part of the show I'm really interested in. So, what actions right now should companies be taking to harden against a cyberattack? Madhu, do you want to take that one?

(DESCRIPTION)
Text: 5 Cyber Readiness Practices. To help protect your organization, Travelers' cyber experts recommend five practices that, used collectively, can provide a strong defense from an ever-changing range of cyber threats: before, during and after an event. Multifactor Authentication (M.F.A.), Endpoint Detection and Response (E.D.R.), Back up Data, Update Your Systems, Incident Response (I.R.) Plan. 

(SPEECH)
MADHU TADIKONDA: Yeah, sure. I wish there were a silver bullet or a thing somebody could do to fire and forget. And these are going to sound a little bit like brush your teeth and eat your vegetables type thing. But there is a lot of day-to-day blocking and tackling that you need to get right to reduce risk.

And a few years ago, everyone was talking about MFA, multifactor authentication. Pete mentioned it's just a small fraction of companies that don't have that now. If you don't have that, you are the car that left the keys in the ignition. You are low-hanging fruit and someone's going to come after you. 

But even beyond that, for MFA, it's how is that deployed? Is it updated? Is it on remote access? Is it on email? There are ways to get that right and better to actually reduce risk. So that's a key one and still something that's valuable.

Endpoint detection and response. Think of that as almost like antivirus and detection of anomalies within your system. Those systems actually are effective and get better and better, will get even better as they're more and more AI powered. But that's scanning your own network, looking for things that could be early signs of bad behavior.

Back up data. It sounds basic, but really knowing that you've not just checked the box on that, but you know that data is accessible. We find claimants all the time where they've got backup data, but it wasn't exactly what they thought. It wasn't updated. It takes a long time to come back up again. So it's almost like you've got to pretend that you've had an issue and see that all those backup data systems work and that you've been capturing the right critical information and making sure that's a very active, ongoing process.

Update your system. That's patches, updates, just a lot of stuff. Even the vendors put out patches, but people aren't using it or they're not using the right releases. So staying on top of those. And we've been working to help fingerprint what our policyholders are running in case there are systems that are behind or versions that are behind.

I'd add update or look at key processes also. It's amazing within companies that there may be no controls over a $50,000 or $100,000 outbound funds transfer that one person can initiate and do that. So again, some of those blocking and tackling steps can actually forestall a lot of these things.

And then an incident response plan. So when one of these things hit, it's scary. It's often the worst day in the business owner's life. But that shouldn't be the day you're trying to figure out who to call or trying to dig up a number for your IT guy or insurance or those things. So really working through what that is and what you would be doing when you get the nasty, scary message that your system's been frozen so that you're not coming up with it from scratch.

So a lot of things that sound like good housekeeping, but there's ways to do this well and make this part of the DNA and ways where you're sort of caught off guard. And that's some of the advice and either an underwriting or controls or direction we try to give to really increase resiliency and protection here.

PETE HERRON: Madhu, let me add to that. I mean, those are spot on and critical and fairly basic for a lot of insureds. And hopefully they implement all of them. But the other one is that really mean partner with your insurer. We've got resources, whether it's the risk control and risk advisory team, whether it's some of our other expertise in data science or others. But I think by partnering with your insurer who has those kind of resources, we can also help your customers be better risks.

And so spend time with us. Get to know us. Get to know Lauren Winchester's team as we continue to roll out these services. But I think that that's critical. Implement basic controls. And if any agent or broker needs some help with the customer in walking through those, we can start with our underwriters educating you and working with you. We got a lot of great training sessions. But then if it goes deeper to that, we can get our risk advisory, risk control team on the scene, and they can help also. So I want to add that to the basic controls. Absolutely that's table stakes. But I think we've got resources here that we can offer also.

JOAN WOODWARD: And also, Pete, this line of business, this insurance line of business I think is terrific, because you're actually helping people even before they buy the insurance. You're looking at their business to say, here's your vulnerabilities. So you're doing kind of a risk assessment with the CEO or with the Chief Risk Officer and saying, these are the things you should do now, even before you buy insurance. Then when you have the insurance product, of course, the incident response plan is key.

And you don't want to save that on your computer. You want to print it out. You want to have a printout of all your employees' phone numbers. How many people would look to their systems and just, oh, I can get that off the web. Well, when your systems are all down, you can't find a lot of things on the web. So print it out, put it on a bookshelf. How often should people update their incident response plan, Madhu or Pete? What do you suggest? Once a year? Is that enough?

MADHU TADIKONDA: Yeah, it really depends on the scope of the organization. But I think things like phone numbers, who you're going to call, what that chain and tree looks like, that should be pretty fresh, especially as employees change. And then I think adding into the loop the insurance carrier, who we are, that kind of thing. And that interaction, I think, is a big part of it. So there could be pieces of it that really need to be fresh. If something is radically changed with your infrastructure, you merged with another company, added something very different, that's also a good time to take a good look at things and figure out what your plan ought to be.

JOAN WOODWARD: OK, terrific. Now let's go to audience questions. My favorite part of the show is to hear from our guests. So Christie Klein of Acrisure asked, what services Travelers offers to insureds by-- say they're new. They're new to buying cyber insurance. So what services do we actually offer? I talked about this a little bit. Before you actually buy the policy, there's a lot of lead-up to that with the broker. So exactly what does that look like, Pete?

PETE HERRON: Let me give-- when they buy, again, they're going to get an email, register for our dashboard, which then unlocks the services that you get and the access to the expertise. We got a whole list of things, some of which we've already mentioned, that you get-- you know your vulnerabilities. You can engage with somebody on those vulnerabilities. You can talk about tightening them up. But we've all talked about MFA.

You can get access to somebody-- the insured can get access to somebody to talk about MFA implementation support. It's basic but take advantage of that. Call our risk control, risk advisory team. Have the insured call the risk control, risk advisory team. And talk about what is MFA? What are the three different ways of-- at least three different ways of MFA. Do we have it configured for each one of them? That's the kind of stuff.

Take advantage of those services in addition to the services that we provide for business continuity planning and incident response planning. We can do for certain size customers-- it's not everybody, but we can also run the scans for your-- our insured's third-party vendor up to a certain number of scans. So we can help some of our customers understand their loss profile as it relates to their relationship with somebody else. So, employee training. There's a whole list.

In addition to the basic, we scan the book with our scans once a month on average. Doesn't happen for every single risk. But we're constantly scanning to see on a regular basis what vulnerabilities the insured has. We're also continuously scanning for certain high-risk threats, and we're also scanning the dark web for threats. This is the stuff that we are constantly doing. And to the extent we find something new or changed, we're notifying the insureds immediately. There's a lot in there, but that's what you get when you buy Travelers, either from on the front end, the scan and the protection, or on the back end engaging with our advisory team and risk services team.

JOAN WOODWARD: OK, thanks for that. Another question coming in. My firm currently has a cyber policy with Corvus. How does this acquisition affect that policy? Good question.

PETE HERRON: Yeah, Madhu, I don't know if you want to take that.

MADHU TADIKONDA: Yeah, no. So there should be no change for that. And that, again, with the services and continuity of those things and focusing on the renewal book and how we add some of these things. So there should be no change to that. We've preserved the Corvus brand name too. And so that is something especially for existing policyholders there shouldn't be any change.

PETE HERRON: Yeah, I might want to add some of it is distribution focused. And so as part of our go-to-market strategy, I would say, Madhu, I think that answer is 99% or more percent. I just want to make sure there isn't one out there that is going to certain distribution that for some reason changes. But I would think that answer holds true for by far the majority of the legacy Corvus book.

MADHU TADIKONDA: And for renewal. Right.

JOAN WOODWARD: OK. Great. Madhu, I have a question for you directly. Where are these bad actors from? Where are they sitting?

MADHU TADIKONDA: I mean, it's really a global operation. And this is years ago. I'd actually seen, and this was in Romania, what looked like a call center with people filled in in every cubicle and managing hundreds of chats that were basically either these business email compromises or whatever, sending nastygrams. And it was viewed as a regular job that you could do. And so I think there's a bunch in Asia.

There's the teenager in the basement. There's folks who in any given country drop little key fobs in parking lots of companies and wait for somebody to stick it in. So it really is sort of a global business. But there are, I think, hotspots in Eastern Europe and Asia that tend to be clusters where it's a real local job opportunity.

JOAN WOODWARD: Wow. It is quite the industry. Another question coming in. Denise Billings wants to know, will you write stand-alone cyber? Pete, you want to take that one?

PETE HERRON: Oh, sure. I mean, that's a significant portion of our book of business. We sell cyber stand-alone. We sell cyber packaged at times with other coverages, in our Private and Nonprofit Management Liability business unit, in our Financial Institution business unit. We sell cyber with our small P&C customers as part of the BOP. And so we will-- but absolutely. Answer to the question will you sell it stand-alone? Absolutely we will sell it stand-alone. For sure.

JOAN WOODWARD: Another question coming in from Amber Taylor. What is or is there a threshold for automatic quoting?

MADHU TADIKONDA: So, we're kind of playing with that all the time of whether it's 10 million, 20 million, 50 million and then layering not just the revenue size companies but also layering just simplicity and complexity of the policy that's being asked for. So sometimes you do have small businesses that have complicated infrastructure and questions and those things, and that will kick out to an underwriter. But we're finding that brokers are actually able to push more and more up to 50 million revenue company accounts. And that's in our strike zone for auto quoting or rapid quoting and all through API connectivity with brokers.

JOAN WOODWARD: Another question coming in from Sam Kempton. Do we have to buy Corvus cyber through a broker, or can we buy directly from Travelers?

PETE HERRON: Again, Madhu, you want to talk about the Specialty Cyber business unit?

MADHU TADIKONDA: Yeah. And this is a little bit of where the go-to-market positioning works. So we've got the Specialty Cyber unit, which is-- still sells under the Corvus brand for certain distribution partners. And then you've got Travelers policies also offered by the field underwriters and those things. So depending on which distribution channel it's coming from, it'll get routed to the right underwriter. But some of the things we're talking about, services and those things and the scan behind it, are common for those.

JOAN WOODWARD: OK, wonderful. How about for you, Pete? Could you give us a scenario where a construction company would be more so at risk, or why construction companies seem to be targeted? Is there a particular reason? That comes from Ondrey Mitchell.

PETE HERRON: Listen, it's going to be an overgeneralization. I don't want to incriminate any construction company. My son works at a construction company. I think there has been a line that construction companies are really good at construction. And maybe they're-- and again, I don't want this to come across as a broad-brush comment, but whether they're not investing in the cybersecurity controls that they should be, they don't think that they're a risk.

I mean, a hacker, what is he going to do to me as a construction company owner? You can't really impact me. I've got material and labor on a site. And so I'm not necessarily connected to an external website maybe. I can't say for sure. I could just tell you what the numbers represent. It's the highest industry from an attack standpoint and the highest growing industry in 2024. And that's unfortunate, honestly.

So I'd go back to the basics with this isn't construction. This is any firm. Go back to the basics that Madhu said. Implement those five basic things. If you need help with those five basic things, if you buy insurance from us, we'll talk you through some of those things. If you need more help from an outside expertise, IT consultant or whoever you're working with, engage that. But my recommendation to any agent or broker that's working with construction firms is start with the basics and see where they are on implementing the basics, and then go from there.

JOAN WOODWARD: OK. A number of questions coming in. I can't name all the people, but you know who you are. Want to know what does a good cyber incident response plan look like? Do you have a template at Travelers? Is the Department of Homeland Security CISA a good place to go to see that? What would you say to someone who wants to write an incident response plan? It sounds like a few folks don't even have one. So let's start with the basics.

MADHU TADIKONDA: So, we've got some good templates for that. And again, it varies across organization. It can be as simple as these are some of the basic steps you'll follow that we can help develop all the way to tabletop exercises where you're actually working through a sample incident and what would happen and almost sort of wargaming what that would look like. That's a more sophisticated exercise. So you can go anywhere across the spectrum on that. But just for basic templates, your plan ought to include these things, that's something that we can provide or work with a policyholder or a broker on.

JOAN WOODWARD: OK. Alejandro Rocha asked, has there ever been a successful recovery as a result of subrogation against a bad actor? Or I know there were several government agencies that were able to recoup some ransomware in some recent incidents. Does that happen often? What would you say the percentage of recouping this money and prosecuting these bad actors, frankly?

MADHU TADIKONDA: Yeah, so the Secret Service has been a good partner in that. And again, it really depends on how quickly you identify the fraud, whether it can be frozen or recouped. And doing that a month later is usually pretty hard. And so getting that done quickly.

The subrogation has been-- which I assume would be maybe against a software company or somebody that had a vulnerability. That there has not been a lot of precedent for. There's maybe still some discussions around that. And then the prosecution of it, there's a lot of-- it's hard to nail down these folks. There's been a few that have been prosecuted and put in jail or when the person comes to the United States, they put them in prison. But they're pretty elusive, decentralized groups.

There are also policies that are kicked around variously of making ransomware payments illegal. Would that change things? I think there's a lot of second order effects with that, and none have really taken off. But there are some high-profile cases of hackers getting nabbed after when they're identified and then coming into a jurisdiction where that can happen, but pretty infrequent. And again, it's viewed as a pretty high payoff, low-risk operation if it's run as the way most folks are doing it.

JOAN WOODWARD: OK, here's a good question coming in from an agent. Is Corvus coverage broader than legacy Travelers coverage? And if so, should retail agents go through wholesale brokers to access Corvus for the broader coverage? Good question.

PETE HERRON: Yeah, maybe I'll start with that, Madhu, and then you could clean me up maybe a little bit. So listen, we do have a different form for a wholesaler as we do a retailer in general. Because it's a different form, there are differences to it, and we look at those differences.

I don't make any declaration as to where an insured should bring their business. We love retailers. We love wholesalers. We love brokers. We love all of our distributors equally. I've heard others say we love all of our children equally, and that really is the truth. We are distributing product all over the place and however we can. And so if a retailer is comfortable that they understand the product and the exposures and how it all works, that's awesome. If they want to use a wholesaler, that's awesome. If it's a broker, and brokers sometimes will do it themselves, sometimes they'll go to a wholesaler, that's all great.

I don't mean to be noncommittal, middle of the road. What I am saying, and I'm saying honestly, is we love all of our distribution partners, and we want all their business. And so that's what we're going after overall. We don't say who should go where and why, because we want to work with all of our distributors.

JOAN WOODWARD: OK.

MADHU TADIKONDA: Maybe the one additional point I would just make is the-- so the Corvus product before had been historically 100% E&S. And the vast majority of the Travelers policies had been admitted. And just in terms of timing and how things can change with admitted filings, there's almost always going to be a gap or difference between how those things work. And again, because it was an E&S form, we tended to have at Corvus more of a wholesale representation. But I think if it's that E&S product, usually a kind of main street smaller agent would access it through a wholesaler versus directly.

JOAN WOODWARD: OK, excellent. Question coming in from my friend Fay Feeney. Hi, Fay, thanks for joining. How has AI impacted your thinking about risk controls for cybersecurity underwriting? Lots of questions on AI. So why don't you take a minute, maybe Madhu, and let us know what the landscape is. I assume AI is helping us identify risks in our underwriting. And I'm assuming AI also is helping the bad actors.

MADHU TADIKONDA: No, I'm glad you raised both, because I think people normally go to the second one, which is-- and look, let's be honest, I think the bad guys usually get the tools faster and use them first in different ways. So just imagine a scary-looking or a compelling-looking email that says, hey, you must have a vendor that looks like this. Here's an invoice. And AI makes that a lot easier.

Someone would know a Pennsylvania-based, mid-size medical supply retailer probably has these vendors maybe scrape something from the website, so it puts a name on it that looks very compelling. So that's AI in the view of business email compromise, making things scarier or riskier is for sure. And I think there's a bunch of techniques too that bad actors are using with deepfakes and things like that.

But it's the other part I think is undertold, which is there's more and more investment, a lot by some of the cybersecurity vendors, of how do you have AI bots that get smarter at detecting anomalies or are able to look for patterns or changes that are likely correlated with things? So like almost everything else in this, it's going to be an arms race where AI will be used for evil, and AI will be used for defense on the security side and where those come up. But we do use AI a fair bit in looking for patterns and underwriting on data, and then also in some of these sort of response vectors. And that's going to keep evolving over time.

JOAN WOODWARD: OK. I'm going to take this last question. Maybe it's a little more personal than talking business, but I think it's applicable and it's going to go to you, Madhu. There's a lot of people on the line who may be with small brokerage houses that are contemplating going to a big group and having their company acquired by a big company like Travelers or another broker out there.

And so what do you say to those mom-and-pops who are looking at you saying, wow, he took this really big leap of faith. You built a company, hugely successful, a couple of hundred people, relying on your good judgment to say, hey, it's time for us to go in-house to a big company. And how do you think about the integration of a small company with a large-- I know culture is going to be first on your list, but what are some other factors to consider?

MADHU TADIKONDA: No, that's exactly right. It kind of comes back to that. And we had a long due diligence, get-to-know-you process. We worked with Travelers as a capacity provider in Europe. And you've got to go on a bunch of these dates. You've got to get to know each other, see the field and see what else is out there. These just don't work if that cultural fit is not right, and you're not both entering into what success looks like. And in our case, it was the M&A that's tricky, which is two complementary different skill sets that had to come together, and you had to preserve both of those strengths. It wasn't like Travelers was doing it the exact same way as Corvus and it was just scale. Those are trickier. And again, you have to get all these questions right and surface them up front.

So I think that sort of-- you'll have all your quantitative things of does it make sense? The strategic stuff at the 30,000-foot level that looks good in a PowerPoint, but there's a lot of gut feel in this. And there's a lot of, hey, what's it like out at dinner, after dessert, when you're looking at the person across the table, how does this feel? Are they valuing people the same way that you are or kind of thinking the things that are important.

And that was a big way that Travelers spent so much time with probably 40 people in various forms of the Corvus folks and really got a sense of our best asset, which was our people, and appreciating that. And I think the commitment to that on the other side has been great. But just be picky. Take your time. You've got to work through all these things. And having the wrong M&A partner is awful. And if you got--

JOAN WOODWARD: I imagine.

MADHU TADIKONDA: Yeah, so you’ve got to narrow-- see what you can to surface that. I don't know, Pete, what do you think?

PETE HERRON: I was going to joke and say you and I have had a lot of dinners together, but Madhu has had a lot of dinners with a lot of senior Travelers people. And it's not easy. It's complicated. It takes really great leadership and communication to bring teams together regardless. That's probably a uniform comment for any type of large buying small.

JOAN WOODWARD: Sure.

MADHU TADIKONDA: And I'm happy to take any offline conversations on that. I feel like I owe it to the next group to talk about lessons learned and those things, and how you navigate through it. It's stressful and you're often alone doing it, and so I'm happy to chat with anybody else.

JOAN WOODWARD: Maybe we'll have a webinar just on that.

MADHU TADIKONDA: Right, right.

JOAN WOODWARD: How you can do it successfully. And we'd love to shine a light on-- and you're a delightful dinner party, Madhu and Pete. So listen, the hour has just flown by. I'm so grateful that you're both with Travelers and you're both offering these services. I think they're really lifesaving services for businesses who are facing a cyber threat.

And this industry, this whole cyber insurance product is new. I mean, we've had fire insurance. We've had home insurance, car insurance for decades, if not centuries. And thinking about a cyber insurance policy is a little scary for folks. So we're here for you. Everyone on the line today, reach out to any one of us. I will put you in touch with the right people. We do write stand-alone, as Pete just said. So bring them all our way. Thank you both.

So a couple notes for my audience.

(DESCRIPTION)
Wednesdays with Woodward (registered trademark) Webinar Series. Take Our Survey. Link in chat. 

(SPEECH)
First of all, there's a link to a survey of what you thought about today's program. Please fill it out. I personally read every single comment, and we get hundreds of them every time. And I read them thoroughly. So let us know what you thought or what else you would like to see on our programs. Other speakers, other topics, please let us know. 

And then also we do live events.

(DESCRIPTION)
Join Us In-Person. In-Person Events: May 13: San Ramon, CA, Leading Your Business: Navigating the Economy, Public Policy and Worker Mental Health. June 12: Houston, TX, Cyber: Prepare, Prevent, Mitigate, Restore (registered trademark). Register: travelersinstitute.org. 

(SPEECH)
So for those of you in the San Francisco Bay Area, we're going to be in San Ramon for an in-person luncheon, a complimentary luncheon with our Forces at Work initiative. And I'll be giving my Woodward on Washington economic and political outlook. That's May 13, I believe. And in June, we'll be in Houston for an in-person cybersecurity symposium there. That's June 12. Please join us if you're in Houston. 

We've got some great webinars coming up. 

(DESCRIPTION)
Wednesdays with Woodward (registered trademark) Webinar Series. Upcoming Webinars: May 7: Ann Marie Colapietro's Journey with Parkinson's: A Story of Resilience. May 14: Mastering M&A: Strategies for Risk Management. May 21: Mindset for Success on the Course and in Your Career with Dr. Mo Pickens. June 4: Live from the CAT Center: Where Expertise Meets Innovation. Register: travelersinstitute.org. 

(SPEECH)
So next week, May 7, I'm going to be joined by my friend and colleague, Ann Marie Colapietro. She is one of nearly 1 in 10 million people worldwide living with Parkinson's disease. And it's going to be a conversation about perseverance, resilience. If you or your loved one is living with a chronic illness or disease, please join us for that. She is just a beautiful example of sharing her story and her lessons learned. 

And then on May 14, we'll have a leadership from the PitchBook Data and Travelers come together to talk about the 2025 M&A study and explore how risk teams are navigating the current merger and acquisition landscape. So, we actually did a study we'll be releasing at RMS this weekend actually coming up.

Then on May 21, just as golf season is getting into full swing, we're going to be joined by Dr. Mo Pickens. He's a renowned golf coach and sports psychologist to professional golfers, including winners of four major championships. He's going to share his insight on how we can prepare for a successful season on the golf course. I just heard my husband just got home from a round of 18, so I'm going to be joining him later this week for more golf, and I hope you do get out there too.

And lastly, on June 4, we're going to be live from the Command Center at our flagship Claim University with our CAT team. And the CAT Command Center is just amazing to see. And we're going to bring you all of the CAT weather-related and preparedness strategies that we employ at our CAT Center.

And don't forget, we have a podcast, the Travelers Institute Risk and Resilience podcast, available on Apple, Spotify and Google.

(DESCRIPTION)
Logo: Travelers Institute Risk and Resilience, Travelers Institute (registered trademark), Travelers. 

(SPEECH)
Thank you all for being with us today. 

(DESCRIPTION)
Wednesdays with Woodward (registered trademark) Webinar Series. Watch: travelersinstitute.org. Logo: LinkedIn. Text: Connect, Joan Kois Woodward. Listen wherever you get your pods. 

(SPEECH)
We couldn't do it without your support and your encouragement through my audience. And Pete and Madhu, you hit a home run. Thank you both. Have a great week, folks. 

[MUSIC PLAYING] 

(DESCRIPTION)
Logos: Travelers Institute (registered trademark). Travelers. travelersinstitute.org.