Travelers Publishes Cyber Threat Report Highlighting an Increase in Ransomware Activity

HARTFORD, Conn. (March 6, 2025) — The Travelers Companies, Inc. (NYSE: TRV) today released its Q4 2024 Cyber Threat Report, highlighting an elevated level of ransomware activity. The report, based on data collected from ransomware leak sites, showed an increase in the number of organizations that fell victim last quarter to ransomware groups, which used repeatable attack methods, such as targeting virtual private network (VPN) accounts that had weak credentials and were not protected by multifactor authentication (MFA).

“Based on our observations, it’s clear that basic attack techniques are still highly effective for ransomware groups,” said Jason Rebholz, Vice President and Cyber Risk Officer at Travelers. “These groups have been on the offensive, proactively hunting for targets and having significant success. It’s vital that businesses implement proven security controls, such as MFA, to make it far more challenging for malicious actors to carry out an attack on their organization. Travelers can help mitigate the risks.”

Travelers works with policyholders by customizing a cybersecurity readiness approach. It includes identifying any cyber vulnerabilities and addressing exposures through a range of pre-breach services, real-time monitoring and alert systems, and around-the-clock access to specialists who help businesses reduce the chance of suffering a cyber event, and recover quickly if an attack does take place.

Ransomware Group Activity

The report identified an increase in new ransomware groups, indicating a proliferation of smaller, more agile threat actors in the cybercrime ecosystem. The formation of new groups can be attributed to several factors, including law enforcement’s disruption of several well-established Ransomware-as-a-Service (RaaS) platforms.

Industry Analysis

One trend that stood out in the report was the increased targeting of IT services and consulting firms. The targets function as intermediaries for other industries, amplifying the impact of an attack through their connections to multiple clients. Government administration, while not as dominant as other sectors, experienced a surge in late 2024.

Additional key findings from the report:

• The construction sector remained a primary target in 2024.

• Hospitals and health care organizations faced persistent threats.  

Previous editions of this quarterly report were announced by Corvus, a cyber insurance managing general underwriter. Travelers acquired Corvus in early 2024.

About Travelers 

The Travelers Companies, Inc. (NYSE: TRV) is a leading provider of property casualty insurance for auto, home and business. A component of the Dow Jones Industrial Average, Travelers has more than 30,000 employees and generated revenues of more than $46 billion in 2024. For more information, visit Travelers.com.