Corvus Smart Cyber Application: What Changed After the Travelers Acquisition

On January 2, 2024, Travelers completed its acquisition of Corvus Insurance for approximately $435 million.[1] The deal combined one of the largest traditional property and casualty carriers in the US with one of the most technology-forward cyber underwriting platforms in the market.

That acquisition matters for anyone filling out a Corvus or Travelers cyber application because the product relationship between the two brands has changed, the underwriting technology has been consolidated, and the coverage paper has shifted. If you are a broker, MSP, or IT lead preparing a Corvus Smart Cyber submission in 2026, you need to understand what is the same, what is different, and what the combined platform means for how you prepare your answers.

What happened in the acquisition

Travelers acquired Corvus to gain access to its cyber vulnerability scanning technology, AI-driven underwriting capabilities, and data science talent.[1] Before the acquisition, Corvus was already known for its non-invasive IT security scanning, rapid quoting, and data-driven approach to cyber risk assessment.

After the acquisition, all Corvus cyber insurance products are written on Travelers Excess and Surplus Lines paper.[2] That is a significant change from Corvus's pre-acquisition carrier relationships. It means Travelers now provides the financial backing, claims infrastructure, and regulatory framework for Corvus-written policies.

Corvus continues to operate as a specialized division within Travelers, maintaining its own brand, underwriting team, and technology platform. The practical effect for brokers is that you can still submit to Corvus through the Corvus portal and use Corvus-specific tooling, but the policy paper behind the coverage is now Travelers.

How Corvus and Travelers CyberRisk relate to each other now

This is the question that causes the most confusion in the market.

Travelers CyberRisk is Travelers' proprietary cyber insurance product line, with its own application forms (short form and long form), supplemental applications, and underwriting process. BindLedger has a dedicated guide to the Travelers CyberRisk Short Form that covers that application in detail.

Corvus Smart Cyber is the technology-driven product that uses Corvus's scanning and AI underwriting platform. It is now written on Travelers paper, but the application, underwriting process, and risk assessment methodology remain distinct from the Travelers CyberRisk product.

These are parallel products, not the same product with different names. A broker choosing between them is making a decision about underwriting approach, not just branding:

• Travelers CyberRisk uses traditional questionnaire-based underwriting with supplemental forms. The short form is for businesses under $50 million in revenue and $500 million in assets.[3]
• Corvus Smart Cyber uses non-invasive IT scanning, AI-driven risk modeling, and a shorter application supplemented by automated external intelligence. It covers businesses with up to $5 billion in gross annual revenue with limits up to $10 million.[4]

As of March 2025, Travelers launched integrated Cyber Risk Services that combine scanning capabilities from both Corvus and Travelers into a unified risk assessment toolkit available to all Corvus policyholders.[5] That integration represents the operational merger of the two platforms' technology, even as the products remain distinct.

The Corvus IT security scan: what it sees and what it means

The Corvus scan is the foundation of Corvus's underwriting differentiation, and it is the reason Corvus can quote faster and with less manual questionnaire burden than traditional carriers.[6]

How the scan works

The scan is non-invasive. It requires no password, no server access, and no agent installation.[6] Corvus identifies the organization's domains, email servers, software, and third-party providers from the outside, then tests security configurations and identifies risks.

Specifically, the scan evaluates:[6]

• Domain and email server configuration, including authentication records (SPF, DKIM, DMARC),
• Exposed services and ports, including any internet-facing systems that present attack surface,
• Software version identification, looking for outdated software with known vulnerabilities,
• Encryption posture on externally facing services,
• Third-party providers and forgotten public assets, identifying infrastructure the organization may not realize is exposed.

Scan cadence and alerts

Corvus does not just scan at application time. The scan runs quarterly during the policy period, and Corvus issues real-time critical vulnerability alerts when new high-severity issues are detected.[6]

That ongoing scanning means Corvus has continuous visibility into the policyholder's external posture. If email authentication degrades, new services are exposed, or critical vulnerabilities appear, Corvus sees it during the policy period, not just at renewal.

Scan effectiveness data

Corvus reports that its scan-and-alert approach has produced a 65% reduction in ransomware-related claims among scanned policyholders and zero RDP breach claims among new customers.[6] Those numbers reflect the value of proactive vulnerability identification and remediation guidance during the policy period.

What this means for application preparation

Because the scan runs before the quote is issued, Corvus already has external intelligence about your environment when it evaluates your application answers. If the scan finds exposed RDP, missing DMARC, unpatched services, or other external vulnerabilities, and your application answers suggest a strong security posture, the discrepancy will be visible to the underwriting team.

The practical preparation step is straightforward: run your own external scan before submitting the Corvus application. The free readiness check covers the email authentication posture and external exposure signals that the Corvus scan evaluates. Fix the issues you can fix before the submission enters underwriting.

Dynamic Loss Prevention reports: what they tell you

After binding, Corvus generates Dynamic Loss Prevention (DLP) reports for policyholders.[7]

The DLP report includes:

• An overall security score with benchmarking against industry peers and similar-sized organizations,
• Granular scores across categories including outdated software, security tool deployment, and attack surface size,
• Detailed scan results with specific findings and actionable remediation recommendations.

DLP reports are delivered at binding and updated quarterly during the policy year.[7] They serve as both an underwriting input (for renewals) and a risk management tool (for ongoing security improvement).

An important nuance: Corvus's public DLP recommendations document says these recommendations are suggested actions and that Corvus will not negate or deny a claim solely because an insured did not take one of the recommended actions.[11] The DLP report is best understood as a risk-and-remediation workflow, not a trap door. That said, persistent unaddressed findings in the DLP report will affect the renewal assessment.

Corvus also publishes a "common subjectivities" resource that highlights recurring underwriting asks: MFA, EDR, backup strategy, email security or filtering, data encryption, and RDP.[12] In practice, the DLP findings and the submission subjectivities converge on the same high-value control families.

For MSPs managing client accounts, the DLP report provides a third-party risk assessment that can be used to justify security investments, prioritize remediation, and demonstrate improvement to the client's executive team.

The vCISO program: what Corvus offers beyond insurance

Corvus offers a virtual CISO (vCISO) program that provides policyholders with consultative security sessions at reduced cost through Corvus's security partner network.[8]

The vCISO program includes specific consultation types:

• MFA Consult: help selecting an MFA solution and supporting implementation planning,
• Backups Consult: building a secure, resilient backup strategy that addresses cyber insurance requirements.

Corvus's security partner network includes MOXFIVE, RED SKY Consulting, SentinelOne, and Tetra Defense, among others.[8] These are not Corvus employees but vetted partners who provide services at preferential rates to Corvus policyholders.

For organizations that are struggling to meet specific carrier requirements, the vCISO program offers a direct path to expert guidance without the overhead of hiring a full-time security leader.

What the Smart Cyber application asks

The Corvus Smart Cyber application is submitted via email to submissions@corvusinsurance.com or through the Corvus broker portal.[4] The application is designed to be lighter than traditional carrier forms because the IT security scan supplements many of the questions that other carriers ask manually.

Quoting speed

Corvus targets quotes in under two hours for most submissions, with auto-quotes in under one minute for eligible businesses.[4] That speed is competitive with Coalition's sub-four-minute process and Cowbell's sub-five-minute AI-driven underwriting.

The speed comes from the automated scan supplementing the questionnaire. Corvus does not need to ask as many manual questions because its scanning technology provides external intelligence about the same controls.

Core application areas

Business profile and website URL. The primary corporate website URL is the starting point for the Corvus scan. The application also says Corvus will scan related or affiliated websites, and the insured will be added to the CrowBar cyber-risk platform.[4] Providing the correct domain is critical because it determines the scope of external intelligence available to the underwriting team.

Revenue and coverage limits. Corvus covers businesses with up to $5 billion in gross annual revenue and offers limits up to $10 million.[4] Revenue drives both pricing and the depth of underwriting review.

Prior claims and incident history. Standard disclosure questions about prior cyber events, claims, and known circumstances that could give rise to a claim.

Backup architecture — with unusual specificity. Corvus's backup questions go deeper than most carriers. The application asks whether backup servers are joined to the Windows domain, whether they are segmented from the production network, whether all critical backups are immutable, whether at least one critical backup copy is offline or air-gapped, and whether MFA is required to access backups.[4] That is a five-part backup question set that tests architecture, not just existence. If your backup servers are domain-joined and reachable from the same credentials an attacker would hold after compromising Active Directory, the Corvus form will surface that weakness directly. For how to build defensible backup evidence across carriers, see How to Prove Backup Immutability for Cyber Insurance Renewals.

MFA — scoped by access type. Corvus asks which of several MFA statements are true: MFA securing all remote access, MFA securing internal privileged accounts, MFA securing access to email through webmail or mailbox applications or from non-corporate devices for all employees, and MFA securing access to all critical business applications.[4] Those scopes often live in different tools and different policies, which is why Corvus submissions get sticky when nobody reconciles them into one answer set.

Endpoint and network defense — with technology choices. The application asks which technologies are in use across laptops, desktops, servers, and cloud workloads, with answer choices including MDR, NGAV, XDR, and EDR.[4] Corvus also asks about least privilege, network segmentation, logging and monitoring, and encryption at rest and in transit for sensitive data.

Email security — with a detailed glossary. Corvus's application contains unusual email-security specificity. The application includes or references protections such as URL rewriting, URL or attachment sandboxing, impersonation protection for key individuals, and email clawback.[4] Those are not generic insurance phrases. They are specific defensive layers that map to real email gateway configurations, making the Corvus email section one of the most detailed in the market.

Training, resilience, and finance. The application asks about annual employee cybersecurity or phishing training, business continuity and disaster recovery planning, and validation of fund-transfer requests. That mix means the Corvus evidence packet usually crosses MSP-owned evidence and client-owned process evidence.

Industry and data handling. Corvus considers the nature of the business, data types handled (PII, PCI, PHI), and industry-specific risk factors in its underwriting model.

How the combined Travelers-Corvus risk services work

In March 2025, Travelers launched integrated Cyber Risk Services available to all Corvus policyholders.[5] This service combines the best scanning capabilities from both Corvus and Travelers into a single risk assessment platform.

The integrated services include:[5]

• Combined scanning capability using technology from both Corvus and Travelers,
• The Corvus 24/7 Cyber Risk Dashboard with real-time monitoring and alerting,
• Access to preferred security vendors through Travelers' partner network,
• Expert guidance from a dedicated cybersecurity team.

Travelers reports that the combined risk services have been proven to reduce breach risk by approximately 20%.[5] That reduction reflects the value of continuous external monitoring during the policy period.

Claims data: what Corvus sees in practice

Corvus publishes detailed claims data that reveals the threat landscape its policyholders face. The most recent data shows:[9][10]

• 87.6% of cyber claims involved data theft, making data exfiltration the dominant loss type,
• Business email compromise represented nearly 50% of cyber claims over a five-year period,
• 1,248 ransomware victims were recorded in Q2 2024 alone, the second-highest quarter on record,
• Average ransom demand reached $1,571,667 in Q2 2024, a 102% quarterly increase,
• Data theft was involved in 93% of ransomware incidents, up from 88% in 2023,
• Organizations without robust backups were 2.38x more likely to pay a ransom,
• Backup strategies reduced median claim costs by 72%.

Those numbers tell you what Corvus's underwriting model weights most heavily: email security (because BEC is dominant), backup architecture (because it determines ransomware outcome severity), and data protection controls (because data theft is almost universal in modern attacks).

Where Corvus applications go wrong

Providing the wrong domain. The primary website URL drives the Corvus scan. If you provide a marketing domain instead of the primary operational domain, or if you omit domains associated with subsidiaries or acquired entities, the scan will miss critical infrastructure.

Assuming the scan covers everything. The Corvus scan is external. It cannot see internal MFA configuration, backup architecture details, or incident response plan documentation. The application still requires honest answers about internal controls that the scan cannot verify from outside.

Not reconciling scan findings with application answers. If the Corvus scan finds exposed RDP and your application says remote access is protected by MFA, the underwriting team will see that contradiction. Review the DLP report findings before finalizing application answers.

Ignoring the BEC risk signal. With BEC representing nearly half of all claims over five years, email security is a primary underwriting input for Corvus.[9] DMARC at p=none, missing DKIM, or weak SPF records are all signals the scan detects and the underwriting model weights. For a complete breakdown of how these records work and what enforcement looks like, see DMARC, SPF, and DKIM for Cyber Insurance. For the financial-fraud side of BEC, see BEC and Funds Transfer Fraud Coverage.

Treating Corvus and Travelers CyberRisk as interchangeable. These are different products with different underwriting processes. If a broker submits to both for comparison, the applications and risk assessment methods will differ. Prepare for each separately. For the Travelers-specific forms, see the Travelers CyberRisk Short Form Guide and the Travelers Long Form, MFA Supplement, and Social Engineering Guide.

A Corvus Smart Cyber prep checklist

Before submitting a Corvus Smart Cyber application:

1. Confirm your primary operational domain(s) The Corvus scan starts with the website URL you provide. Make sure it is the correct primary domain, including all material subsidiary and acquired entity domains.

2. Run an external email authentication check Verify SPF, DKIM, and DMARC posture before Corvus's scan finds issues you could have fixed. The free readiness check covers this.

3. Map MFA across all remote access paths Email, VPN, RDP, administrative consoles, cloud admin portals. The scan can detect some exposed access paths, but MFA enforcement is an internal control you need to verify manually.

4. Verify backup isolation and recoverability Corvus's claims data shows backup architecture is the single biggest determinant of ransomware outcome severity. Confirm isolation, test recovery, and document results.

5. Review endpoint protection coverage Verify EDR deployment across all endpoints. Know the total device count and coverage percentage.

6. Prepare incident response and business continuity documentation Have IR plan, DR/BC plan, and evidence of review or testing available.

7. After binding: review the DLP report and remediate findings The quarterly DLP report is a roadmap for improving your Cowbell Factors and your Corvus risk score. Use it.

If you have a carrier questionnaire to work through, upload it to the Carrier Decoder to identify gaps before submission.

The right way to think about Corvus post-acquisition

The Travelers acquisition gave Corvus the financial backing, claims infrastructure, and distribution network of a major carrier. In return, Travelers gained technology-driven underwriting capabilities that its traditional forms-based process could not replicate.

For brokers and applicants, the combined platform offers the best of both worlds: Corvus's scanning technology and AI-driven underwriting speed, backed by Travelers' balance sheet and claims handling.

The preparation approach is the same as any evidence-driven carrier: verify your external posture before the scan finds problems, document your internal controls honestly, and fix the gaps you can fix before submission.

BindLedger is designed for that preparation workflow. The readiness check covers the email authentication and external exposure signals that the Corvus scan evaluates. The evidence workflows help you build defensible answers for the internal controls that external scans alone cannot verify. For a cross-carrier evidence framework, see The Complete Guide to Cyber Insurance Evidence in 2026. For other carrier-specific guides, see BindLedger's walkthroughs for At-Bay, Cowbell, and Hartford CyberChoice.

---

Check your controls now. Run the free readiness check →

Have a carrier questionnaire? Upload it to see what you're missing →