Close this search box.

Frequently Asked Questions


Your Cyber Insurance Sales Assistant

Common Cybersecurity Questions

What are cyber vulnerability scans?

A cyber vulnerability scan, also known as cyber vulnerability assessment, is a systematic review of a company’s digital infrastructure (the computers, systems and networks). Vulnerability scans identify weaknesses and misconfigurations in this infrastructure and can help a company to fortify defenses against cyber attacks.

Common vulnerabilities include misconfigurations, unsecured APIs, and unpatched software.

  • Misconfigurations: Many applications require manual configuration, a process prone to error. It is important for organizations to automate the configuration process to reduce the risk of human error.
  • Unsecured APIs: APIs (application programming interfaces) provide a digital interface for applications to communicate with each other. APIs are one of the few assets with a public IP address. If not adequately secured, they can become an easy target for attackers to breach.
  • Unpatched or outdated software: Software vendors periodically release updates to add new features and functionalities or patch known cybersecurity vulnerabilities. Unfortunately, because of the sheer volume of updates from different software providers it can be easy to fall behind on updates and patching, or miss a new release entirely. Unpatched or outdated software often makes for an easy target for cybercriminals.
  • Social Engineering: Any network is hackable if an employee can be duped into sharing access. Over 75% of targeted cyberattacks start with an email.
  • Third-Party Exposure: Vendors, clients, and app integrations with poor security can provide access to an otherwise well-protected network.
  • Configuration Mistakes: Even professional security systems more than likely contain at least one error in how the software is installed and set up.
  • Poor Cyber Hygiene: “Cyber hygiene” refers to regular habits and practices regarding technology use, like avoiding unprotected WiFi networks and implementing safeguards like a VPN or MFA. Just 34% of Americans change their passwords regularly, and only 45% change their passwords after a data breach.
  • Cloud Vulnerability: Online data storage and transfer provide increased opportunities for a potential hack.

Cyber insurance is a critical component of risk management for small businesses in today’s increasingly digital and interconnected world. It provides financial protection, resources, and expertise that can be invaluable in the event of a cyber incident. 

Key reasons for cyber insurance include: 

  • Increasing Cyber Threats: Small businesses are often targets of cyberattacks because they may not have the same level of security infrastructure as larger corporations.
  • Financial Protection: The costs associated with a cyberattack can be substantial, which can be financially crippling for a SMB. Costs can include expenses for data recovery, legal fees, public relations efforts to mitigate reputation damage, and fines or settlements if customer data is compromised.
  • Data Breach Consequences: Many small businesses handle sensitive customer data. A breach can lead to significant legal and financial consequences.
  • Business Continuity: A cyber incident can disrupt business operations, leading to lost revenue and eroding customer trust. Insurance can help cover lost income during downtime and assist with the costs of restoring operations.
  • Use everyday language: Business owners want to understand the basics: What are the issues? How might this affect me? Why should I take action? Communicate in clear, simple terms. Avoid technical descriptions and unnecessary detail. Use everyday language to explain the risks and potential impacts of cyber crime on customers’ operations and bottom lines. Provide an overview of common cyber attacks, their frequency, and their impact.

  • Explain the risks with tangible examples: Clients should understand how the variety and prevalence of cyber risks means potentially greater risk for their business. Many small business owners think they’re not at risk because of their size, when in fact threat actors increasingly target small businesses using automated attacks. And many business leaders aren’t aware that nearly half of small business attacks originate with human error. Or that ransomware attacks often involve significant extortion losses. Or that cyber breaches compromising personal identifiable information (PII) can lead to privacy violations and lawsuits.

  • Explain the value of cyber insurance: Business owners want to make sound financial decisions. Illustrate the typical costs of cyber attacks related to stolen funds, lost business income, extortion, and equipment replacement — as well as the response costs such as technical, legal, and public relations expenses. The cumulative costs of a cyber attack can be devastating for a small business. Show how a cyber policy covers these costs, and helps companies quickly restore operations and protect their reputations.

  • Explain the coverages and what they mean: Cyber policies offer a broad scope of coverage, from network liability to business interruption. Using basic terms, help your client understand what these various coverages mean. Explain when they might come into effect and offer examples of what they provide. Point out the distinction between first-party and third-party claims, to underscore that cyber insurance can cover customer losses as well as business losses.

  • Highlight additional services: Most cyber policies offer benefits beyond traditional coverage. For example, risk assessment provides ongoing protection to identify risks and prevent issues from becoming problems. Many carriers provide in-house incident response teams and cyber claim experts so policyholders can recover faster with minimal business impacts.

It is essential for small businesses to prioritize cybersecurity measures due to limited resources. The three most critical steps SMBs can take to prevent cyber incidents are:

  • Employee Training and Awareness: Regular training sessions on cybersecurity best practices, recognizing phishing attempts, secure handling of sensitive data, and importance of reporting suspicious activities.
  • Implementing Strong Access Controls and Use of Multi-Factor Authentication (MFA): Enforce password policies and use MFA for all critical systems and applications, especially those accessible via the internet. Restrict access to sensitive data and systems to only those employees who need it for their work (principle of least privilege).
  • Regular Software Updates and Security Patching: Establish a routine for regularly updating all software, including operating systems, applications, and security tools. Enable automatic updates where possible, and prioritize patches for known vulnerabilities, especially in widely used software.

While there are many other important practices, focusing on these three steps can significantly decrease the likelihood and potential impact of a cyber incident.

Common Trava Questions

How do I access Trava?

You must be a Catalyit subscriber and have less than 75 employees. If you have 75 employees or more, please contact Trava directly to gain access to the platform.

You can upgrade and purchase the Underwriting or Risk Management modules from the Catalyit + Trava Onboarding page. You will need to be a Full Access subscriber to access these modules, so an annual subscription will be added to your order based on your state and Big I association membership.

Agents can leverage Trava’s platform to offer tailored cybersecurity advice to their clients. With the Trava tools, agents can help their clients understand their cyber risk profile, enhance their risk management capabilities, and ensure they have appropriate cyber insurance coverage. Agents have the ability to differentiate themselves in a market that often views insurance as a commodity.

There are three distinct modules in the Trava platform:

  • Prospecting: Get help with prospecting new clients and grow your cyber insurance book by running Cyber Checkup Reports.
  • Underwriting: Get under the hood of your clients cyber posture and see where the gaps are. Run the full suite of external vulnerabilities reports and complete security control survey frameworks together with your clients to get a better picture of their cyber insurance readiness.
  • Risk Management: Manage your client’s cybersecurity risks with external and internal vulnerability scans, and ongoing monitoring.

Trava’s Cyber Risk Checkup is a rapid assessment that checks the external security perimeter of a client for key gaps. It includes a port scan, certificate scan, and data breach scan. It is part of the Prospecting module. An agent can run the Cyber Risk Checkup by simply entering the domain name that you’d like to scan. The Cyber Risk Checkup can be used to assess where your client is most vulnerable, explain your clients’ cyber liabilities and demonstrate the need for cyber insurance.

Trava provides a suite of external vulnerability scans that reveal system weaknesses and security issues by looking at a company from “outside-in”. Examples of external scans: Port scan, certificate scan, data breach scan, perimeter scan and web application surface scan.

Trava also offers internal vulnerability scans to identify known vulnerabilities, misconfigurations and check the efficacy of existing security measures. Examples of internal scans: Cloud scan, MFA (Multi Factor Authentication) scan, web application scan, agent (endpoint) scan and Microsoft 365 scan.

Security control frameworks are technical questionnaires to assess whether a client has the security controls in place that are required to obtain cyber insurance.


Examples of control questions include: 

  • Do you employ Multi-Factor Authentication on important access?
  • Do you back up your critical data and periodically test your ability to recover it?
  • Do you conduct monthly user awareness training and phishing exercises?

By working through this security control framework, in parallel to running vulnerability scans, an agent can be proactive and help his client to identify gaps in the company’s security posture – and potentially closing these gaps – before sending out a submission to a carrier in order to get the best insurance coverage possible.

Trava Platform Walkthrough

Trava Modules & What's Included

Features Prospecting Underwriting Risk Management
Catalyit Subscription Basic or Full Access Full Access Full Access
Number of Client Organizations Unlimited $500 / 10 Clients $2,500 / 10 Clients
API Access
Ability to interface with the platform's external API for integrated and automated workflows
Custom Branding
Customer Success
Custom Surveys Add-On Add-On Add-On
Customized Reports (up to 3 per year) Add-On Add-On Add-On
Critical Controls Survey
Covers top 10 cybersecurity controls companies should have in place to protect their assets from cyber attacks
Cyber Risk Checkup
Rapid external scan of public domains to identify rudimentary security issues
 Port Scan
Scan for publicly exposed network ports on multiple targets
 Breach Scan
Scan the web for any indications that you have been breached in the past
 Certificate Scan
Review of certificates used on your websites to validate secure communication
DNS Scan
Scan domains and associated sub-domains for security misconfigurations; DNS is essential for emails to work
Perimeter Scan
Scan of external IP addresses for your infrastructure
Web App Surface Scan
Scan the public surface of any web application
IP Attribution
Ability to determine if an IP address belongs to you or a 3rd party provider for the purposes of remediating vulnerabilities
Subdomain Enumeration
An enhancement that allows our scans to identify all subdomains associated with the provided website domain
Cybersecurity Framework Surveys
e.g. Insurance Readiness, HIPAA, SOC 2
Underwriting Applications
Cloud Scan
Analyze public cloud configurations (AWS, Azure, GCP) to identify configuration issues that could lead to security vulnerabilities
Web App Scan
Scan web applications for security issues/vulnerabilities, and to test for conditions that indicate security exposures
Microsoft 365 Scan
Analyze your Microsoft 365 environment to look for configuration issues that could lead to security vulnerabilities
MFA Scan
Identify to what extent, if any, your client has MFA (Multi-Factor Authentication) enabled throughout their organization
WordPress Scan
Scan your clients’ WordPress environments to identify vulnerabilities in the core platform, custom code, and plugins
Endpoint Agent Scan
Scan remote devices such as laptops to detect security vulnerabilities
Internal Vulnerability Scan
Run internal scans of your network to find security vulnerabilities

Cybersecurity Articles

This guide, presented by Trava, provides a description of each vulnerability scan type, key insights learned from each scan, and recommended frequency for running each scan.
This guide, presented by Trava, was designed to empower insurance agents with the tools they need to navigate the intricacies of cyber insurance successfully.
Explore our partnership with Trava Security for advanced cyber insurance tools, essential in today's digital-first business environment.
In this guide, learn how to protect yourself from online scams while enjoying the convenience of holiday shopping on your devices.
Explore 10 innovative ways to leverage cyber insurance for business growth and trust with this guide from Trava Security.
Learn immediate response steps for cyber attacks with Trava's guide, which is crucial for professionals and IT teams facing hacking or ransomware threats.

Cybersecurity Webinars

Check out Trava's demo of their exclusive, user-friendly tools and resources that help you better understand and explain your clients' cyber liabilities while strengthening your cyber insurance quoting and renewal process.
Understanding the complexities surrounding cybersecurity and cyber insurance is more urgent than ever. But where do you start? Join Catalyit's Steve Anderson and Jim Goldman, CEO of Trava, to learn how

Ready to get started?

Forgot Password?


Vault videos are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and watch this webinar on-demand.

Let's do this


Let's do this

Fill out the form below to get free Basic Access to Catalyit and activate your Trava account.



Solution Provider Profiles are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and learn more about this Solution Provider.

Forgot Password?