HITRUST 2025 TRUST REPORT DEMONSTRATES IMPROVED CYBERSECURITY OUTCOMES FOR CERTIFIED ORGANIZATIONS Français

News provided by

HITRUST Services Corp.

Feb 20, 2025, 09:00 ET

Organizations with HITRUST Certifications Remain Breach-Free at an Unmatched Rate While Expanding Protection and Driving Security Maturity

FRISCO, Texas, Feb. 20, 2025 /CNW/ -- HITRUST, the leader in information security assurance for risk management and compliance, today released its Second Annual 2025 HITRUST Trust Report, reaffirming HITRUST as the only information risk and cybersecurity certification that delivers quantifiable proof of risk reduction. The data is clear: organizations with HITRUST certifications experience dramatically fewer breaches than those without, demonstrating that HITRUST is the benchmark for cybersecurity trust and assurance.

"The HITRUST Trust Report continues to demonstrate that our rigorous, continuously validated cybersecurity approach is not just effective—it is unmatched," said Daniel Nutkis, CEO of HITRUST. "Organizations that adopt HITRUST achieve significantly lower breach rates and greater security resilience, reinforcing why HITRUST is the most trusted name in information risk and cyber assurance in the industry."

Key Findings from the 2025 Trust Report:

  • HITRUST-Certified Organizations Remain Protected: Organizations with a HITRUST certification reported an incident rate of just 0.59% in 2024, meaning 99.41% remained breach-free. This rate—down from 0.64% in 2023—now covers all HITRUST certifications (e1, i1, and r2), not just the r2, proving that HITRUST's entire portfolio delivers measurable risk reduction.

  • HITRUST Protects Against 100% of Known Cyber Threats: The HITRUST CSF is cyber threat-adaptive and leverages top intelligence sources to counter modern cyber threats. With direct mapping to MITRE ATT&CK, HITRUST is the only framework proven to mitigate 100% of addressable TTPs.

  • HITRUST Drives Continuous Security Maturity: Organizations that maintain HITRUST certification see up to 54% fewer corrective actions required year-over-year, proving that repeat certification leads to material, ongoing security improvements.

  • HITRUST Introduces Two AI Security Assurances: HITRUST now provides industry-leading AI Security Assessment and Certification, allowing organizations to seamlessly integrate AI risk management into their broader security programs.

  • HITRUST found system vulnerability exploits as the top breach type over three years. Password Management, Data Protection, and Access Control are the hardest domains to achieve security maturity. Inadequate Endpoint Protection is the leading cause of HITRUST certification failures.

HITRUST's Cyber-Threat-Adaptive Delivers Continued Relevance

HITRUST's superior risk mitigation is driven by its cyber threat-adaptive engine, ensuring that its control requirements are continuously evaluated against the latest threat landscape. Using proprietary, patent-pending technology and indicators of attack and compromise, HITRUST ensures that controls remain effective in mitigating current and emerging threats. Unlike static, one-size-fits-all standards and frameworks, HITRUST's framework ensures that its controls have an intended and measurable risk mitigation effect.

Reliable Assurance Built for Trust

HITRUST certifications are built on a highly reliable assurance methodology, which includes:

  • Prescriptive control requirements are designed for validation, measurement, and scoring from the start.

  • Independent third-party validation to verify accurate and effective implementation.

  • Centralized QA review, reporting, and certification to ensure consistency and trustworthiness.

  • A robust gap and corrective action plan model, driving continuous improvement.

  • Annual recertifications that ensure organizations maintain their cybersecurity maturity.

Together, these relevant controls and reliable assurances create measurable, consistent, significant, and ever-improving security outcomes. This fact is further validated by the cyber insurance industry, which has recognized HITRUST's accuracy and dependability in understanding and reducing risk. As recently announced, multiple insurers have now formed a shared risk facility to offer HITRUST-certified entities enhanced cyber insurance options, including better coverage, reduced rates, and a streamlined process for application and renewals.

Coming Soon: Public Cyber-Threat-Adaptive Reporting

In the coming months, HITRUST will begin publicly reporting cyber threat-adaptive analytics and findings. These reports will not only reinforce greater confidence in HITRUST's control requirements but also guide organizations on which controls are under the most pressure and where they should prioritize security investments. This data-driven approach will enable organizations to proactively strengthen high-impact controls based on real-world attack trends and evolving threats.

How Organizations Are Using HITRUST

HITRUST is more than just a certification—it is a blueprint and benchmark to manage information security risk and compliance and to establish trust between organizations and parties:

  • Business, security, and risk leaders rely on HITRUST as a structured approach to internal security programs.

  • Third-party risk managers leverage HITRUST to ensure strong, practical, and scalable vendor risk management.

  • Sales and marketing leaders use HITRUST certification to demonstrate a trusted security posture, removing friction with prospects and customers.

  • Compliance leaders utilize HITRUST to streamline regulatory compliance and reporting across multiple requirements.

With the release of this year's Trust Report, HITRUST continues to cement its position as the gold standard and industry leader in cybersecurity assurance.

Get the Full Report

For a deeper dive into how HITRUST is leading the way, visit: HITRUST 2025 Trust Report.

About HITRUST

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 50 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

Media Contact:
Leslie Kesselring
Kesselring Communications for HITRUST
[email protected]

SOURCE HITRUST Services Corp.

Organization Profile

HITRUST Services Corp.