Gregory Webb, CEO at HITRUST
In 2026, the digital enterprise is a global organism. Every business process — whether in financial services, healthcare, energy, or government — is dependent on an ecosystem of hundreds or thousands of interconnected vendors via a host of cloud services, APIs, and data flows. Each connection creates value, but also represents new exposure.
Security and risk executives now recognize that third-party risk is not a compliance box; it’s a business continuity risk. Data breaches, ransomware, and regulatory non-compliance can halt operations, disrupt supply chains, and erode customer trust overnight. In a world where cyber threats evolve faster than policies, resilience has become the true measure of organizational strength.
Many information security programs still rely on outdated frameworks and static certifications. They check the right boxes, but often fail to keep pace with adversaries that update tactics daily. HITRUST takes a fundamentally different approach. Our Cyber Threat Adaptive (CTA) Program continuously integrates real-world threat intelligence into our i1, e1, and r2 validated assessments, ensuring that controls evolve with the threat landscape.
In 2025 alone, HITRUST reviewed 627 real-world breaches, analyzed 8,500+ threat intelligence articles, evaluated 446,000 threat indicators, and mapped 85,000+ indicators to MITRE ATT&CK techniques and mitigations. This intelligence directly informs updates to the HITRUST CSF, making it a living framework aligned with today’s top threats, not yesterday’s playbooks. That’s why HITRUST-certified environments achieved 99.41% resilience (0.59% breach rate) in 2024 — a measurable, data-backed advantage.
Our data confirms that the leading attack vectors remained constant across 2025. But the tactics and technologies behind them are evolving fast. For CISOs and GRC executives, understanding these trends is key to prioritizing investment.
AI-driven phishing and business email compromise campaigns have become highly personalized and context-aware.
Best practice: Strengthen your defenses with advanced email security, continuous anti-phishing awareness training, and a robust auditing program to stay one step ahead of AI-powered attackers.
Attackers target unpatched web apps and exposed APIs to gain footholds.
Best practice: Stay secure through proactive vulnerability management and strict network segmentation.
The hybrid workforce has expanded the attack surface across VPNs, RDP, and collaboration tools.
Best practice: Shrink your attack surface by eliminating unnecessary applications and elevate your preparedness with proactive threat intelligence.
Compromised legitimate sites deliver malicious payloads to unsuspecting users.
Best practice: Reduce web-based risk with ongoing user education, up-to-date systems, and tightly managed script permissions.
Attackers hide persistence in legitimate system tasks.
Best practice: Enhance resilience by ensuring timely patching and governed privileged access, essential to maintaining trust, compliance, and operational integrity.
Even legally available information, from social media to employee directories, can now fuel precision-targeted attacks. Information gathering has become the silent enabler of cybercrime. Global enterprises must adopt data minimization and contextual access controls across both structured and unstructured data. Reducing the “attackable surface area” of information is now a board-level KPI.
In the coming year, leading organizations will move from compliance-driven security to confidence-based assurance, where continuous validation, transparency, and measurable resilience define success. CISOs and GRC executives should
Your security program must evolve at the speed of threats. Static controls can’t outpace dynamic adversaries, but data-driven assurance can.
Our HITRUST Trust Report demonstrates how organizations leveraging HITRUST achieve higher protection and measurable performance across industries. It’s not theory. It’s proof that resilience is quantifiable and trust is auditable.
Whether your organization is seeking its first HITRUST assessment or aiming to enhance a mature TPRM program, HITRUST helps you stay ready, not just compliant. Download the most recent analysis to learn how to make threat intelligence your competitive advantage.