Frisco, TX, February 19, 2025 - HITRUST, the leading provider of information security assurance for risk management and compliance, today released its 2025 H2 Cyber Threat Adaptive (CTA) Report, providing new evidence that HITRUST’s continuously updated e1, i1, and r2 assessments portfolio remain highly effective at mitigating the top adversarial techniques used across real-world attacks in 2025. The second-half analysis reviewed 588,588 threat indicators, 4,650 intelligence articles, and 425 publicly reported breaches, mapping 46,175 data points to the MITRE ATT&CK® framework to evaluate which security controls most effectively reduce risk.
HITRUST found that the most prevalent attack vectors—phishing, exploitation of public-facing applications, remote service exploitation, drive-by compromise, and event-triggered execution—continue to be mitigated by controls already embedded in HITRUST’s assessments, reaffirming the strength of the HITRUST CSF as a dynamic, threat-aligned security framework.
In a first, this calendar year’s first half analysis led HITRUST to remove one requirement from the e1 assessment, after threat intelligence confirmed that a previously included control did not map to any techniques observed in this reporting period. This change underscores the value of a threat-adaptive assurance model—ensuring organizations maintain a strong baseline without unnecessary or outdated requirements.
“Cyber threats are evolving faster than static security programs can react,” said Gregory Webb, CEO of HITRUST. “Adversaries update their tactics every day. Security programs must evolve just as quickly, and HITRUST is the only standards organization continuously integrating real-world threat intelligence directly into its assessments. When the data tells us a control isn’t necessary, we remove it. When threats shift, we adapt. That’s what modern cybersecurity assurance requires and that’s why HITRUST-certified environments achieved 99.41% resilience in 2025.”
HITRUST's Cyber Threat Adaptive program systematically analyzes real-world threat intelligence, breach data, and adversary behavior to ensure that control requirements in the HITRUST CSF remain effective to actual cyber threats. The CTA program is designed to ensure that HITRUST assessments are not theoretical or backward-looking. Each quarter, HITRUST analyzes live threat data to validate whether its control requirements effectively mitigate the most active, emerging, and evolving attack techniques. Findings from H2 further confirm that organizations using HITRUST gain measurable, data-backed resilience against the techniques adversaries rely on most.
“Adversaries are scaling their operations using automation and AI-enabled tactics and shifting to high-impact and fast-emerging attack vectors like virtualization abuse,” said Andrew Russell, Vice President of Standards at HITRUST. “The CTA program ensures HITRUST assessments adjust at the pace of these evolving tactics, giving organizations defenses that remain both current and defensible.”
As attackers increasingly target the extended enterprise—from SaaS platforms and cloud infrastructure to managed service providers and supply chain partners—the blast radius of a single exploited vulnerability has grown dramatically. These H2 CTA findings reinforce that modern cyber risk is no longer confined to internal systems; it spans every interconnected vendor, API, and digital service an organization depends on. Ensuring that these connections remain resilient is now a foundational requirement for business continuity.
“In modern enterprises, every connection—every SaaS platform, API, vendor, and cloud service—creates both opportunity and exposure,” said Ryan Patrick, Executive Vice President, TPRM Customer Solutions, HITRUST. “The question executives must ask is no longer whether they are compliant, but whether they—and the vendors and partners they rely on—are genuinely resilient. HITRUST delivers measurable, adaptive resilience grounded in real-world threat intelligence.”