Revealing Unprecedented Insights and Performance Data, HITRUST Showcases 0.64% Breach Rate Through its Program, Redefining Excellence in Information Security

FRISCO, Texas, April 15, 2024

HITRUST, the leader in information risk, information security, and compliance assurances, has released its inaugural Trust Report. The Report offers, for the first time, public details, and measurable results from HITRUST’s framework, assurance methodology, and associated systems as it relates to information risk management. The detailed analyses in the Report showcase the effectiveness of HITRUST's processes to measurably and materially reduce the risk of cyber breaches and demonstrating their impact on enhancing digital trust worldwide and supporting information risk management.

The Trust Report arrives at a crucial juncture, with organizations grappling to combat increasingly complex cyber threats and balance demanding regulatory requirements. The Report highlights HITRUST’s leadership, innovation and quality in information risk, security, and compliance assurances – establishing a benchmark for information assurances.

Setting The Standard for Assurance

At its core, the Trust Report illustrates that trust is the definitive element of an assurance program, but relevance and reliability are the key dimensions for building trust.

Relevance ensures the program, and its associated components, are adaptive and regularly updated based on changes in the threat landscape, market, and regulatory requirements. The HITRUST Cyber Threat Adaptive (patent pending) approach enables regular analysis and evaluation of its control specifications against threat intelligence and breach data to provide relevance.

Reliability ensures the program is executed in a transparent, consistent, accurate manner, with the utmost of integrity, efficiency and scalability. HITRUST delivers the highest levels of reliability through its extensive third-party validation, centralized review, scoring, and assurance methodology.

The report demonstrates that both relevance and reliability are needed for an assurance report to be trustworthy and effective in managing information risk and validates HITRUST’s unwavering commitment to these principles with supporting references and data.

Proven Effectiveness

A key statistic from the Report is that only 0.64% of HITRUST-certified environments reported breaches in the last two years (2022 and 2023).

"We have spent 17 years building a reliable and relevant model and ecosystem that delivers powerful results through measurement and accountability to fuel continuous improvement and risk reduction," stated Daniel Nutkis, Founder and CEO, HITRUST. "This statistic confirms the effectiveness of the HITRUST assurance program in mitigating information risk to an acceptable level”.

Other key data include:

• 97% of all threat indicators in MITRE ATT&CK are covered by the HITRUST Common Security Framework (CSF). The remaining 3% do not have identified mitigations in the MITRE ATT&CK framework.
• HITRUST r2 certified organizations are committed to security accountability as demonstrated by 92% of controls that did not fully meet the HITRUST CSF framework requirements being remediated within one year of achieving certification.

Rising Demand

HITRUST also reports that they experienced a surge in certification demand in 2023. The trend continues into 2024, with organizations communicating that they, and their customers, need solutions beyond questionnaires, self-assessments, or models that lack proven controls or rigorous third-party validation. Our expanded portfolio makes HITRUST applicable in nearly every situation.

“They are finding that HITRUST solutions offer a very efficient and cost-effective means of improving security capabilities to manage risk while meeting multiple compliance requirements at the same time,” said Blake Sutherland, EVP of Market Engagement, HITRUST.

Download Available Now

As organizations navigate the complexities of information risk management, security and compliance, HITRUST offers a dependable framework and methodology for achieving and demonstrating cyber resilience and building trust. “We encourage all stakeholders, policy makers and regulators to explore our findings and understand why HITRUST remains the standard in cybersecurity and compliance assurance," Nutkis added.

The report is publicly available, reflecting HITRUST's commitment to transparency and excellence in cybersecurity assurance. For more information and to download the report, visit HITRUSTalliance.net.