Backed by Global AA-Rated Insurers, Organizations with HITRUST Certifications Gain Access to New Cyber Insurance Offerings with Enhanced Coverage and Lower Rates
Frisco, TX, December 12, 2024
HITRUST, the leader in information security assurances for risk and compliance management, today unveiled an innovative cyber insurance consortium in collaboration with Lloyd’s of London and backed by a network of globally recognized AA-rated insurers. This first-of-its-kind shared risk facility revolutionizes the cyber insurance landscape, delivering exclusive, market-leading coverage and rates to organizations with HITRUST certifications worldwide. By aligning relevant and reliable cybersecurity practices with tailored insurance solutions, the consortium sets a new standard for incentivizing and protecting trusted organizations.
As cyber threats continue to escalate, organizations face increasing pressure to effectively measure and mitigate information risk. HITRUST’s proven methodology, stands out as the industry-leading solution to manage information risk and to measure residual risk. By incorporating relevant risk management practices and security controls with a comprehensive and reliable assurance process, organizations with HITRUST certifications achieve a significantly lower likelihood of breaches with the gold standard for resilience in an increasingly volatile threat landscape and endorsement by leading cyber insurers.
According to the recently published 2024 Trust Report, less than 1% of HITRUST certifications experienced a breach over the past two years. This remarkable statistic underscores the effectiveness of the HITRUST assurance program in delivering measurable risk mitigation outcomes.
"The creation of this consortium validates the effectiveness of the HITRUST methodology in reducing cyber risk and enabling consistency and transparency measuring residual risk," said Blake Sutherland, Executive Vice President of Sales and Business Development at HITRUST. "By recognizing the rigorous and measurable security practices of organizations with HITRUST certifications, this facility enables insurers to confidently offer enhanced coverage options with more competitive rates, creating a win-win scenario for both businesses and insurers."
The newly formed consortium with Lloyd's of London unites additional capital from a global network of Moody’s recognized AA-rated insurers to establish an innovative shared risk facility. This novel initiative leverages the proven link between HITRUST certification and superior and measurable risk management, enabling insurers to confidently deliver enhanced and more consistent insurance products. The facility is designed to scale as additional insurers join, ensuring greater capacity to meet the evolving demands of organizations with HITRUST certifications across the globe.
Key benefits for organizations with HITRUST certifications include:
“This massive initiative underscores Lloyd's of London's commitment to fostering innovation and staying on the cutting edge of a new cyber insurance frontier,” said Robert Booker, Chief Strategy Officer, HITRUST. "The consortium—built on HITRUST’s unique ability to help organizations measure and manage residual risk while allowing third parties to trust and rely on those results—sets a new standard for how the insurance industry will align policies with cyber risks moving forward.”
To enable this consortium, HITRUST has developed a secure API that allows insurers to access detailed information about an organization's HITRUST r2 certification through the company's Results Distribution System (RDS). This technology ensures that insurers receive structured, consistent assessment data, facilitating a more accurate and efficient underwriting process.
"By integrating HITRUST certification into our underwriting process, we're able to offer tailored cyber insurance solutions that not only recognize but also reward organizations for their commitment to stringent security standards,” said Josh Ladeau, CEO of Trium Cyber, the underwriting lead for the initiative. "This collaboration marks a pivotal step in aligning cybersecurity excellence with comprehensive insurance coverage, providing certified organizations with the confidence and protection they deserve in today's volatile digital landscape."
Understanding the Shared Risk Facility
A shared risk facility is a collaborative arrangement where multiple insurers come together to share the underwriting risk associated with policies. For organizations with HITRUST certifications, this means access to better insurance options, as the insurers collectively recognize the reduced risk these organizations present. This collaboration fosters a more stable and competitive insurance market.
Availability and Next Steps
The enhanced cyber insurance offerings are available to organizations with HITRUST certifications effective immediately through their existing brokers. Currently available for HITRUST r2 certifications, plans are underway to extend this capability to include the i1 and e1 assurance programs in 2025. Additionally, there is potential to expand the scope to encompass HITRUST's newly released AI Security Certification offering.
Organizations interested in benefiting from improved coverage and rates are encouraged to pursue HITRUST certification to take advantage of these new options.
For more information about how to get started with HITRUST certification, please visit hitrustalliance.net/cyber-insurance or contact us.