Threat Analysis Confirms HITRUST e1, i1, and r2 Controls Mitigate the Most Prevalent Attack Techniques in 2025

Frisco, TX, July 31, 2025

HITRUST, the leader in cybersecurity assurance, today released its Cyber Threat Adaptive (CTA) Update covering the first half of 2025. The analysis validates that the HITRUST CSF® e1, i1, and r2 assessment requirements once again cover 100% of the real-world techniques adversaries used most often from January 1 – June 30, 2025, with no control gaps identified against the five dominant MITRE ATT&CK® techniques.

HITRUST's Cyber Threat Adaptive (CTA) program systematically analyzes real-world threat intelligence, breach data, and adversary behavior to ensure that control requirements in the HITRUST CSF remain effective to actual cyber threats.

Key findings from the H1 2025 CTA analysis

• 220,000+ threat indicators compiled from 4,100+ threat-intel articles were mapped to ~41,000 MITRE ATT&CK technique/mitigation pairs — providing the most complete view yet of attacker behavior in 2025.
• The e1, i1, and r2 control selections covered 100% of the top five techniques observed — Phishing (T1566), Drive-by Compromise (T1189), Exploit Public-Facing Application (T1190), Exploitation of Remote Services (T1210), and Event-Triggered Execution (T1546).
• 435 publicly reported breaches were analyzed; phishing remained the lead initial-access vector, typically resulting in data exfiltration or ransomware deployment.
• Recommended priority actions include advanced phishing awareness training, timely anti-malware updates, disciplined vulnerability remediation, and comprehensive network/endpoint monitoring.

“Attackers don’t wait for annual framework updates, so neither can defenders. Our semiannual analysis shows that organizations with HITRUST certification remain a step ahead because their controls evolve at the speed of the threat landscape,” said Andrew Russell, Vice President of Standards, at HITRUST. “By mapping more than 220,000 fresh indicators to MITRE ATT&CK, we verified that every high-frequency technique in H1 2025 is mitigated by our e1 and i1 requirements —  often by multiple overlapping controls that deliver true defense-in-depth.”

Why it matters

HITRUST’s CTA program continuously stress-tests CSF controls against live threat intelligence —ensuring organizations that certify to the e1, i1, or r2 are protected by relevant, reliable, and proven safeguards rather than static “checkbox” frameworks. It also eliminates the need for relying parties to augment a HITRUST assurance report with a questionnaire to ensure it covers relevant and emerging cyber threats as is needed with other assurance reports. This approach underpins HITRUST’s commitment to:

• Relevant Controls: Continuously evaluated to ensure effective mitigations against known and emerging cyber threats
• Reliable Assurance: Validated by consistent, rigorous assessment standards
• Proven Risk Mitigation: Fewer than 1% of HITRUST-certified environments reported breaches in the past two years

Download the full report