HITRUST Announces Cybersecurity Insurance Consortium Offering HITRUST Certified Organizations with Discounted Insurance Policies

HITRUST, a leader in the information security assurance industry, recently released news of a collaboration with Lloyd’s of London to create a new cyber insurance consortium offering cyber insurance coverage and discounted rates to organizations with HITRUST certifications. The objective set forth by HITRUST and Lloyd’s of London was to provide a consortium allowing organizations that maintain HITRUST certifications to take advantage of their cybersecurity practices through insurance products that provide tangible benefits to the certified organizations. The goal of the consortium is to provide an avenue for insurers to offer cybersecurity insurance products to organizations with HITRUST certifications at a significant discount.

HITRUST provides a trusted security framework and assurance certification that is considered the gold standard in information security. According to the 2024 HITRUST Annual Trust Report, less than 1% of HITRUST certifications have experienced a breach over the past two years. The low breach statistic highlights how effective the HITRUST assurance program is in providing risk mitigation for organizations that meet the certification requirement. The newly formed consortium with Lloyd’s of London will help to leverage the connections between the HITRUST certification and risk management; this connection allows insurers to provide tailored and consistent insurance products to organizations with a HITRUST r2 certification.

How Can the HITRUST Certification and Insurance Consortium Benefit Your Organization?

Reduced Costs

Organizations maintaining r2 certifications will see rates with more favorable terms and material savings that are reflective of their enhanced cybersecurity practices, including a starting credit of 25% on premiums.

Streamlined Underwriting

Underwriting will be streamlined and based on information provided by an organization’s HITRUST certification. It is anticipated that policies can be underwritten in as short as a week.

Coverage Options

Cybersecurity insurance policies will be provided with limited exclusions, providing clear and concise policies to meet the needs of a wide range of organizations.

Scalability

As the consortium grows, capacity is anticipated to grow as well, this will provide additional customizable coverage to meet changing organizations.

How HITRUST Certified Organizations Can Access the Benefits?

HITRUST has developed a process in which insurers can access information about an organization’s HITRUST r2 certification through the company’s Results Distribution System (RDS). The process should allow insurance companies to receive the pertinent information related to the organization’s HITRUST assessment to appropriately and efficiently underwrite policies. The cyber insurance policies through the consortium are currently available to organizations with HITRUST r2 certifications. HITRUST plans to extend the opportunity to include those organizations with i1 and e1 assurance programs within the next year.

McKonly & Asbury is a certified HITRUST external assessor. For more information on how a HITRUST Assessment and certification can help your organization, be sure to visit our HITRUST and SOC services pages on our website, and please contact Dave Hammarberg, CPA, CISSP, CFE, MCSE, CISA, CCSFP, CHQP.

About the Author

Related Services