HITRUST®, a leading third-party assurance certification body, recently announced the ability to leverage an organization’s HITRUST r2 two-year Validated Assessment (r2 Assessment) to qualify for a new cyber insurance policy.1 This step is a pivotal moment for third-party assurance efforts which have historically not provided an internal return on investment (ROI) but have been seen more as a cost of doing business or a barrier to entry as organizations move upstream.
Organizations that currently maintain an r2 Assessment should work with their assessor and HITRUST to connect their certification to the Results Delivery System (RDS) platform within HITRUST. This publication of the r2 Assessment enables the cybersecurity underwriter to scrutinize the organization’s cybersecurity and data privacy maturity. This cyber insurance policy can be purchased as additional coverage to help bridge an existing policy or might be an opportunity for an organization to obtain currently unavailable coverage.
For organizations that have hesitated to pursue an r2 Assessment due to cost concerns or low ROI, now is the time to reconsider pursuing this valuable certification. If you have any questions or need assistance, please reach out to our SOC & HITRUST team at Forvis Mazars.
- 1“HITRUST Announces Availability of New Cyber Insurance Product Exclusively for Its Customers,” hitrustalliance.net, May 16, 2024.