HITRUST CSF Certification Provides Enhanced Coverage And Reductions In Cyber Insurance Premiums

The Health Information Trust Alliance (HITRUST) in partnership with Willis Towers Watson announce that healthcare organizations and vendors who are HITRUST CSF Certified will benefit from preferred terms and conditions.


Over the past five months, Willis Towers Watson and HITRUST have worked to educate cyber insurers regarding the use of the HITRUST CSF and CSF Assurance program in supporting the cyber risk underwriting process. Insurers have found the HITRUST CSF to offer many advantages over the existing approaches, including: providing a comprehensive and mature controls framework, aligning strong controls with risk, and accurately and consistently measuring residual cyber risk. This announcement is the first deliverable in a partnership previously announced between Willis Towers Watson and HITRUST to improve cyber risk insurance options for healthcare organizations.

“We are very pleased with the first HITRUST CSF-related program that has been developed,” said Geoffrey K. Allen, executive vice president, FINEX North America, a division of Willis Towers Watson. “We are working with a number of cyber insurers that we expect will offer CSF Assessment-based programs over the coming months.”

Allied World is the first company to consider preferred terms and conditions based on the HITRUST CSF standards being met. The program will be open to all brokerage partners approved to submit cyber business to Allied World U.S.

After review and analysis, Allied World U.S. has determined that the HITRUST CSF framework and CSF Assurance methodology, the key components of the HITRUST CSF Assessment program, will enhance its underwriting program in terms of efficiency, consistency and accuracy, allowing it to better align the effectiveness of an organization’s security controls with cyber insurance premium levels. The review also concluded that organizations that had obtained a HITRUST CSF Certification posed lower cyber-related risks than those organizations that have not. The comprehensiveness and improved risk reporting enabled by the HITRUST CSF and the CSF Assessment summary scores in place of many of the standard information security application questions create a more streamlined application process.

“Managing information risk and compliance is a key goal of most healthcare organizations, and this program is another milestone in demonstrating how comprehensive and effective the HITRUST CSF and CSF Assurance are in aiding organizations in meeting that goal,” said Daniel Nutkis, CEO, HITRUST.

“Providing streamlined, end-to-end privacy and network security-related solutions is an enduring theme for Allied World, and helping to spearhead this initiative is consistent with that theme. The partnership between Willis and HITRUST represents a significant step toward creating common standards for underwriting review, and adds significant efficiencies to the existing process,” said Joshua Ladeau, Practice Lead – Privacy & Network Security, Allied World U.S.

Healthcare organizations wanting to learn more about the AWAC program for CSF Assessed organizations can visit: https://hitrustalliance.net/cyber-insurance/ 

back to top