Rapid7 and HITRUST Partner to Automate Cybersecurity Assurance, Reducing Cost and Complexity Across Regulated Industries

Rhea-AI Summary

Rapid7 (NASDAQ: RPD) and HITRUST announced a strategic partnership on Dec 2, 2025 to integrate Rapid7 Surface Command with the HITRUST assurance framework. The integration enables automatic collection, mapping, and validation of controls against HITRUST standards, shifting organizations from periodic audits to continuous, evidence-based compliance.

The collaboration aims to reduce audit scope and cost, improve cyber resilience, help maintain extended certification intervals, and support lower cyber insurance premiums by demonstrating consistent risk management. HITRUST's 2025 Trust Report cited a 0.59% averaged annual breach rate for organizations implementing its controls.

Positive

• Integration of Surface Command with HITRUST Framework (Dec 2, 2025)
• Enables continuous, evidence-based validation replacing periodic audits
• Cited 0.59% averaged annual breach rate in HITRUST 2025 report
• Supports reduced audit scope and extended certification intervals
• May lower cyber insurance premiums via demonstrated risk management

Negative

• None.

News Market Reaction

+0.45%

1 alert

+0.45% News Effect

On the day this news was published, RPD gained 0.45%, reflecting a mild positive market reaction.

Data tracked by StockTitan Argus on the day of publication.

Key Figures

Averaged annual breach rate: 0.59% Q3 2025 revenue: $217.960M Q3 2025 net income: $9.809M +5 more

8 metrics

Averaged annual breach rate 0.59% Organizations implementing HITRUST controls, 2025 Trust Report

Q3 2025 revenue $217.960M Quarter ended Q3 2025

Q3 2025 net income $9.809M Q3 2025, $0.15 diluted EPS

9M 2025 revenue $642.406M First nine months of 2025

Operating cash flow $116.250M First nine months of 2025

Cash and cash equivalents $130.613M As of Q3 2025

RPO next 12 months $571.398M Remaining performance obligations due within 12 months

Convertible notes 2027 $600.0M Convertible notes due 2027 outstanding

Market Reality Check

Price: $12.64 Vol: Volume 833,439 is below t...

low vol

$12.64 Last Close

Volume Volume 833,439 is below the 20-day average of 1,202,039, suggesting a modest participation level ahead of/around this news. low

Technical Shares at $16.36 are trading below the $21.71 200-day moving average and well under the $43.525 52-week high, despite being above the $13.21 52-week low.

Peers on Argus

RPD gained 3.15% while close peers like ATEN (-0.54%) and RDWR (-0.12%) were sli...

RPD gained 3.15% while close peers like ATEN (-0.54%) and RDWR (-0.12%) were slightly down and BASE/VRNT were roughly flat, indicating a company-specific move rather than a sector-wide rotation.

Historical Context

5 past events · Latest: Dec 02 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Dec 02	Strategic partnership	Positive	+0.5%	HITRUST integration to enable automated controls mapping and continuous compliance.
Dec 01	Conference appearance	Positive	+0.5%	Raymond James conference presentation offering direct insight into outlook and strategy.
Nov 20	Product launch	Positive	+1.2%	Curated Intelligence Rules for AWS Network Firewall to embed threat intel in AWS.
Nov 12	Analyst recognition	Positive	-1.3%	Named Leader in 2025 Gartner Magic Quadrant for Exposure Assessment Platforms.
Nov 12	Threat report	Neutral	-1.3%	Q3 2025 threat report detailing ransomware alliances and AI-enabled attacks.

Pattern Detected

Recent fundamentally positive or neutral news has produced mixed reactions, with three modestly positive moves and two negative divergences, indicating inconsistent follow-through on good headlines.

Recent Company History

Over the past months, Rapid7 has reported several constructive developments. On Nov 5, 2025, Q3 results showed revenue of $217.960M and positive net income. Subsequent news highlighted leadership recognition in Gartner’s 2025 Magic Quadrant, a new AWS Network Firewall intelligence offering, and attendance at a Raymond James conference. The new HITRUST partnership extends this trajectory by emphasizing continuous compliance and cybersecurity assurance within regulated industries.

Market Pulse Summary

This announcement highlights a strategic partnership integrating Rapid7’s attack surface visibility ...

Analysis

This announcement highlights a strategic partnership integrating Rapid7’s attack surface visibility with the HITRUST assurance framework to support continuous compliance. It follows Q3 2025 results with revenue of $217.960M and positive net income, plus prior product and recognition news. Investors may watch adoption of the joint solution, trends in breach benchmarks like the 0.59% rate cited by HITRUST, and how these developments influence future financial performance.

Key Terms

attack surface, assurance framework, vulnerability and exposure management, compliance mandates, +1 more

5 terms

attack surface technical

"Surface Command, which provides organizations with a complete view of their attack surface"

The attack surface is the collection of points where a company's digital systems, devices, or networks can be accessed, misused, or breached — think of it as the number of doors and windows a thief could try. A larger or more complex attack surface raises the chance of a costly security breach, which can lead to direct losses, regulatory fines, and damage to customer trust and the company's stock value, so investors watch it as a measure of operational and cybersecurity risk.

assurance framework regulatory

"with HITRUST’s assurance framework"

An assurance framework is a structured set of checks, processes and responsibilities a company uses to make sure its financial reports, compliance efforts and risk controls are accurate and dependable. Like a building inspection checklist that ensures every beam and bolt is sound, it helps investors judge whether reported results and disclosures can be trusted, reduces the chance of surprises or regulatory problems, and supports more reliable valuations and investment decisions.

vulnerability and exposure management technical

"Mitigate risk proactively: Integrate vulnerability and exposure management along with threat data"

Vulnerability and exposure management is the ongoing process companies use to find, evaluate and fix weaknesses in their systems, software, devices and supply chain that could allow breaches, outages or data loss. For investors it matters because unmanaged weaknesses can lead to costly cyberattacks, regulatory fines, operational downtime and damaged reputation, all of which can reduce revenue and shareholder value — think of it like finding and sealing holes in a roof before a storm.

compliance mandates regulatory

"threat data aligned to compliance mandates to address the complexity"

Compliance mandates are rules set by regulators or industry bodies that a company must follow, often requiring specific actions, reports, controls, or changes to operations. Investors care because these mandates can alter a company’s costs, timelines and legal risk—like a building code that forces upgrades after an inspection—affecting profitability, cash flow and the likelihood of fines or other penalties.

cyber insurance financial

"Facilitate improved cyber insurance: Demonstrate consistent risk management to insurers"

A type of insurance policy that helps cover the financial impact when a company suffers a cyber incident — for example theft of customer data, ransomware attacks, or system outages. It pays for costs like recovering systems, legal fees, customer notifications, and lost sales, acting like homeowner’s insurance but for a company’s digital operations. Investors care because coverage and cost affect a company’s risk of large unexpected losses, reputation damage, and future cash flow.

AI-generated analysis. Not financial advice.

New collaboration integrates Rapid7 platform with HITRUST certification program to help organizations move from periodic audits to continuous compliance

BOSTON, Dec. 02, 2025 (GLOBE NEWSWIRE) -- Today, Rapid7, Inc. (NASDAQ: RPD), a leader in threat detection and exposure management, and HITRUST, the leading provider of cybersecurity and AI assurances used in third-party and internal risk, security and compliance management, announced a strategic partnership to help organizations automate compliance and lower the cost of assurance. This new integration brings together Rapid7’s Surface Command, which provides organizations with a complete view of their attack surface, with HITRUST’s assurance framework. Through this new partnership, Rapid7 customers can automatically collect, map, and validate controls against HITRUST standards, reducing audit scope, saving time and resources, and improving overall cyber resilience.

Organizations today face increasing pressure to demonstrate continuous security readiness amid a constantly evolving threat and regulatory landscape. Traditional assurance methods rely on periodic audits and manual evidence collection, which are costly, time-consuming, and quickly outdated. By combining Rapid7’s continuous visibility into security controls with the HITRUST Framework, customers are able to move from periodic audits to continuous, evidence-based validation of their cybersecurity posture, improving their security and governance, and their ability to communicate that to stakeholders.

“Rapid7 solutions already deliver unmatched visibility and context, enabling our customers to proactively prevent and detect security incidents,” said Jon Schipp, senior director of product management at Rapid7. “With this collaboration, we are now able to benchmark customers against HITRUST, ultimately reducing both the cost and burden of compliance while also enabling them to achieve continuous assurance against the comprehensive framework for greater protection from threats.”

“The 2025 HITRUST Trust Report demonstrated that organizations who implement our controls achieve a mere 0.59% averaged annual breach rate - a significant new benchmark in reliable risk mitigation for the industry,” said Blake Sutherland, executive vice president, market engagement at HITRUST. ”This collaboration with Rapid7 maps our controls to their proactive protections, giving joint customers the ability to maintain evidence of compliance, reduce evidence decay and ensure that the utmost security requirements are relevant, reliable and recorded for continuous assurance and even higher level of trust in security postures.”

By working with HITRUST and Rapid7, customers will deploy a robust, continuous assurance program replacing point-in-time, outdated assurance practices. Additional benefits include:

• Achieve continuous compliance visibility: Rapid7’s Command Platform continuously assesses systems against control drift using the HITRUST Framework requirements which are continuously updated in response to active threats and risk thresholds.
• Mitigate risk proactively: Integrate vulnerability and exposure management along with threat data aligned to compliance mandates to address the complexity of modern enterprise environments.
• Reduce audit burden and detect compliance drift: Continuous compliance enables extended certification intervals, reduction in information collection efforts, assurance that controls are maintained beyond scheduled audit engagements and report on drifts in the environment.
• Facilitate improved cyber insurance: Demonstrate consistent risk management to insurers, leading to lower premiums and streamlined policy renewals.
• Lower costs: Minimize the resource-intensive process of annual compliance audits and secure cost-effective insurance coverage.
  
  

To learn more about working with Rapid7 and HITRUST, visit http://www.rapid7.com/blog/post/pt-rapid7-hitrust-lowers-continuous-assurance-cost-asm.

About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.

Rapid7 Media Relations
Alice Randall
Director, Global Communications
press@rapid7.com
(857) 216-7804

Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
investors@rapid7.com
(617) 865-4277

About HITRUST

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 60 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 18 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

Press Contact
Leslie Kesselring
Kesselring Communications for HITRUST
leslie@kesscomm.com

FAQ

What did Rapid7 (RPD) announce about HITRUST on Dec 2, 2025?

Rapid7 announced a partnership to integrate Surface Command with the HITRUST framework for automated, continuous compliance validation.

How does the Rapid7 and HITRUST integration affect compliance for RPD customers?

Customers can automatically collect, map, and validate controls against HITRUST standards to move from periodic audits to continuous assurance.

Does the Rapid7–HITRUST partnership claim any breach-rate benchmark?

HITRUST's 2025 Trust Report is cited, showing a 0.59% averaged annual breach rate for organizations using its controls.

Will the Rapid7 and HITRUST integration reduce audit costs for RPD customers?

The announcement states the integration reduces audit scope and evidence collection, lowering time and resource costs associated with audits.

Can the Rapid7 and HITRUST collaboration affect cyber insurance for RPD customers?

Yes; the partnership says consistent risk management and recorded evidence can lead to lower premiums and streamlined renewals.

Where can investors learn more about Rapid7's HITRUST integration and impact on RPD?

More details are available via Rapid7's customer and product channels, including the company blog link provided with the announcement.