Demo Request
X Close Search

How can we assist?

Cybersecurity Benchmarks

An Invitation to Participate in the Healthcare Cybersecurity Benchmarking Study

Now Enrolling Participants for Wave 3 of the Study

The Healthcare Cybersecurity Benchmarking Study is now enrolling participants for Wave 3 of the study, co-led by Censinet, KLAS Research, the American Hospital Association (AHA), Health Information Sharing and Analysis Center (Health-ISAC), and the Healthcare and Public Health Sector Coordinating Council (HSCC). The Study is the industry’s only collaborative initiative to establish robust, objective, and actionable cyber peer benchmarks in healthcare, and Wave 3 seeks to expand the reach and impact of this initiative to strengthen cyber resiliency across the health sector to protect patient care from malicious threats like ransomware.

To participate in Wave 3, contact us at

Exclusive Benefits for Wave 3 Study Participants

Participation in Wave 3 of The Healthcare Cybersecurity Benchmarking Study entitles your organization to the following benefits:

  • Censinet enterprise self-assessments for HHS 405(d) Health Industry Cybersecurity Practices 2023 (HICP) and NIST Cybersecurity Framework 1.1 (CSF) to evaluate coverage against industry recognized security practices
  • Access to the Summary and Final Summary Reports with aggregate findings across all participants – to be published in early 2024
  • Aggregate peer group comparison of organizational coverage for HICP and NIST as well as cybersecurity program investment and performance

There is no cost for qualified health industry organizations to participate in the study; participation is limited to those organizations that complete the required assessments by December 1, 2023.

Benchmark Study Sponsors:

Strengthen cyber maturity and resiliency with Cyber Peer Benchmarking

Strengthen cyber maturity and resiliency with Peer Benchmarking

To participate in the Benchmarking Study, email

Value of Peer Benchmarking

  • Compare cybersecurity program maturity and performance to peers (and the overall industry) to understand ‘gap-to-goal’ and generate targeted Action Plans
  • Leverage Automated Action Plans to prioritize resources, close critical security gaps, and collaborate with the entire enterprise to drive continuous improvement
  • Strengthen cyber resiliency by aligning to “recognized security practices” like HICP 2023 and NIST CSF 1.1 with annual self-assessment, peer comparison, and trending
  • Justify cybersecurity investment to executives and the Board to meet – or exceed – peer performance levels by demonstrating the most-critical, under-developed areas

Expanded Participation to Multiple Types of Healthcare Organizations

Participation in the Study is open to an expanded set of organizational types across the broader health sector, including:

  • Healthcare Delivery Organizations
  • Health Plans and Payers
  • Health Information Technology
  • Pharmaceutical and Laboratory
  • Public Health
  • Medical Devices and Materials
  • Mass Fatality Management Services
  • Federal Response & Program Offices
Peer Benchmarking Graphic

Leverage Comprehensive Benchmarks to Transform Enterprise Cybersecurity

The Healthcare Cybersecurity Benchmarking Study delivers comprehensive enterprise self-assessments, robust peer comparison, and targeted improvement plans for your organization’s cybersecurity program. Measure, compare, and improve your organization’s coverage of “recognized security practices” like NIST CSF and HICP. Or, compare key cost, productivity, and program ownership metrics against your precise peer group with detailed filtering of demographic and organizational attributes. All in one, easy-to-use platform.

Censinet Organizational Benchmarking
Organizational Benchmarks
Censinet NIST Coverage
NIST CSF 1.1 Benchmarks
Censinet HICP Coverage Graphic
HICP Benchmarks

Top 5 Insights from the 2024 Study:

  • Healthcare cybersecurity is better positioned to be reactive rather than proactive as Identify ranks lowest in coverage among all five NIST CSF Functions.
  • Supply Chain Risk Management is still highly immature, ranking lowest in coverage across all 23 NIST CSF Categories.
  • Higher third-party risk assessment coverage is positively correlated with lower annual growth in cyber insurance premiums.
  • Medical Device Security ranks lowest in coverage across all ten HICP Practice areas.
  • Higher CISO program ownership is positively correlated with higher NIST CSF and HICP Practice coverage.

Data and analysis from the 2023 Healthcare Cybersecurity Benchmarking Study also served as a primary input into the Hospital Cyber Resiliency Initiative Landscape Analysis, a key report published by the U.S. Department of Health and Human Services.

Peer Benchmarking Graphic
Censinet Risk Assessment Request Graphic

Censinet RiskOps™ Demo Request

Do you want to revolutionize the way your healthcare organization manages third-party and enterprise risk while also saving time, money, and increasing data security? It’s time for RiskOps.

Schedule Demo

Sign-up for the Censinet Newsletter!

Hear from the Censinet team on industry news, events, content, and 
engage with our thought leaders every month.

Terms of Use | Privacy Policy | Security Statement | Crafted on the Narrow Land