Editorial Policy
Our independence statement, corrections policy, conflict of interest disclosures, and update schedule.
Independence Statement
No company ranked on this site has paid for its position. No company has been offered — or has purchased — any form of "sponsored content," "featured listing," or "premium placement." Rankings are determined solely by the editorial assessment criteria documented on our How We Evaluate page.
Sources
Research draws on publicly available information: official company websites, accreditation bodies (DESC, CREST, PCI SSC), analyst reports, verified press releases, and where available, direct engagement with vendor technical teams. We do not accept self-reported claims without third-party validation.
Where we cite statistics, we link to the primary source. Key sources used in this ranking include the UAE Cybersecurity Council, the Dubai Electronic Security Center, and the PCI Security Standards Council.
Conflicts of Interest
Our editorial team has no equity, commercial agreements, or employment relationships with any company listed on this site. If a team member identifies a potential conflict of interest relating to a specific company, they are recused from that company's assessment and replaced by another team member with no conflict.
Corrections Policy
If factual errors are identified in any profile, we will review and correct them within 10 business days of notification. Corrections are noted in the relevant profile with a correction date. Contact us via the contact page with supporting documentation.
We distinguish between factual errors (which we correct) and editorial disagreements about ranking position (which we do not change in response to vendor requests).
Update Schedule
Rankings are reviewed and updated on a quarterly basis, or immediately when a significant market event materially affects a listed company's profile — including acquisitions, DESC accreditation changes, major security incidents, or significant changes in team size or service offering.
Inclusion Criteria
To be considered for inclusion, a company must:
- Be headquartered in the UAE or maintain a dedicated operational team serving UAE enterprise clients
- Offer cybersecurity services as a primary business line, not as a secondary add-on
- Have verifiable technical credentials: staff certifications, accreditations, or published research
Companies can submit for consideration via the Submit Your Company page. Submission does not guarantee inclusion.
Advertising
This site does not display advertising. There are no banner ads, affiliate links, or commission-based referrals embedded in ranking content. The only external links are to vendor websites (editorial context) and authoritative reference sources.