Trust anchor

Our Editorial Standards: How Cybersecurity Essential Covers the Industry

How we handle vendor relationships, affiliate commissions, sponsored content, and the editorial choices that shape what you read here.

Our editorial standards

This page exists because the cybersecurity content market has a credibility problem, and the standard disclosures most publications offer don’t address it. “Some links may be affiliate links” tells you nothing about how those links shape the recommendations. “Sponsored content is clearly labelled” tells you nothing about how much of the editorial voice is shaped by the knowledge that sponsors are watching.

So here is how Cybersecurity Essential works, in detail. If any of it changes, we’ll update this page and date the change.

What we take money for, and what we don’t

We make money in four ways. Each has rules.

Display advertising (Google AdSense). Every page on this site carries programmatic display ads. We don’t choose which ads appear — that’s determined by Google’s auction system based on the page content and the visitor. This is our primary revenue source. We disclose this clearly by showing ads in standard ad slots with “Ad” or “Sponsored” labels where the ad network provides them.

Sponsored buyer’s guides. On a limited basis, we publish sponsored buyer’s guides in the Cloud Security and Enterprise Tools categories. These are always clearly labelled as sponsored content at the top of the page, visually distinct from editorial content, and linked separately from the main editorial navigation. They do not appear in category listings, comparison articles, or anywhere a reader might mistake them for independent editorial. If we run a sponsored CNAPP buyer’s guide, it does not change our editorial comparison of CNAPP platforms — the two live in separate content pipelines with separate author credits.

Affiliate commissions on SMB and MSP content only. In our SMB & MSP Cybersecurity category, we earn commissions from some of the tools, services, and training programmes we recommend. This is disclosed at the top and bottom of every affiliate-earning article, and in the footer of every page in that category. The tools that pay commissions are a subset of the tools we cover, and the commission rate does not determine the editorial position.

Newsletter sponsorships. Once we exceed a subscriber threshold, we may accept sponsorships in the weekly brief. These will be clearly labelled, visually distinct, and limited to one sponsor slot per issue. No sponsor will ever appear as editorial recommendation in the same issue they sponsor.

What we do not take money for, under any circumstances:

  • Affiliate commissions on Tier 1 enterprise product comparisons. This is the core editorial commitment. Our comparison articles on compliance platforms, CNAPP platforms, EDR, SIEM, cyber insurance, and AI-native security platforms contain no affiliate links to any of the vendors compared. These are the articles most likely to directly influence a significant purchase decision. The affiliate revenue would be meaningful. We decline it.
  • Paid placement in editorial content. No vendor can pay to be included in, excluded from, moved up, or moved down in any editorial comparison or buyer’s guide.
  • Vendor-bylined articles presented as editorial. No vendor employee, agency, or commissioned writer publishes editorial content on this site. If a practitioner from a vendor has a specific, legitimate perspective to offer (they led an incident response, they implemented a novel control), they may appear as a cited source — not as the byline.
  • Undisclosed gifts, travel, or access. Editorial staff do not accept vendor-funded travel, conference tickets, hardware, extended trial access beyond what’s publicly available, or any other benefit that could reasonably bias coverage.

How we handle vendor briefings

Cybersecurity is a competitive market and vendors actively pitch publications. We take most briefings that are offered, on the following terms:

  • Briefings are on background unless the vendor agrees in writing that they are on the record.
  • We don’t sign NDAs that restrict what we can write about publicly-disclosed products or services.
  • We don’t accept embargo terms that prevent us from seeking independent technical verification or comment from competitors.
  • We don’t share draft coverage with vendors for review before publication. We may seek fact-checks on specific claims, but the vendor does not get to approve the story.
  • We correct factual errors after publication, promptly and visibly. We do not make editorial changes (tone, emphasis, framing) in response to vendor complaints.

If a vendor declines to brief us on reasonable terms, we’ll still cover their products — from publicly available information, from customer references, and from our own testing where applicable. We won’t be held out of a market by a vendor’s refusal to engage.

How we pick what to review

We cover the products and services our readers are actually evaluating. That’s determined by:

  • Direct reader research (survey data, newsletter reply volume, inbound questions)
  • Vendor market share and trajectory in our six categories
  • Regulatory and threat context (a new directive, a prominent incident, a shifting insurance requirement can all move a product category into the coverage queue)
  • Structural gaps in the existing independent coverage (if Gartner and G2 cover a category well, we may not — unless we see a reader need for a different angle)

We don’t cover products because the vendor pitched us. We don’t exclude products because the vendor didn’t pitch us. Both of these happen in practice on other publications, and we think they’re poor editorial practice.

Our approach to comparison articles

When we compare platforms (EDR, SIEM, CNAPP, compliance SaaS, cyber insurance), we commit to the following:

  • Honest weakness disclosure for every product. No vendor is perfect. If we publish a comparison that doesn’t name at least one meaningful weakness of each product, we’ve failed the reader. This is the most common failure mode in sponsored and affiliate-driven comparisons.
  • Current pricing, to the extent we can get it. Vendor pricing is often opaque — this is itself a signal. We publish the pricing we can verify (from published rate cards, customer disclosures, and procurement sources), and we note where pricing is negotiation-dependent.
  • Clear positions. Our comparisons end with specific recommendations: best overall, best for specific buyer profiles, best when cost is the constraint. We’re willing to say “this product is not worth your time” when we believe it. Reviews that refuse to recommend are reviews that have been optimised for vendor relationships rather than reader decisions.
  • Annual updates. Every comparison is dated. If a comparison is more than twelve months old, a refresh is pending. We version explicitly (“2026 Buyer’s Guide”) rather than hiding that content has aged.

Errors and corrections

We get things wrong sometimes. When we do, we want to know about it, and we correct prominently.

  • Factual errors (specific numbers, dated claims, attribution errors) are corrected in-place with a dated note at the end of the article explaining what changed.
  • Significant errors that materially change the recommendation or framing are corrected with an editor’s note at the top of the article and, where appropriate, a published retraction.
  • If you’ve spotted an error, email corrections@cybersecurityessential.com or use the feedback form at the bottom of any article. We aim to acknowledge within two business days.

Who writes this

Cybersecurity Essential is a small publication. The editorial team is disclosed on each byline, with credentials and prior experience. Guest contributors are clearly labelled as such, and their relevant professional affiliations (including any that might be seen as relevant to the topic) are disclosed on the author bio. Guest contributors do not receive payment for editorial content — we don’t run a paid-contributor model, which is one of the common commercial-content entry points on other publications.

FAQ

Do you accept sponsored content?

Yes, in limited categories (Cloud Security and Enterprise Tools buyer’s guides). Sponsored content is clearly labelled, visually distinct, published on dedicated URLs, and does not influence editorial content in the same category. We do not accept sponsored content in compliance, cyber insurance, or AI governance — these are the categories where the risk of biased-by-association editorial is highest.

Do you take affiliate commissions?

Only in the SMB & MSP Cybersecurity category, and only on a subset of the tools we cover. All affiliate-earning articles are clearly labelled. Affiliate commissions do not determine editorial recommendations — we cover plenty of tools in that category that don’t pay commissions.

Can I pay to have my product included in a comparison?

No.

Can I pay to have my product excluded from a comparison?

No.

If I’m a vendor, will you brief me?

Usually yes, on the terms described above. Email briefings@cybersecurityessential.com with a one-paragraph summary of what you’d like to cover.

How do I submit a correction or complaint?

Email corrections@cybersecurityessential.com or use the feedback form at the bottom of any article. We respond to all good-faith corrections within two business days.

Who funds this publication?

Display advertising is the primary revenue source, supplemented by a small affiliate layer in SMB/MSP content and occasional sponsored buyer’s guides in defined categories. The publication is independently owned; no vendor, investor, or industry trade body holds a stake.

Last updated: 16 April 2026. Changes to these standards will be dated and briefly summarised at the top of the page.