Who we are

Building the benchmark the market does not yet have.

Wave88 is an independent research initiative defining what measurable trust
means for cybersecurity. We exist to make trust communication in cybersecurity more
measurable, comparable, and useful for the market.

What existing solutions do not measure

The UK market has frameworks that certify compliance and scanners that test technical posture. But none reveal whether a cybersecurity firm clearly communicates what it does, why it matters, and why it deserves trust in a regulated enterprise context. That question has no structured answer—until now. Wave88 is building one.

A benchmark, not a marketing ranking

The UK Cybersecurity Trust IndexTM is not a promotional ranking. It is a methodology-driven benchmark designed to create a more objective standard for trust communication across the sector.

 Built for the UK cybersecurity market

UK enterprise procurement in financial services, central government, and critical national infrastructure operates under distinct regulatory expectations and institutional pressures. A benchmark built on generic market assumptions would produce scores that don’t reflect how buyers in these sectors actually assess suppliers. The Index is being developed in active engagement with UK cybersecurity leaders, with an advisory panel
currently being established to validate the methodology and ensure it reflects the realities of procurement in this market.

How Wave88 approaches the problem differently.

Four principles that define how the UK Cybersecurity Trust Index is being built.

INDEPENDENT BY DESIGN.

Wave88 operates independently of the firms it assesses. No firm can purchase a score, influence its findings, or accelerate its inclusion in the Index cohort. Independence is the foundation of the benchmark’s value to buyers, to the sector, and to the firms that score well.

EVIDENCE-REFERENCED THROUGHOUT.

Every dimension of the Trust Architecture Framework is grounded in documented academic theory. Every firm score is referenced against specific, observable, publicly available evidence. Opinion does not appear in the methodology. Evidence does.

BUYER-VALIDATED, NOT SUPPLIER-ASSUMED.

The Trust Architecture Framework dimensions were not designed from a supplier’s perspective. They are validated through structured primary research with enterprise procurement directors and CISOs — the people whose judgment determines which cybersecurity firms win enterprise contracts.

BUILT FOR LONGITUDINAL VALUE.

A single year of benchmarking data is useful. Three years is a market standard. Five years is a structural asset.

The UK Cybersecurity Trust Index is designed from the outset to compound in value with every annual publication cycle.

Wave88 Sector Insight Report: Messaging That Builds Trust in UK Cybersecurity

The first Wave88 Sector Insight Report is currently in development. Drawing on primary research with enterprise procurement directors and CISOs across UK-regulated sectors, it will examine how mid-market cybersecurity firms communicate their credibility to enterprise buyers, what is working, what is not, and what the evidence shows buyers actually look for when evaluating supplier credibility.

Expected publication: Summer 2026.