Cybersecurity vs Cyber Security

When,why and how to use the term

Originally published here. Excellent article on the two terms. I noticed I use the two depending on moods do Apple text editors think Cybersecurity is incorrect. In summary –

“Cybersecurity refers to preventative methods to protect information from being stolen, compromised or attacked in some other way. It requires an understanding of potential information threats, such as viruses and other malicious code. Cybersecurity strategies include identity management, risk management and incident management.”

First, let’s tackle the when and why; we’ll move onto the how later.

In June, Gartner (@Gartner_inc) acknowledged that there is confusion in the market over how the term should be used, prompting the firm to publish “Definition: Cybersecurity” (note, Gartner uses the single-word form). In it, analysts Andrew Walls, Earl Perkins and Juergen Weiss wrote that “Use of the term ‘cybersecurity’ as a synonym for information security or IT security confuses customers and security practitioners, and obscures critical differences between these disciplines.” To help set the record straight, the team defined the term:

“Cybersecurity encompasses a broad range of practices, tools and concepts related closely to those of information and operational technology security. Cybersecurity is distinctive in its inclusion of the offensive use of information technology to attack adversaries.”

Additionally, Gartner advised:

“Security leaders should use the term “cybersecurity” to designate only security practices related to the combination of offensive and defensive actions involving or relying upon information technology and/or operational technology environments and systems.”

This is one definition and recommendation, but certainly not the only one in circulation.

I am starting to see some vendors use the term, even though they are not providing – or at least not promoting that they provide – technologies designed to “attack adversaries,” as Gartner suggests is a critical component. It seems that mostly the prefix “cyber” ̶. as analyst and writer Richard Stiennon (@stiennon) pointed out recently on a Facebook post. ̶. is being used in and around the Beltway and that only a few vendors in other parts of the country have started to adopt it. This could be due to the fact that it is yet to be fully defined and because no one, especially anyone in marketing and PR, ever wants to wind up with egg on their face due to an incorrect use of terms.

In addition to the guidance Gartner has provided, there are other definitions of the term, which could explain its growing usage.

At least one online dictionary defines it as:

“Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.”

In the TechTarget “What is” section there is no mention of “offense” or adversary attack:”Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity.”

Although it does not provide a specific definition, in its “Cybersecurity Questions for CEOs” report, the DoHS kind of says what it means in its description of the term:

“A comprehensive cybersecurity program. leverages industry standards and best practices to protect systems and detect potential problems, along with processes to be informed of current , threats and enable timely response and recovery.”

Again, no mention of offense or attack, but I suppose “timey response” could imply either.

Techopedia defines it as well, again, there is no mention of offensive or attack capabilities:

“Cybersecurity refers to preventative methods to protect information from being stolen, compromised or attacked in some other way. It requires an understanding of potential information threats, such as viruses and other malicious code. Cybersecurity strategies include identity management, risk management and incident management.”

I searched on the SANS glossary and didn’t find anything specifically.

For now, it appears as if the jury is out on when and how to use the term but there is at least some direction from one of the analyst groups out there that has a lot of interaction with enterprise clients as well as some other guidance as pointed out.

Onto the how. ̶. is it “Cybersecurity,” one word, or “Cyber Security,” two words?

Grammarians may argue, but the Associated Press (@APStylebook), which for all intents and purposes still holds the throne when it comes to news copy style, says it is one word – Cybersecurity:

“cyber-, cyberspace Cyberspace is a term popularized by William Gibson in the novel “Neuromancer” to refer to the digital world of computer networks. It has spawned numerous words with cyber- prefixes, but try to avoid most of these coinages. When the combining form is used, follow the general rule for prefixes and do not use a hyphen: cyberattack, cyberbullying, cybercafe, cybersecurity.”

There are some exceptions to the prefix rule, specifically around proper nouns, such as ‘US Cyber Command.’ But for the most part, if you are sticking with the leader when it comes to defining news style, you will want to stick with the single word use.