Last Updated on August 13, 2025 by Arnav Sharma
You’d be surprised how often this question comes up in security circles. I’ve been in countless meetings where someone stops mid-sentence to ask, “Wait, is it cybersecurity or cyber security?” It might seem like nitpicking, but this simple spelling difference reveals something deeper about how our industry has evolved.
The short answer? Both are correct. But there’s a fascinating story behind why we ended up with two acceptable spellings for the same concept.
How We Got Here: A Brief History
Back in the early computing days, we didn’t even have a proper term for what we now call cybersecurity. System administrators talked about “computer security” or “network protection.” The concept of comprehensive digital defense was still taking shape.
The term started appearing in the late 20th century, almost always written as “cyber security” with a space. This made perfect sense at the time. “Cyber” came from cybernetics (the study of control systems), and “security” had its own well-established meaning. Keeping them separate felt natural.
But as the internet exploded and digital threats became more sophisticated, something interesting happened. The two words began merging, much like how “electronic mail” became “email” or “web site” became “website.” Language has this way of evolving to match how we actually think about concepts.
The Case for One Word: Cybersecurity
Most industry professionals I know default to the single-word version, and for good reason. When you write “cybersecurity,” you’re emphasizing that this isn’t just regular security applied to digital systems. It’s something entirely new.
Think about it this way: a car isn’t just a horseless carriage, even though that’s technically what early automobiles were called. Similarly, cybersecurity isn’t just traditional security applied to computers. It’s its own discipline with unique challenges, methodologies, and solutions.
The single-word approach also creates consistency with related terms. We write “cybercrime,” “cyberattack,” and “cyberwarfare” as one word. Why should “cybersecurity” be different?
I’ve noticed that major organizations tend to use the compound version. The Department of Homeland Security, NIST, and most security vendors spell it as one word in their official documents. When you’re writing a security policy or presenting to executives, following this standard makes you sound more authoritative.
The Case for Two Words: Cyber Security
Here’s where things get interesting though. Some security experts prefer the two-word version because it maintains clarity about what we’re actually discussing.
A colleague of mine who’s been in the field since the 1980s always writes “cyber security” because, as she puts it, “I want people to remember that we’re talking about security principles applied to cyber environments.” She has a point. The fundamentals of risk assessment, threat modeling, and defense-in-depth haven’t changed just because we moved from physical to digital spaces.
The two-word version also acknowledges that cyber security is multidisciplinary. You need to understand both the “cyber” side (networks, systems, data flows) and the “security” side (risk management, compliance, incident response). Keeping them visually separate reminds us that expertise in both areas matters.
What I See in Practice
After working with dozens of organizations, I’ve noticed some patterns. Technical teams and security vendors almost always use “cybersecurity” as one word. Government agencies and large enterprises follow the same convention. Academic institutions are split, though they’re trending toward the compound version.
Interestingly, mainstream media often uses “cyber security” with a space. This might be because their style guides haven’t caught up with industry usage, or because the separated version feels more accessible to general audiences.
Beyond the Spelling: What Really Matters
Here’s what I find more concerning than spelling variations: the misconceptions people have about cybersecurity itself, regardless of how they write it.
It’s not just about antivirus software. I can’t count how many small business owners think they’re “doing cybersecurity” because they installed Norton or McAfee. Modern cybersecurity involves everything from employee training to network segmentation to incident response planning.
It’s not just for big companies. Last year, I worked with a local bakery that got hit by ransomware. Their point-of-sale system was encrypted, and they couldn’t process payments for three days. Small businesses are often easier targets because they have fewer defenses.
It’s not a one-time fix. Security is like physical fitness. You can’t work out once and stay in shape forever. Threats evolve constantly, which means your defenses need to evolve too.
It’s everyone’s responsibility. The best technical controls in the world won’t save you if someone falls for a phishing email or uses “password123” for everything. Security culture matters as much as security technology.
The Bigger Picture
Whether you write it as one word or two, cybersecurity represents something crucial about our modern world. We’ve built an interconnected digital infrastructure that powers everything from power grids to coffee makers. Protecting that infrastructure isn’t optional anymore.
The real challenge isn’t deciding how to spell the term. It’s building security practices that can keep pace with innovation. Every new technology, from cloud computing to artificial intelligence to IoT devices, creates new attack surfaces that didn’t exist before.
My Recommendation
If you’re writing for a professional audience, go with “cybersecurity” as one word. It’s become the de facto standard in industry publications, job postings, and technical documentation. Most spell-checkers accept it, and it’s what people expect to see.
If you’re writing for a general audience or prefer to emphasize the distinct components, “cyber security” works fine too. The most important thing is being consistent within the same document.
But honestly? Spend less time worrying about the spelling and more time thinking about the substance. Whether you call it cybersecurity or cyber security, the threats are real, the stakes are high, and the need for good security practices has never been greater.
The digital world isn’t slowing down for anyone. Our security practices need to keep up, regardless of how we choose to spell them.