October 12, 2015 Shem Radzikowski 10 Comments
So which is it: Cyber Security, Cyber-Security or Cybersecurity? Is this the next reincarnation of datacentre vs. data center or ciphertext vs. cipher text? The security industry still hasn’t made any concerted effort to close on the cyber?security anomaly. And with about 15 million search results each, not even Google is able to raise a leg from either side of the fence.
When spending any length of time researching security, one quickly becomes aware of far too many polarized views within the technical community. These may be relatively trivial opinions, such as: whether Mac or PC is more secure; all the way up to endorsing (or not) a sophisticated anti-DDoS solution. It’s frustrating to say the least, and borderline embarrassing when the output of one’s labour is supposed to be a bulletproof recommendation, an architectural blueprint or a multi-year security roadmap.
About the only thing the industry agrees upon is that cyber should go before security. Many of my colleagues are divided along traditional lines, the Atlantic. American English seems to prefer Cybersecurity while British English (and European colleagues) cling to Cyber Security. I think Google threw in the towel a long time ago because unless specifically told not to, it fudges most of its search results and includes all commonly used variants.
Grammarians may argue, but the Associated Press (@APStylebook), which for all intents and purposes still holds the throne when it comes to news copy style[1], says it is one word — Cybersecurity:
“cyber-, cyberspace is a term popularized by William Gibson in the novel “Neuromancer” to refer to the digital world of computer networks. It has spawned numerous words with cyber- prefixes, but try to avoid most of these coinages. When the combining form is used, follow the general rule for prefixes and do not use a hyphen: cyberattack, cyberbullying, cybercafe, cybersecurity.”
There are some exceptions to the prefix rule, specifically around proper nouns, such as ‘˜US Cyber Command.’ But for the most part, if you are sticking with the leader when it comes to defining news style, you will want to stick with the single word use.
Gartner acknowledged that there is confusion in the market over how the term should be used, which prompted the firm to publish Definition: Cybersecurity[2] In it, analysts Andrew Walls, Earl Perkins and Juergen Weiss wrote that:
“Use of the term ‘˜cybersecurity’ as a synonym for information security or IT security confuses customers and security practitioners, and obscures critical differences between these disciplines.
To help set the record straight, the team defined the term:
“Cybersecurity encompasses a broad range of practices, tools and concepts related closely to those of information and operational technology security. Cybersecurity is distinctive in its inclusion of the offensive use of information technology to attack adversaries.”
Additionally, Gartner advised:
“Security leaders should use the term “cybersecurity” to designate only security practices related to the combination of offensive and defensive actions involving or relying upon information technology and/or operational technology environments and systems.”
Hoping to shed some light on this problem and advocate a single solution, one blogger polled some of the top experts on neologisms, the creation of new words, to see whether there was consensus on where cyber is heading.[3] One response that particularly resounded with me was that by Suzanne Kemmer, Associate Professor of Linguistics at Rice University. She said:
From the standpoint of the usual lexical conventions, cybersecurity is better, because ‘cyber’ is not a free-standing word but instead what linguists call a bound morpheme – a combining form used to form new words. It is of Classical Greek origin like many of our scientific and technical vocabulary elements– and the usual pattern for such borrowings is to combine them with other elements into one word. Bio, neo, photo are all parallel examples – when made into new compounds they are written together with the element following: not bio informatics but bioinformatics, etc.
Sometimes a group of specialists will make their own convention, but the language at large typically doesn’t follow it because there are so many instances of the more general pattern. It looks like that has happened in the technical community in this case They probably don’t know the general lexical patterns of English and just have made their own specialists’ convention I predict that for this word the general (one-word) pattern will win out in the language at large.
Whatever your decision may be, stick to it and be consistent throughout your writing. And if you’re tempted to throw every conceivable variant into a body of work with the aim of improving your search ranking, please don’t.[4] Since we already know that the likes of Google treat these variants equally, using them will only confuse the reader.
And so, while most of us mere mortals prepare for a long winter of similarly pointless deliberation, at least I’m no longer in two minds about how to write cybersecurity. I’ve decided to go with the single word because, as Susan put it, cybersecurity will win out in the end. Having said this, I also like the look of CyberSecurity — with a capitalized S, easier on the eye I think.
Subscribe and receive email notifications the moment Dr.Shem publishes a new post.
Well researched and reasoned. I expect I shall be bookmarking and referencing this frequently in the future!
Good article. I use Cyber Security for titles of articles or subjects in emails to ensure the word “security” stands out. I use cybersecurity in the body of text to make it less wordy. If we vote for one usage, I agree with using cybersecurity.
I just had this conversation with our marketing team on some new literature we are preparing. It’s good to know I’m right – if “cybersecurity” is good enough for Gartner, it’s good enough for me.
totally agree dr.shem. i would even propose cybersec to minimize the carbon footprint :)
I think I would be inclined to use ‘cyber security’ (adjective + noun) and ‘cyber-bullying’, (adjective + verb), for example. What do others say?
I would more inclined to use cyber security as two words as well. I would generally only use a hyphen to join two words used as an adjective, like first-rate service (unless the first one is an adverb like a happily married couple). Not sure whether I am grammatically correct here though.
You’ve hit the nail on the head! Last week, I was writing a report where I had to use this term so I was confused as to which one correct. I saw a report where one of the big four firms has used cyber-security so I decided to go with that.
Glad to hear I wasn’t the only one getting lost in the cyberconfusion :)
Thanks for sharing this!….While I prefer to use cybersecurity as one word, its hard to coin cyberthreat or cybercrime as one word! (though the same logic of considering cyber as adjective but cybersecurity as a whole becomes noun).
Dr Shem – this still remains the best, consolidated resource on this nuanced topic even a couple years after you published this.
Thanks for compiling – very much appreciated!