Cybersecurity is often framed in existential terms, but most practices involve routine risk management. This article examines different cyber risk logics, distinguishing between ‘risk as potential threats’ and ‘risk as uncertainty’. A case study of UK risk policy reveals how these logics co-exist and influence cybersecurity frameworks. The study argues that recognizing these risk logics allows for more precise cybersecurity policies and strategies.
