Cybersecurity Vocabulary in English
20 essential cybersecurity words with definitions and example sentences — malware, phishing, and encryption for B2–C1 ESL learners.
Cybersecurity vocabulary appears throughout technology news, workplace training, and everyday warnings about online safety. Words such as malware, phishing, and encryption are now part of general English, used in emails from your bank as well as in technical reports. For B2 and C1 learners, mastering these terms is essential for understanding the digital world and protecting yourself online.
This page covers 20 key cybersecurity words used by IT professionals, journalists, and security teams. These terms appear in data-breach headlines, software updates, and corporate security policies. You will encounter them in articles about hacking, in the alerts your devices show you, and in any modern workplace that handles sensitive information.
Unlike our broader Technology vocabulary and Computing vocabulary pages, this list focuses specifically on threats, defences, and the language of digital security. Mastering this vocabulary will strengthen your technical reading and help you discuss online safety with confidence and precision.
Word List
| Word / Phrase | Meaning | Example Sentence |
|---|---|---|
| malware | any software designed to damage, disrupt, or gain unauthorised access to a computer system; short for "malicious software" | The antivirus program detected malware hidden inside the downloaded file. |
| phishing | the practice of tricking people into revealing personal information by pretending to be a trustworthy organisation, usually by email | The phishing email pretended to be from her bank and asked her to confirm her password. |
| firewall | a security system that monitors and controls the network traffic entering or leaving a computer or network | The company's firewall blocked the suspicious connection before it reached the server. |
| encryption | the process of converting data into a coded form so that only authorised people can read it | End-to-end encryption ensures that only the sender and recipient can read the messages. |
| vulnerability | a weakness in a system that could be used by an attacker to cause harm or gain access | The security team patched the vulnerability before any hackers could exploit it. |
| breach | an incident in which an attacker gains unauthorised access to data or a system | The data breach exposed the personal details of millions of customers. |
| ransomware | a type of malware that locks or encrypts a victim's files and demands payment to restore access | The ransomware attack froze the hospital's records until a ransom was paid. |
| authentication | the process of confirming that someone is who they claim to be, usually with a password, code, or fingerprint | Strong authentication prevents unauthorised users from logging into the account. |
| exploit | a piece of code or technique that takes advantage of a vulnerability to attack a system | The hacker used a known exploit to bypass the website's login page. |
| patch | a software update that fixes a vulnerability or bug in a program | Installing the latest patch closes the security hole the attackers were targeting. |
| threat | any potential danger that could exploit a vulnerability and harm a system or its data | The report identified ransomware as the biggest threat to small businesses this year. |
| spyware | malware that secretly gathers information about a user and sends it to a third party without consent | The spyware recorded every keystroke and sent her passwords to the attacker. |
| two-factor authentication | a security method that requires two separate pieces of evidence to verify identity, such as a password and a phone code | Two-factor authentication adds a second layer of protection beyond your password. |
| brute force | an attack method that tries many possible passwords or keys until the correct one is found | A long, complex password makes a brute force attack far harder to succeed. |
| penetration test | an authorised, simulated attack on a system to find and fix security weaknesses before real attackers do | The bank hired experts to run a penetration test on its new online platform. |
| zero-day | a vulnerability that is unknown to the software maker, leaving no time to fix it before it is exploited | A zero-day flaw is especially dangerous because there is no patch available yet. |
| payload | the part of malware that carries out the harmful action, such as deleting files or stealing data | Once the file was opened, the malware's payload began encrypting the documents. |
| sandbox | an isolated environment where suspicious programs can be run and observed safely without harming the real system | Analysts opened the unknown file in a sandbox to watch what it would do. |
| credential | information such as a username and password used to prove identity and gain access to a system | Stolen credentials let the attacker log in as if they were a genuine employee. |
| mitigation | action taken to reduce the severity or likelihood of a security threat or its impact | As a mitigation, the company forced all users to reset their passwords after the breach. |
Practice These Words
Flash Cards
Review cybersecurity vocabulary with spaced repetition
Wordsearch
Find cybersecurity words hidden in the grid
Quiz
Test your cybersecurity vocabulary knowledge
Practice What You've Learned
LexFizz has 30 free interactive exercises — no sign-up needed.
Browse All Exercises →Related Vocabulary Topics
Frequently Asked Questions
What is the difference between malware and a virus?
Malware is the broad, umbrella term for any malicious software designed to harm or gain unauthorised access to a system. A virus is just one specific type of malware — one that attaches itself to a file or program and spreads to others when that file is shared or run. Other types of malware include ransomware, spyware, and worms. So every virus is malware, but not all malware is a virus. In everyday English people often say "virus" loosely to mean any malware, but in technical writing the distinction matters.
What is phishing?
Phishing is a form of attack in which criminals pretend to be a trustworthy organisation — such as a bank, a delivery company, or your employer — to trick you into revealing personal information. It usually arrives as an email or text message asking you to click a link, log in, or confirm a password. The fake page then captures whatever you enter. The word is a play on "fishing", because attackers cast out many messages hoping someone will take the bait. Always check the sender's address and never enter credentials through a link in an unexpected message.
What does a firewall do?
A firewall is a security system that sits between your computer or network and the wider internet, monitoring the traffic that tries to pass in either direction. It follows a set of rules to decide which connections to allow and which to block, stopping suspicious or unauthorised traffic from reaching your system. You can think of it as a security guard checking everyone at the door. Firewalls can be software running on a single device or hardware protecting an entire organisation's network, and they are one of the most basic and important defences in cybersecurity.
What is encryption and how does it work?
Encryption is the process of converting readable data into a scrambled, coded form that can only be turned back into the original by someone with the correct key. If an attacker intercepts encrypted data, they see only meaningless characters. Encryption protects information both when it is stored and when it travels across networks — for example, the padlock icon in your browser shows that your connection to a website is encrypted. End-to-end encryption, used in many messaging apps, ensures that only the sender and recipient can read the messages, not even the service provider.
What is the difference between a vulnerability and an exploit?
A vulnerability is a weakness or flaw in a system — a door that has been left unlocked. An exploit is the specific technique or piece of code that takes advantage of that weakness — actually opening the door and walking through. A vulnerability is a potential problem; an exploit is the act of using it to attack. Security teams race to find and patch vulnerabilities before attackers can write exploits for them. Understanding this distinction is key to reading cybersecurity news, where both words appear constantly.
What is ransomware?
Ransomware is a type of malware that locks you out of your own files or system, usually by encrypting them, and then demands a payment — a ransom — in exchange for restoring access. Attackers often demand payment in cryptocurrency to stay anonymous. Ransomware has caused major disruption to hospitals, schools, and businesses, sometimes halting operations for days. Security experts generally advise keeping regular backups and not paying the ransom, since payment funds further crime and does not guarantee that the files will be returned.
What is two-factor authentication?
Two-factor authentication, often shortened to 2FA, is a security method that requires two separate pieces of evidence before granting access. Typically this means something you know, like a password, plus something you have, like a code sent to your phone or generated by an app. Even if an attacker steals your password, they still cannot log in without the second factor. Because it dramatically reduces the risk of account takeover, security experts strongly recommend turning on two-factor authentication for important accounts such as email and banking.
What is a zero-day vulnerability?
A zero-day is a vulnerability that the software maker does not yet know about, which means there has been "zero days" to develop a fix. Because no patch exists, zero-day flaws are especially dangerous: attackers who discover one can exploit it freely until the maker becomes aware and releases an update. Zero-day exploits are highly valued by criminals and even by some governments. Once a zero-day is publicly known and a patch is released, users are urged to update immediately, because attackers will rush to target anyone who has not.
What is a penetration test?
A penetration test, often called a "pen test", is an authorised, simulated cyberattack carried out by security professionals to find weaknesses in a system before real attackers do. The testers — sometimes called ethical hackers — try to break in using the same tools and techniques as criminals, then report the vulnerabilities they find so the organisation can fix them. Unlike a real attack, a penetration test is permitted, controlled, and aimed at improving security. Many companies run regular penetration tests as part of protecting customer data and meeting security standards.
What is the best way to learn cybersecurity vocabulary?
The most effective approach is to connect each term to a real-world example you have seen — link phishing to a suspicious email in your own inbox, or encryption to the padlock in your browser. Read accessible cybersecurity news and the security alerts on your own devices in English, where these words appear repeatedly in context. Use Flash Cards on LexFizz to drill the 20 words on this page, then test yourself with the Quiz. Because online safety affects everyone, learning this vocabulary at B2–C1 level is both practical and increasingly valuable at work.