As cyber-security incidents become increasingly prevalent, we are facing a major political and democratic challenge: who comprises “the public” in relation to such incidents? Based on a study of the controversies surrounding the WannaCry ransomware attack, this article unpacks issues facing the creation of publics in contemporary ICT-mediated security practices. It shows how cyber-security incidents, such as WannaCry, do not neatly align with traditional national security politics and democracy, and it demonstrates the need to attend to how security publics are created. This may paradoxically entail both political and democratic challenges and possibilities for security politics in the digital age.