This article conducts a theoretical exploration of how the materiality of ‘the digital’, and, more specifically, the immaterial nature of ‘the digital’, imposes on the securitisation of cyber. Starting from the observation that the implementation of new, draconian cybersecurity policy – illustrated with the Norwegian bulk interception controversy – is legitimised with reference to the immateriality of digital threats and digital transformations, I ask how we may we understand the material agency of immaterial matter in the context of cybersecurity. To address this problem, I turn to existing constructivist and new materialist accounts of the immateriality of cyber (in)security, and build on these to offer my own account of digital immateriality. In particular, I mobilise Yuk Hui’s reading of Jean-Francois Lyotard’s notion of im/materials to suggest that ‘the digital’ can be seen as a material force which concretises imperceptible relations by keeping the invisible invisible, and hence by abstracting and obscuring cyber threats and digital insecurities. In this way, ‘the digital’ engenders a new logic of cyber securitisation which I label ‘exceptionality without urgency’, where cybersecurity policy is aimed at countering fundamental, long-term, and rather vague transformations of politics and society rather than immediate, concrete threats.