The governance of cyber-security risks is seen as increasingly important to the security of the nation. However, cyber-security risks are characterized by a fundamental uncertainty, which poses a great challenge to their governance and calls for new modes of organizing security politics. Public–private partnerships (PPPs) are often seen as the answer to this challenge by enhancing flexibility and robustness through knowledge-sharing. Engaging with the literature on PPPs and the Danish practice on cyber security, we show how PPPs involve controversies over different threat realities of cyber security. This plays out as controversies over what is considered threatened, the scope of the issue and the kind of expertise to be mobilized. Arguing that PPPs on security are not defined narrowly by short-sighted strategic self-interest but also loyalty and commitment, we suggest that the innovative potential of such PPPs lie not in a possible consensus on a common purpose and threat reality, but in the ability to embrace divergent definitions and approaches to cyber security. Acknowledging the corporate interests and loyalty, we suggest a move towards the notion of partnering through dissent.