Governments are adopting various measures to address cybersecurity-related concerns. Some of these measures restrict cross-border flows of digital services/data, and thus inconsistent with obligations in trade agreements such as General Agreement on Trade in Services (‘GATS’). However, certain governments might argue that such measures are justified under the GATS security exception (Art. XIVbis) as they protect national security. This article investigates whether GATS Art. XIVbis is relevant in justifying cybersecurity measures and its potential impact on cybersecurity governance. It argues that GATS Art. XIVbis has limited relevance, and is potentially problematic, when used in justifying majority of cybersecurity measures. First, a large majority of cybersecurity measures do not fall within the limited set of exceptional circumstances listed in GATS Art. XIVbis. Further, in applying this exception to cybersecurity measures, WTO Panels will be unfairly forced to balance trade and security interests in an environment of political, technological and policy uncertainty. Given these practical limitations and the normative boundaries of GATS Art. XIVbis, countries must avoid casually relying upon security exceptions as a basis for adopting/implementing unilateral measures on cybersecurity, but rather engage in meaningful cyber-diplomacy and regulatory cooperation mechanisms to resolve their differences on cybersecurity governance.