Since cyberattacks are nonphysical, standard theories of casus belli — which typically rely on the violent and forceful nature of military means — appear inapplicable. Yet, some theorists have argued that cyberattacks nonetheless can constitute just causes for war — generating a unilateral right to defensive military action — when they cause significant physical damage through the disruption of the target's computer systems. I show that this view suffers from a serious drawback: it is too permissive concerning the types of actions that generate casus belli since many essentially peaceful and non‐violent mechanisms can nonetheless cause physical damage. I resolve this difficulty by developing a sovereignty‐based account of casus belli and applying it to cyberwarfare. I argue that legitimate states have a constrained right to unilaterally respond with military force to unfriendly actions that bypass or overwhelm the political deliberations of the target state in order to force a change in behaviour contrary to the determinations of the people of the target state. This new account of casus belli avoids the problems of the consequence‐based view by plausibly restricting the types of unfriendly action that give rise to casus belli and yet offers an attractive explanation for why some cyberattacks nonetheless do generate a potential right to a unilateral defensive response.