Traditional cyber risk matrices systematically obscure what matters most: societal consequences. By aggregating all impacts onto a single financial axis, current approaches render invisible the external costs borne by third parties, critical infrastructure, and public goods. This article proposes a two-dimensional framework explicitly distinguishing internal impact from external impact, enabling governance decisions that account for both economic optimisation and societal responsibility.

In 2025, a major cyberattack forced Jaguar Land Rover to halt its global production for five weeks, with immediate impacts on industrial operations, employees, and the wider supply chain. While the exact origin of the intrusion remains uncertain, this article examines several initial access hypotheses based on available information, with the aim of drawing lessons learned and contributing to the improvement of cybersecurity practices.

The technical vs non-technical distinction in cybersecurity isn’t just a semantic issue. It creates an invisible barrier that deprives the sector of essential talents and makes us overlook the true value of GRC. Why and how should we change this?

AI agents are beginning to behave less like tools and more like people. And like people, they can be misled. The difference is that the consequences can spread faster and further. This is not just a technical concern. It raises broader questions about trust and accountability in the systems shaping our daily lives. In this article, I share a personal perspective on why our security thinking may need to adapt.

L8insights is a personal space for reflection. I write here at my own pace to clarify my thoughts and share a perspective on systems, algorithms, society, and how they interact.