Severance: what the hit show can teach us about cybersecurity and human risk

What if your work self didn’t know about your personal life, and your home self had no idea what you did for a living? In Apple TV’s Severance, that’s exactly the deal: a surgical procedure splits the memories of employees into “innies” (who only exist at work) and “outies” (who never recall what they do from nine to five).

the logo from the conversation web page

This article was published by The Conversation.

On the surface, it sounds like an ideal solution to a growing cybersecurity problem of insider threats, such as leaks or sabotage by employees. After all, if an employee can’t remember what they accessed at work, how can they leak it, sabotage it, or sell it?

As someone who has researched insider threats for the last decade I can’t help but see Severance as a cautionary tale of what happens when we try to eliminate threats without understanding people.

The threat from within

Insider threats really hit prominence in the wake of high-profile incidents like Chelsea Manning and Edward Snowden, who both leaked top secret government information. These threats are one of the most persistent challenges in security because unlike “traditional” hackers, insiders already have access to sensitive systems and information.

They might act maliciously, stealing trade secrets or exposing data, or accidentally, through phishing links or lost devices. Either way, the consequences can be more serious because of the unprecedented levels of access someone has while working within an organisation.

While we often think of the high-profile cases in the first instance, the reality of most insider incidents is far less dramatic. Think of the disgruntled employee who downloads a client database before leaving, or the well-meaning staff member who shares a sensitive file via the wrong link.

In fact, one of the most iconic examples of an insider threat in fiction is Jurassic Park. The entire catastrophe begins, not with a dinosaur, but with a software engineer, Dennis Nedry, who disables the park’s security in an attempt to steal trade secrets. It’s a reminder that even the most sophisticated systems can be undone by a single rogue employee.

Organisations try to manage this through access controls, behaviour monitoring and training. But people are unpredictable. Insider threats sit at the messy intersection of human behaviour, organisational culture and digital systems.

This is where Severance strikes a chord. What if you could eliminate the human risk altogether, by turning employees into separate, tightly compartmentalised selves? In the show, workers at the shadowy Lumon Corporation have no memory of their job outside the office and vice versa.

In a sense, it’s the ultimate form of “need to know.” An “innie” can’t tell anyone what they do because they don’t know anything beyond their desk. It’s a very elegant, although ethically problematic, solution for someone working in security. However, as the series unfolds, it becomes clear that the levels of control on offer through the process of severance come with a terrible cost.

The problem with control

The innies in Severance are trapped in an endless workday, unable to understand the meaning or value of their tasks. They form bonds, question authority and ultimately rebel. Ironically, it is the severed employees, the ones who are most closely controlled in the company, who become the greatest insider threat to Lumon.

This mirrors something we know from real organisations: excessive surveillance, control and secrecy often backfires...

Continues... 

The full article by Professor Oli Buckley can be read on The Conversation website. 

Notes for editors

Press release reference number: 25/64

Loughborough is one of the country’s leading universities, with an international reputation for research that matters, excellence in teaching, strong links with industry, and unrivalled achievement in sport and its underpinning academic disciplines. 

It has been awarded five stars in the independent QS Stars university rating scheme and named the best university in the world for sports-related subjects in the 2025 QS World University Rankings – the ninth year running. 

Loughborough is ranked 6th in The UK Complete University Guide 2025, 10th in the Guardian University League Table 2025 and 10th in the Times and Sunday Times Good University Guide 2025.  

Loughborough was also named University of the Year for Sport in the Times and Sunday Times Good University Guide 2025 - the fourth time it has been awarded the prestigious title.  

Loughborough is consistently ranked in the top twenty of UK universities in the Times Higher Education’s ‘table of tables’, and in the Research Excellence Framework (REF) 2021 over 90% of its research was rated as ‘world-leading’ or ‘internationally-excellent’. In recognition of its contribution to the sector, Loughborough has been awarded seven Queen's Anniversary Prizes. 

The Loughborough University London campus is based on the Queen Elizabeth Olympic Park and offers postgraduate and executive-level education, as well as research and enterprise opportunities. It is home to influential thought leaders, pioneering researchers and creative innovators who provide students with the highest quality of teaching and the very latest in modern thinking. 

Categories

Arts and cultureConversationTechnologyWar and security