An 'external' risk is a risk originating from outside the organization and not under its direct control. Cyber-attacks by hackers are an example of external risks since they involve malicious efforts from outside entities. On the other hand, employee negligence is an 'internal' risk since it arises from within the organization. Equipment failure could also represent an internal risk if it is due to internal maintenance issues. Regulatory fines would be considered a consequence of compliance failure, which could stem from internal governance issues but do not directly represent an external risk.