Your business

Transformed

Your business

Transformed

Our aim is to realise increased growth and cost savings through digital transformation, as well as creating a greater impact on every individual connected to your business. 


What makes us different from other consultancies is our team. We only employ senior experts who have years of experience tackling real-world challenges.


Our purpose is to help our clients make a better impact on the world.

Proud to be Diamond Sponsors of Cambridge Tech Week


See us at Cambridge Tech Week 2025. As Diamond Sponsor  we are   continuing our founding commitment to helping startups and scaleups grow and thrive.


We are hosting bookable strategy clinics — offering practical guidance on areas critical to growth such as investment readiness, go-to-market strategy, and sales acceleration. You’ll also find us contributing to panel discussions, at fringe events, and meeting founders and startups at our stand in Innovation Alley.


Throughout the event, our team will be on hand to share the practical expertise that helps ambitious businesses realise their potential. Click the button to find out more.

#CAMTECHWEEK logo

#CamTECHWEEK

FIND OUT MORE

Capability Spotlight


The AI Revolution Has Begun:
Is Your Business Ready to Implement it Safely and with Measurable Gains?


The theme of Cambridge Tech Week 2025 is 'Seizing the AI Advantage'. A key question for business is how to move beyond the hype and implement AI effectively. Our AI consultants identify critical business challenges where AI solutions can deliver strategic value, ensuring initiatives are aligned with organisational objectives and positioned for maximum impact and return on investment.

FIND OUT MORE
Crystal ball on  a neon floor
by Jason Jennings 21 August 2025
Discover how digital twins are revolutionising project management. This article explores how virtual replicas of physical systems are helping businesses to simulate outcomes, de-risk investments and enhance decision-making.
AI co-pilot
by Jason Jennings 28 July 2025
Jason Jennings | Elevate your project management with AI. This guide for senior leaders explains how AI tools can enhance project performance through predictive foresight, cognitive collaboration, and portfolio intelligence. Unlock the potential of AI in your organisation and avoid the common pitfalls.
A smooth golf-ball top of a modern building against a neon sky
by Duncan Clubb 10 September 2024
In a previous article, Building AI-ready Infrastructure, we looked at the challenges that face the builders of digital infrastructure to create the massive engines that will power the ‘AI Revolution’ – in particular, the mega-data centres that will host the training systems used in Generative AI platforms like ChatGPT.  Most of the attention in the data centre industry is on these monsters, but there is more to it that we need to consider. This article looks at the other uses, applications, and implications of AI, and the infrastructure required to maintain them. The Growth of Industrial AI There are many flavours of AI, and although much of the current focus is on Generative AI, commercial applications use all sorts of other techniques to get the benefits that AI can offer. Indeed, there are some AI experts who think that too much emphasis is being given to the prominent large language models, and that the market will require a more diverse model for deploying infrastructure that will support real-world applications. There are many examples of industrial and manufacturing applications using AI already to optimise, for example, production-line efficiency in factories. These systems take data from sensors and devices (e.g. cameras), and then control the manufacturing processes in real time to improve efficiency, or to reduce the use of raw ingredients – a great example being the use of specialist glues in the automobile industry for sticking windscreens to car bodies – an AI platform has been in use to reduce the amount of glue used without compromising the efficacy of the bond. This may sound, trivial but the quantities used globally mean that even small proportional savings can amount to huge monetary savings. This type of application, used across multiple industries, has enormous potential for saving precious resources (or money), and many industries have been using these techniques for years. However, it is mostly the large manufacturers and processing companies that have been able to exploit this. Deploying this type of system can be expensive and usually entails situating a lot of processing power close to the production line. This excludes smaller enterprises from being able to take advantage as the barrier to entry is too high and involves maintaining IT kit that is expensive and difficult to look after.
by Duncan Clubb 6 September 2024
Artificial Intelligence (AI) is the hottest topic in technology for many reasons, good and bad, but it’s happening and it’s here to stay, so how do we build the infrastructure necessary to support it? To start with, we should recognise that there are many forms of AI. The one that has created the most buzz is generative AI, as seen in ChatGPT, Meta's LLaMA, Claude, Google’s Gemini, and others. Generative AI relies on LLMs (Large Language Models) which have to be trained using vast amounts of data. These LLMs sit in data centres around the world, interconnected by vast fibre networks. The data centre industry has not stopped talking about AI for at least 18 months, as it gears up for an ‘explosion’ in demand for new capacity. Some of the most respected voices in technology have predicted immense amounts of growth in data centre requirements, with predictions of triple the current capacity within 10 years being at the conservative end. That’s three times the current global data centre market, which has taken 30 years or more to get to where it is today. And, when we say growth, we’re talking about power. AI systems will require three times more electricity than data centres currently consume. Depending on who you ask, that’s about 2-4% of today’s global electricity production. And we’re talking about tripling that, or more. Data Centres So, what is ‘AI-ready infrastructure’ and how are we going to build it? The two key elements are data centres (to house the AI systems) and networks (to connect them with the rest of the world). LLM training typically uses servers with GPUs (the chip of choice for AI) and, for various technical reasons, these work best when in close physical proximity to each other – in other words, GPUs work best in large numbers in large data centres. Not just that, but the new generations of GPUs work best in dense data centres, meaning that each rack or cabinet of AI kit needs a lot of power. Most data centres are designed to accommodate older kit that is not so power hungry. The average consumption globally is about 8kW per rack, although many still operate at about 2kW per rack. The latest nVidia (the leading GPU manufacturer) array needs a colossal 120kW per rack. The infrastructure inside a data centre designed for these beasts is complex: the cooling systems (GPUs run very hot) and electrical distribution systems are much harder to design and set up, and are also expensive. So, data centres for AI training systems are mostly going to be new, as adapting older facilities is a non-starter. So, where do you put them? Finding land next to the vast amounts of electricity required is increasingly difficult in many European countries, especially in the UK. Most of the utility grids in Europe are severely lacking in spare capacity, and building new grid connections and electricity generation is a slow and expensive process. The answer might be to locate these new AI data centres near new renewable energy generation sites, but those are few and far between, so land with access to power now carries a hefty premium. Small nuclear reactors could also be an answer but might take a few years to materialise – we know how to build them (witness the nuclear submarine industry) but getting planning permission to put them on land is another matter. All in all, the data centre industry seems to be at least a few years away from being able to provide the massive upgrade in capacity that is expected. Even solving the land/power problem leaves the issue of actually building a new scale of data centre, 10 or 20 times bigger than what most would consider to be a gigantic site today. It can be done, we can solve the engineering challenges, but these are huge construction projects. Networks What about the networks? Actually, although very little real research has been done on the impact of large-scale AI rollouts on existing networks, we might be in a better position. The fibre networks in the UK and many European countries have benefited from significant investment over the last few years, so coverage is a lot better than it used to be. That does not mean that fast and large fibre routes, which will be a necessity for most AI systems, are all there, but it will be easier to build out new capacity than it will be to find power. Still, what we really need is some serious research into the amount of data that will need to be moved about and how that maps with existing network infrastructure. All in all, we have more questions than answers. Some people in the infrastructure industry are sceptical that things will ever get to the scale that some are predicting, but most of us do expect it to happen – it’s just a matter of time, and the race has already begun. Cambridge Management Consulting Duncan Clubb is a Senior Partner at Cambridge Management Consulting, specialising in data centre and edge compute strategy. Duncan has extensive experience as an IT consultant and practitioner and has worked with many leading organisations in the financial, oil and gas, retail, and healthcare sectors. He is widely regarded as a leading expert and is a regular speaker at industry events. If you or your organisation require support preparing your Digital Infrastructure for the emerging AI-industry, you can read about our array of Data Centre services, and get in touch with Duncan Clubb, through our designated Telecoms, Media, and Technology service page.
Zoe Webster with office background and blue tint
by Zoë Webster 4 September 2024
This month we put the spotlight on Zoë Webster, Associate Consultant for AI, Digital & Innovation With over two decades in the Artificial Intelligence (AI) sphere, Zoë Webster is renowned as a practitioner and leader, recently recognised as one of AI Magazine’s Top 10 Women in AI in the UK and Europe (2024). At Cambridge Management Consulting, Zoë takes on the pivotal role of leading our AI initiatives and driving digital innovation. Leveraging her extensive experience in developing and applying novel AI techniques across diverse sectors such as retail, cyber security, defence, and health, Zoë is instrumental in shaping our AI strategy and implementation. Her unique ability to bridge the gap between the public and private sectors, coupled with her insights on the opportunities and risks of emerging technologies like Large Language Models, positions her perfectly to guide our clients through the complexities of digital transformation. Zoë’s expertise ensures that we remain at the forefront of AI advancements, delivering cutting-edge solutions that drive sustainable growth and innovation for our clients. An Introduction to Zoë's work Having been in the AI space for over 20 years, the past couple of years, since the launch of ChatGPT and the catapulting of AI into the public consciousness, have been in part eye-opening and in part déjà vu for me. The scale and reach are different to anything we have seen to date – I realised this when friends and family of all ages and backgrounds are talking about AI – but it is part of the well-cited technology hype pattern we have seen before in AI as specific techniques show promise (expert systems and neural networks, for example) and organisations see them as a way to solve current problems/challenges. I am fortunate in that I got into AI early. I describe myself as classically trained in that I learnt and experimented with the broad range of AI algorithms on different applications in my early career, so I understand that AI has much more to offer than whatever technique is currently in vogue. After developing and demonstrating novel AI techniques in a range of applications, I got the opportunity to learn more about the role of innovation to the wider economy and society through my time at Innovate UK, now part of UK Research and Innovation. From that, I understand the impact of technology and how business innovation can be accelerated given the right conditions and collaborations. My COVID-19 story includes the juggle of leading Innovate UK’s first COVID-19 innovation competition, to get critical grant funding out to businesses to ensure innovation could continue during this time, while attempting to home-school two children. During lockdown I joined BT, where I built and led their AI Centre of Enablement to scale up AI development and deployment across the company. Developing a machine learning model as a proof-of-concept is one thing, but it takes a whole other set of skills and approaches to successfully and safely deploy that model at scale and with real users, and then to repeat that for other models for different applications. Luckily, my breadth of experience as well as my deep AI expertise enabled me to set up and lead the team to specify and address dozens of AI opportunities. Even as the current developments in AI fail to quite live up to all the hype for everyone, organisations have an opportunity to apply the best and most relevant advancements to generate value, whether that is through customer acquisition, better customer service, better colleague experience, greater productivity or improved sustainability. This goes beyond the technology but to AI governance too, which means thinking carefully about how to practice AI responsibly. Working with Cambridge Management Consulting, I am excited to use my breadth and depth to help more organisations make the most of AI to create value in meaningful ways. To find out more about our AI, digital and innovation services, go to our Innovation service page or contact Zoë using the form below.
A couple standing in front of a neon portal to representing stepping into an AI future
by Tom Burton 25 April 2024
In this article, Tom Burton, a cyber security expert and technology thought leader, addresses the historical roots of our implicit trust in computers. As AI models increasingly begin to mimic human traits such as memory and learning, he asks how we can better manage risk and evaluate trust in an era of AI technology.
Picture of data centre hubs in a network that looks like a city
by Duncan Clubb 11 September 2023
Authors

Latest

Case Studies


Discover how our team has successfully transformed organisations with innovative solutions, driving growth and enhancing competitive advantage across diverse industries.


Read More →

Latest Insights


A Data centre in a field
by Stuart Curzon 22 August 2025
Discover how Deep Green, a pioneer in decarbonised data centres, partnered with Cambridge Management Consulting to expand its market presence through an innovative, sustainability‑driven go‑to‑market strategy | READ CASE STUDY
Crystal ball on  a neon floor
by Jason Jennings 21 August 2025
Discover how digital twins are revolutionising project management. This article explores how virtual replicas of physical systems are helping businesses to simulate outcomes, de-risk investments and enhance decision-making.
A vivid photo of the skyline of Stanley on the Falkland Islands
by Cambridge Management Consulting 20 August 2025
Cambridge Management Consulting (Cambridge MC) and Falklands IT (FIT) have donatede £3,000 to the Hermes/Viraat Heritage Trust to support the learning and development of young children in the Falkland Islands.
A modern office building on a wireframe floor with lava raining from the sky in the background
by Tom Burton 29 July 2025
What’s your organisation’s type when it comes to cyber security? Is everything justified by the business risks, or are you hoping for the best? Over the decades, I have found that no two businesses or organisations have taken the same approach to cybersecurity. This is neither a criticism nor a surprise. No two businesses are the same, so why would their approach to digital risk be? However, I have found that there are some trends or clusters. In this article, I’ve distilled those observations, my understanding of the forces that drive each approach, and some indicators that may help you recognise it. I have also suggested potential advantages and disadvantages. Ad Hoc Let’s start with the ad hoc approach, where the organisation does what it thinks needs to be done, but without any clear rationale to determine “How much is enough?” The Bucket of Sand Approach At the extreme end of the spectrum is the 'Bucket of Sand' option which is characterised by the belief that 'It will never happen to us'. Your organisation may feel that it is too small to be worth attacking or has nothing of any real value. However, if an organisation has nothing of value, one wonders what purpose it serves. At the very least, it is likely to have money. But it is rare now that an organisation will not hold data and information worth stealing. Whether this data is its own or belongs to a third party, it will be a target. I’ve also come across businesses that hold a rather more fatalistic perspective. Most of us are aware of the regular reports of nation-state attacks that are attempting to steal intellectual property, causing economic damage, or just simply stealing money. Recognising that you might face the full force of a cyber-capable foreign state is undoubtedly daunting and may encourage the view that 'We’re all doomed regardless'. If a cyber-capable nation-state is determined to have a go at you, the odds are not great, and countering it will require eye-watering investments in protection, detection and response. But the fact is that they are rare events, even if they receive disproportionate amounts of media coverage. The majority of threats that most organisations face are not national state actors. They are petty criminals, organised criminal bodies, opportunistic amateur hackers or other lower-level actors. And they will follow the path of least resistance. So, while you can’t eliminate the risk, you can reduce it by applying good security and making yourself a more challenging target than the competition. Following Best Practice Thankfully, these 'Bucket of Sand' adopters are less common than ten or fifteen years ago. Most in the Ad Hoc zone will do some things but without clear logic or rationale to justify why they are doing X rather than Y. They may follow the latest industry trends and implement a new shiny technology (because doing the business change bit is hard and unpopular). This type of organisation will frequently operate security on a feast or famine basis, deferring investments to next year when there is something more interesting to prioritise, because without business strategy guiding security it will be hard to justify. And 'next year' frequently remains next year on an ongoing basis. At the more advanced end of the Ad Hoc zone, you will find those organisations that choose a framework and aim to achieve a specific benchmark of Security Maturity. This approach ensures that capabilities are balanced and encourages progressive improvement. However, 'How much is enough?' remains unanswered; hence, the security budget will frequently struggle for airtime when budgets are challenged. It may also encourage a one-size-fits-all approach rather than prioritising the assets at greatest risk, which would cause the most significant damage if compromised. Regulatory-Led The Regulatory-Led organisation is the one I’ve come across most frequently. A market regulator, such as the FCA in the UK, may set regulations. Or the regulator may be market agnostic but have responsibility for a particular type of data, such as the Information Commissioner’s Office’s interest in personal data privacy. If regulatory compliance questions dominate most senior conversations about cyber security, the organisation is probably in this zone. Frequently, this issue of compliance is not a trivial challenge. Most regulations don’t tend to be detailed recipes to follow. Instead, they outline the broad expectations or the principles to be applied. There will frequently be a tapestry of regulations that need to be met rather than a single target to aim for. Businesses operating in multiple countries will likely have different regulations across those regions. Even within one country, there may be market-specific and data-specific regulations that both need to be applied. This tapestry is growing year after year as jurisdictions apply additional regulations to better protect their citizens and economies in the face of proliferating and intensifying threats. In the last year alone, EU countries have had to implement both the Digital Operational Resilience Act (DORA) and Network and Infrastructure Security Directive (NIS2) , which regulate financial services businesses and critical infrastructure providers respectively. Superficially, it appears sensible and straightforward, but in execution the complexities and limitations become clear. Some of the nuances include: Not Everything Is Regulated The absence of regulation doesn’t mean there is no risk. It just means that the powers that be are not overly concerned. Your business will still be exposed to risk, but the regulators or government may be untroubled by it. Regulations Move Slowly Cyber threats are constantly changing and evolving. As organisations improve their defences, the opposition changes their tactics and tools to ensure their attacks can continue to be effective. In response, organisations need to adjust and enhance their defences to stay ahead. Regulations do not respond at this pace. So, relying on regulatory compliance risks preparing to 'Fight the last war'. The Tapestry Becomes Increasingly Unwieldy It may initially appear simple. You review the limited regulations for a single region, take your direction, and apply controls that will make you compliant. Then, you expand into a new region. And later, one of your existing jurisdictions introduces an additional set of regulations that apply to you. Before you know it, you must first normalise and consolidate the requirements from a litany of different sets of rules, each with its own structure, before you can update your security/compliance strategy. Most Regulations Talk about Appropriateness As mentioned before, regulations rarely provide a recipe to follow. They talk about applying appropriate controls in a particular context. The business still needs to decide what is appropriate. And if there is a breach or a pre-emptive audit, the business will need to justify that decision. The most rational justification will be based on an asset’s sensitivity and the threats it is exposed to — ergo, a risk-based rather than a compliance-based argument. Opportunity-Led Many businesses don’t exist in heavily regulated industries but may wish to trade in markets or with customers with certain expectations about their suppliers’ security and resilience. These present barriers to entry, but if overcome, they also offer obstacles to competition. The expectations may be well defined for a specific customer, such as DEF STAN 05-138 , which details the standards that the UK Ministry of Defence expects its suppliers to meet according to a project’s risk profile. Sometimes, an entire market will set the entry rules. The UK Government has set Cyber Essentials as the minimum standard to be eligible to compete for government contracts. The US has published NIST 800-171 to detail what government suppliers must meet to process Controlled Unclassified Information (CUI). Businesses should conduct due diligence on their suppliers, particularly when they provide technology, interface with their systems or process their data. Regulations, such as NIS2, are increasingly demanding this level of Third Party Risk Management because of the number of breaches and compromises originating from the supply chain. Businesses may detail a certain level of certification that they consider adequate, such as ISO 27001 or a System & Organization Controls (SOC) report. By achieving one or more of these standards, new markets may open up to a business. Good security becomes a growth enabler. But just like with regulations, if the security strategy starts with one of these standards, it can rapidly become unwieldy as a patchwork quilt of different entry requirements builds up for other markets. Risk-Led The final zone is where actions are defined by the risk the business is exposed to. Being led by risk in this way should be natural and intuitive. Most of us might secure our garden shed with a simple padlock but would have several more secure locks on the doors to our house. We would probably also have locks on the windows and may add CCTV cameras and a burglar alarm if we were sufficiently concerned about the threats in our area. We may even install a secure safe inside the house if we have some particularly valuable possessions. These decisions and the application of defences are all informed by our understanding of the risks to which different groups of assets are exposed. The security decisions you make at home are relatively trivial compared to the complexity most businesses face with digital risk. Over the decades, technology infrastructures have grown, often becoming a sprawling landscape where the boundaries between one system and another are hard to determine. In the face of this complexity, many organisations talk about being risk-led but, in reality, operate in one of the other zones. There is no reason why an organisation can’t progressively transform from an Ad Hoc, Regulatory-Led or Opportunity-Led posture into a Risk-Led one. This transformation may need to include a strategy to enhance segmentation and reduce the sprawling landscape described above. Risk-Led also doesn’t mean applying decentralised, bespoke controls on a system-by-system basis. The risk may be assessed against the asset or a category of assets, but most organisations usually have a framework of standard controls and policies to apply or choose from. The test to tell whether an organisation genuinely operates in the Risk-Led zone is whether they have a well-defined Risk Appetite. This policy is more than just the one-liner stating that they have a very low appetite for risk. It should typically be broken down into different categories of risk or asset types; for instance, it might detail the different appetites for personal data risk compared to corporate intellectual property marked as 'In Strict Confidence'. Each category should clarify the tolerance, the circumstances under which risk will be accepted, and who is authorised to sign off. I’ve seen some exceptionally well-drafted risk appetite policies that provide clear direction. Once in place, any risk review can easily understand the boundaries within which they can operate and determine whether the controls for a particular context are adequate. I’ve also seen many that are so loose as to be unactionable or, on as many occasions, have not been able to find a risk appetite defined at all. In these situations, there is no clear way of determining 'How much security is enough'. Organisations operating in this zone will frequently still have to meet regulatory requirements and individual customer or market expectations. However, this regulatory or commercial risk assessment can take the existing strategy as the starting point and review the relevant controls for compliance. That may prompt an adjustment to security in certain places. But when challenged, you can defend your strategy because you can trace decisions back to the negative outcomes you are attempting to prevent — and this intent is in everyone’s common interest. Conclusions Which zone does your business occupy? It may exist in more than one — for instance, mainly aiming for a specific security maturity in the Ad Hoc zone but reinforced for a particular customer. But which is the dominant zone that drives plans and behaviour? And why is that? It may be the right place for today, but is it the best approach for the future? Apart from the 'Bucket of Sand' approach, each has pros and cons. I’ve sought to stay balanced in how I’ve described them. However, the most sustainable approach is one driven by business risk, with controls that mitigate those risks to a defined appetite. Regulatory compliance will probably constitute some of those risks, and when controls are reviewed against the regulatory requirements, there may be a need to reinforce them. Also, some customers may have specific standards to meet in a particular context. However, the starting point will be the security you believe the business needs and can justify before reviewing it through a regulatory or market lens. If you want to discuss how you can improve your security, reduce your digital risk, and face the future with confidence, get in touch with Tom Burton, Senior Partner - Cyber Security, using the below form.
AI co-pilot
by Jason Jennings 28 July 2025
Jason Jennings | Elevate your project management with AI. This guide for senior leaders explains how AI tools can enhance project performance through predictive foresight, cognitive collaboration, and portfolio intelligence. Unlock the potential of AI in your organisation and avoid the common pitfalls.
St Pauls Cathedral
by Craig Cheney 24 July 2025
Craig Cheney | The UK Government has taken a major step forward in reshaping local governance in England with the publication of the English Devolution and Community Empowerment Bill. This is more than a policy shift — it’s a structural rethink that sets out to make devolution the norm, not the exception.
SHOW MORE