Cyber Security Predictions for 2024

John Madelin
Subscribe Contact us
John Madelin

“Cybercrime is the number one problem for mankind, and Cyberattacks are a bigger threat to humanity than nuclear weapons” - Warren Buffet

 

As we enter 2024, there are signs that the Cyber Security industry is teetering on the brink of a major transformation, culminating in a more coherent and business-involved approach which will ensure a better understanding and management of cyber risks.


Setting aside other associated factors for now, this metamorphosis is being fuelled by the astronomical rise in cybercrime that has been observable across the previous 3-5 years, turning it into a multi-trillion-dollar industry. The business leaders who missed this sudden rise in temperature, suddenly find themselves in boiling water.


These anticipated and imminent changes, accelerated by the lucrative and seemingly untouchable nature of cybercrime, will inevitably necessitate a more fundamental redefinition of cybersecurity strategies. The Dark Web’s explosion of sophisticated crime and the pivot from traditional crime streams, such as the illegal drug industry, to the high profit margins and low-risk profile of cybercrime is just too irresistible to a growing demographic. Between the intoxicating mix of easy money and apparent immunity, the appeal of cybercrime is reaching not only existing criminals, but new breeds.


This new era and new generation will force us to re-characterise what we mean by Cyber Security, as business leaders are set to thaw the icy divide between CISOs and the CIOs with whom they tend to work. This will push the industry into constructing a more deeply integrated and pervasive defence strategy overall.


However, this shift is not just about adopting new technologies; on the contrary, it amounts to a cultural revolution, and the associated liability, regulatory, maturity, quantification, integration, communication, and behavioural shifts in emphasis that are pulled into its current will be further catalysed by the growing ranks of ingenious cyber criminals and hackers at the gate, equipped to breach your defences with persistent creativity.


By now you may be thinking ‘wasn’t this a predictions article’? Yes, and so far I have tried to emphasise why the critical tactical actions that we begin today must be held to, not merely as piecemeal reactions to the cyber environment I have thus far outlined, but all the way to future proof. These tactical building-block priorities must become the planned foundations to support long-term resilience, we otherwise risk seeing the criminals melt into the dark web with our money and private data.


There’s a likelihood that absent vital improvements in our cyber defences, left by those still using old-school, gear-heavy, and fragmented defences, led by the autonomous and uncommunicative CISOs, those who fail to adapt will find themselves outmanoeuvred by the increasingly resourceful cybercriminals.


However, for those organisations in 2024 who recognise the gravity of the current climate and ingenuity of recent cybersecurity threats—and commit to more fundamental practices built into more IT and business integrated frameworks (which might also suggest a new breed of CISO)—the transition into 2025 is likely to be marked by a significant decrease in anxiety, and far more restful nights.


Traditional Technology Predictions for 2024


In this first section, we look at the more traditional, in-brief predictions for the gearheads, specifically falling within my Top 6 most pressing technology themes that will colour 2024:

 

Multi-Factor Authentication

 

Given how prevalent credentials are in attacks, we used to follow the rule of ‘Anything web-facing needs Multi-Factor Authentication (MFA)’. Now, in 2024, thanks to the cloud breaking into our legacy estate, our complete clarity on what exactly is being published to the web has become obscured. In 2024, the mantra must be changed to ‘everything needs MFA’, but this still has a long way to go.


Privileged Access Management

 

Since Privileged credentials are the holy grail for cybercriminals, these chinks in the armour need resolving urgently. This is exacerbated by the way in which responsibility for this resolution is spread across business units; tactical challenges can be resolved, but only if an appropriate leader, at an appropriate level, applies some pressure and urgency.


Systems are out-of-date, there are too many passwords, many of these are mismanaged, privileges themselves are too excessive, etc. In modern systems, the arrival of cloud multiplies these complexities, as does the expansion of responsibilities to third parties.


These systemic failings need to be addressed in 2024, and imminently. The way forward is a cross-functional emergency exercise, with a target to adopt and maintain serious discipline by this time next year.

 

Monitoring

 

You read that correctly—unbelievably, monitoring is much further behind than it needs to be as we move further into 2024, a fact that has somehow gone largely unnoticed.


This may be the reason why the cyber insurance industry weathered rough seas in 2020, and why we are now overwhelmed with high volumes of indiscriminate alerts.


We must improve basic log aggregation, normalisation, and correlations, through better IT integration. This reporting should be developed to enhance action, with a, perhaps uncomfortable, focus on more meaningful ‘one-ten-sixty’-style reporting.


With today’s current threat landscape, if the insurance losses are anything to go by, if your monitoring is not polished in 2024 then you can forget cyber insurance, as you can expect to suffer losses in 2024. 

 

Zero Trust

 

As a frequently misused and misunderstood phrase, it is important to establish a clear and consistent definition of what we mean by ‘Zero Trust’, first coined by Forrester’s John Kindervag many moons ago. The need for clarity is equally important to business leaders; they will expect quick intelligibility and relevance, or they will lose interest fast—and, for the first time in 2024, we need them seriously on board.


As you probably know, Kindervag’s core theme was to shift from the network’s ‘trust but verify’ model to ‘never trust but always verify’. This more cloud-ready mindset forces more emphasis on users, data, and devices across better segmented and more continuously monitored networks, also enhancing third-party risk management scenarios. Incremental steps in this direction, which reflect the need for more fundamental practices within more IT-integrated frameworks, can pay quick dividends in 2024.

 

AI Threats

 

I was reluctant to include this one, as I don’t believe that the use of AI either offensively or defensively will have a truly transformative effect on cyber defences in 2024/2025. I must, however, acknowledge that cybercriminals, who are after a quick win and are inherently street-smart, will use it to operate smarter and faster. At the very least, this will hopefully force companies to take care of their basics more effectively.


That being said, keeping an eye on AI is an increasingly critical aspect of security that is often overlooked, specifically the need to conduct regular, repeatable security testing of the AI technologies themselves. As the integration and use of AI tools becomes more pervasive, a new category is poised to become a bigger emphasis in 2024, one which continuously monitors AI systems for any unusual activities or anomalies, including tracking system performance and outputs.

 

IoT and OT (Complexity and Criticality)

 

Arguably, IoT is just more IP end points, which the networkers amongst you will be unphased by. I am using OT as shorthand (as many non-IT aware business leaders do) for ‘critical supply chain systems’. This amplification of the criticality of IoT as they continue to undertake more supply-chain functions suggests that we will need to distinguish which of them support critical business processes. In 2024, getting our arms around a near real-time and complex CMDB (the basic inventory of our IT estate), including this explosion of more integrated, more intelligent, and more mission-critical IP end points becomes of pressing concern. 


Conclusion


Some might argue that these predictions are a little basic, and you will have noted that I collected cloud and third party under ‘Zero Trust’, when arguably there is so much more to be said for both. However, I unapologetically remain of the opinion that, if we continue to build our infrastructure on sand, then we shouldn’t be surprised when it sinks.


A key theme in 2024, as we consider my predictions in the next section, is that we must first attack these ‘basic’ technical security categories in more meaningful ways before leaping into shinier, strategic topics that will remain moot if unsupported by solid foundations. 


What is Really Driving Change in 2024


The Business Sophistication of the Cyber-Criminal Fraternity


Cybercrime as a Service (CaaS) is an industry by which threat actors on the Dark Web sell their tools, expertise, and services to others, often in franchise or affiliate models.


Since the primary goal for such criminals is to make more money with less effort and less direct involvement, this exploding trend is a worrying, yet increasingly material, part of the criminal Dark Web. It is estimated that at least two thirds of ransomware, one of the largest categories of cybercrime, is conducted through a CaaS model (according to Cyber Resilience Insights).


There is a frightening level of organisation and sophistication with the roles, expertise, and infrastructure of these CaaS models that is making it easier for new entrants to subscribe to criminal franchises without the need for any technical or operational knowledge. Full-service CaaS operators will offer not only customer service to affiliates during ransomware campaigns, but they may also handle ransomware payments and decryption key access, for example.


The organisational sophistication of these franchisors is breathtaking, let alone their pricing and marketing capabilities. Operators such as Lockbit 2.0 offers guarantees on the speed of infection, not to mention service guarantees in recovery for those who pay the ransom.


In 2024 and beyond, his will continue to enable access to a wider demographic of new criminal profiteers in more resilient and integrated models that continue to evolve and improve with time and volume. More criminals will continue to exit lower profit and higher risk activities, such as people-trafficking and drugs, and move into cybercrime. 


Key 2024 Takeaway: This re-enforces the need to re-visit the basics; cyber activities will continue to be a volume game for the perpetrators. 

 

Visibility of Cybercrime to Non-Experts

 

Crime will become more visible, at last.


At the higher end of the size estimates for cybercrime are $10.5 trillion by 2027. Allowing for a certain amount of scepticism, even if we halve those numbers, the US Government estimates that IP theft alone now amounts to around $600 billion a year, suggesting that ‘trillions’ is now the sizing language for cybercrime.


It should be noted that this number is widely distributed across a wide variety of criminal activity. The criminal fraternity are not greedy, given that too much visibility raises risk levels from complete impunity to unnecessary minimum risk. Whilst, globally, 72.7% of all organisations fell prey to a ransomware attack in 2023 (Statista), too much of this goes unreported. Because it represents a huge volume of mid-level cash impact, it has been too fragmented for any single action to deliver any more attention-grabbing deathblows, but is instead amounting to a less visually compulsive ‘death by a thousand cuts’.


Attacks are becoming so widespread and persistent, as well as collectively reaching material levels from a wider demographic of criminals, and taking numerous variegated forms of profiteering (such as data theft, phishing, malware, ransomware, DDos), that the growth in visibility to the Boardroom will accelerate in 2024.


Key 2024 Takeaway: In the past, research has suggested that CISOs have gotten away with accepting ‘smile and wave’ feedback from the board. While that may have worked previously, this will now force security and IT leaders to be held more accountable in real terms in 2024, and we will see much sharper qualification and expectations from the Board in the coming year as a result.


Furthermore, this opportunity will not be lost on the more mature CISOs. They will use these almost absurdly unrealistic yet engaging and increasingly visible happenings to fuel strong anecdotal storytelling with board members, in order to catch and retain their attention.

 

Authorities will Continue to Turn Up the Heat on CISOs and Business Leaders

 

A recent set of straw polls from front-line incident response experts in 2023 suggested that between 70-90% of incidents are not disclosed and, in another significant proportion, ransoms are paid.


However, during July 2023, the Securities and Exchange Commission (SEC) in the US adopted rules requiring registrants to disclose any material cybersecurity incidents that they experience, and to disclose on an annual basis any information regarding their cybersecurity risk management, strategy, and governance.


For those breathing a sigh of relief that they do not work or reside within the US, the Commission has also adopted rules that effectively incorporate certain categories of foreign entity that pass a business contact or ownership test. These steps are expected to be adopted in Europe, and some of them have already been incorporated within the EU Cyber Resilience Act (CRA).


These new rules will require registrants to disclose any cybersecurity incident they determine to be significant enough on a formal reporting form, and to describe the aspects of the incident’s nature, scope, and timing, as well as its impact – or potential impact – on the registrant.


These changes will thus force a much closer relationship to develop with lawyers in 2024, who must be prepared for virtually real-time disclosure responsibilities and their impacts on personal and professional liabilities and fines. 


Key 2024 Takeaway: Disclosure warrants a significant amount of workload involving lawyers, regulators, clients, media, executive, and the board, not to mention all the paperwork around the crime scene and a host of behaviours affected by subject-to-privilege constraints.


With all of this in mind, it is even more important to run those tabletop exercises in 2024, and ensure that you have all of the internal help and flexible bench strength from a host of experts ready at hand.

 

Around 50% of CISOs will leave in 2024

 

Another recent survey has suggested that 94% of CISOs are affected by stress, and that, for 64%, these, stress levels are compromising their ability to do their job. The relentless barrage of incidents which consistently affect nights, weekends, and vacations, combined with the aggression with which such incidents are met from impatient work colleagues and business partners is traumatic enough, but it is increasingly becoming the norm for CISOs to be held personally liable.


Recent actions from the US Government display a growing practice of holding executives accountable for cybersecurity breaches. Notably, the US District Court in San Francisco brought criminal charges against Joe Sullivan, Uber’s former CISO, for his alleged role in covering up a 2016 data breach. Professional observers say that he narrowly avoided going to prison because he was the first, and thus the rest of us should see this as a warning; however, it should be noted here that his $50,000 fine, significant costs of defending himself, and three years of probation are not going to help CISO stress levels.


This is compounded by the latest news from SolarWinds suggesting that executives there are likely to be held personally liable for their cyber security threats. Admittedly, as of now, there hasn’t been a specific legislation or regulation that would lead to the staff at SolarWinds being personally liable, but the legal and regulatory landscape is evolving, with discussions surrounding the accountability for cybersecurity incidents at the corporate leadership level expected to accelerate. In short, it can be deduced that around 50% of CISOs are expected to change career paths by 2025.


More imminently, in 2024, all of this will result in the lawyers and leaders representing major organisations paying much more attention to cyber and their D&O insurance. This shift will force closer attention and alignment with broader efforts to strengthen cyber defence mechanisms and ensure responsible management of cybersecurity risks within organisations, where failures in attention to detail could still result in jail time and other uncovered and personal liabilities. 


Key 2024 Takeaway: This concerns those in business leadership specifically. If your CISO is a true front-line CISO, they will be suffering, and if you have not already done so, then now is the time to reach out and offer support. Accountability needs to be shared, or you’re going to lose your CISO and find them hard to replace. The days of autonomous and isolated CISOs being ‘left to do the expert cyber stuff’ are over.

 

Budgets and Quantifying Risk and Return in Cyber Security

 

In a recent board and CISO report, supported by thorough survey work and conducted by the analyst firm, Cyentia, the topics and concerns mentioned by board members that were cited as the most critical and pressing fell at the bottom of the priority list for CISOs.


I was closely involved in the first of the series, and personally spoke to dozens of CISOs, all of whom assured me of their close relationship and good communication with the board. The 75 board members surveyed universally disagreed—one quote in particular spoke volumes: ‘Security has a seat at the table, but has nothing to say. We’re listening, but security mumbles.’


The board-side lack of appetite to resolve these differences was amplified by the fact that, at the time (2017-2018), cybercrime did not have the visibility that it has today, in which it is near-impossible to ignore, and, in their words, ‘there’s no chance of fines or personal liability for me’.


Looking at the spending side, there has been almost unconstrained growth in Cyber Budgets in the period 2010 to 2020, expanding across a wide range from 6% - 14% of the company’s annual IT budget, and averaging at 10%. This has grown during a period in which, while experts could recognise the growth in cybercrime activity, business leaders felt no need to get involved.


Arguably, budgets were parcelled out to CISOs largely to keep the problem at arm’s length, during a time at which, according to my own survey expertise, leaders were paying lip-service to cyber defence and regulation.


Meanwhile, the evolving and escalating nature of cyber threats has hit the radars of most business leaders. In 2020, the FBI declared a record level of activity, unbeknownst at the time that this remarkable increase would continue to accelerate.


As cybercrime has exploded in size and diversity since 2020, budgets have been reducing. This is a strange coincidence, with one theory being that IT leaders and CISOs have suddenly found themselves being asked to hold themselves accountable for a spend that, over the last 15 years, has been tech-vendor-led, uncontrolled, and indiscriminate. This has led to the pause-button being hit in order to better understand what we have, before choosing to add any further investment.


‘Indiscriminate’ may seem like a provocative turn of phrase here, but it covers the reduced accountability for clear outcomes than are associated with other spending categories of a similar size. In the apocryphal words of some CISOs, the more you spend, the more ‘nothing’ (referring to peace of mind) that you get. This is not usually a good enough business case for a CFO.


Key 2024 Takeaway: The security community has tried and failed to engage the Board with any impact. The security community has struggled to meaningfully capture the Board's attention. However, there's a promising shift towards a new archetype of business savvy CISOs who embrace the 'listen more, speak less' approach, skilfully blending rigorous discipline with the nuanced 'narrate with data' soft skills required. Despite these advancements, bridging the gap between cybersecurity and executive engagement remains a significant hurdle, and there is still a long way to go.


In 2024, CISOs must identify with the business, build security awareness, be credible and candid, and provide ‘pointed evidence’. KPIs for the board should be based on underlying core business initiatives supported by security products and processes in a ‘by design’ approach that places security as an unobtrusive yet solid foundation to business offerings and the platforms upon which they sit.


Conclusion


While I anticipate the eye-rolls toward the Warren Buffet quote with which I opened this article, I hope we can all agree that he is not known for his hyperbole. Rather, he is known for due diligence across a wide cross-section of businesses. I am assuming he will have seen first-hand the Board members squirming as the temperature rises.


2024 will be the year to finally consolidate, integrate, simplify, and operationalise shoulder-to-shoulder with business and IT leaders, who will at last take an active interest in cyber security, and expect CISOs to operate like business leaders, together.


The interest and active engagement of the board will be amplified by the extraordinary scale and frightening growth, not to mention evolution, of cybercrime.


Attention will also be sharpened by the promise of serious personal and professional liability, with material amounts of money, and a stronger likelihood of being affected, coming into view for even the most sceptical of naysayers.


It is still going to be about getting the basics right in 2024, as the profound changes outlined in this article necessitate a more fundamental redefinition of cybersecurity strategies at a cultural level, involving a wider demographic of more actively interested leaders and lawyers determined to support the more coherent and integrated execution of threat defence strategy.


At Cambridge Management Consulting, we are equipped with a Cyber Security practice, led by John Madelin, which can accelerate, optimise, and strengthen your cyber-infrastructure, and support you in staying ahead of these trends and developments.

About Cambridge Management Consulting


Cambridge Management Consulting (Cambridge MC) is an international consulting firm that helps companies of all sizes have a better impact on the world. Founded in Cambridge, UK, initially to help the start-up community, Cambridge MC has grown to over 150 consultants working on projects in 20 countries.


Our capabilities focus on supporting the private and public sector with their people, process and digital technology challenges.


For more information visit www.cambridgemc.com or get in touch below.

Contact - Africa

Subscribe to our insights

Blog Subscribe

Partner Spotlight: Faye Holland

by Faye Holland 11 July 2025
Today, we are proud to be spotlighting Faye Holland, who became Managing Partner at Cambridge Management Consulting for Client PR & Marketing as well as for our presence in the city of Cambridge and the East of England at the start of this year, following our acquisition of her award-winning PR firm, cofinitive. Faye is a prominent entrepreneur and a dynamic force within the city of Cambridge’s renowned technology sector. Known for her ability to influence, inspire, and connect on multiple fronts, Faye plays a vital role in bolstering Cambridge’s global reputation as the UK’s hub for technology, innovation, and science. With over three decades of experience spanning diverse business ventures, including the UK’s first ISP, working in emerging business practices within IBM, leading European and Asia-Pacific operations for a global tech media company, and founding her own business, Faye brings unparalleled expertise to every endeavour. Faye’s value in the industry is further underscored by her extensive network of influential contacts. As the founder of cofinitive, an award-winning PR and communications agency focused on supporting cutting-edge start-ups and scale-ups in tech and innovation, Faye has earned a reputation as one of the UK’s foremost marketing strategists. Over the course of a decade, she built cofinitive into a recognised leader in the communications industry. The firm has since been featured in PR Weekly’s 150 Top Agencies outside London, and has been named year-on-year as the No. 1 PR & Communications agency in East Anglia. cofinitive is also acknowledged as one of the 130 most influential businesses in Cambridge, celebrated for its distinctive, edge, yet polished approach to storytelling for groundbreaking companies, and for its support of the broader ecosystem. Additionally, Faye is widely recognised across the East of England for her leadership in initiatives such as the #21toWatch Technology Innovation Awards, which celebrates innovation and entrepreneurship, and as the co-host of the Cambridge Tech Podcast. Individually, Faye has earned numerous accolades. She is listed among the 25 most influential people in Cambridge, and serves as Chair of the Cambridgeshire Chambers of Commerce. Her advocacy for women in technology has seen her regularly featured in Computer Weekly’s Women in Tech lists, and recognised as one of the most influential women in UK tech during London Tech Week 2024 via the #InspiringFifty listing. Faye is also a dedicated mentor for aspiring technology entrepreneurs, having contributed to leading entrepreneurial programs in Cambridge and internationally, further solidifying her role as a driving force for innovation and growth in the tech ecosystem. If you would like to discuss future opportunities with Faye, you can reach out to her here .
Cambridge MC Falklands team standing with Polly Marsh, CEO of the Ulysses Trust, holding a cheque

The Ulysses Trust Receives £10,000 Donation from Cambridge Management Consulting

by Lucas Lefley 10 July 2025
From left to right: Tim Passingham, Tom Burton, Erling Aronsveen, Polly Marsh, and Clive Quantrill.
Long curving glass walkway looking out on a city. Image has a deep red tint and high contrast

Cambridge MC Achieves Platinum Status in a Leading UK Telecoms Consultancy Ranking

30 June 2025
Cambridge Management Consulting is delighted to announce that we have been recognised as a Platinum-level telecommunications consultancy in Consultancy.uk’s 2025 ‘Top Consulting Firms in the UK’ ranking. This achievement places us among an upper tier of telecommunications consultancies across the UK, reflecting our continued commitment to delivering exceptional expertise and results for our clients in this rapidly evolving sector. A Rigorous Assessment The Consultancy.uk ranking represents one of the most comprehensive evaluations of the UK’s consulting landscape, assessing over 1,400 firms across the country. This methodology combines extensive client feedback from more than 800 clients and peer reviews from over 3,000 consultants, alongside detailed capabilities assessments that examine the reputation of each firm, project track records, analyst benchmarks, industry recognitions, and thought leadership. Within the telecommunications sector specifically, over 500 consulting firms were evaluated, with only 50 qualifying as top players. The ranking system operates across five distinct levels – Diamond, Platinum, Gold, Silver, and Bronze; thus, Platinum status cements Cambridge MC as one of the most trusted, expert, and influential telecommunications consultancies in the UK. This recognition is particularly meaningful given the competitive nature of the UK’s telecommunications consulting market, where established global firms compete alongside specialist independents. Our Platinum ranking demonstrates that Cambridge MC has successfully established itself as a leading authority in telecommunications strategy, transformation, and innovation. Building on a Foundation of Success This latest accolade adds to Cambridge MC’s impressive collection of recent achievements and industry recognition. At The Consultancy Awards 2024, we were honoured to receive three awards, winning in every category for which we were nominated. These included: Digital Transformation: Acknowledging our project management of a multinational oil and gas company’s EV charging hub portfolio. Productivity Improvement & Cost Reduction: Celebrating our delivery of over £10m in savings for a major UK online retailer. Fastest Growing: Recognising our remarkable 30% revenue growth and expansion across new geographies. Beyond organisational achievements, our individual team members continue to earn recognition for their expertise and contributions. Zoë Webster, expert at Cambridge Management Consulting for AI, Digital & Innovation, was named among AI Magazine’s Top 10 AI Leaders in the UK & Europe. Furthermore, Craig Cheney, Managing Partner for Public Sector & Education, was made an Alderman of the City of Bristol, and Marvin Rees OBE, a member of our advisory board, was introduced to the House of Lords. Craig and Marvin were also co-founders of the Bristol City LEAP project, which recently received the World Economic Forum’s 2024 Award of Distinction for Public-Private Collaboration in Cities. This £1bn partnership between Bristol City Council and Ameresco UK represents a world-first initiative in sustainable urban development, demonstrating our capacity to deliver transformational projects with genuine societal impact. At the Forefront of Digital Infrastructure and TMT Our Platinum ranking in telecommunications specifically reflects Cambridge MC’s deep expertise across the full spectrum of Telecoms, Media & Technology (TMT) challenges. We work alongside TMT companies to optimise digital infrastructure and estates while delivering integrated cost reduction services that enhance procurement and contract management functions. Our capabilities span from digital transformation, procurement and network transformation to data centre optimisation and emerging technology integration. The telecommunications landscape continues to evolve rapidly, with exponential data growth, IoT deployment, and the infrastructure demands of generative AI driving substantial transformation in both virtual and physical infrastructure. Our team support organisations to stay afloat in this changing market, with a proven track record including managing over $5bn in client revenues, saving organisations over $2bn, and driving procurement transactions exceeding $5bn. Recent case studies demonstrate the breadth of our telecommunications expertise, from conducting technical due diligence for major investment decisions, to designing and procuring modern network solutions for leading academic institutions. Our work with the University of Bristol, helping them to complete their progressive Modern Network transformation, exemplifies our ability to navigate complex technical and commercial requirements, while delivering measurable outcomes. Looking Ahead As we celebrate this Platinum recognition, Cambridge MC remains committed to pushing the boundaries of what’s possible in telecommunications consulting. Ever since Tim Passingham founded Cambridge Management Consulting, to support telecommunications startups in the city of Cambridge, UK, our purpose has been to help clients make a better impact on the world. This mission drives everything we do, from individual product delivery to industry-wide transformation initiatives. This achievement belongs to our entire team of specialist practitioners who bring decades of hands-on experience to every engagement. As we continue to expand our capabilities and global reach, this recognition serves as both validation of our progress and motivation for the challenges ahead. Thank you to everyone who has joined us on this journey.
Wide angle photo of Pemrboke College on a sunny day

Tim Passingham Honoured as a Volunteer of the Year by Pembroke College, University of Cambridge

27 June 2025
Disclaimer: The text below was originally published on the Pembroke College website. Read the original post here to read the full article, including coverage of the award's other recipients, Duncan Rule and Ian Carry. 2025 Volunteers of the Year Announced Congratulations to Duncan Rule, Ian Carry and Tim Passingham (2022) whose contributions to Pembroke have been recognised in Pembroke’s Volunteer of the Year Awards for 2025. The award was introduced in 2022 to recognise not only the particular individuals who contribute their time and expertise for the benefit of the College and its community but also the value of volunteering itself. Duncan and Tim received their awards from the Master, Lord Smith of Finsbury, last week, with Ian set to receive his at the LEAP celebration event next term. Tim Passingham Since joining Pembroke as a William Pitt Fellow in 2022, Tim Passingham has become a highly valued member of the College community. A consistent supporter of the Corporate Partnership Programme, Tim has played a pivotal role in connecting students with real-world opportunities. Through his companies—Cambridge Management Consulting and partner firm edenseven—Tim has offered numerous internships to students on the LEAP programme, helping them build professional confidence and practical skills. Beyond internships, Tim and his team have supported LEAP students through reflective post-programme interviews, offering valuable feedback for both participants and the LEAP team. His impact is visible in many aspects of College life: from advisory work on the Milstein House sub-committee to generous support for Pembroke’s musicians, including the donation of a drum kit. Tim has also brought significant visibility to Pembroke within the wider Cambridge community. Under his leadership, the College was a key host during Cambridge Tech Week 2024, welcoming visitors for lectures, panels, and a Deep Tech Gala Dinner. Regularly using College spaces for high-profile meetings and team retreats, Tim has become a recognisable and influential figure around Pembroke—embodying the spirit of collaboration and innovation that the Corporate Partnership Programme aims to foster. On receiving this award, Tim said "when I was invested as a William Pitt Fellow in 2022, I stated that my desire was to give to the College and work hard to bring the worlds of Academia and Industry closer together. Since then, me and some of my team at Cambridge Management Consulting have supported numerous LEAP interns, sponsored our first PhD student at Pembroke, supported the CARA charity and initiative, supported the Mill Lane site programme, and given as much time and money as we have been able to support the Development Team and the growth of the College. I feel enormously honoured to receive this award which, for me, represents very much the beginning of a partnership which I hope will deepen and grow over many years to come. I look forward to the years ahead and to serving the College as we seek to continue to build on the incredible legacy of Pembroke by having a disproportionate impact for good on the world around us.”
A series of neon cubes in a line

Dealing with Disruptive Trends: How to Ensure Your Strategy Remains Relevant in a Period of Accelerating Change

by Mauro Mortali 23 June 2025
Disruption now occurs with unprecedented regularity, as industries are upended not by traditional competitors but by unexpected entrants wielding innovative technologies and business models.  The difference between thriving and becoming obsolete increasingly hinges on your organisation's ability to anticipate and adapt to disruption before it's too late. The Ur-case of this was Blockbuster, who ignored the threat of streaming technologies, and specifically Netflix (which it could have bought), until it was far too late to pivot and catch up. Our article explores how businesses can develop strategies that offer predictions and agility, embedding creativity and insight into frameworks and actionable steps that plot a course through the disruptive landscapes of the next few years and beyond. Understanding the Nature of Disruption Disruption is no longer just a buzzword — or the philosophy of ‘break things and move fast’ that drove the early tech start-ups that now dominate our waking lives. The theory of disruptive innovation, popularised by Harvard Business School professor Clayton Christensen, explains how new technologies, products, or services can start small but eventually surpass established offerings in existing markets[1]. This process typically begins when smaller companies with fewer resources challenge established or traditional businesses by addressing underserved market needs[5] in new ways; usually with business models that bypass normal routes to market and allow these companies to scale at pace. Recent examples include: fintech banks that challenge the need for brick-and-mortar; online over-the-top media applications that replace the need for print media and traditional broadcast television; digital media and the success of subscription models, replacing physical media for music, films and other forms of entertainment; and platform apps like Uber, which connect us to a fleet of independent drivers who are paid per ‘gig’ and regulated by a ratings system. Today's notion of disruption is characterised by several key features: Accelerated Pace of Change The pace of disruption has accelerated beyond anything previously seen, with transformative technologies reaching mainstream adoption faster than ever[15]. While it took decades for technologies like electricity and telephones to achieve mass adoption, modern innovations like smartphones and AI have transformed entire industries in just a few years. Cross-Industry Disruption Disruptive threats increasingly come from outside traditional industry boundaries. Companies must now monitor not only direct competitors but also adjacent industries and completely unrelated sectors where transferable innovations might emerge[15]. For example, tech giants have disrupted financial services, retail, healthcare, and automotive industries without prior experience in these sectors. Technology-Enabled Business Models Today's most powerful disruptions combine technological innovation with business model innovation. Examples include: Platform models: Uber revolutionised transportation by connecting riders and drivers through a user-friendly mobile app, utilising independent drivers who pay for their own vehicles for rapid scalability[1]. Subscription services: Netflix and Spotify transformed entertainment consumption by shifting from physical media to on-demand streaming with personalised algorithmic content recommendations[1]. Direct-to-consumer approaches: Tesla's direct sales model bypassed traditional dealership networks while integrating advanced electric vehicle technology and autonomous capabilities[1]. From Traditional to Adaptive Strategy Traditional strategic planning approaches — characterised by multi-year roadmaps and rigid implementation plans — have become increasingly inadequate in today's fast-moving business environment. We look at some of the challenges businesses now face below. The Limitations of Traditional Strategy Conventional strategies often fail because they: Assume relative stability in market conditions Take too long to develop and implement Lack flexibility to respond to unexpected changes Rely heavily on historical data to predict future outcomes The Adaptive Strategy Advantage Adaptive strategy, often described as the "Be Fast" approach, emphasises agility, experimentation, and continuous evolution[3]. This approach thrives in fluid industries with high uncertainty and a fast pace of change, such as technology, fashion, entertainment, and start-ups[3]. Organisations that embrace adaptive strategies gain significant advantages: Higher profitability: Companies ranking high in adaptability enjoy up to 75% higher profitability than their less adaptive counterparts[10]. Faster market response: Adaptive firms achieve approximately 60% faster time-to-market compared to traditional competitors[10]. Innovation capacity: The ability to experiment boldly and rapidly iterate creates an environment where breakthrough innovations are more likely to emerge[10]. Real-World Adaptive Strategy Success Consider Netflix's journey from DVD rental service to streaming giant to content producer. Rather than creating a 10-year plan, Netflix constantly evolved based on emerging technologies, customer preferences, and market opportunities. This adaptive approach allowed them to pivot whenever necessary while maintaining their core value proposition of convenient entertainment access[1]. A New Framework for Ensuring Strategy Relevance To maintain strategic relevance amid disruptive trends, companies need a systematic framework that balances stability with flexibility. Anticipate Disruption Through Trend Analysis Successful businesses identify potential disruptions before they manifest fully by monitoring Hard Trends — future certainties based on measurable facts[15]. These include demographic shifts, technological advancements, and regulatory changes that provide predictable directional guidance. For example, financial services firms that recognised the Hard Trend of increasing digital connectivity were better positioned to respond to the rise of mobile banking and fintech disruption. Build your Agility Organisational structures and processes must be designed to support rapid adaptation: Decentralised decision-making: Empower teams closest to customers and market changes to make decisions without lengthy approval chains[3]. Cross-functional collaboration: Break down silos between departments to enable faster information sharing and coordinated responses to change[3]. Agile methodologies: Adapt software development approaches like sprints, continuous integration, and iterative testing to broader business strategy[3]. Foster a Culture of Innovation Innovation cannot be an isolated function — it must permeate your entire organisation: Encourage experimentation: Create safe spaces for testing new ideas with minimal bureaucracy and fear of failure[3]. Customer-centric innovation: Ground innovation efforts in a deep understanding of customer needs rather than internal assumptions[14]. Structured innovation processes: Establish clear pathways for moving ideas from conception to implementation while maintaining flexibility[14]. KPIs that support innovation: For example, looking at the value of a portfolio of innovations rather than a specific innovation project. Leverage Data & Technology Data-driven insights provide a vital competitive advantage in your disruption response: Real-time market intelligence: Deploy advanced analytics to detect weak signals of change before they emerge fully-formed[3]. Predictive modelling: Use Agentic AI to identify patterns and forecast potential disruptions[2]. Digital transformation lifecycle: Invest in the necessary expertise and infrastructure to undertake on-going programmes of transformation — a big step, and potentially expensive, but it can help immunise your business against disruptive technologies and new models. Practical Implementation Steps Translating disruption awareness into effective action requires specific tactical approaches.
Neon 'Open' sign in business window

5 Questions to Help SMEs with Their Cyber Security

by Tom Burton 19 June 2025
SMEs make up 99% of UK businesses, three fifths of employment, over 50% of all business revenue, are in everyone's supply chain, and are exposed to largely the same threats as large enterprises. How should they get started with cyber security? Small and Medium sized Enterprises (SME) are not immune to the threat of cyber attacks. At the very least, if your business has money then it will be attractive to criminals. And even if you don’t have anything of value, you may still get caught up in a ransomware campaign with all of your data and systems made inaccessible. Unfortunately many SMEs do not have an IT team let alone a cyber security team. It may not be obvious where to start, but inaction can have significant impact on your business by both increasing risk and reducing the confidence to address new opportunities. In this article we outline 5 key questions that can help SMEs to understand what they need to do. Even if you outsource your IT to a supplier these questions are still relevant. Some can’t be delegated, and others are topics for discussion so that you can ensure your service provider is doing the right things, as well as understanding where their responsibilities stop and yours start. Q1: What's Important & Worth Defending Not everything needs protecting equally. In your personal life you will have some possessions that are dear to you and others that you are more laissez-faire about. The same applies to your digital assets, and the start point for any security plan needs to be an audit of the things you own and their importance to your business. Those ‘things’, or assets, may be particular types of data or information. For instance, you may have sensitive intellectual property or trade secrets; you may hold information about your customers that is governed by privacy regulations; or your financial data may be of particular concern. Some of this information needs to be protected from theft, while it may be more important to prevent other types of data from being modified or deleted. It is helpful to build a list of these assets, and their characteristics like the table below:
A heath-covered bay on the Falkland Islands

"I Am Safe": How Two Amateur Radio Enthusiasts Secretly Passed Messages During the Falklands War

by BFBS 14 June 2025
To acknowledge and celebrate the end of the Falklands war on 14 June 1982, we are publishing this story about the unlikely friendship of two amateur radio enthusiasts 8,000 miles apart that allowed more than 50 soldiers the opportunity to get messages home to their loved ones. Disclaimer: This story was originally brought to light by bfbs Forces News on 7 December 2022. Certain linguistic changes have been made in the subsequent article from Cambridge Management Consulting, but all of the information comes from the original article, written by Hannah King Ros Moore, which you can read here , and an accompanying video on their YouTube page, which we encourage you to watch . Between April and June 1982, Argentina and the United Kingdom engaged in a 10-week conflict which would come to be known as the Falklands War. Battling over the sovereignty of the Falkland Islands and its territorial dependency, South Georgia and the South Sandwich Islands, the conflict began with the invasion of the former by Argentina on 2 April, and ended with their ultimate surrender on 14 June – Falklands Liberation Day. During this time, more than 100 villagers were being held captive in a hall by the Argentinians for almost seven weeks, before being free on 29 May by 2 PARA, following a battle to take Goose Green. Eighteen British soldiers were sadly lost during this fight, but back at home their families had heard nothing since the soldiers set sail. That was until the unlikely friendship of two amateur radio enthusiasts 8,000 miles apart allowed more than 50 soldiers the opportunity to get messages home to their loved ones. Bob McLeod, a ham radio operator, had already made history by making the announcement to the world that the Falkland Islands had been invaded. However, in doing so, he had also drawn the attention of the Argentinians, who were quick to confiscate his equipment. Alan Bullock was the Forward Observation Officer of D Company, 2 PARA, and, while walking through the main street of Goose Green, spotted an antenna on a house belonging to Bob. Alan knocked on Bob’s door, “Hello… is there any chance you are a radio amateur?” “Yes… But the Argentinians took my transmitter and smashed it up.” Bob’s wife then suggested that they use his 50W amplifier that was safely hidden under the stairs. As Forward Observation Officer, Alan had his state-of-the-art at the time, military clansman radio, which, although only 20 watts for communicating over short distances, could be combined. In order to get messages back to the UK, Bob made contact with John Wright, a radio amateur in Oxford with whom he had been chatting to over the airwaves for many years. Together, Bob and John devised a cryptic code for their conversation and each transmitted on different frequencies, in case anyone was listening. John would be given a soldier’s phone number and short messages to pass on to his family. John said of the plan: “Normally amateur radio enthusiasts talk about their radio equipment, experiments they’re doing. “In this case, the communication was to pass family traffic which, under normal circumstances, isn’t allowed, but I threw caution to the wind and did what I could as quickly and clandestinely as possible.” Word quickly got around the troops and soon it wasn’t just D Company’s families Bob and John were contacting. Before long, there was a queue outside Bob’s door, with each message always the same: "I am safe." About BFBS BFBS is a pioneering military charity with a mission to entertain, inform, connect and champion the UK armed forces, their families and veterans. Our armed forces do a tough yet invaluable job, often working in extreme conditions – so BFBS believes they deserve our unfailing support. Find out more at: https://about.bfbs.com/ The Positive Impact of Telecommunications This story, and the combined initiative, intuition, and innovation between Allan Bullock, Bob McLeod and his wife, and John Wright, is testament to the transformative power of technology for forging connection and bringing optimism at times of difficulty, danger, and otherwise disconnect. This story is particularly inspiring for Cambridge Management Consulting as an organisation currently working hard to enhance the telecommunications and technology infrastructure of the Falkland Islands. For more information about how we are achieving this, you can read about our consultancy work on the Islands here , and the opening of Falklands IT here .
Orange and white spotlights on a purple stage

Partner Spotlight: Simon Crimp

by Jon Wilton 6 June 2025
Welcoming Simon Crimp Cambridge Management Consulting is delighted to welcome Simon Crimp as Managing Partner and Lead for our Digital Transformation practice. With more than 25 years of international technology leadership, Simon joins us at a pivotal moment as our clients seeking to drive meaningful change across their portfolios. His extensive experience spans hands-on technology operation and engineering, setting global technology strategy, and C-suite advisory, positioning him as a powerful asset for businesses navigating the next wave of digital innovation. Simon began his career in the demanding world of capital-markets technology, supporting trading floors at JP Morgan and managing service delivery across major exchanges. This early immersion laid the groundwork for a deep technical understanding and an ability to deliver resilient, high-availability systems in some of the world’s most high-pressure environments. His next chapter at Euronext LIFFE (now part of ICE Futures Europe) saw him rise through the ranks from service management to become Global Head of Systems Engineering. There, he was instrumental in delivering two state-of-the-art data centres and modern trading infrastructure, ensuring the reliability and resilience required by global financial markets. The next decade of Simon’s career took him to IG Group, where he led the transformation of infrastructure and operations on a global scale. As Head of Infrastructure & Operations and later Regional CTO and Global Head of Shared Technology Services, Simon architected IG’s pioneering hybrid cloud strategy, orchestrating seamless integration across AWS, Google Cloud, and multiple colocation facilities. He didn’t just modernise technology, he reshaped how teams operated, leading over 400 technologists across regions, managing a significant budget, and redesigning operating models to accelerate delivery while enhancing security and compliance. Notably, Simon developed IGs Security Operations and Cyber Defence function, further strengthening the company’s posture in a fast-evolving threat landscape. His versatility was clear during his tenure as Interim CEO and Head of the Japan Office, where he secured C-level buy-in for localisation and expansion into new markets. Before leaving IG in 2024 Simon developed the Data Strategy for the company and led build out of the Data and AI capability into GCP. Beyond his technical and commercial expertise, Simon has invested in leadership development, qualifying as an Executive Coach at Henley Business School. This enables him to drive not only digital transformation, but the cultural shifts essential for lasting impact. This helps organisations embed agile, product-focused ways of working alongside technology renewal. Reflecting on his decision to join Cambridge Management Consulting, Simon shares: “I’m really excited to get the opportunity to take 25 years of technology and organisational transformation across Finiancial Services and Fintech into new industries and markets. Cambridge MC has had great success since opening its doors, and I’m thrilled to be part of the leadership team that will drive the next phase of growth.” In this new role he will lead end-to-end digital transformation programmes — from initial vision and business case to execution and ongoing improvement. He will focus on orchestrating cloud-first, data and AI strategies, embedding modern operating models, guiding post-merger technology integration, and advising boards on security, compliance, and the adoption of emerging technologies. Whether your organisation is looking to modernise legacy estates, scale digital operations globally, or embed new ways of working, Simon Crimp and the Cambridge Management Consulting team are ready to help drive value at any stage of the programme. To connect with Simon and explore how he can support your digital transformation journey, reach out to us at info@cambridgemc.com or scrimp@cambridgemc.com
Murky gloom under the sea with light rays piercing from above

The Critical Role of Backhaul Management in Submarine Network Topology & Operations

by Andy Everest 28 May 2025
Introduction In today's interconnected world, submarine cable networks form the backbone of global communication, enabling the seamless exchange of data across continents. While these undersea cables are the epitome of engineering marvels, their effectiveness hinges not only on the ‘wet' network in the seabed, but also on the often-overlooked terrestrial network backhaul. The terrestrial backhaul — the infrastructure that connects submarine cable landing stations to inland data centres and networks — is as crucial as the submarine network itself. Proper management and handling of terrestrial backhaul partners is essential to ensure the optimal performance, cost-efficiency, and security of all submarine networks. The Vital Importance of Backhaul Management Submarine networks are only as strong as their weakest link, and the terrestrial backhaul is a pivotal link in this ecosystem. Without a well-designed and managed backhaul, even the most sophisticated submarine network can face inefficiencies, bottlenecks, and vulnerabilities.  Key reasons why managing terrestrial network backhaul partners is so critical include: Cost Optimisation Terrestrial backhaul costs constitute a significant portion of the total network expenditure. Poorly negotiated contracts or suboptimal supplier relationships can inflate operational costs, diminishing the overall profitability of submarine networks. Network Performance The design, quality, and reliability of terrestrial backhaul networks directly affect latency, throughput, and overall user experience. A poorly managed partner ecosystem can lead to performance degradation, affecting service delivery. Security and Risk Mitigation The terrestrial segment is often more vulnerable to physical and cyber threats compared to submarine cables. Effective partner management ensures that security measures are prioritised, and risks are mitigated. Scalability and Flexibility As data demands grow, submarine networks must scale effectively. Well-managed terrestrial backhaul partners enable seamless scaling and adaptability to meet changing requirements.
More posts