Cyber Security Predictions for 2024

John Madelin
Subscribe Contact us
John Madelin

“Cybercrime is the number one problem for mankind, and Cyberattacks are a bigger threat to humanity than nuclear weapons” - Warren Buffet

 

As we enter 2024, there are signs that the Cyber Security industry is teetering on the brink of a major transformation, culminating in a more coherent and business-involved approach which will ensure a better understanding and management of cyber risks.


Setting aside other associated factors for now, this metamorphosis is being fuelled by the astronomical rise in cybercrime that has been observable across the previous 3-5 years, turning it into a multi-trillion-dollar industry. The business leaders who missed this sudden rise in temperature, suddenly find themselves in boiling water.


These anticipated and imminent changes, accelerated by the lucrative and seemingly untouchable nature of cybercrime, will inevitably necessitate a more fundamental redefinition of cybersecurity strategies. The Dark Web’s explosion of sophisticated crime and the pivot from traditional crime streams, such as the illegal drug industry, to the high profit margins and low-risk profile of cybercrime is just too irresistible to a growing demographic. Between the intoxicating mix of easy money and apparent immunity, the appeal of cybercrime is reaching not only existing criminals, but new breeds.


This new era and new generation will force us to re-characterise what we mean by Cyber Security, as business leaders are set to thaw the icy divide between CISOs and the CIOs with whom they tend to work. This will push the industry into constructing a more deeply integrated and pervasive defence strategy overall.


However, this shift is not just about adopting new technologies; on the contrary, it amounts to a cultural revolution, and the associated liability, regulatory, maturity, quantification, integration, communication, and behavioural shifts in emphasis that are pulled into its current will be further catalysed by the growing ranks of ingenious cyber criminals and hackers at the gate, equipped to breach your defences with persistent creativity.


By now you may be thinking ‘wasn’t this a predictions article’? Yes, and so far I have tried to emphasise why the critical tactical actions that we begin today must be held to, not merely as piecemeal reactions to the cyber environment I have thus far outlined, but all the way to future proof. These tactical building-block priorities must become the planned foundations to support long-term resilience, we otherwise risk seeing the criminals melt into the dark web with our money and private data.


There’s a likelihood that absent vital improvements in our cyber defences, left by those still using old-school, gear-heavy, and fragmented defences, led by the autonomous and uncommunicative CISOs, those who fail to adapt will find themselves outmanoeuvred by the increasingly resourceful cybercriminals.


However, for those organisations in 2024 who recognise the gravity of the current climate and ingenuity of recent cybersecurity threats—and commit to more fundamental practices built into more IT and business integrated frameworks (which might also suggest a new breed of CISO)—the transition into 2025 is likely to be marked by a significant decrease in anxiety, and far more restful nights.


Traditional Technology Predictions for 2024


In this first section, we look at the more traditional, in-brief predictions for the gearheads, specifically falling within my Top 6 most pressing technology themes that will colour 2024:

 

Multi-Factor Authentication

 

Given how prevalent credentials are in attacks, we used to follow the rule of ‘Anything web-facing needs Multi-Factor Authentication (MFA)’. Now, in 2024, thanks to the cloud breaking into our legacy estate, our complete clarity on what exactly is being published to the web has become obscured. In 2024, the mantra must be changed to ‘everything needs MFA’, but this still has a long way to go.


Privileged Access Management

 

Since Privileged credentials are the holy grail for cybercriminals, these chinks in the armour need resolving urgently. This is exacerbated by the way in which responsibility for this resolution is spread across business units; tactical challenges can be resolved, but only if an appropriate leader, at an appropriate level, applies some pressure and urgency.


Systems are out-of-date, there are too many passwords, many of these are mismanaged, privileges themselves are too excessive, etc. In modern systems, the arrival of cloud multiplies these complexities, as does the expansion of responsibilities to third parties.


These systemic failings need to be addressed in 2024, and imminently. The way forward is a cross-functional emergency exercise, with a target to adopt and maintain serious discipline by this time next year.

 

Monitoring

 

You read that correctly—unbelievably, monitoring is much further behind than it needs to be as we move further into 2024, a fact that has somehow gone largely unnoticed.


This may be the reason why the cyber insurance industry weathered rough seas in 2020, and why we are now overwhelmed with high volumes of indiscriminate alerts.


We must improve basic log aggregation, normalisation, and correlations, through better IT integration. This reporting should be developed to enhance action, with a, perhaps uncomfortable, focus on more meaningful ‘one-ten-sixty’-style reporting.


With today’s current threat landscape, if the insurance losses are anything to go by, if your monitoring is not polished in 2024 then you can forget cyber insurance, as you can expect to suffer losses in 2024. 

 

Zero Trust

 

As a frequently misused and misunderstood phrase, it is important to establish a clear and consistent definition of what we mean by ‘Zero Trust’, first coined by Forrester’s John Kindervag many moons ago. The need for clarity is equally important to business leaders; they will expect quick intelligibility and relevance, or they will lose interest fast—and, for the first time in 2024, we need them seriously on board.


As you probably know, Kindervag’s core theme was to shift from the network’s ‘trust but verify’ model to ‘never trust but always verify’. This more cloud-ready mindset forces more emphasis on users, data, and devices across better segmented and more continuously monitored networks, also enhancing third-party risk management scenarios. Incremental steps in this direction, which reflect the need for more fundamental practices within more IT-integrated frameworks, can pay quick dividends in 2024.

 

AI Threats

 

I was reluctant to include this one, as I don’t believe that the use of AI either offensively or defensively will have a truly transformative effect on cyber defences in 2024/2025. I must, however, acknowledge that cybercriminals, who are after a quick win and are inherently street-smart, will use it to operate smarter and faster. At the very least, this will hopefully force companies to take care of their basics more effectively.


That being said, keeping an eye on AI is an increasingly critical aspect of security that is often overlooked, specifically the need to conduct regular, repeatable security testing of the AI technologies themselves. As the integration and use of AI tools becomes more pervasive, a new category is poised to become a bigger emphasis in 2024, one which continuously monitors AI systems for any unusual activities or anomalies, including tracking system performance and outputs.

 

IoT and OT (Complexity and Criticality)

 

Arguably, IoT is just more IP end points, which the networkers amongst you will be unphased by. I am using OT as shorthand (as many non-IT aware business leaders do) for ‘critical supply chain systems’. This amplification of the criticality of IoT as they continue to undertake more supply-chain functions suggests that we will need to distinguish which of them support critical business processes. In 2024, getting our arms around a near real-time and complex CMDB (the basic inventory of our IT estate), including this explosion of more integrated, more intelligent, and more mission-critical IP end points becomes of pressing concern. 


Conclusion


Some might argue that these predictions are a little basic, and you will have noted that I collected cloud and third party under ‘Zero Trust’, when arguably there is so much more to be said for both. However, I unapologetically remain of the opinion that, if we continue to build our infrastructure on sand, then we shouldn’t be surprised when it sinks.


A key theme in 2024, as we consider my predictions in the next section, is that we must first attack these ‘basic’ technical security categories in more meaningful ways before leaping into shinier, strategic topics that will remain moot if unsupported by solid foundations. 


What is Really Driving Change in 2024


The Business Sophistication of the Cyber-Criminal Fraternity


Cybercrime as a Service (CaaS) is an industry by which threat actors on the Dark Web sell their tools, expertise, and services to others, often in franchise or affiliate models.


Since the primary goal for such criminals is to make more money with less effort and less direct involvement, this exploding trend is a worrying, yet increasingly material, part of the criminal Dark Web. It is estimated that at least two thirds of ransomware, one of the largest categories of cybercrime, is conducted through a CaaS model (according to Cyber Resilience Insights).


There is a frightening level of organisation and sophistication with the roles, expertise, and infrastructure of these CaaS models that is making it easier for new entrants to subscribe to criminal franchises without the need for any technical or operational knowledge. Full-service CaaS operators will offer not only customer service to affiliates during ransomware campaigns, but they may also handle ransomware payments and decryption key access, for example.


The organisational sophistication of these franchisors is breathtaking, let alone their pricing and marketing capabilities. Operators such as Lockbit 2.0 offers guarantees on the speed of infection, not to mention service guarantees in recovery for those who pay the ransom.


In 2024 and beyond, his will continue to enable access to a wider demographic of new criminal profiteers in more resilient and integrated models that continue to evolve and improve with time and volume. More criminals will continue to exit lower profit and higher risk activities, such as people-trafficking and drugs, and move into cybercrime. 


Key 2024 Takeaway: This re-enforces the need to re-visit the basics; cyber activities will continue to be a volume game for the perpetrators. 

 

Visibility of Cybercrime to Non-Experts

 

Crime will become more visible, at last.


At the higher end of the size estimates for cybercrime are $10.5 trillion by 2027. Allowing for a certain amount of scepticism, even if we halve those numbers, the US Government estimates that IP theft alone now amounts to around $600 billion a year, suggesting that ‘trillions’ is now the sizing language for cybercrime.


It should be noted that this number is widely distributed across a wide variety of criminal activity. The criminal fraternity are not greedy, given that too much visibility raises risk levels from complete impunity to unnecessary minimum risk. Whilst, globally, 72.7% of all organisations fell prey to a ransomware attack in 2023 (Statista), too much of this goes unreported. Because it represents a huge volume of mid-level cash impact, it has been too fragmented for any single action to deliver any more attention-grabbing deathblows, but is instead amounting to a less visually compulsive ‘death by a thousand cuts’.


Attacks are becoming so widespread and persistent, as well as collectively reaching material levels from a wider demographic of criminals, and taking numerous variegated forms of profiteering (such as data theft, phishing, malware, ransomware, DDos), that the growth in visibility to the Boardroom will accelerate in 2024.


Key 2024 Takeaway: In the past, research has suggested that CISOs have gotten away with accepting ‘smile and wave’ feedback from the board. While that may have worked previously, this will now force security and IT leaders to be held more accountable in real terms in 2024, and we will see much sharper qualification and expectations from the Board in the coming year as a result.


Furthermore, this opportunity will not be lost on the more mature CISOs. They will use these almost absurdly unrealistic yet engaging and increasingly visible happenings to fuel strong anecdotal storytelling with board members, in order to catch and retain their attention.

 

Authorities will Continue to Turn Up the Heat on CISOs and Business Leaders

 

A recent set of straw polls from front-line incident response experts in 2023 suggested that between 70-90% of incidents are not disclosed and, in another significant proportion, ransoms are paid.


However, during July 2023, the Securities and Exchange Commission (SEC) in the US adopted rules requiring registrants to disclose any material cybersecurity incidents that they experience, and to disclose on an annual basis any information regarding their cybersecurity risk management, strategy, and governance.


For those breathing a sigh of relief that they do not work or reside within the US, the Commission has also adopted rules that effectively incorporate certain categories of foreign entity that pass a business contact or ownership test. These steps are expected to be adopted in Europe, and some of them have already been incorporated within the EU Cyber Resilience Act (CRA).


These new rules will require registrants to disclose any cybersecurity incident they determine to be significant enough on a formal reporting form, and to describe the aspects of the incident’s nature, scope, and timing, as well as its impact – or potential impact – on the registrant.


These changes will thus force a much closer relationship to develop with lawyers in 2024, who must be prepared for virtually real-time disclosure responsibilities and their impacts on personal and professional liabilities and fines. 


Key 2024 Takeaway: Disclosure warrants a significant amount of workload involving lawyers, regulators, clients, media, executive, and the board, not to mention all the paperwork around the crime scene and a host of behaviours affected by subject-to-privilege constraints.


With all of this in mind, it is even more important to run those tabletop exercises in 2024, and ensure that you have all of the internal help and flexible bench strength from a host of experts ready at hand.

 

Around 50% of CISOs will leave in 2024

 

Another recent survey has suggested that 94% of CISOs are affected by stress, and that, for 64%, these, stress levels are compromising their ability to do their job. The relentless barrage of incidents which consistently affect nights, weekends, and vacations, combined with the aggression with which such incidents are met from impatient work colleagues and business partners is traumatic enough, but it is increasingly becoming the norm for CISOs to be held personally liable.


Recent actions from the US Government display a growing practice of holding executives accountable for cybersecurity breaches. Notably, the US District Court in San Francisco brought criminal charges against Joe Sullivan, Uber’s former CISO, for his alleged role in covering up a 2016 data breach. Professional observers say that he narrowly avoided going to prison because he was the first, and thus the rest of us should see this as a warning; however, it should be noted here that his $50,000 fine, significant costs of defending himself, and three years of probation are not going to help CISO stress levels.


This is compounded by the latest news from SolarWinds suggesting that executives there are likely to be held personally liable for their cyber security threats. Admittedly, as of now, there hasn’t been a specific legislation or regulation that would lead to the staff at SolarWinds being personally liable, but the legal and regulatory landscape is evolving, with discussions surrounding the accountability for cybersecurity incidents at the corporate leadership level expected to accelerate. In short, it can be deduced that around 50% of CISOs are expected to change career paths by 2025.


More imminently, in 2024, all of this will result in the lawyers and leaders representing major organisations paying much more attention to cyber and their D&O insurance. This shift will force closer attention and alignment with broader efforts to strengthen cyber defence mechanisms and ensure responsible management of cybersecurity risks within organisations, where failures in attention to detail could still result in jail time and other uncovered and personal liabilities. 


Key 2024 Takeaway: This concerns those in business leadership specifically. If your CISO is a true front-line CISO, they will be suffering, and if you have not already done so, then now is the time to reach out and offer support. Accountability needs to be shared, or you’re going to lose your CISO and find them hard to replace. The days of autonomous and isolated CISOs being ‘left to do the expert cyber stuff’ are over.

 

Budgets and Quantifying Risk and Return in Cyber Security

 

In a recent board and CISO report, supported by thorough survey work and conducted by the analyst firm, Cyentia, the topics and concerns mentioned by board members that were cited as the most critical and pressing fell at the bottom of the priority list for CISOs.


I was closely involved in the first of the series, and personally spoke to dozens of CISOs, all of whom assured me of their close relationship and good communication with the board. The 75 board members surveyed universally disagreed—one quote in particular spoke volumes: ‘Security has a seat at the table, but has nothing to say. We’re listening, but security mumbles.’


The board-side lack of appetite to resolve these differences was amplified by the fact that, at the time (2017-2018), cybercrime did not have the visibility that it has today, in which it is near-impossible to ignore, and, in their words, ‘there’s no chance of fines or personal liability for me’.


Looking at the spending side, there has been almost unconstrained growth in Cyber Budgets in the period 2010 to 2020, expanding across a wide range from 6% - 14% of the company’s annual IT budget, and averaging at 10%. This has grown during a period in which, while experts could recognise the growth in cybercrime activity, business leaders felt no need to get involved.


Arguably, budgets were parcelled out to CISOs largely to keep the problem at arm’s length, during a time at which, according to my own survey expertise, leaders were paying lip-service to cyber defence and regulation.


Meanwhile, the evolving and escalating nature of cyber threats has hit the radars of most business leaders. In 2020, the FBI declared a record level of activity, unbeknownst at the time that this remarkable increase would continue to accelerate.


As cybercrime has exploded in size and diversity since 2020, budgets have been reducing. This is a strange coincidence, with one theory being that IT leaders and CISOs have suddenly found themselves being asked to hold themselves accountable for a spend that, over the last 15 years, has been tech-vendor-led, uncontrolled, and indiscriminate. This has led to the pause-button being hit in order to better understand what we have, before choosing to add any further investment.


‘Indiscriminate’ may seem like a provocative turn of phrase here, but it covers the reduced accountability for clear outcomes than are associated with other spending categories of a similar size. In the apocryphal words of some CISOs, the more you spend, the more ‘nothing’ (referring to peace of mind) that you get. This is not usually a good enough business case for a CFO.


Key 2024 Takeaway: The security community has tried and failed to engage the Board with any impact. The security community has struggled to meaningfully capture the Board's attention. However, there's a promising shift towards a new archetype of business savvy CISOs who embrace the 'listen more, speak less' approach, skilfully blending rigorous discipline with the nuanced 'narrate with data' soft skills required. Despite these advancements, bridging the gap between cybersecurity and executive engagement remains a significant hurdle, and there is still a long way to go.


In 2024, CISOs must identify with the business, build security awareness, be credible and candid, and provide ‘pointed evidence’. KPIs for the board should be based on underlying core business initiatives supported by security products and processes in a ‘by design’ approach that places security as an unobtrusive yet solid foundation to business offerings and the platforms upon which they sit.


Conclusion


While I anticipate the eye-rolls toward the Warren Buffet quote with which I opened this article, I hope we can all agree that he is not known for his hyperbole. Rather, he is known for due diligence across a wide cross-section of businesses. I am assuming he will have seen first-hand the Board members squirming as the temperature rises.


2024 will be the year to finally consolidate, integrate, simplify, and operationalise shoulder-to-shoulder with business and IT leaders, who will at last take an active interest in cyber security, and expect CISOs to operate like business leaders, together.


The interest and active engagement of the board will be amplified by the extraordinary scale and frightening growth, not to mention evolution, of cybercrime.


Attention will also be sharpened by the promise of serious personal and professional liability, with material amounts of money, and a stronger likelihood of being affected, coming into view for even the most sceptical of naysayers.


It is still going to be about getting the basics right in 2024, as the profound changes outlined in this article necessitate a more fundamental redefinition of cybersecurity strategies at a cultural level, involving a wider demographic of more actively interested leaders and lawyers determined to support the more coherent and integrated execution of threat defence strategy.


At Cambridge Management Consulting, we are equipped with a Cyber Security practice, led by John Madelin, which can accelerate, optimise, and strengthen your cyber-infrastructure, and support you in staying ahead of these trends and developments.

About Cambridge Management Consulting


Cambridge Management Consulting (Cambridge MC) is an international consulting firm that helps companies of all sizes have a better impact on the world. Founded in Cambridge, UK, initially to help the start-up community, Cambridge MC has grown to over 150 consultants working on projects in 20 countries.


Our capabilities focus on supporting the private and public sector with their people, process and digital technology challenges.


For more information visit www.cambridgemc.com or get in touch below.

Contact - Africa

Subscribe to our insights

Blog Subscribe

Red abstract architecture with a cloud passing through the square arch

Our View: New UK Government Guidance on Multi-Region Cloud & SaaS

by Tom Burton 27 March 2025
Well Intended Guidance Leaves more Questions than Answers The UK Government Digital Services – part of the Department for Science, Innovation and Technology – has recently published guidance for how the public sector should adopt a multi-region approach to cloud technology. At first sight this appears encouraging. Any unnecessary constraints on hosting arrangements (or any other non-functional requirements) reduce the available market of providers, constrain competition, and therefore inevitably reduce value for money. If parts of Government, whether central, regional or local, have felt that everything must be hosted in the UK then it makes sense to produce guidance that clarifies this perception and helps to open their options up. But for guidance to be useful it should guide. It should make it easier for people to take actions that they previously would have discounted. The guidance in this case, which at 1420 words is almost as short as this article, probably leaves the reader with more questions than answers. It may reveal some unknowns, but without increasing certainty. The Guidance in a Nutshell A summary of the guidance is as follows: Look wider than UK: Many cloud solutions may not offer UK hosting, particularly new innovative solutions that haven’t scaled up yet. Irrespective, their staff are likely to be distributed around the world if the service is supported 24/7. There may also be other benefits in looking wider than UK hosting, such as enabling better business continuity and disaster recovery options if the vendor only has one UK site. Get legal advice: Before you even consider a non-UK option you need to seek advice from your own legal advisors and your Data Protection Officer (DPO). Ensure compliance with ICO guidance: Before you even consider a non-UK option you need to check and make sure that any international transfer of personal data will be compliant with the Information Commissioner’s Office (ICO) guidance, and you should get further guidance from your own legal advice and DPO. Do a full review of vendor security: Before you even consider a non-UK option you need to make sure the vendor and solution are compliant with your own security policies. In a nutshell, it says: 'you should consider options outside of the UK but only if you have checked everything is legal and secure'. This seems to be verging on a statement of the obvious; the real difficulty in going offshore is covering all of the legal, regulatory and security compliance aspects. Adequacy is a Moment in Time On point 3, the guidance points out data protection compliance is easier if the country in question is considered by the ICO to be adequate – having equivalent regulations for data protection to the UK. Sound advice. But even this is not that simple. For instance, the USA is not considered adequate unless it is under an extension of the EU-US Data Privacy Framework. This framework is dependent on an Executive Order that the Biden administration put in place, and it is entirely possible that it will be revoked by the current administration. If such an action was taken, or if for any other reason the EU decides that adequacy is no longer met (also not unlikely given Herr Schrems has achieved this twice already and has stated he plans to challenge the DPF), then the vendor will no longer be considered compliant. Consideration is Far Wider than Residency Security is far wider than data residency though. This is where point 4 both states the obvious and understates the complexity. Managing risk in the supply chain is inherently difficult. Cloud providers, and particularly SaaS solutions, aggravate this challenge by an order of magnitude. By their nature they are solutions designed for a broad and varied range of customers. This means they will always involve compromise. If they tried to meet the most demanding requirements, they would price themselves out of the scale marketplace. If they went for the lowest common denominator, they would be unable to meet the requirements of the majority. An individual customer can rarely dictate a specific security requirement for themselves. They are also highly opaque. The vendor presents their service as a black box. The features delivered to the customer are defined, but much of the underlying design and the means the vendor uses to manage it in operation are hidden. This makes assessing the risk far more of a judgement call than when the design and delivery is conducted under your control. Depending on the supplier, and the leverage that the customer has over them, it may be possible to get some information and assurances; but the right questions need to be asked, and the answers need to be interpreted correctly. Third party certifications and audits, such as the ISO27000 series of standards or the SOC1, SOC2 and SOC3 reports, can also provide some additional assurances. But only the customer will be able to decide the extent to which they can mitigate the risk, and the confidence they have in the supplier to manage their own. This is a business decision informed by the specifics and nuances of the risks being considered. Summary It is important to minimise the non-functional requirements and keep an open mind about potential solutions and vendors. This includes looking wider than just the UK when national security requirements are not paramount. But this is not something that can be distilled onto a single sheet of A4 in any meaningful way. Yes, there are legal and regulatory issues that need to be reviewed. And geopolitical risk needs to be factored in, considering how you would respond to future external changes that are outside of the UK’s control. But from experience, the greatest challenge is getting comfortable that the vendor’s organisation and their solution have adequate security – this applies equally whether the solution is hosted in the UK or overseas. The SaaS world is opaque, and balances priorities across a broad and varied customer base. The public sector needs to increase its adoption of cloud and SaaS solutions to remain efficient and relevant, in the same way that the private sector has had to. But the route to responsible adoption is more nuanced, requiring candid conversations with suppliers, and ultimately an informed but subjective judgement by the customer’s leadership. Sources/Links: DSIT Guidance for Multi-region cloud and software-as-a-service ↩︎ ICO Guide to International Transfers ↩︎ Executive Order (E.O.)14086 of October 7, 2022, on Enhancing Safeguards for United States Signals Intelligence Activities ↩︎ Note: This article originally appeared on Tom Burton's personal blog at https://digility.net/insights/
Palace of Westminster at night

APPG Report Summary: 'Care to Connect: Public Switched Telephone Network (PSTN) Migration'

by Craig Cheney 25 March 2025
The Digital Communities All-Party Parliamentary Group (APPG) shared the ‘Care to connect: Public Switched Telephone Network (PSTN) Migration’ report with key parliamentarians on Monday at a launch meeting on Parliament Street. This report highlights key recommendations for managing the ongoing Public Switched Telephone Network (PSTN) migration, focusing on protecting vulnerable residents and ensuring effective solutions. Here are the major takeaways for local government and communication providers: Data-Sharing Agreements (DSAs) DSAs between communication providers (CPs), local authorities, and telecare providers are crucial for identifying vulnerable residents during the migration. Challenges include inconsistent responses from local authorities and fragmented approaches across CPs. The APPG recommends all local authorities and housing associations sign DSAs, regardless of progress in digital switchover, to promote uniformity and resident safety. Telecare Devices The sale of analogue telecare devices must end, as these can leave residents unsupported during the transition. The government, in collaboration with the TEC Services Association (TSA), should enforce higher standards (TEC Quality’s Quality Standards Framework) across the telecare industry to achieve robust digital migration practices. Financial support for local councils is critical to replace outdated telecare devices and prevent double costs. Battery Backup Solutions Existing guidance from Ofcom, requiring one-hour resilience for power cuts, is insufficient. The APPG recommends increasing power backup requirements to at least 4 hours in homes and 6 hours for fixed networks. Communication and energy providers must jointly create resilient power solutions, particularly for vulnerable residents reliant on telecare devices. A multi-sector priority service register should integrate communications and energy service protection for those at risk. Sunset of 2G and 3G Networks UK mobile network operators plan to stop supporting 2G and 3G networks by 2033, with some networks already switched off. There are cases where local authorities and residents have purchased telecare devices using 2G/3G SIM cards, as a lower-cost, interim solution — these devices will need to be replaced again, posing double replacement costs for local authorities and additional risks to residents. The government should stop the sale of analogue devices and accelerate efforts to prevent the redeployment of outdated telecare alarms. Summary We welcome these recommendations alongside the December 2023 PSTN Charter, the Telecare National Action Plan and the PSTN Non-voluntary Migration Checklist. The conclusions make it clear that coordination between local and central government, industry regulators (such as Ofcom and Ofgem), and communication providers (CPs), as well as significant investment in digital teams at a local level, are essential goals to ensure a safe and inclusive digital switchover for all vulnerable residents and telecare users. Read the full report here: https://digitalcommunities.inparliament.uk/care-to-connect-public-switch-telephone-network-migration-report About the APPG The Digital Communities APPG is a cross-party group of parliamentarians, with the aim to promote the delivery of digitally equipped places that support and foster a connected, healthy, and productive community. This includes the creation and maintenance of sustainable digital infrastructure, as well as providing residents with equal opportunity to thrive in a digital world. The LGA provides the secretariat to the APPG. Cambridge Management Consulting Our Public Sector and PSTN teams can help local councils and other public bodies by providing strategy, financial planning, procurement, and project management services to ensure that you have a comprehensive transition strategy and accurate financial costing for the PSTN switch-off. We can help you follow the recommendations in this report by completing a full audit, signing DSAs with CPs and most importantly, protecting vulnerable service users. Get in touch with Craig Cheney, Managing Partner and lead for Public & Education, to discuss a range of services which might suit your needs: ccheney@cambridgemc.com (or use the form below). Act now, before time and resources run out.
A hazy smog view across a city skyline

The Real Financial Cost of Scope 3 for Businesses

by Simon King 20 March 2025
What Do Your Scope 3 Emissions Have to Do with Inflation? Scope 3 emissions cover everything outside your direct operations —the carbon footprint of your supply chain, purchased goods, logistics, business travel, and more. The higher your Scope 3 emissions, the more energy-intensive your supply chain is. And the more energy-intensive your supply chain, the more vulnerable you are to rising costs. Think of it this way: High Production Costs- If your suppliers are heavily dependent on fossil fuels, their production costs are rising fast Price Volatility- If your supply chain lacks efficiency and resilience, price volatility will hit you harder Locking in High Costs- If you’re not actively engaging with suppliers to reduce emissions, you’re locking in long-term cost increases that could have been avoided Without accurate Scope 3 data and a clear engagement strategy , businesses are leaving themselves open to higher prices, lower margins, and greater financial risk . Why Businesses Struggle with Scope 3 A major challenge is that Procurement and Sustainability teams often operate in silos: Procurement teams focus on cost and supplier relationships but often lack deep sustainability expertise Sustainability teams focus on compliance and decarbonisation but aren’t typically measured on financial performance This disconnect means emissions reduction is rarely treated as a financial opportunity —when in reality, cutting carbon from your supply chain is also one of the most effective ways to reduce exposure to cost inflation. The Businesses That Get This Right Will Lower their Costs Leading organisations are already taking action. They are: Gathering detailed Scope 3 emissions data to map out cost risks in their supply chain Engaging suppliers to drive efficiency, reduce emissions, and lower costs Building resilience by shifting towards lower-carbon, more cost-stable alternatives The result? Lower long-term costs, reduced financial risk, and a competitive edge over those stuck with inefficient supply chains. This is not just about sustainability compliance —it’s about smart financial decision-making. If You’re Not Taking Action, You’re Losing Money Every business will feel the impact of rising supply chain costs—but not every business will be prepared for them. If you don’t have accurate Scope 3 emissions data and an effective engagement strategy, you are: Paying more than you need to for essential goods and services Exposing your business to long-term cost inflation Missing out on opportunities to build a stronger, more resilient supply chain The sooner you act, the better the outcome for your bottom line and the planet. Is your business ready to take control of its costs? Get in touch with Cambridge Management Consulting and edenseven today. About edenseven edenseven is the sustainability-focussed sister-company of Cambridge Management Consulting. We work with businesses across all sectors in multiple regions to deliver robust and deliverable net-zero strategies. The success of any strategy relies on its awareness of how changes in policy and subsidies can create both risks and opportunities for a business. If you are a business trying to enter a new market or evolving in an existing market and would like to learn more about how edenseven can support you, please get in touch with the team at edenseven at info@edenseven.co.uk or use the contact form below. Find out more about edenseven on their website: edenseven.co.uk

Customer Centricity: Leveraging Technology for Customer Satisfaction

by Daniel Fitzsimmons 13 March 2025
Peter Drucker wrote in his book The Practice of Management (1954) that ‘it is the customer who determines what a business is’. This sentiment still firmly holds true today, as consumers increasingly expect personalised shopping experiences from aspirational businesses that desire to have a positive impact on the community, country, or world in some way. Across this series of articles, Daniel Fitzsimmons explores the role of customer-centricity as a mechanism to support the delivery of superior customer experience and business profitability. In the first two articles in this Customer Centricity series, Daniel has established the foundations of what makes a truly customer-centric organisation, and how a business can be tailored towards ensured customer satisfaction. In the final article in the series, he takes this further to discuss how technological innovation can amplify these goals. Digital Transformation – Technology Acceptance Model (TAM) Technology is typically the most common interaction point for customers engaging with products, and is especially critical to the service industry. The banking industry has pioneered the digitalisation of services (Dube and Helkkula, 2015), with digital payment services and blockchain solutions. In a fiercely competitive environment, the creation of superior value requires increased insight into how customers experience value (Medberg and Heinonen, 2014). Value can be typically defined as the ‘consumers’ overall assessment of the utility of a product based on perceptions of what is received and what is given’ (Zeithma, 1988). This concept can be extended to a value definition in the following forms: Total Monetary Value – The amount a customer is prepared to pay for a product Perceived Use Value – Defined by a customer’s perception (utility) Exchange Value – Realised when the product is sold Value can be enhanced through digital capabilities, marking technology solutions, and digital marketing strategies to support user acceptance. Securing User Acceptance One compelling approach to understanding how users may engage with a new technology is the TAM model. The TAM model suggests that Perceived Usefulness (PU) and Perceived Ease of USE (PEOU), define how a user will interact with a new product or service, i.e. if the product usefulness and ease of use can be communication, barriers to adoption can be mitigated. When developing new customer solutions, mobilisation of the TAM model is the engagement of consumers in product development, and inclusion of then construct of ‘user intent’ to inform product ideation. Venkatesh et al. formulated the unified theory of acceptance and use of technology (UTAUT). This model was found to outperform other models (Adjusted R square of 69 percent), and is worthy of further investigation in terms of its ability to predict user acceptance of new technology solutions. Experimentation Technology should function as an enabling mechanism to support experimentation in the creation of products and services, and increased alignment with prospective customers. Experimentation, which from an engineering perspective represents ‘continuous improvement’, allows businesses to see what does and doesn’t resonate with target personas, iterating towards a value proposition that will drive superior customer engagement and subsequently an increased % of the customer wallet. Booking.com runs more than 1,000 tests simultaneously to fine tune its offering specific to a user profile, behaviours, and characteristics. Experimentation and the subsequent data generated provides a meaningful base from which to make decisions, thereby negating ‘strong opinions or the HiPPO mentality, which is often pervasive in organisations. For experimentation to be successful, leadership needs to create a culture of curiosity in the business, supported by organisational design and the psychological safety to try and fail. Digital continuity provides an exciting opportunity to enhance the customer voice in product development. Real time data availability provides instant insight into consumer preference, which can be used to support product development and increasingly personalised product offers. Through the experimentation cycle, digital prototypes can be rolled out quickly to support the product innovation cycle. For experimentation to be successful, customer requirements should be integrated into business operations to create an industry-aligned value proposition (Ohmae, 1988). Conclusion Throughout this three-part series, I have demonstrated the importance of customer-centricity as a critical way to ensure success. In this article specifically, I have covered how to leverage technology – a power that is already prevalent and constantly evolving – to best support this venture. Building upon the TAM model, technology can be used to facilitate enhanced customer satisfaction, consequently spurring innovation and growth.
Impressionist and colourful depiction of a man surfing a large wave

A Wave of Change: The Trafalgar Saints Surf Club in South Africa

by Naaz Bax 7 March 2025
Funds donated by Cambridge MC supplied some new equipment, including new boards.
Shelf stacked with gold awards that look like Oscars

Red is also the Colour of our Carpet: Recent Awards Won by Cambridge Management Consulting

by Lucas Lefley 4 March 2025
At Cambridge Management Consulting, we pride ourselves on building a consultancy practice that goes beyond traditional consulting. Our team is composed of specialist practitioners who have reached the pinnacle of their industries, bringing years—often decades—of hands-on experience to guide others in achieving exceptional results. This approach has established Cambridge MC as a consultancy powered by a network of diverse, proven expertise, consistently recognised for its impact and innovation. Our consultants and their work have been honoured with numerous accolades, reflecting the value we bring to our clients and industries. For example, Zoë Webster, an expert in AI, Digital & Innovation, was named one of AI Magazine’s Top 10 AI Leaders in the UK & Europe, celebrated as a pioneer reshaping industries and societies. Similarly, Craig Cheney, Managing Partner, Marvin Rees, Board Advisor, and David White, Associate, were recognised with a World Economic Forum Award for Public Private Collaboration for their contributions to the Bristol City Leap project. Craig Cheney was made an Alderman of the City of Bristol, acknowledging his eminent services to the city; and just recently, Marvin Rees OBE was introduced into the House of Lords. These achievements were further complemented by our success at the Consultancy Awards, where Cambridge MC proudly received awards in every category we were nominated for. The Consultancy Awards The Consultancy Awards, hosted annually by The Consultancy Growth Network, celebrate hard work, commitment, and innovation across the consultancy sector. Cambridge MC was honoured to receive three awards in recent years, recognising our contributions across key areas: Digital Transformation: For our project management of a multinational oil and gas company, coordinating the development of a portfolio of high-priority EV charging hub sites in major cities. Productivity Improvement / Cost Reduction: For delivering £10m in savings for a large UK online retailer in just 13 weeks, leveraging our expertise in procurement, contract, and vendor management. Fastest Growing: Celebrating our 30% growth in revenue, 100% increase in geographies, and doubling the profit we donate to charity to 12%.  These awards are a testament to our commitment to delivering exceptional results for our clients while contributing to the industries we serve. Celebrating Industry Excellence While receiving accolades is always an honour, the opportunity to give back to the industries that shaped us is equally rewarding. Cambridge MC has been privileged to sponsor and judge several prestigious awards, recognising the talent and innovation that drive progress across telecommunications, technology, and connectivity. ITP Telecoms Awards As Platinum Sponsors of the ITP Telecoms Awards, hosted by the Institute of Telecommunications Professionals, we celebrated the achievements of individuals and organisations making significant contributions to the digital industry. Tim Passingham, Founder & Chairman of Cambridge MC, presented the Engineer of the Year award to Mike Mawson, Head of Fibre Innovation at Hyperoptic, recognising his exceptional work in advancing telecommunications. Global Connectivity Awards The Global Connectivity Awards, held at the O2 in London, marked its 20th year of honouring innovation across 40 categories, from technology breakthroughs to regional achievements. Cambridge MC’s Managing Partner, Charles Orsel des Sagets, joined the panel of 30 impartial judges, bringing over 30 years of expertise in fintech, cybersecurity, and connectivity to evaluate the finalists. This event highlighted the ingenuity shaping the connectivity industry and provided a platform to celebrate its brightest minds. World Communication Awards The World Communication Awards, now in its 25th year, continues to recognise excellence across telecommunications. Naaz Bax, Senior Partner and Chief of Staff at Cambridge MC, served as a judge and presented the prestigious Woman in Telecoms Award. This category celebrated the achievements of brilliant women in the industry, with the award going to Josephine Sarouk, Managing Director of Bayobab Group, for her invaluable contributions to telecommunications. DCD>Global Awards The DCD>Global Awards, held at Grosvenor House in London, celebrated talent and achievement in the data centre and telecommunications industries. Duncan Clubb, Senior Partner for Data Centres, Edge & Cloud, brought his expertise to the judging panel, evaluating finalists in categories such as the Edge Data Center Project of the Year. This event showcased the transformative impact of innovation in data centre infrastructure and edge computing. A Legacy of Ingenuity The awards, events, and individuals highlighted here reflect the wealth of expertise, innovation, and achievement that define the consulting, telecommunications, and technology industries. At Cambridge MC, we are privileged to contribute to these industries, whether by delivering impactful projects, receiving accolades, or celebrating the achievements of others. As we look ahead, we remain committed to supporting and shaping the industries we serve, continuing to drive progress and innovation in the years to come.
Close up of a concrete office building with a neon tint

The Impact of the PSTN Switch-Off on Property: Act before Services Cease to Function

by Steven Boyd MBE 3 March 2025
In my discussions with building owners and occupiers about property technology, the conversation often centres on leveraging new technologies and existing data to enhance compliance, reduce costs and carbon emissions, and improve workplace experience. Many people in the property sector share a common concern around the quality of data currently held on their buildings. This gap in record-keeping could pose significant challenges as the UK's Public Switched Telephone Network (PSTN) is retired in early 2027.  PSTN is the analogue telephone network that carries voice and data over copper wires. This legacy infrastructure is becoming increasingly costly and difficult to maintain, and it is unable to handle the data demands of modern telecommunications. As a result, BT and other UK phone companies intend to withdraw PSTN services by the end of January 2027. Although records may not show it, many buildings rely on PSTN lines for critical services such as lift emergency calls, fire alarms, security systems, door entry monitoring and building management systems. Once PSTN is decommissioned, these services will cease to function without warning, potentially leading to safety compliance and security risks. To mitigate these risks, building owners should proactively assess their exposure before PSTN services are discontinued. Identifying and replacing existing PSTN connections with future-proofed, and potentially more cost-effective, digital solutions is essential for business continuity. Building occupiers should also seek assurances from their landlords regarding these transitions. At the Connected Britain Conference last year, the Minister of State for Data Protection and Telecoms, Sir Chris Bryant MP, highlighted the vital importance of digital infrastructure and cited the PSTN switch-off as a significant concern. BT recommends that its business customers act before the end of 2025. The transition to digital alternatives including testing and commissioning could take 6-9 months. A critical first step is to carry out an audit to identify systems that rely on PSTN. This audit should identify all devices connected to the PSTN, their locations, their functions, and upgrade options. I have been urging property owners and operators to develop and implement a programme of discovery and rectification as a priority. Without early and rigorous planning, the risks to safety, business continuity, and occupier experience are high. Also, as the switch-off date approaches, the costs of this work are very likely to increase significantly. Cambridge Management Consulting has a team of PSTN experts, who can identify existing PSTN-based systems, procure replacement solutions and migrate your services, as well as identifying and implementing cost reduction strategies that become possible through the transition to digital solutions. We can also ensure your organisation avoids the risks to compliance, security and occupier experience when PSTN services are withdrawn as well as reaping the long-term benefits of going digital.
Criss-cross of Green Spotlights on a Stage

Partner Spotlight: Darren Sheppard

by Lucas Lefley 28 February 2025
At Cambridge Management Consulting, we place just as much emphasis on the growth and development of our in-house industry experts and professionals, as the businesses and organisations that they work with. We do not hire consultants; we hire genuine practitioners with hands-on, demonstrable real-world experience – but we also make sure that doesn’t stop at the door. We ensure that our consultants get as much out of our partnerships and business ventures as our customers do. One of our consultants who has experienced this growth and progression first hand is Darren Sheppard, recently made a Senior Partner for Contract Management & Digital Transformation. In this article, we are shining a spotlight on Darren’s numerous career highlights with Cambridge Management Consulting, including the delivery of multiple successful projects and award-winning cost saving programmes. Darren Sheppard With nearly 30 years of experience, Darren began his career as a collections agent, underwriter, and later a Credit Risk and Collections Manager for 20th Century Fox. Since then, Darren has occupied numerous senior consulting and senior management roles across Finance, Operations, Sales/Business Development and Commercial/Contract Management for major telecommunications companies such as T-Mobile, EE and BT. After establishing his own consultancy business, he was engaged by Sovereign Business Integration Group as Group Director of Operations. Darren joined Cambridge MC in 2021 as a Partner to lead our Digital Contract & Service Management practice. Since then, he has delivered multiple complex and successful programmes for numerous high-profile clients and customers. Throughout his career, his positions have seen him responsible for setting and delivering the strategy of each organisation, be it driving partner growth, managing stakeholder relationships, coordinating go-to-market, operations, and commercial management. Contract Management, FTSE250 Financial Services Provider In 2021, Darren began a programme with a FTSE250 financial services provider specialising in trading solutions to support the transition of two of their financial derivatives trading platform businesses. Throughout this, Darren was responsible for reviewing the TSA document and all associated Vendor Contracts, negotiating with the vendors on a continuation and/or transfer of agreement post-closure and throughout the term of the TSA. Due to his proficiency, Darren and the team were able to deliver this TSA programme six months early and significantly under budget. You can read more about this project here . Following the success of Darren’s work, this financial services provider continued to engage Cambridge MC to support their Strategic Partnerships & Commercial Management. In reviewing their current processes and modernising as appropriate, together with assessing strategic supplier contracts to align their KPIs with business goals, Darren helped to establish a set of processes to help his client reach their business goals. Deputy COO, Management Consultancy Between the summers of 2022 and 2023, Darren occupied the role of Deputy Chief Operating Officer for a management consultancy, overseeing strategic planning, project management, and operational efficiency initiatives. During this time, Darren designed and implemented a lifecycle workflow for managing engagements, ensured effective contracting, and successfully delivered the implementation of ISO 27001 standards. COO, Environmental Air Quality Monitoring Alongside the above interim role, Darren was engaged to occupy the role of COO for IKNAIA, an environmental air quality monitoring organisation, of which the CEO was originally forced to occupy both C-Suite positions. In this role, Darren managed day-to-day operations, elevated the leadership team, and oversaw all operational aspects of company strategy. Throughout this time, Darren has helped them to overcome limited capital, streamline operational efficiency, and re-prioritise their pipeline. Finally, he supported the successful divestment of the company, carefully balancing the interests of stakeholders, he ensured that the deal structure was both fair and beneficial, delivering long-term value to the acquiring organisation while safeguarding the interests of the employees, investors, and clients. Ultimately, his efforts achieved a transaction that positioned the company for continued success under new ownership. You can read more about this work here . Cost Reduction, Online Retailer In early 2023, Darren supported a large UK online retailer through a downsizing exercise and the changes in demand and expenditure which came with it. By performing a deep dive on all vendor contracts, establishing priority saving areas and engaging in supplier negotiations, Darren and the team were able to deliver £10m of savings on an addressable budget of £85m, in just thirteen weeks. This programme was later nominated for and won an award at the Consultancy Awards 2024 in their Productivity Improvement/Cost Reduction category. Due Diligence, Wholesale Networks Provider Darren’s next programme involved conducting commercial due diligence for a wholesale networks provider, working with their investors to review the feasibility of investing in a company specialising in telecoms software. This saw him evaluate their business model, examine the software’s features to identify any intellectual property and patents, and assess the business’ risk register to ensure that it was future-proofed. Darren’s due diligence work and focus led to the successful acquisition of the company. Vendor Performance Management, Russell-Group University For a prestigious academic institution, Darren conducted Vendor Performance Management and Service Performance Management, assessing their current performance delivery in order to identify areas where improvement was needed. During this time, Darren was responsible for all of the Vendor Performance for their three Modern Network Vendors, analysing data to identify areas for improvement, developing a communication plan, and presenting a negotiation strategy to the university. Get in Touch Across all of these projects and programmes, Darren has leveraged his commercial, contract management and vendor negotiation capabilities to streamline and strengthen each organisation he has supported. For more information on how Darren can optimise your business, contact him using the form below.
A neon eye projected on a computer screen in 3d

Should AI Appreciate its own Ignorance?

by Tom Burton 26 February 2025
Since the origins of the quest for artificial intelligence (AI), there has been a debate about what is unique to human intelligence and behaviour and what can be meaningfully replicated by technology. In this article we discuss these arguments and the ramifications of 'ignorance' as it is expressed by current AI models. To what Extent can Artificial Intelligence Match or Surpass Human Intelligence? This article approaches the question of artificial intelligence by posing philosophical questions about the current limitations in AI capabilities and whether they could have significant consequences if we empower those agents with too much responsibility. Two recent podcast series provide useful and comparative insights into both the current progress towards Artificial General Intelligence (AGI) and the important role of ignorance in our own cognitive abilities. The first is Season 3 of 'Google DeepMind: The Podcast”, presented by Hannah Fry, which describes the current state of art in AI. The second is Season 2 of the BBC's 'The Long History of… Ignorance' presented by Rory Stewart, which explores our own philosophical relationship with ignorance. A Celebration of Ignorance Rory Stuart’s podcast is a fascinating exploration of the value that we gain from ignorance. It is based on the thesis that ignorance is not just the absence of intelligence. It feeds humility and is essential to the most creative endeavours that humans have achieved. To ignore ignorance, is to put complex human systems, such as government and society, into peril. The key question we pose is whether or not current AI appreciates its ignorance. That is, can it recognise that it doesn’t know everything. Can AI embrace, respect and correctly recognise its own ignorance: meaning it doesn’t just learn through hindsight but becomes wiser; and is fundamentally influenced, when it makes decisions and offers conclusions, that it is doing so from a position of ignorance. The Rumsfeldian Trinity of Knowns The late Donald Rumsfeld is most popularly remembered for his theory of knowns. He described that there are the things we know we know; things we known we don’t know; and things we don’t know we don’t know. Stewart makes multiple references to this in his podcast. At the time that Rumsfeld made the statement it was widely reported as a blunder—as a statement of the blindingly obvious. Since then, the trinity of knowns has entered the discourse of a variety of fields and is widely quoted and used in epistemological systems and enquiries. Let us take each in turn, and consider how AI treats or understands these statements. Understanding our 'known knowns' is relatively easy. We would suggest that current AI is better than any of us at knowing what it knows We also put forward that 'known unknowns' should be pretty straightforward for AI. If you ask a human a question, and they don't know the answer, it is easy to report this an an unknown. In fact, young children deal with this task without issue. AI should also be able to handle this concept. Both human and artificial intelligence will sometimes make things up when the facts to support an answer aren’t known, but that should not be an insurmountable problem to solve. As Rumsfeld was trying to convey, it is the final category of 'unknown unknowns' that tends to pose a threat. These are missing facts that you cannot easily deduce as missing. This includes situations where you have no reason to believe that 'something' (in Rumsfeld's case, a threat) might exist. It is an area of huge misunderstandings in human logic and reasoning; such as accepting that the world is flat because nobody has yet considered that it might be spherical. It is expecting Isaac Newton to understand the concept of particle physics and the existence of the Higgs boson when he theorises about gravity. Or following one course of action because there was no reason to believe that there might be another available: all evidence in my known universe points to Plan A, so Plan A must be the only viable option. In experiments with ChatGPT, there is good reason to believe that it can be humble; that it recognises it doesn’t know everything. But the models seem far more focused on coping with 'known unknowns' than recognising the existence of 'unknown unknowns'. When asked how it handles unknown unknowns, it explained that it would ask clarifying questions or acknowledge when something is beyond its knowledge. These appear to be techniques for dealing with known unknowns and not unknown unknowns. The More we Learn, the More we Understand How Much we Don’t Know Through early life, in our progression from childhood to adulthood, we are taught that the more you know and understand, the more successful you will be. Not knowing a fact or principle was not something to be proud of, and should be addressed by learning the missing knowledge and followed by learning even more to avoid failure in the future. In education we are encouraged to value knowledge more than anything else. But as we get older, we learn with hindsight from the mistakes we have made from ill-informed decisions. In the process, we become more conscious of how little we actually know. If AI in its current form does not appreciate or respect this fundamental concept of ignorance, then we should ask what flaws might exist in its decision-making and reasoning? The Peril of Hubris To feel that we can understand all aspects of a complex system is hubris. Rory Stewart touches on this from his experience in government. It is a fallacy to believe that we should be able to solve really difficult systemic problems just by understanding more detail and storing more facts about the characteristics of society. As Stewart notes, this leads to brittle, deterministic solutions based on the known facts with only a measure of tolerance for the 'known unknowns'. Their vulnerability to the 'law of unintended consequences' is proven repeatedly when the solution is found fundamentally flawed because of facts that were never, and probably could never be, anticipated. These unknown unknowns might be known elsewhere, but remain out of sight to the person making the decision. Some unknown unknowns might be revealed, by speaking to the right experts or with the right lines of enquiry. However, many things are universally unknown at any moment in time. There are laws of physics today that were unknown unknowns to scientists only few decades previously. The Basis of True Creativity Stewart dedicates an entire episode to ignorance’s contribution to creativity, bringing in the views and testaments of great artists of our time, like Antony Gormley. If creativity is more than the incremental improvement of what has existed before, how can it be possible without being mindful of the expanse of everything you don’t know? This is not a new theory. If you search for “the contribution that ignorance makes to human thinking and creativity” you will find numerous sources that discuss it, with references ranging from Buddhism to Charles Dickens. Stewart describes Gormley’s process of trying to empty his mind of everything in order to set the conditions for creativity. Creativity is vital to more than creating works of art. It is an essential part of complex decision-making. We use metaphors like 'brainstorming or blue sky thinking' to describe the state of opening your mind and not being constrained by bias, preconception or past experience. This is useful, not just to come up with new solutions, but also to 'war game' previously unforeseen scenarios that might present hazards to those solutions. What would you Entrust to a Super-Genius? So, if respecting and appreciating our undefined and unbounded ignorance is vital to making good and responsible decisions as humans, where does this leave AI? Is AI currently able to learn from hindsight – not just learn the corrected fact, but learn from the very act of being wrong? In turn, from this learning, can it be more conscious of its shortcomings when considering things with foresight? Or are we creating an arrogant super-genius unscarred by its mistakes of the past and unable to think outside the box? How will this hubris affect the advice it offers and the decisions it takes? What if we lived in a village where the candidates for leader were a wise, humble elder and a know-it-all? The wise elder had experienced many different situations, including war, famine, joy and happiness; they have improvised solutions to problems that they have faced in the past, and have learnt in the process that a closed mind stifles creativity; they knew the mistakes they had made, and therefore knew their eternal limitations. The village 'genius' was young and highly educated, having been to the finest university in the land. They knew everything ever written in a book, and they were not conscious of making a bad decision. Who would you vote for to be your leader? Conclusion The concepts described here are almost certainly being dealt with by teams at Google DeepMind and the other AI companies. They shouldn’t be insurmountable. The current models may have a degree of caution built into them to damp the more extreme enthusiasm. But I’d argue that caution when making decisions based on what you know is not the same as creatively exploring the 'what if' scenarios in the vast expanse of what you don’t know. We should be cautious of the advice we take from these models and what we empower them to do—until we are satisfied that they are wise and creative as well as intelligent. Some tasks don’t require wisdom or creativity, and we can and should exploit the benefits that these technologies bring in this context. But does it take both qualities to decide which ones do? We leave you with that little circular conundrum to ponder.
More posts
Share by: