Cyber Security Predictions for 2024

John Madelin
Subscribe Contact us
John Madelin

“Cybercrime is the number one problem for mankind, and Cyberattacks are a bigger threat to humanity than nuclear weapons” - Warren Buffet

 

As we enter 2024, there are signs that the Cyber Security industry is teetering on the brink of a major transformation, culminating in a more coherent and business-involved approach which will ensure a better understanding and management of cyber risks.


Setting aside other associated factors for now, this metamorphosis is being fuelled by the astronomical rise in cybercrime that has been observable across the previous 3-5 years, turning it into a multi-trillion-dollar industry. The business leaders who missed this sudden rise in temperature, suddenly find themselves in boiling water.


These anticipated and imminent changes, accelerated by the lucrative and seemingly untouchable nature of cybercrime, will inevitably necessitate a more fundamental redefinition of cybersecurity strategies. The Dark Web’s explosion of sophisticated crime and the pivot from traditional crime streams, such as the illegal drug industry, to the high profit margins and low-risk profile of cybercrime is just too irresistible to a growing demographic. Between the intoxicating mix of easy money and apparent immunity, the appeal of cybercrime is reaching not only existing criminals, but new breeds.


This new era and new generation will force us to re-characterise what we mean by Cyber Security, as business leaders are set to thaw the icy divide between CISOs and the CIOs with whom they tend to work. This will push the industry into constructing a more deeply integrated and pervasive defence strategy overall.


However, this shift is not just about adopting new technologies; on the contrary, it amounts to a cultural revolution, and the associated liability, regulatory, maturity, quantification, integration, communication, and behavioural shifts in emphasis that are pulled into its current will be further catalysed by the growing ranks of ingenious cyber criminals and hackers at the gate, equipped to breach your defences with persistent creativity.


By now you may be thinking ‘wasn’t this a predictions article’? Yes, and so far I have tried to emphasise why the critical tactical actions that we begin today must be held to, not merely as piecemeal reactions to the cyber environment I have thus far outlined, but all the way to future proof. These tactical building-block priorities must become the planned foundations to support long-term resilience, we otherwise risk seeing the criminals melt into the dark web with our money and private data.


There’s a likelihood that absent vital improvements in our cyber defences, left by those still using old-school, gear-heavy, and fragmented defences, led by the autonomous and uncommunicative CISOs, those who fail to adapt will find themselves outmanoeuvred by the increasingly resourceful cybercriminals.


However, for those organisations in 2024 who recognise the gravity of the current climate and ingenuity of recent cybersecurity threats—and commit to more fundamental practices built into more IT and business integrated frameworks (which might also suggest a new breed of CISO)—the transition into 2025 is likely to be marked by a significant decrease in anxiety, and far more restful nights.


Traditional Technology Predictions for 2024


In this first section, we look at the more traditional, in-brief predictions for the gearheads, specifically falling within my Top 6 most pressing technology themes that will colour 2024:

 

Multi-Factor Authentication

 

Given how prevalent credentials are in attacks, we used to follow the rule of ‘Anything web-facing needs Multi-Factor Authentication (MFA)’. Now, in 2024, thanks to the cloud breaking into our legacy estate, our complete clarity on what exactly is being published to the web has become obscured. In 2024, the mantra must be changed to ‘everything needs MFA’, but this still has a long way to go.


Privileged Access Management

 

Since Privileged credentials are the holy grail for cybercriminals, these chinks in the armour need resolving urgently. This is exacerbated by the way in which responsibility for this resolution is spread across business units; tactical challenges can be resolved, but only if an appropriate leader, at an appropriate level, applies some pressure and urgency.


Systems are out-of-date, there are too many passwords, many of these are mismanaged, privileges themselves are too excessive, etc. In modern systems, the arrival of cloud multiplies these complexities, as does the expansion of responsibilities to third parties.


These systemic failings need to be addressed in 2024, and imminently. The way forward is a cross-functional emergency exercise, with a target to adopt and maintain serious discipline by this time next year.

 

Monitoring

 

You read that correctly—unbelievably, monitoring is much further behind than it needs to be as we move further into 2024, a fact that has somehow gone largely unnoticed.


This may be the reason why the cyber insurance industry weathered rough seas in 2020, and why we are now overwhelmed with high volumes of indiscriminate alerts.


We must improve basic log aggregation, normalisation, and correlations, through better IT integration. This reporting should be developed to enhance action, with a, perhaps uncomfortable, focus on more meaningful ‘one-ten-sixty’-style reporting.


With today’s current threat landscape, if the insurance losses are anything to go by, if your monitoring is not polished in 2024 then you can forget cyber insurance, as you can expect to suffer losses in 2024. 

 

Zero Trust

 

As a frequently misused and misunderstood phrase, it is important to establish a clear and consistent definition of what we mean by ‘Zero Trust’, first coined by Forrester’s John Kindervag many moons ago. The need for clarity is equally important to business leaders; they will expect quick intelligibility and relevance, or they will lose interest fast—and, for the first time in 2024, we need them seriously on board.


As you probably know, Kindervag’s core theme was to shift from the network’s ‘trust but verify’ model to ‘never trust but always verify’. This more cloud-ready mindset forces more emphasis on users, data, and devices across better segmented and more continuously monitored networks, also enhancing third-party risk management scenarios. Incremental steps in this direction, which reflect the need for more fundamental practices within more IT-integrated frameworks, can pay quick dividends in 2024.

 

AI Threats

 

I was reluctant to include this one, as I don’t believe that the use of AI either offensively or defensively will have a truly transformative effect on cyber defences in 2024/2025. I must, however, acknowledge that cybercriminals, who are after a quick win and are inherently street-smart, will use it to operate smarter and faster. At the very least, this will hopefully force companies to take care of their basics more effectively.


That being said, keeping an eye on AI is an increasingly critical aspect of security that is often overlooked, specifically the need to conduct regular, repeatable security testing of the AI technologies themselves. As the integration and use of AI tools becomes more pervasive, a new category is poised to become a bigger emphasis in 2024, one which continuously monitors AI systems for any unusual activities or anomalies, including tracking system performance and outputs.

 

IoT and OT (Complexity and Criticality)

 

Arguably, IoT is just more IP end points, which the networkers amongst you will be unphased by. I am using OT as shorthand (as many non-IT aware business leaders do) for ‘critical supply chain systems’. This amplification of the criticality of IoT as they continue to undertake more supply-chain functions suggests that we will need to distinguish which of them support critical business processes. In 2024, getting our arms around a near real-time and complex CMDB (the basic inventory of our IT estate), including this explosion of more integrated, more intelligent, and more mission-critical IP end points becomes of pressing concern. 


Conclusion


Some might argue that these predictions are a little basic, and you will have noted that I collected cloud and third party under ‘Zero Trust’, when arguably there is so much more to be said for both. However, I unapologetically remain of the opinion that, if we continue to build our infrastructure on sand, then we shouldn’t be surprised when it sinks.


A key theme in 2024, as we consider my predictions in the next section, is that we must first attack these ‘basic’ technical security categories in more meaningful ways before leaping into shinier, strategic topics that will remain moot if unsupported by solid foundations. 


What is Really Driving Change in 2024


The Business Sophistication of the Cyber-Criminal Fraternity


Cybercrime as a Service (CaaS) is an industry by which threat actors on the Dark Web sell their tools, expertise, and services to others, often in franchise or affiliate models.


Since the primary goal for such criminals is to make more money with less effort and less direct involvement, this exploding trend is a worrying, yet increasingly material, part of the criminal Dark Web. It is estimated that at least two thirds of ransomware, one of the largest categories of cybercrime, is conducted through a CaaS model (according to Cyber Resilience Insights).


There is a frightening level of organisation and sophistication with the roles, expertise, and infrastructure of these CaaS models that is making it easier for new entrants to subscribe to criminal franchises without the need for any technical or operational knowledge. Full-service CaaS operators will offer not only customer service to affiliates during ransomware campaigns, but they may also handle ransomware payments and decryption key access, for example.


The organisational sophistication of these franchisors is breathtaking, let alone their pricing and marketing capabilities. Operators such as Lockbit 2.0 offers guarantees on the speed of infection, not to mention service guarantees in recovery for those who pay the ransom.


In 2024 and beyond, his will continue to enable access to a wider demographic of new criminal profiteers in more resilient and integrated models that continue to evolve and improve with time and volume. More criminals will continue to exit lower profit and higher risk activities, such as people-trafficking and drugs, and move into cybercrime. 


Key 2024 Takeaway: This re-enforces the need to re-visit the basics; cyber activities will continue to be a volume game for the perpetrators. 

 

Visibility of Cybercrime to Non-Experts

 

Crime will become more visible, at last.


At the higher end of the size estimates for cybercrime are $10.5 trillion by 2027. Allowing for a certain amount of scepticism, even if we halve those numbers, the US Government estimates that IP theft alone now amounts to around $600 billion a year, suggesting that ‘trillions’ is now the sizing language for cybercrime.


It should be noted that this number is widely distributed across a wide variety of criminal activity. The criminal fraternity are not greedy, given that too much visibility raises risk levels from complete impunity to unnecessary minimum risk. Whilst, globally, 72.7% of all organisations fell prey to a ransomware attack in 2023 (Statista), too much of this goes unreported. Because it represents a huge volume of mid-level cash impact, it has been too fragmented for any single action to deliver any more attention-grabbing deathblows, but is instead amounting to a less visually compulsive ‘death by a thousand cuts’.


Attacks are becoming so widespread and persistent, as well as collectively reaching material levels from a wider demographic of criminals, and taking numerous variegated forms of profiteering (such as data theft, phishing, malware, ransomware, DDos), that the growth in visibility to the Boardroom will accelerate in 2024.


Key 2024 Takeaway: In the past, research has suggested that CISOs have gotten away with accepting ‘smile and wave’ feedback from the board. While that may have worked previously, this will now force security and IT leaders to be held more accountable in real terms in 2024, and we will see much sharper qualification and expectations from the Board in the coming year as a result.


Furthermore, this opportunity will not be lost on the more mature CISOs. They will use these almost absurdly unrealistic yet engaging and increasingly visible happenings to fuel strong anecdotal storytelling with board members, in order to catch and retain their attention.

 

Authorities will Continue to Turn Up the Heat on CISOs and Business Leaders

 

A recent set of straw polls from front-line incident response experts in 2023 suggested that between 70-90% of incidents are not disclosed and, in another significant proportion, ransoms are paid.


However, during July 2023, the Securities and Exchange Commission (SEC) in the US adopted rules requiring registrants to disclose any material cybersecurity incidents that they experience, and to disclose on an annual basis any information regarding their cybersecurity risk management, strategy, and governance.


For those breathing a sigh of relief that they do not work or reside within the US, the Commission has also adopted rules that effectively incorporate certain categories of foreign entity that pass a business contact or ownership test. These steps are expected to be adopted in Europe, and some of them have already been incorporated within the EU Cyber Resilience Act (CRA).


These new rules will require registrants to disclose any cybersecurity incident they determine to be significant enough on a formal reporting form, and to describe the aspects of the incident’s nature, scope, and timing, as well as its impact – or potential impact – on the registrant.


These changes will thus force a much closer relationship to develop with lawyers in 2024, who must be prepared for virtually real-time disclosure responsibilities and their impacts on personal and professional liabilities and fines. 


Key 2024 Takeaway: Disclosure warrants a significant amount of workload involving lawyers, regulators, clients, media, executive, and the board, not to mention all the paperwork around the crime scene and a host of behaviours affected by subject-to-privilege constraints.


With all of this in mind, it is even more important to run those tabletop exercises in 2024, and ensure that you have all of the internal help and flexible bench strength from a host of experts ready at hand.

 

Around 50% of CISOs will leave in 2024

 

Another recent survey has suggested that 94% of CISOs are affected by stress, and that, for 64%, these, stress levels are compromising their ability to do their job. The relentless barrage of incidents which consistently affect nights, weekends, and vacations, combined with the aggression with which such incidents are met from impatient work colleagues and business partners is traumatic enough, but it is increasingly becoming the norm for CISOs to be held personally liable.


Recent actions from the US Government display a growing practice of holding executives accountable for cybersecurity breaches. Notably, the US District Court in San Francisco brought criminal charges against Joe Sullivan, Uber’s former CISO, for his alleged role in covering up a 2016 data breach. Professional observers say that he narrowly avoided going to prison because he was the first, and thus the rest of us should see this as a warning; however, it should be noted here that his $50,000 fine, significant costs of defending himself, and three years of probation are not going to help CISO stress levels.


This is compounded by the latest news from SolarWinds suggesting that executives there are likely to be held personally liable for their cyber security threats. Admittedly, as of now, there hasn’t been a specific legislation or regulation that would lead to the staff at SolarWinds being personally liable, but the legal and regulatory landscape is evolving, with discussions surrounding the accountability for cybersecurity incidents at the corporate leadership level expected to accelerate. In short, it can be deduced that around 50% of CISOs are expected to change career paths by 2025.


More imminently, in 2024, all of this will result in the lawyers and leaders representing major organisations paying much more attention to cyber and their D&O insurance. This shift will force closer attention and alignment with broader efforts to strengthen cyber defence mechanisms and ensure responsible management of cybersecurity risks within organisations, where failures in attention to detail could still result in jail time and other uncovered and personal liabilities. 


Key 2024 Takeaway: This concerns those in business leadership specifically. If your CISO is a true front-line CISO, they will be suffering, and if you have not already done so, then now is the time to reach out and offer support. Accountability needs to be shared, or you’re going to lose your CISO and find them hard to replace. The days of autonomous and isolated CISOs being ‘left to do the expert cyber stuff’ are over.

 

Budgets and Quantifying Risk and Return in Cyber Security

 

In a recent board and CISO report, supported by thorough survey work and conducted by the analyst firm, Cyentia, the topics and concerns mentioned by board members that were cited as the most critical and pressing fell at the bottom of the priority list for CISOs.


I was closely involved in the first of the series, and personally spoke to dozens of CISOs, all of whom assured me of their close relationship and good communication with the board. The 75 board members surveyed universally disagreed—one quote in particular spoke volumes: ‘Security has a seat at the table, but has nothing to say. We’re listening, but security mumbles.’


The board-side lack of appetite to resolve these differences was amplified by the fact that, at the time (2017-2018), cybercrime did not have the visibility that it has today, in which it is near-impossible to ignore, and, in their words, ‘there’s no chance of fines or personal liability for me’.


Looking at the spending side, there has been almost unconstrained growth in Cyber Budgets in the period 2010 to 2020, expanding across a wide range from 6% - 14% of the company’s annual IT budget, and averaging at 10%. This has grown during a period in which, while experts could recognise the growth in cybercrime activity, business leaders felt no need to get involved.


Arguably, budgets were parcelled out to CISOs largely to keep the problem at arm’s length, during a time at which, according to my own survey expertise, leaders were paying lip-service to cyber defence and regulation.


Meanwhile, the evolving and escalating nature of cyber threats has hit the radars of most business leaders. In 2020, the FBI declared a record level of activity, unbeknownst at the time that this remarkable increase would continue to accelerate.


As cybercrime has exploded in size and diversity since 2020, budgets have been reducing. This is a strange coincidence, with one theory being that IT leaders and CISOs have suddenly found themselves being asked to hold themselves accountable for a spend that, over the last 15 years, has been tech-vendor-led, uncontrolled, and indiscriminate. This has led to the pause-button being hit in order to better understand what we have, before choosing to add any further investment.


‘Indiscriminate’ may seem like a provocative turn of phrase here, but it covers the reduced accountability for clear outcomes than are associated with other spending categories of a similar size. In the apocryphal words of some CISOs, the more you spend, the more ‘nothing’ (referring to peace of mind) that you get. This is not usually a good enough business case for a CFO.


Key 2024 Takeaway: The security community has tried and failed to engage the Board with any impact. The security community has struggled to meaningfully capture the Board's attention. However, there's a promising shift towards a new archetype of business savvy CISOs who embrace the 'listen more, speak less' approach, skilfully blending rigorous discipline with the nuanced 'narrate with data' soft skills required. Despite these advancements, bridging the gap between cybersecurity and executive engagement remains a significant hurdle, and there is still a long way to go.


In 2024, CISOs must identify with the business, build security awareness, be credible and candid, and provide ‘pointed evidence’. KPIs for the board should be based on underlying core business initiatives supported by security products and processes in a ‘by design’ approach that places security as an unobtrusive yet solid foundation to business offerings and the platforms upon which they sit.


Conclusion


While I anticipate the eye-rolls toward the Warren Buffet quote with which I opened this article, I hope we can all agree that he is not known for his hyperbole. Rather, he is known for due diligence across a wide cross-section of businesses. I am assuming he will have seen first-hand the Board members squirming as the temperature rises.


2024 will be the year to finally consolidate, integrate, simplify, and operationalise shoulder-to-shoulder with business and IT leaders, who will at last take an active interest in cyber security, and expect CISOs to operate like business leaders, together.


The interest and active engagement of the board will be amplified by the extraordinary scale and frightening growth, not to mention evolution, of cybercrime.


Attention will also be sharpened by the promise of serious personal and professional liability, with material amounts of money, and a stronger likelihood of being affected, coming into view for even the most sceptical of naysayers.


It is still going to be about getting the basics right in 2024, as the profound changes outlined in this article necessitate a more fundamental redefinition of cybersecurity strategies at a cultural level, involving a wider demographic of more actively interested leaders and lawyers determined to support the more coherent and integrated execution of threat defence strategy.


At Cambridge Management Consulting, we are equipped with a Cyber Security practice, led by John Madelin, which can accelerate, optimise, and strengthen your cyber-infrastructure, and support you in staying ahead of these trends and developments.

About Cambridge Management Consulting


Cambridge Management Consulting (Cambridge MC) is an international consulting firm that helps companies of all sizes have a better impact on the world. Founded in Cambridge, UK, initially to help the start-up community, Cambridge MC has grown to over 150 consultants working on projects in 20 countries.


Our capabilities focus on supporting the private and public sector with their people, process and digital technology challenges.


For more information visit www.cambridgemc.com or get in touch below.

Contact - Africa

Subscribe to our insights

Blog Subscribe

A graphic of a Classical statue head wearing a VR headset

Future of Retail: How Edge Compute will Help Create a 24/7 Augmented Retail Experience

by Duncan Clubb 23 April 2025
Edge computing, 5G, IoT and AI are contributing to a paradigm shift in retail that will imagine new possibilities made commercially viable by real-time data processing. In this article, we look at the convergence of these technologies and how they will offer a radical new vision of our high street by offering customers exciting new experiences that can rejuvenate in-store shopping and retail spaces. First, in Part 1, we look briefly at each technology and discuss the technical advantages they offer and how this supports new types of customer experience. Then in Part 2 we look at industry predictions about how the retail space might evolve over the next decade. Part I Edge Computing Edge computing involves processing data near its source rather than in a centralised location. In retail, this means deploying IT infrastructure in or near store venues where consumers interact with products. This ecosystem enables real-time decision-making and personalised customer experiences by analysing data from sensors and IoT devices within the store. Edge computing is a concept that applies to an integrated network of processing units, data centres and sensors that handle data close to the user. Micro Data Centres The compute part of edge computing needs to be housed in proper data centre facilities, to ensure that the expensive server equipment, especially those used by AI systems, are kept in the optimum conditions — this helps keep maintenance and operational costs down. Even though edge compute systems can be relatively compact, retailers will mostly be unwilling to give up valuable floor space for the IT equipment and its associated infrastructure (like cooling and electrical systems), so the more likely scenario is that smaller data centres will be used that can be located close by but in back-of-house areas, such as loading bays, car parks, warehouse areas and so on. These will often be operated as cloud services so that multiple retailers can benefit from edge compute without having to bear the upfront capital cost, and, most importantly, the ongoing maintenance required to keep them operational. 5G 5G networks offer high-speed connectivity and low latency, which are crucial for supporting advanced retail technologies like augmented reality (AR) and Internet of Things (IoT) applications. The increased bandwidth allows for seamless integration of online and offline shopping experiences, enabling features like virtual try-ons and real-time product comparisons. This connectivity supports personalised marketing strategies that take place in real time and deliver targeted promotions in store. Internet of Things (IoT) The Internet of Things (IoT) refers to a network of interconnected devices, machines, and sensors that collect, store, and transfer data over the internet. These devices are embedded with sensors, software, and network connectivity, allowing them to communicate with each other and with other internet-enabled systems. IoT plays a crucial role in enhancing the retail experience by providing real-time data on customer behaviours, security risks, buying preferences, inventory supply levels and daily operations. IoT devices will principally include cameras but also a range of other sensors such as RFID tags and smart shelves.
Aerial view of a countryside town at night

How to Connect Rural Britain

by Clive Quantrill 23 April 2025
How to Connect Rural Britain and the Hardest-to-Reach Customers The lack of rural connectivity in the UK has become a pressing issue , creating a digital divide that impacts individuals, businesses and farmers. Modern society relies on digital services, and the lack of access to reliable, high-speed internet is a pervasive social issue that results in digital exclusion for communities, depriving them of fundamental services like online banking, health care, and education. This lack of access has a further impact on social mobility, particularly when around 37% of workers in the UK spend at least one day a week working remotely. In 2021 the Public Accounts Committee published a report on improving broadband which states ‘1.6 million UK premises, mainly in rural areas, cannot yet access superfast [internet] speeds’. Since then, we are happy to report that there has been some progress. As of early 2025, approximately 98% of all UK households have access to high-speed broadband (defined as speeds of 30 Mbps or higher) . In rural areas, that figure is 89% — a decent improvement in the last few years. However, the gap is larger when we consider gigabit speeds: only 52% of rural households can connect to gigabit-capable broadband, compared to 87% in urban areas There is still a significant gap to plug, but things are moving in the right direction. This allows the focus to shift, in part, to the next phase: establishing a modern digital infrastructure which can support a digital-first strategy in public services, as well as encouraging local innovation, such as smart city programmes. The hope is that this infrastructure will drive inward investment which then create a virtuous circle, where as more infrastructure is built, more innovative businesses are attracted to the region, which in turn drives demand for more advanced infrastructure. In this article we look at the improvements in rural connectivity and the programmes and innovations which are most likely to have a social impact.
A waterfall is Yosemite national park

Nature-based Solutions for People, Planet & Profit

by Adam Taylor 22 April 2025
What are Nature-based Solutions? Nature-Based Solutions can deliver multiple benefits in single locations, delivering greater impact for people, planet, and profit, and moving ESG from being just another cost to a competitive advantage. Today in the ESG space companies are expected to measure and manage their greenhouse gas emissions and water consumption, impacts on biodiversity, air, and water quality, and how their activities affect not only their staff but the communities they operate within. As a result, many companies now measure their impacts, and some employ companies to mitigate or offset their residual effects; however, this outsourcing approach is often costly and inefficient; with each residual effect mitigated or offset separately, uncertainty about the delivery or impact of the work, and delivery in other regions of the world meaning wider benefits are missed. The Business Case for Nature-based Solutions These costs and inefficiencies can be overcome however by mitigating and offsetting multiple residual effects at once by delivering Nature-Based Solutions on company land and buildings, or within the communities they serve. For example, creation or restoration of local grasslands, woodlands or wetlands would deliver carbon and biodiversity credits, water nutrient and air quality improvements, and reduced flood, drought, and wildfire risks in the areas where your company operates and your staff and customers live. Delivering these multiple impacts removes the costs of awarding and managing multiple contracts with different companies, whilst the schemes localness provides certainty of delivery and impact, and wider benefits including new local partnerships, provision of accessible natural greenspace improving staff and community health and wellbeing, and an enhanced corporate image and reputation. With ESG moving rapidly to the top of the social and political agenda the breadth and depth of ESG related disclosures that are required will only grow, so now is the best time to consider how you can deliver these more efficiently and impactfully through Nature-Based Solutions, positioning yourselves as a market leader and making this a key strand of your competitive advantage. Key Steps your Businesses should Take: Step 1: Evaluation of the measurement and management of environmental and social impacts Review of strategies, targets, costs, and impacts of existing approaches to measuring, addressing, and reporting on environmental and social impacts, including gathering stakeholder insights, and reviewing available resources, capabilities, assets, to identify where Nature-Based Solutions could be delivered. Step 2: Exploration of Nature-Based Solution delivery options Identification and assessment of Nature-Based Solution locations that deliver against company needs, including delivery and maintenance costs, partnership opportunities and appetite, and the potential for additional company benefits. Step 3: Delivery of Nature-Based Solutions Engage ESG team, local community, partners and contractors in detailed design and delivery of Nature-Based Solutions, develop and implement maintenance, monitoring, and governance protocols, collate and communicate lessons learnt, celebrate successes. How We can Help edenseven is the sustainability-focused sister-consultancy of Cambridge MC with an award-winning track record of helping businesses design and deliver data-driven sustainability strategies. With experts covering a wide range of sustainability subjects, from biodiversity & nature-based solutions, to electric vehicle fleet solutions, power purchase agreements (PPA), low carbon technologies, building optimisation, supply chain management, and end-to-end business transformation, we have experienced experts ready to help with any of your sustainability needs. With over 15 years' delivering nature-based solutions, Adam’s experience cuts across the public, private and third sectors having delivered time and again place-based solutions that increase profit whilst benefiting people and planet; the triple bottom line. Please get in touch below to find out more.
An artistic representation of fin LEO satellites lined up in space

Cell Towers in Space: Satellite-to-Cell Technology

by Mauro Mortali 16 April 2025
"Is it Snowing in Space?!" “Is it snowing in space?!” Asks a disgruntled Bill Murray in the film Groundhog Day when he is told that he cannot call out from the snowbound town of Punxsutawney, Pennsylvania. If there is a remake, Bill might not have to worry: signal dead zones may soon be a thing of the past due to recent advancements in satellite technology. Whereas the old picture of satellite communications was a scientist in the wilderness with a big clunky antenna, these days the technological payload is all in space. Recent advancements such as Low Earth Orbit (LEO) satellites, advanced beamforming, and the use of mobile spectrum bands means that any phone supporting 4G LTE can potentially receive satellite data directly. This integration of satellite and terrestrial networks is set to reshape the mobile industry, creating both opportunities and challenges for traditional mobile network operators (MNOs) and mobile virtual network operators (MVNOs). In this article we give an overview of the technological advancements, the major players in the market, and then consider the effects this will have on traditional wholesale mobile market structures; concluding with the emerging opportunities for new revenue and growth. The Evolution of Satellite Connectivity Historically, satellite communications operated independently from terrestrial networks, serving specialised markets with limited scalability and high entry barriers. However, recent advancements, particularly in Low Earth Orbit (LEO) satellite technology, have dramatically altered this scenario. The most well-known example is obviously SpaceX, which has played a pivotal role in democratising space: reducing barriers to entry and making satellite connectivity more scalable, performant, and accessible. SpaceX and other companies have found innovative ways to dramatically reduce costs. Since Sputnik 1 in 1957, launching payloads into space has been prohibitively expensive, with costs exceeding $100,000 per kilogram in the 1960s and averaging $16,000/kg for heavy payloads from 1970 to 2010. SpaceX’s innovations have brought these costs down through reusable rockets, vertical integration, economies of scale, and advancements in materials and manufacturing processes: leading to price points as low as $100 per kilogram in recent years. However, cost is just one of the barriers. The real gambit has been provided by Low Earth Orbit (LEO) satellites, which typically orbit at altitudes ranging from approximately 160 to 2,000 km and offer low-latency, high-speed connectivity — making them ideal for real-time applications and direct-to-device communications. The latest generation of technologies now enable LTE mobile phones to connect directly to satellites without specialised hardware, marking a significant milestone in mobile communications. The Major Satellite-to-Cell Players While SpaceX's Starlink has garnered the most attention, several other major companies are actively developing satellite-to-cell technologies and forming strategic partnerships with terrestrial mobile operators. As of April 2024, Starlink had established 15 partnerships with mobile carriers globally — including T-Mobile in the US. T-Mobile has structured its beta program to begin with text messaging capabilities, gradually expanding to include picture messages, data connectivity, and eventually voice calls. As of February 2025, it is reported that 7,086 Starlink satellites are in orbit, with 7,052 being operational. AST SpaceMobile has emerged as a significant innovator, achieving a historic milestone in April 2023 with the first-ever two-way voice call directly with an unmodified smartphone, via their BlueWalker 3 satellite. AST SpaceMobile launched its first five commercial satellites, the BlueBird 1-5 mission, on September 12, 2024, aboard a SpaceX Falcon 9 rocket. Lynk Global represents another significant player. In a recent expense report, it revealed that each satellite costs around $400,000 to build and up to $815,000 to launch into space. They hope to have up to 1000 satellites (for full continuous broadband coverage) in orbit by 2025 and 32 mobile network operator (MNO) partnerships by the end of 2025. The company has successfully demonstrated text messaging capabilities from satellites to standard cellular devices and continues to expand its constellation and service offerings. Huawei has partnered with China Telecom to demonstrate satellite-to-phone messaging capabilities, while Apple has worked with Globalstar to implement emergency satellite messaging features in recent iPhone models. Implications for Traditional Wholesale Mobile Market Structures Traditionally, the wholesale mobile market has been structured around MNOs, MVNOs, and wholesale aggregators. Revenue streams have typically included MVNO wholesale pricing, and IoT and machine-to-machine (M2M) solutions. However, the rise of satellite-to-cell technology poses potential threats to this established model. Disintermediation of MNOs and MVNOs Satellite-to-cell connectivity introduces the potential for disintermediation, where control traditionally held by MNOs could become fragmented across multiple parties in the value chain. As satellite providers increasingly offer direct-to-device services, traditional operators risk losing their central role in network management and customer relationships. Pricing Pressure on Wholesale Markets The increased availability and competition from satellite connectivity providers could exert downward pressure on wholesale pricing. As satellite services become more affordable and accessible, traditional wholesale providers may face challenges in maintaining their pricing structures and profitability. Competitive Pressure in IoT and Enterprise Applications Satellite connectivity is particularly well-suited for IoT and enterprise applications, especially in remote or challenging environments. As satellite-to-cell technology matures, traditional wholesale providers may face intensified competition in these segments, necessitating strategic adjustments to remain competitive. Emerging Opportunities in Satellite-to-Cell Connectivity Despite these challenges, the integration of satellite connectivity into mobile networks also presents substantial opportunities for innovation and growth. Forward-thinking operators can leverage satellite-to-cell technology to develop new business models and revenue streams. Hybrid Terrestrial-Satellite Subscription Models Providing Ubiquitous Connectivity Operators can offer hybrid subscription plans that seamlessly integrate terrestrial and satellite connectivity. Such models provide customers with uninterrupted coverage, enhancing user experience and creating differentiated service offerings. Wholesale Satellite Resale for MVNOs Satellite-to-cell technology opens new avenues for MVNOs to expand their service portfolios. By reselling satellite connectivity, MVNOs can offer enhanced coverage and reliability, particularly in underserved or remote regions, thereby attracting new customer segments. IoT and Enterprise-Focused Applications Satellite connectivity is a natural fit for IoT and enterprise applications, such as remote monitoring, asset tracking, and industrial automation. Mobile operators can forge strategic partnerships with satellite providers to deliver specialised solutions for these markets, tapping into new revenue opportunities. Emergency-Only and Disaster Recovery Plans Satellite-to-cell technology can play a crucial role in emergency and disaster recovery scenarios, providing a reliable backup to terrestrial networks when they are unavailable or overwhelmed. Operators can develop emergency-only plans that leverage satellite connectivity to ensure critical communications during crises. Conclusion Satellite-to-cell technology represents a convergence of space and terrestrial communications systems that promises to fundamentally alter global connectivity markets and players. The dramatic reduction in launch costs by a factor of 20 has enabled the deployment of massive satellite constellations that were previously economically unfeasible. The competitive landscape continues to evolve rapidly, with SpaceX, AST SpaceMobile, and Lynk, and traditional telecommunications companies all pursuing various technological approaches and business models. Commercial text messaging services are already becoming available through beta programs, with video calling capabilities demonstrated and voice calls progressing toward wider availability. The integration of 5G standards with satellite networks continues to advance through collaborative industry initiatives, with projections of a $50 billion market by 2032. As this technology continues to mature throughout 2025 and beyond, it promises to eliminate mobile dead zones and create new application possibilities that were previously unimaginable. The future of mobile communications is undoubtably hybrid: blending terrestrial and non-terrestrial networks into seamless connectivity solutions that follow users wherever they go. This has wide reaching implications for connectivity in remote and isolated regions, and offers perhaps the fastest and most cost-efficient route to bridging the digital divide. It will also transform how we respond in disaster zones and hazardous areas — increasing the ability to protect and save lives with faster and safer humanitarian and emergency services.
Silhouette of 737 plane in a neon sky

Why SaaS Providers Shouldn’t Upsell Essential Security Features

by Tom Burton 9 April 2025
What Problem do Too Many SaaS Providers Have in Common? Many SaaS security providers have a history of treating important safety and security features as something to upsell. This raises the important question of whether a software vendor has a moral responsibility for the secure operation of their solution. In this article, we explore the implications of treating important security and safety features as an upsell, using Boeing as a test case of where this can go wrong. The Case of Boeing and the Aviation Industry The case against Boeing is emblematic of a more systemic issue across the aviation industry, and many other industries. The public became aware of this issue under tragic circumstances when the Lion Air and Ethiopian Air Boeing 737 Max airliners crashed in 2018 and 2019 respectively. According to the widely quoted New York Times article , the crash could have been avoided if the pilots had access to two safety features that were sold by Boeing as optional extras. According to the incident reports, at the root of the incident were the angle-of-attack sensors. These mechanical sensors operate in a similar fashion to a weathervane to measure whether the aircraft’s nose is pointing above or below the direction of airflow. Being mechanical, they may be prone to malfunction, perhaps jamming after having been installed incorrectly — as was believed to be the case for the Lion Air aircraft . The system that led to the aircraft’s demise, which identifies the risk of the aircraft stalling, only listened to one of the sensors. A difference in the signal being sent by the two sensors was not recognised by the anti-stall system; and the instruments that would have alerted the pilots to the conflicting signals were upsell items. This wasn’t a fancy, nice-to-have bell or whistle that makes the flight more comfortable, efficient, or profitable. It is an underlying safety feature of the aircraft. If there was no safety requirement for the redundancy of two sensors, it is difficult to see why there would ever be more than one. Boeing has now addressed the issue, and the anti-stall system listens to both sensors, responding safely in the event of conflicting signals. It should also be noted that the investigation identified pilot error and deficiencies in the training that contributed to the disasters (and this will be relevant to our points regarding many SaaS product decisions as well). The SaaS Parallels Cloud-delivered Software as a Service (SaaS) has revolutionised the tech industry, and catalysed a phenomenal level of innovation and growth. It has enabled new software capabilities to be brought to market faster than ever before, and facilitated the ability to reach a scale with costs defrayed across multiple customers that would have been unimaginable 30 years ago. However, the benefits of being able to access a service from anywhere, at any time, by anyone also presents significant risks. The ‘anyone’ can be a malicious party operating outside of the reach of law enforcement or extradition. As a result, there are clear commercial responsibilities placed on SaaS providers to secure their infrastructure from attack, and those that do not are unlikely to last long in the marketplace. But just like the aviation industry, there are different flavours of security, and different perceptions of what is considered essential. Taking due care and applying due diligence to ensure that the platform itself is adequately secured from a direct attack is clearly the vendor’s responsibility – but what about those elements of security that relate to risk owned by their customers? One key element of customer risk relates to the security of a user’s password. It is their responsibility to make sure they choose a long and random string drawn from upper case, lower case, numerical, and special characters (if allowed). It is also their responsibility to ensure that they do not ever use the same password for multiple applications or services. But, we know that compromised credentials is a common failure mode. Just because it is the user’s responsibility to mitigate this risk, this doesn’t mean that system developers do not also have some mutual responsibility to make it easier for the user to exercise that responsibility; controls have been developed specifically for that purpose. The most obvious ones are Multi Factor Authentication (MFA, or 2FA), and Single Sign On (SSO). With MFA, we improve the security of the credentials by also verifying that the user is in possession of their trusted device before we trust them at sign in. With SSO, we minimise the number of credentials and accounts to manage by federating with a single corporate account; we can then concentrate our effort to secure that corporate account rather than spreading our resources thinly. Both are relatively easily implemented these days, particularly in the case of SSO where the OAuth protocols are widely offered by Identity Providers. Once implemented, both are essentially free to operate, particularly if MFA uses an Authenticator app rather than SMS text messages. SaaS providers recognise that this security is important, and they will frequently implement MFA and SSO controls into their applications to meet that customer demand. But, too frequently, we see them only offered as part of the more expensive subscription options. This element of security is not enhancing the vendor’s core proposition; it is not making their offering more functional, better looking, or more efficient for their users. It is just making it more secure, and therefore to treat it as an item to upsell comes across as price-gouging rather than the responsible application of good security practice. It is almost as though these vendors have run out of innovative bells and whistles that their clients would value in their core product, so they have had to resort to undermining the security of their cheaper options in order to encourage their customers to pay for their more expensive ones. It is equivalent to a bank only using the CSC code on a card to secure transactions for customers who pay for their premium banking services, because, after all, it is the customer’s responsibility to protect their card details. Conclusion What we have described here is not universal, and probably is not even representative of the majority of SaaS providers. But, when you are reviewing a new service, we urge you to take a closer look at what security your provider is charging extra for. If low cost, high value security controls are being upsold, then you may want to consider what other security good practices are not being considered essential. For more information about our cyber security consulting services and Secure by Design principles in action, please contact Tom Burton, Partner for Cyber Security, using the form below.

BT Gives a Call to Action for CNI Providers to Switch Over to Digital Services

by Clive Quantrill 3 April 2025
As the UK's ageing copper landline network becomes increasingly unstable, Cambridge Management Consulting reports that BT is urging Critical National Infrastructure (CNI) providers to expedite their transition from analogue to digital voice. With the Public Switched Telephone Network (PSTN) nearing the end of its life, organisations face significant risks if they delay planning and execution for this essential upgrade. Recent data indicates that 60% of CNI providers in the UK still lack a strategic plan to migrate from the legacy analogue network. This statistic underscores an urgent need for action to safeguard essential public services, such as healthcare, water, energy, emergency services, and government operations. The transition is not merely a technological upgrade; it is a once-in-a-generation programme to future-proof communications and improve service reliability. The PSTN, our communications backbone for over a century, is becoming increasingly prone to faults and difficult to maintain, with recent reports showing a 45% increase in significant resilience incidents. The impact of this transition is wide-reaching, affecting critical systems such as telemetry monitoring sensors, emergency phone lines, telecare alarms in hospitals and care homes, CCTV, intruder and fire alarms and older EPOS machines.  As the below graphic shows, a broad spectrum of devices and services will be affected by the analogue switch off, including ISDN, ASDL and Fibre to the Cabinet (FTTC) broadband services. The majority of organisations are almost certainly in the dark when it comes to common knowledge of all of the devices affected, lacking the internal expertise and records to identify and audit complex, interrelated legacy systems.
Red abstract architecture with a cloud passing through the square arch

Our View: New UK Government Guidance on Multi-Region Cloud & SaaS

by Tom Burton 27 March 2025
Well Intended Guidance Leaves more Questions than Answers The UK Government Digital Services – part of the Department for Science, Innovation and Technology – has recently published guidance for how the public sector should adopt a multi-region approach to cloud technology. At first sight this appears encouraging. Any unnecessary constraints on hosting arrangements (or any other non-functional requirements) reduce the available market of providers, constrain competition, and therefore inevitably reduce value for money. If parts of Government, whether central, regional or local, have felt that everything must be hosted in the UK then it makes sense to produce guidance that clarifies this perception and helps to open their options up. But for guidance to be useful it should guide. It should make it easier for people to take actions that they previously would have discounted. The guidance in this case, which at 1420 words is almost as short as this article, probably leaves the reader with more questions than answers. It may reveal some unknowns, but without increasing certainty. The Guidance in a Nutshell A summary of the guidance is as follows: Look wider than UK: Many cloud solutions may not offer UK hosting, particularly new innovative solutions that haven’t scaled up yet. Irrespective, their staff are likely to be distributed around the world if the service is supported 24/7. There may also be other benefits in looking wider than UK hosting, such as enabling better business continuity and disaster recovery options if the vendor only has one UK site. Get legal advice: Before you even consider a non-UK option you need to seek advice from your own legal advisors and your Data Protection Officer (DPO). Ensure compliance with ICO guidance: Before you even consider a non-UK option you need to check and make sure that any international transfer of personal data will be compliant with the Information Commissioner’s Office (ICO) guidance, and you should get further guidance from your own legal advice and DPO. Do a full review of vendor security: Before you even consider a non-UK option you need to make sure the vendor and solution are compliant with your own security policies. In a nutshell, it says: 'you should consider options outside of the UK but only if you have checked everything is legal and secure'. This seems to be verging on a statement of the obvious; the real difficulty in going offshore is covering all of the legal, regulatory and security compliance aspects. Adequacy is a Moment in Time On point 3, the guidance points out data protection compliance is easier if the country in question is considered by the ICO to be adequate – having equivalent regulations for data protection to the UK. Sound advice. But even this is not that simple. For instance, the USA is not considered adequate unless it is under an extension of the EU-US Data Privacy Framework. This framework is dependent on an Executive Order that the Biden administration put in place, and it is entirely possible that it will be revoked by the current administration. If such an action was taken, or if for any other reason the EU decides that adequacy is no longer met (also not unlikely given Herr Schrems has achieved this twice already and has stated he plans to challenge the DPF), then the vendor will no longer be considered compliant. Consideration is Far Wider than Residency Security is far wider than data residency though. This is where point 4 both states the obvious and understates the complexity. Managing risk in the supply chain is inherently difficult. Cloud providers, and particularly SaaS solutions, aggravate this challenge by an order of magnitude. By their nature they are solutions designed for a broad and varied range of customers. This means they will always involve compromise. If they tried to meet the most demanding requirements, they would price themselves out of the scale marketplace. If they went for the lowest common denominator, they would be unable to meet the requirements of the majority. An individual customer can rarely dictate a specific security requirement for themselves. They are also highly opaque. The vendor presents their service as a black box. The features delivered to the customer are defined, but much of the underlying design and the means the vendor uses to manage it in operation are hidden. This makes assessing the risk far more of a judgement call than when the design and delivery is conducted under your control. Depending on the supplier, and the leverage that the customer has over them, it may be possible to get some information and assurances; but the right questions need to be asked, and the answers need to be interpreted correctly. Third party certifications and audits, such as the ISO27000 series of standards or the SOC1, SOC2 and SOC3 reports, can also provide some additional assurances. But only the customer will be able to decide the extent to which they can mitigate the risk, and the confidence they have in the supplier to manage their own. This is a business decision informed by the specifics and nuances of the risks being considered. Summary It is important to minimise the non-functional requirements and keep an open mind about potential solutions and vendors. This includes looking wider than just the UK when national security requirements are not paramount. But this is not something that can be distilled onto a single sheet of A4 in any meaningful way. Yes, there are legal and regulatory issues that need to be reviewed. And geopolitical risk needs to be factored in, considering how you would respond to future external changes that are outside of the UK’s control. But from experience, the greatest challenge is getting comfortable that the vendor’s organisation and their solution have adequate security – this applies equally whether the solution is hosted in the UK or overseas. The SaaS world is opaque, and balances priorities across a broad and varied customer base. The public sector needs to increase its adoption of cloud and SaaS solutions to remain efficient and relevant, in the same way that the private sector has had to. But the route to responsible adoption is more nuanced, requiring candid conversations with suppliers, and ultimately an informed but subjective judgement by the customer’s leadership. Sources/Links: DSIT Guidance for Multi-region cloud and software-as-a-service ↩︎ ICO Guide to International Transfers ↩︎ Executive Order (E.O.)14086 of October 7, 2022, on Enhancing Safeguards for United States Signals Intelligence Activities ↩︎ Note: This article originally appeared on Tom Burton's personal blog at https://digility.net/insights/
Palace of Westminster at night

APPG Report Summary: 'Care to Connect: Public Switched Telephone Network (PSTN) Migration'

by Craig Cheney 25 March 2025
The Digital Communities All-Party Parliamentary Group (APPG) shared the ‘Care to connect: Public Switched Telephone Network (PSTN) Migration’ report with key parliamentarians on Monday at a launch meeting on Parliament Street. This report highlights key recommendations for managing the ongoing Public Switched Telephone Network (PSTN) migration, focusing on protecting vulnerable residents and ensuring effective solutions. Here are the major takeaways for local government and communication providers: Data-Sharing Agreements (DSAs) DSAs between communication providers (CPs), local authorities, and telecare providers are crucial for identifying vulnerable residents during the migration. Challenges include inconsistent responses from local authorities and fragmented approaches across CPs. The APPG recommends all local authorities and housing associations sign DSAs, regardless of progress in digital switchover, to promote uniformity and resident safety. Telecare Devices The sale of analogue telecare devices must end, as these can leave residents unsupported during the transition. The government, in collaboration with the TEC Services Association (TSA), should enforce higher standards (TEC Quality’s Quality Standards Framework) across the telecare industry to achieve robust digital migration practices. Financial support for local councils is critical to replace outdated telecare devices and prevent double costs. Battery Backup Solutions Existing guidance from Ofcom, requiring one-hour resilience for power cuts, is insufficient. The APPG recommends increasing power backup requirements to at least 4 hours in homes and 6 hours for fixed networks. Communication and energy providers must jointly create resilient power solutions, particularly for vulnerable residents reliant on telecare devices. A multi-sector priority service register should integrate communications and energy service protection for those at risk. Sunset of 2G and 3G Networks UK mobile network operators plan to stop supporting 2G and 3G networks by 2033, with some networks already switched off. There are cases where local authorities and residents have purchased telecare devices using 2G/3G SIM cards, as a lower-cost, interim solution — these devices will need to be replaced again, posing double replacement costs for local authorities and additional risks to residents. The government should stop the sale of analogue devices and accelerate efforts to prevent the redeployment of outdated telecare alarms. Summary We welcome these recommendations alongside the December 2023 PSTN Charter, the Telecare National Action Plan and the PSTN Non-voluntary Migration Checklist. The conclusions make it clear that coordination between local and central government, industry regulators (such as Ofcom and Ofgem), and communication providers (CPs), as well as significant investment in digital teams at a local level, are essential goals to ensure a safe and inclusive digital switchover for all vulnerable residents and telecare users. Read the full report here: https://digitalcommunities.inparliament.uk/care-to-connect-public-switch-telephone-network-migration-report About the APPG The Digital Communities APPG is a cross-party group of parliamentarians, with the aim to promote the delivery of digitally equipped places that support and foster a connected, healthy, and productive community. This includes the creation and maintenance of sustainable digital infrastructure, as well as providing residents with equal opportunity to thrive in a digital world. The LGA provides the secretariat to the APPG. Cambridge Management Consulting Our Public Sector and PSTN teams can help local councils and other public bodies by providing strategy, financial planning, procurement, and project management services to ensure that you have a comprehensive transition strategy and accurate financial costing for the PSTN switch-off. We can help you follow the recommendations in this report by completing a full audit, signing DSAs with CPs and most importantly, protecting vulnerable service users. Get in touch with Craig Cheney, Managing Partner and lead for Public & Education, to discuss a range of services which might suit your needs: ccheney@cambridgemc.com (or use the form below). Act now, before time and resources run out.
A hazy smog view across a city skyline

The Real Financial Cost of Scope 3 for Businesses

by Simon King 20 March 2025
What Do Your Scope 3 Emissions Have to Do with Inflation? Scope 3 emissions cover everything outside your direct operations —the carbon footprint of your supply chain, purchased goods, logistics, business travel, and more. The higher your Scope 3 emissions, the more energy-intensive your supply chain is. And the more energy-intensive your supply chain, the more vulnerable you are to rising costs. Think of it this way: High Production Costs- If your suppliers are heavily dependent on fossil fuels, their production costs are rising fast Price Volatility- If your supply chain lacks efficiency and resilience, price volatility will hit you harder Locking in High Costs- If you’re not actively engaging with suppliers to reduce emissions, you’re locking in long-term cost increases that could have been avoided Without accurate Scope 3 data and a clear engagement strategy , businesses are leaving themselves open to higher prices, lower margins, and greater financial risk . Why Businesses Struggle with Scope 3 A major challenge is that Procurement and Sustainability teams often operate in silos: Procurement teams focus on cost and supplier relationships but often lack deep sustainability expertise Sustainability teams focus on compliance and decarbonisation but aren’t typically measured on financial performance This disconnect means emissions reduction is rarely treated as a financial opportunity —when in reality, cutting carbon from your supply chain is also one of the most effective ways to reduce exposure to cost inflation. The Businesses That Get This Right Will Lower their Costs Leading organisations are already taking action. They are: Gathering detailed Scope 3 emissions data to map out cost risks in their supply chain Engaging suppliers to drive efficiency, reduce emissions, and lower costs Building resilience by shifting towards lower-carbon, more cost-stable alternatives The result? Lower long-term costs, reduced financial risk, and a competitive edge over those stuck with inefficient supply chains. This is not just about sustainability compliance —it’s about smart financial decision-making. If You’re Not Taking Action, You’re Losing Money Every business will feel the impact of rising supply chain costs—but not every business will be prepared for them. If you don’t have accurate Scope 3 emissions data and an effective engagement strategy, you are: Paying more than you need to for essential goods and services Exposing your business to long-term cost inflation Missing out on opportunities to build a stronger, more resilient supply chain The sooner you act, the better the outcome for your bottom line and the planet. Is your business ready to take control of its costs? Get in touch with Cambridge Management Consulting and edenseven today. About edenseven edenseven is the sustainability-focussed sister-company of Cambridge Management Consulting. We work with businesses across all sectors in multiple regions to deliver robust and deliverable net-zero strategies. The success of any strategy relies on its awareness of how changes in policy and subsidies can create both risks and opportunities for a business. If you are a business trying to enter a new market or evolving in an existing market and would like to learn more about how edenseven can support you, please get in touch with the team at edenseven at info@edenseven.co.uk or use the contact form below. Find out more about edenseven on their website: edenseven.co.uk
More posts