Risk Management in an AI World
Tom Burton
Why do we trust computers?
AI is a constant feature in the news these days, but a couple of news items in recent weeks might have struck you as worthy of more thought. First was the announcement by Meta and OpenAI that they will shortly be releasing models that ‘think’ more like people and are able to consider the consequences of their decisions. And the second was an article in the FT that the speed of AI development is outstripping the development of methods to assess risk.
These two developments and the conflicts they raise are related to a quixotical feature of human nature: why do we trust computers more than humans?
If there is a reliable basis of trust in a person or in a piece of technology, then the level of risk being taken can be more clearly understood. Without a sound basis of trust, this risk becomes increasingly uncertain.
In this article, Tom Burton, a cyber security expert and technology thought leader, addresses the historical roots of this dilemma, and also answers the following:
- Why is digital risk such a challenging concept?
- How will AI make this problem more complicated?
- What principles could be put in place to manage trust in an era of AI?
Where does this bias originate?
Why is it that a human is more likely to implicitly trust what a computer tells them than what another human tells them?
Before you hit back with disagreement, consider this scenario: How would you react if a gentleman dressed in the regalia of an African prince turned up at your door offering untold riches without any conditions?
Many over the years have been taken in by exactly that offer received by email. Phishing, fake news on social media, and numerous other socially engineered deceptions rely on this digital bias, which has been the subject of plenty of research.
When Tom Burton was responsible for information systems, information management, and information exploitation in his Army Headquarters, he found it striking how many people assumed the accuracy of a unit’s location on a screen was 100% reliable. They would take a similar ‘sticky’ marker on a physical map with caution; recognising that there was implicit uncertainty in the accuracy of the ‘reported’ location, and that the unit in question may have moved significantly since they made that report. Yet, they would be happy to zoom in to the greatest detail on a screen and ask why A Squadron or B Company was on the east side of the track rather than the west.
This
implicit trust has striking implications for many aspects of our digital lives, and will be brought into even sharper focus with the widespread adoption of AI applications.
Is tech more like a hammer or a human?
Tom has a theory. Humans are inherently fallible, deceitful and unpredictable. We make mistakes, sometimes intentionally; sometimes due to tiredness, emotions or bias. And we have spent at least 300,000 years reaffirming this model of each other.
Machines are considered to be predictable and deterministic. No matter how many times two large numbers are entered into a calculator, it’s expected that they will be added up correctly and consistently.
When considering the output of a computer, at least subconsciously, it is considered to be more like a hammer than a human: a predictable tool, that will produce the result it was programmed for.
But even in the case of conventional, non-AI technology, this perspective is a fallacy. Computers are designed and programmed by fallible humans. Mistakes are made, and those mistakes are transferred to the code, and in turn, the results that this code produces. The more complex the code, the less certainty there will be of accurate and consistent results.
A ‘truthful’ response may also be dependent on having a similar perspective to the person who designed a system. If ambiguous problems are interpreted differently by the designer, then the probability that the results will be misinterpreted increases significantly.
People consider their digital tools as predictable as a hammer, but too frequently they operate more like the humans who created them.
This situation is only likely to get more extreme with AI. Technology is actively being designed to operate more like humans. To learn and apply insight from that learning in new situations. The question asked of a system today might well produce a different answer if asked again in the future, because the information and ‘experiences’ that answer is based on will change. In exactly the same way that if one asks a human the same question ten years apart, we are not surprised by a different answer, particularly if seeking an opinion.
How does this affect the risks of employing increasingly advanced technologies?
If technological tools are increasingly becoming more similar to humans than hammers, then how does this affect risk? The diversity and unpredictability of humans is something with which society is familiar and has been managing for some time; so let's look at the similarities, because, after all, the aim is to replace people with technologies that operate in a similar way.
It's known that people misunderstand tasks because language is ambiguous, and interpretation is based on an individual’s perspective. Everyone has different value systems, influencing where focus is placed and where corners might be cut. At an extreme, these different values may lead to behaviour that is negligent or even malicious. People can be subverted or coerced to do things. All of these behaviours have parallels with complex technology, and AI in particular.
Ambiguity will always create uncertainty and risk. AI models are based on value systems that are intended to steer them towards the most desired outcome; but those value systems may be imperfect, especially when defined in the past for unforeseen situations in the future. And it's known that technology can be compromised to produce undesirable outcomes.
But it is important to note that there are some fundamental differences as well. Groups and organisations tend to have inherent dampers that reduce extremes (though geopolitics might provide evidence against this). Recruiting one person to do a task might result in a ‘good egg’ or a bad one. But recruiting a team of ten increases the chance that different perspectives will challenge extreme behaviours. Greater diversity increases this effect. This does not eliminate risk, and a very strong character might be able to influence the entire team, but it introduces some resistance. However, if the ‘team’ comprises instances of the same AI model, feeding from the same knowledge base, using the same value systems and learning directly from each other, it might operate more like an echo chamber; as seen with runaway trading algorithms that are tipped out of control by the positive feedback of their value systems.
Are digital risk and business risk the same?
Assuming the trajectory of technology continues into the age of AI, intelligent tools will be used wherever possible to do tasks currently done by humans. Over time, every aspect of business will be decided or influenced by digital systems, using digital tools, operating on digital objects, to produce outcomes that will be digital in nature before they transition into the physical world.
Consequently, there will not be many risks that do not have a very significant digital element. It could therefore be argued that managing cyber-, information- or digital-risk (whichever term you prefer) will be inseparable from the majority of business risks. Going into the future, the current construct of a CISO function managing information risk separate from many of the other corporate risk areas might seem quaint. Instead, it's uncertain whether any area of business risk management will be able to claim they ‘don’t do technology’ and it will be more important than ever for technology risk to be managed with an intimate and universal understanding of the business.
Applying human risk management to artificial intelligence
Improving our understanding of risk by considering technology components as people, at least at a conceptual level, is possible. Society is already there in many respects and, as AI solutions emerge over the years and decades to come, this convergence is only going to accelerate. An AI model’s decisions are based on an unpredictable array of inputs that will change over time. They are based on a set of values that need to be maintained in line with business and ethical values. But most importantly, they will learn. Learn from their own experiences, and learn from each other. This sounds far more like a human actor than a hammer.
Tom Burton suggests that we can take lessons from managing human risk and apply them to digital risk. He suggests the following measures that can be immediately adopted by businesses:
- Initiation: When embarking on an initiative, time needs to be taken to consider the inherent risks faced. Not just the discrete risks within the initiative but also the more systemic risks that need to be avoided.
- Recruitment: Deciding what is meant by trust when selecting the types of technologies to be employed, and where technology will be applied versus where a human in the loop is desired, is necessary. The frame of reference used to define and measure trust, what external evidence can be taken, and how much needs to be reinforced with one's own due diligence needs consideration. For instance, government regulation and certification of AI models may provide a baseline of trust, but in the more sensitive and high risk areas of business, 'interviews' and tests will likely need to be applied.
- Design: The more risk that can be designed out, the easier (and cheaper) it will be to manage the residual risk in operations. The concept of Secure by Design is important now but will become essential as the progression continues. Ensuring the equivalent of segregation of duties until more is understood about how these systems will operate, learn, and develop over time is crucial. Applying segmentation is too often ignored today, with broad flat networks, but it will be vital to contain risk in the future.
- Operations: In operations, just like with people, preparation for the worst scenario is necessary. This is not just about monitoring an environment. It is also about maintaining an understanding of risk and war gaming new scenarios that come to mind. The military planning process always includes the question: "Has the situation changed." Industrialising this in the way systems are managed, maintained, and evolved is needed. The most obvious 'big issue' that comes to mind is the point when operationalised quantum computing comes to the fore; but there will be others as well and adaptation to overcome them will be required.
Summary: Optimism is Good, but Hope is not a Strategy
There is a lot to be optimistic about in the future. There will be change, and the need to adapt, but the pace of change and the breadth of its impact demands that we take an objective approach to understanding and managing risk—hope is not a strategy.
If we do not understand something, then our trust in it must decrease as a consequence. This does not mean that we should not employ it; after all, the trust we have in our people and our partners isn't binary. But we put controls and frameworks in place to limit the damage that people can do proportionate to this trust.
We need to treat technologies that demonstrate human traits in a similar way.
About Tom Burton
With over 20 years of experience in business, IT, and security leadership roles, including several C-suite positions, Tom has an acute ability to distil and simplify complex security problems, from high-altitude discussions about business risk with the board, to detailed discussions about architecture, technology good practice, and security remediation with delivery teams. With a tenacious drive to enhance cyber security and efficiency, Tom has spent a significant amount of time in the Defence, Aerospace, Manufacturing, Pharmaceuticals, High Tech, and Government industries, and has developed an approach based on applying engineering principles to deliver sustainable business change.
If you would like to speak to Tom or anyone from the Cyber Security team, please use the form below.
About Cambridge Management Consulting
Cambridge Management Consulting (Cambridge MC) is an international consulting firm that helps companies of all sizes have a better impact on the world. Founded in Cambridge, UK, initially to help the start-up community, Cambridge MC has grown to over 160 consultants working on projects in 20 countries.
Our capabilities focus on supporting the private and public sector with their people, process and digital technology challenges.
For more information visit
www.cambridgemc.com or get in touch below.
Contact - Risk Management in an AI World
Subscribe to our insights
Blog Subscribe
Well Intended Guidance Leaves more Questions than Answers The UK Government Digital Services – part of the Department for Science, Innovation and Technology – has recently published guidance for how the public sector should adopt a multi-region approach to cloud technology. At first sight this appears encouraging. Any unnecessary constraints on hosting arrangements (or any other non-functional requirements) reduce the available market of providers, constrain competition, and therefore inevitably reduce value for money. If parts of Government, whether central, regional or local, have felt that everything must be hosted in the UK then it makes sense to produce guidance that clarifies this perception and helps to open their options up. But for guidance to be useful it should guide. It should make it easier for people to take actions that they previously would have discounted. The guidance in this case, which at 1420 words is almost as short as this article, probably leaves the reader with more questions than answers. It may reveal some unknowns, but without increasing certainty. The Guidance in a Nutshell A summary of the guidance is as follows: Look wider than UK: Many cloud solutions may not offer UK hosting, particularly new innovative solutions that haven’t scaled up yet. Irrespective, their staff are likely to be distributed around the world if the service is supported 24/7. There may also be other benefits in looking wider than UK hosting, such as enabling better business continuity and disaster recovery options if the vendor only has one UK site. Get legal advice: Before you even consider a non-UK option you need to seek advice from your own legal advisors and your Data Protection Officer (DPO). Ensure compliance with ICO guidance: Before you even consider a non-UK option you need to check and make sure that any international transfer of personal data will be compliant with the Information Commissioner’s Office (ICO) guidance, and you should get further guidance from your own legal advice and DPO. Do a full review of vendor security: Before you even consider a non-UK option you need to make sure the vendor and solution are compliant with your own security policies. In a nutshell, it says: 'you should consider options outside of the UK but only if you have checked everything is legal and secure'. This seems to be verging on a statement of the obvious; the real difficulty in going offshore is covering all of the legal, regulatory and security compliance aspects. Adequacy is a Moment in Time On point 3, the guidance points out data protection compliance is easier if the country in question is considered by the ICO to be adequate – having equivalent regulations for data protection to the UK. Sound advice. But even this is not that simple. For instance, the USA is not considered adequate unless it is under an extension of the EU-US Data Privacy Framework. This framework is dependent on an Executive Order that the Biden administration put in place, and it is entirely possible that it will be revoked by the current administration. If such an action was taken, or if for any other reason the EU decides that adequacy is no longer met (also not unlikely given Herr Schrems has achieved this twice already and has stated he plans to challenge the DPF), then the vendor will no longer be considered compliant. Consideration is Far Wider than Residency Security is far wider than data residency though. This is where point 4 both states the obvious and understates the complexity. Managing risk in the supply chain is inherently difficult. Cloud providers, and particularly SaaS solutions, aggravate this challenge by an order of magnitude. By their nature they are solutions designed for a broad and varied range of customers. This means they will always involve compromise. If they tried to meet the most demanding requirements, they would price themselves out of the scale marketplace. If they went for the lowest common denominator, they would be unable to meet the requirements of the majority. An individual customer can rarely dictate a specific security requirement for themselves. They are also highly opaque. The vendor presents their service as a black box. The features delivered to the customer are defined, but much of the underlying design and the means the vendor uses to manage it in operation are hidden. This makes assessing the risk far more of a judgement call than when the design and delivery is conducted under your control. Depending on the supplier, and the leverage that the customer has over them, it may be possible to get some information and assurances; but the right questions need to be asked, and the answers need to be interpreted correctly. Third party certifications and audits, such as the ISO27000 series of standards or the SOC1, SOC2 and SOC3 reports, can also provide some additional assurances. But only the customer will be able to decide the extent to which they can mitigate the risk, and the confidence they have in the supplier to manage their own. This is a business decision informed by the specifics and nuances of the risks being considered. Summary It is important to minimise the non-functional requirements and keep an open mind about potential solutions and vendors. This includes looking wider than just the UK when national security requirements are not paramount. But this is not something that can be distilled onto a single sheet of A4 in any meaningful way. Yes, there are legal and regulatory issues that need to be reviewed. And geopolitical risk needs to be factored in, considering how you would respond to future external changes that are outside of the UK’s control. But from experience, the greatest challenge is getting comfortable that the vendor’s organisation and their solution have adequate security – this applies equally whether the solution is hosted in the UK or overseas. The SaaS world is opaque, and balances priorities across a broad and varied customer base. The public sector needs to increase its adoption of cloud and SaaS solutions to remain efficient and relevant, in the same way that the private sector has had to. But the route to responsible adoption is more nuanced, requiring candid conversations with suppliers, and ultimately an informed but subjective judgement by the customer’s leadership. Sources/Links: DSIT Guidance for Multi-region cloud and software-as-a-service ↩︎ ICO Guide to International Transfers ↩︎ Executive Order (E.O.)14086 of October 7, 2022, on Enhancing Safeguards for United States Signals Intelligence Activities ↩︎ Note: This article originally appeared on Tom Burton's personal blog at https://digility.net/insights/
The Digital Communities All-Party Parliamentary Group (APPG) shared the ‘Care to connect: Public Switched Telephone Network (PSTN) Migration’ report with key parliamentarians on Monday at a launch meeting on Parliament Street. This report highlights key recommendations for managing the ongoing Public Switched Telephone Network (PSTN) migration, focusing on protecting vulnerable residents and ensuring effective solutions. Here are the major takeaways for local government and communication providers: Data-Sharing Agreements (DSAs) DSAs between communication providers (CPs), local authorities, and telecare providers are crucial for identifying vulnerable residents during the migration. Challenges include inconsistent responses from local authorities and fragmented approaches across CPs. The APPG recommends all local authorities and housing associations sign DSAs, regardless of progress in digital switchover, to promote uniformity and resident safety. Telecare Devices The sale of analogue telecare devices must end, as these can leave residents unsupported during the transition. The government, in collaboration with the TEC Services Association (TSA), should enforce higher standards (TEC Quality’s Quality Standards Framework) across the telecare industry to achieve robust digital migration practices. Financial support for local councils is critical to replace outdated telecare devices and prevent double costs. Battery Backup Solutions Existing guidance from Ofcom, requiring one-hour resilience for power cuts, is insufficient. The APPG recommends increasing power backup requirements to at least 4 hours in homes and 6 hours for fixed networks. Communication and energy providers must jointly create resilient power solutions, particularly for vulnerable residents reliant on telecare devices. A multi-sector priority service register should integrate communications and energy service protection for those at risk. Sunset of 2G and 3G Networks UK mobile network operators plan to stop supporting 2G and 3G networks by 2033, with some networks already switched off. There are cases where local authorities and residents have purchased telecare devices using 2G/3G SIM cards, as a lower-cost, interim solution — these devices will need to be replaced again, posing double replacement costs for local authorities and additional risks to residents. The government should stop the sale of analogue devices and accelerate efforts to prevent the redeployment of outdated telecare alarms. Summary We welcome these recommendations alongside the December 2023 PSTN Charter, the Telecare National Action Plan and the PSTN Non-voluntary Migration Checklist. The conclusions make it clear that coordination between local and central government, industry regulators (such as Ofcom and Ofgem), and communication providers (CPs), as well as significant investment in digital teams at a local level, are essential goals to ensure a safe and inclusive digital switchover for all vulnerable residents and telecare users. Read the full report here: https://digitalcommunities.inparliament.uk/care-to-connect-public-switch-telephone-network-migration-report About the APPG The Digital Communities APPG is a cross-party group of parliamentarians, with the aim to promote the delivery of digitally equipped places that support and foster a connected, healthy, and productive community. This includes the creation and maintenance of sustainable digital infrastructure, as well as providing residents with equal opportunity to thrive in a digital world. The LGA provides the secretariat to the APPG. Cambridge Management Consulting Our Public Sector and PSTN teams can help local councils and other public bodies by providing strategy, financial planning, procurement, and project management services to ensure that you have a comprehensive transition strategy and accurate financial costing for the PSTN switch-off. We can help you follow the recommendations in this report by completing a full audit, signing DSAs with CPs and most importantly, protecting vulnerable service users. Get in touch with Craig Cheney, Managing Partner and lead for Public & Education, to discuss a range of services which might suit your needs: ccheney@cambridgemc.com (or use the form below). Act now, before time and resources run out.
What Do Your Scope 3 Emissions Have to Do with Inflation? Scope 3 emissions cover everything outside your direct operations —the carbon footprint of your supply chain, purchased goods, logistics, business travel, and more. The higher your Scope 3 emissions, the more energy-intensive your supply chain is. And the more energy-intensive your supply chain, the more vulnerable you are to rising costs. Think of it this way: High Production Costs- If your suppliers are heavily dependent on fossil fuels, their production costs are rising fast Price Volatility- If your supply chain lacks efficiency and resilience, price volatility will hit you harder Locking in High Costs- If you’re not actively engaging with suppliers to reduce emissions, you’re locking in long-term cost increases that could have been avoided Without accurate Scope 3 data and a clear engagement strategy , businesses are leaving themselves open to higher prices, lower margins, and greater financial risk . Why Businesses Struggle with Scope 3 A major challenge is that Procurement and Sustainability teams often operate in silos: Procurement teams focus on cost and supplier relationships but often lack deep sustainability expertise Sustainability teams focus on compliance and decarbonisation but aren’t typically measured on financial performance This disconnect means emissions reduction is rarely treated as a financial opportunity —when in reality, cutting carbon from your supply chain is also one of the most effective ways to reduce exposure to cost inflation. The Businesses That Get This Right Will Lower their Costs Leading organisations are already taking action. They are: Gathering detailed Scope 3 emissions data to map out cost risks in their supply chain Engaging suppliers to drive efficiency, reduce emissions, and lower costs Building resilience by shifting towards lower-carbon, more cost-stable alternatives The result? Lower long-term costs, reduced financial risk, and a competitive edge over those stuck with inefficient supply chains. This is not just about sustainability compliance —it’s about smart financial decision-making. If You’re Not Taking Action, You’re Losing Money Every business will feel the impact of rising supply chain costs—but not every business will be prepared for them. If you don’t have accurate Scope 3 emissions data and an effective engagement strategy, you are: Paying more than you need to for essential goods and services Exposing your business to long-term cost inflation Missing out on opportunities to build a stronger, more resilient supply chain The sooner you act, the better the outcome for your bottom line and the planet. Is your business ready to take control of its costs? Get in touch with Cambridge Management Consulting and edenseven today. About edenseven edenseven is the sustainability-focussed sister-company of Cambridge Management Consulting. We work with businesses across all sectors in multiple regions to deliver robust and deliverable net-zero strategies. The success of any strategy relies on its awareness of how changes in policy and subsidies can create both risks and opportunities for a business. If you are a business trying to enter a new market or evolving in an existing market and would like to learn more about how edenseven can support you, please get in touch with the team at edenseven at info@edenseven.co.uk or use the contact form below. Find out more about edenseven on their website: edenseven.co.uk
Peter Drucker wrote in his book The Practice of Management (1954) that ‘it is the customer who determines what a business is’. This sentiment still firmly holds true today, as consumers increasingly expect personalised shopping experiences from aspirational businesses that desire to have a positive impact on the community, country, or world in some way. Across this series of articles, Daniel Fitzsimmons explores the role of customer-centricity as a mechanism to support the delivery of superior customer experience and business profitability. In the first two articles in this Customer Centricity series, Daniel has established the foundations of what makes a truly customer-centric organisation, and how a business can be tailored towards ensured customer satisfaction. In the final article in the series, he takes this further to discuss how technological innovation can amplify these goals. Digital Transformation – Technology Acceptance Model (TAM) Technology is typically the most common interaction point for customers engaging with products, and is especially critical to the service industry. The banking industry has pioneered the digitalisation of services (Dube and Helkkula, 2015), with digital payment services and blockchain solutions. In a fiercely competitive environment, the creation of superior value requires increased insight into how customers experience value (Medberg and Heinonen, 2014). Value can be typically defined as the ‘consumers’ overall assessment of the utility of a product based on perceptions of what is received and what is given’ (Zeithma, 1988). This concept can be extended to a value definition in the following forms: Total Monetary Value – The amount a customer is prepared to pay for a product Perceived Use Value – Defined by a customer’s perception (utility) Exchange Value – Realised when the product is sold Value can be enhanced through digital capabilities, marking technology solutions, and digital marketing strategies to support user acceptance. Securing User Acceptance One compelling approach to understanding how users may engage with a new technology is the TAM model. The TAM model suggests that Perceived Usefulness (PU) and Perceived Ease of USE (PEOU), define how a user will interact with a new product or service, i.e. if the product usefulness and ease of use can be communication, barriers to adoption can be mitigated. When developing new customer solutions, mobilisation of the TAM model is the engagement of consumers in product development, and inclusion of then construct of ‘user intent’ to inform product ideation. Venkatesh et al. formulated the unified theory of acceptance and use of technology (UTAUT). This model was found to outperform other models (Adjusted R square of 69 percent), and is worthy of further investigation in terms of its ability to predict user acceptance of new technology solutions. Experimentation Technology should function as an enabling mechanism to support experimentation in the creation of products and services, and increased alignment with prospective customers. Experimentation, which from an engineering perspective represents ‘continuous improvement’, allows businesses to see what does and doesn’t resonate with target personas, iterating towards a value proposition that will drive superior customer engagement and subsequently an increased % of the customer wallet. Booking.com runs more than 1,000 tests simultaneously to fine tune its offering specific to a user profile, behaviours, and characteristics. Experimentation and the subsequent data generated provides a meaningful base from which to make decisions, thereby negating ‘strong opinions or the HiPPO mentality, which is often pervasive in organisations. For experimentation to be successful, leadership needs to create a culture of curiosity in the business, supported by organisational design and the psychological safety to try and fail. Digital continuity provides an exciting opportunity to enhance the customer voice in product development. Real time data availability provides instant insight into consumer preference, which can be used to support product development and increasingly personalised product offers. Through the experimentation cycle, digital prototypes can be rolled out quickly to support the product innovation cycle. For experimentation to be successful, customer requirements should be integrated into business operations to create an industry-aligned value proposition (Ohmae, 1988). Conclusion Throughout this three-part series, I have demonstrated the importance of customer-centricity as a critical way to ensure success. In this article specifically, I have covered how to leverage technology – a power that is already prevalent and constantly evolving – to best support this venture. Building upon the TAM model, technology can be used to facilitate enhanced customer satisfaction, consequently spurring innovation and growth.
Funds donated by Cambridge MC supplied some new equipment, including new boards.
At Cambridge Management Consulting, we pride ourselves on building a consultancy practice that goes beyond traditional consulting. Our team is composed of specialist practitioners who have reached the pinnacle of their industries, bringing years—often decades—of hands-on experience to guide others in achieving exceptional results. This approach has established Cambridge MC as a consultancy powered by a network of diverse, proven expertise, consistently recognised for its impact and innovation. Our consultants and their work have been honoured with numerous accolades, reflecting the value we bring to our clients and industries. For example, Zoë Webster, an expert in AI, Digital & Innovation, was named one of AI Magazine’s Top 10 AI Leaders in the UK & Europe, celebrated as a pioneer reshaping industries and societies. Similarly, Craig Cheney, Managing Partner, Marvin Rees, Board Advisor, and David White, Associate, were recognised with a World Economic Forum Award for Public Private Collaboration for their contributions to the Bristol City Leap project. Craig Cheney was made an Alderman of the City of Bristol, acknowledging his eminent services to the city; and just recently, Marvin Rees OBE was introduced into the House of Lords. These achievements were further complemented by our success at the Consultancy Awards, where Cambridge MC proudly received awards in every category we were nominated for. The Consultancy Awards The Consultancy Awards, hosted annually by The Consultancy Growth Network, celebrate hard work, commitment, and innovation across the consultancy sector. Cambridge MC was honoured to receive three awards in recent years, recognising our contributions across key areas: Digital Transformation: For our project management of a multinational oil and gas company, coordinating the development of a portfolio of high-priority EV charging hub sites in major cities. Productivity Improvement / Cost Reduction: For delivering £10m in savings for a large UK online retailer in just 13 weeks, leveraging our expertise in procurement, contract, and vendor management. Fastest Growing: Celebrating our 30% growth in revenue, 100% increase in geographies, and doubling the profit we donate to charity to 12%. These awards are a testament to our commitment to delivering exceptional results for our clients while contributing to the industries we serve. Celebrating Industry Excellence While receiving accolades is always an honour, the opportunity to give back to the industries that shaped us is equally rewarding. Cambridge MC has been privileged to sponsor and judge several prestigious awards, recognising the talent and innovation that drive progress across telecommunications, technology, and connectivity. ITP Telecoms Awards As Platinum Sponsors of the ITP Telecoms Awards, hosted by the Institute of Telecommunications Professionals, we celebrated the achievements of individuals and organisations making significant contributions to the digital industry. Tim Passingham, Founder & Chairman of Cambridge MC, presented the Engineer of the Year award to Mike Mawson, Head of Fibre Innovation at Hyperoptic, recognising his exceptional work in advancing telecommunications. Global Connectivity Awards The Global Connectivity Awards, held at the O2 in London, marked its 20th year of honouring innovation across 40 categories, from technology breakthroughs to regional achievements. Cambridge MC’s Managing Partner, Charles Orsel des Sagets, joined the panel of 30 impartial judges, bringing over 30 years of expertise in fintech, cybersecurity, and connectivity to evaluate the finalists. This event highlighted the ingenuity shaping the connectivity industry and provided a platform to celebrate its brightest minds. World Communication Awards The World Communication Awards, now in its 25th year, continues to recognise excellence across telecommunications. Naaz Bax, Senior Partner and Chief of Staff at Cambridge MC, served as a judge and presented the prestigious Woman in Telecoms Award. This category celebrated the achievements of brilliant women in the industry, with the award going to Josephine Sarouk, Managing Director of Bayobab Group, for her invaluable contributions to telecommunications. DCD>Global Awards The DCD>Global Awards, held at Grosvenor House in London, celebrated talent and achievement in the data centre and telecommunications industries. Duncan Clubb, Senior Partner for Data Centres, Edge & Cloud, brought his expertise to the judging panel, evaluating finalists in categories such as the Edge Data Center Project of the Year. This event showcased the transformative impact of innovation in data centre infrastructure and edge computing. A Legacy of Ingenuity The awards, events, and individuals highlighted here reflect the wealth of expertise, innovation, and achievement that define the consulting, telecommunications, and technology industries. At Cambridge MC, we are privileged to contribute to these industries, whether by delivering impactful projects, receiving accolades, or celebrating the achievements of others. As we look ahead, we remain committed to supporting and shaping the industries we serve, continuing to drive progress and innovation in the years to come.
In my discussions with building owners and occupiers about property technology, the conversation often centres on leveraging new technologies and existing data to enhance compliance, reduce costs and carbon emissions, and improve workplace experience. Many people in the property sector share a common concern around the quality of data currently held on their buildings. This gap in record-keeping could pose significant challenges as the UK's Public Switched Telephone Network (PSTN) is retired in early 2027. PSTN is the analogue telephone network that carries voice and data over copper wires. This legacy infrastructure is becoming increasingly costly and difficult to maintain, and it is unable to handle the data demands of modern telecommunications. As a result, BT and other UK phone companies intend to withdraw PSTN services by the end of January 2027. Although records may not show it, many buildings rely on PSTN lines for critical services such as lift emergency calls, fire alarms, security systems, door entry monitoring and building management systems. Once PSTN is decommissioned, these services will cease to function without warning, potentially leading to safety compliance and security risks. To mitigate these risks, building owners should proactively assess their exposure before PSTN services are discontinued. Identifying and replacing existing PSTN connections with future-proofed, and potentially more cost-effective, digital solutions is essential for business continuity. Building occupiers should also seek assurances from their landlords regarding these transitions. At the Connected Britain Conference last year, the Minister of State for Data Protection and Telecoms, Sir Chris Bryant MP, highlighted the vital importance of digital infrastructure and cited the PSTN switch-off as a significant concern. BT recommends that its business customers act before the end of 2025. The transition to digital alternatives including testing and commissioning could take 6-9 months. A critical first step is to carry out an audit to identify systems that rely on PSTN. This audit should identify all devices connected to the PSTN, their locations, their functions, and upgrade options. I have been urging property owners and operators to develop and implement a programme of discovery and rectification as a priority. Without early and rigorous planning, the risks to safety, business continuity, and occupier experience are high. Also, as the switch-off date approaches, the costs of this work are very likely to increase significantly. Cambridge Management Consulting has a team of PSTN experts, who can identify existing PSTN-based systems, procure replacement solutions and migrate your services, as well as identifying and implementing cost reduction strategies that become possible through the transition to digital solutions. We can also ensure your organisation avoids the risks to compliance, security and occupier experience when PSTN services are withdrawn as well as reaping the long-term benefits of going digital.
At Cambridge Management Consulting, we place just as much emphasis on the growth and development of our in-house industry experts and professionals, as the businesses and organisations that they work with. We do not hire consultants; we hire genuine practitioners with hands-on, demonstrable real-world experience – but we also make sure that doesn’t stop at the door. We ensure that our consultants get as much out of our partnerships and business ventures as our customers do. One of our consultants who has experienced this growth and progression first hand is Darren Sheppard, recently made a Senior Partner for Contract Management & Digital Transformation. In this article, we are shining a spotlight on Darren’s numerous career highlights with Cambridge Management Consulting, including the delivery of multiple successful projects and award-winning cost saving programmes. Darren Sheppard With nearly 30 years of experience, Darren began his career as a collections agent, underwriter, and later a Credit Risk and Collections Manager for 20th Century Fox. Since then, Darren has occupied numerous senior consulting and senior management roles across Finance, Operations, Sales/Business Development and Commercial/Contract Management for major telecommunications companies such as T-Mobile, EE and BT. After establishing his own consultancy business, he was engaged by Sovereign Business Integration Group as Group Director of Operations. Darren joined Cambridge MC in 2021 as a Partner to lead our Digital Contract & Service Management practice. Since then, he has delivered multiple complex and successful programmes for numerous high-profile clients and customers. Throughout his career, his positions have seen him responsible for setting and delivering the strategy of each organisation, be it driving partner growth, managing stakeholder relationships, coordinating go-to-market, operations, and commercial management. Contract Management, FTSE250 Financial Services Provider In 2021, Darren began a programme with a FTSE250 financial services provider specialising in trading solutions to support the transition of two of their financial derivatives trading platform businesses. Throughout this, Darren was responsible for reviewing the TSA document and all associated Vendor Contracts, negotiating with the vendors on a continuation and/or transfer of agreement post-closure and throughout the term of the TSA. Due to his proficiency, Darren and the team were able to deliver this TSA programme six months early and significantly under budget. You can read more about this project here . Following the success of Darren’s work, this financial services provider continued to engage Cambridge MC to support their Strategic Partnerships & Commercial Management. In reviewing their current processes and modernising as appropriate, together with assessing strategic supplier contracts to align their KPIs with business goals, Darren helped to establish a set of processes to help his client reach their business goals. Deputy COO, Management Consultancy Between the summers of 2022 and 2023, Darren occupied the role of Deputy Chief Operating Officer for a management consultancy, overseeing strategic planning, project management, and operational efficiency initiatives. During this time, Darren designed and implemented a lifecycle workflow for managing engagements, ensured effective contracting, and successfully delivered the implementation of ISO 27001 standards. COO, Environmental Air Quality Monitoring Alongside the above interim role, Darren was engaged to occupy the role of COO for IKNAIA, an environmental air quality monitoring organisation, of which the CEO was originally forced to occupy both C-Suite positions. In this role, Darren managed day-to-day operations, elevated the leadership team, and oversaw all operational aspects of company strategy. Throughout this time, Darren has helped them to overcome limited capital, streamline operational efficiency, and re-prioritise their pipeline. Finally, he supported the successful divestment of the company, carefully balancing the interests of stakeholders, he ensured that the deal structure was both fair and beneficial, delivering long-term value to the acquiring organisation while safeguarding the interests of the employees, investors, and clients. Ultimately, his efforts achieved a transaction that positioned the company for continued success under new ownership. You can read more about this work here . Cost Reduction, Online Retailer In early 2023, Darren supported a large UK online retailer through a downsizing exercise and the changes in demand and expenditure which came with it. By performing a deep dive on all vendor contracts, establishing priority saving areas and engaging in supplier negotiations, Darren and the team were able to deliver £10m of savings on an addressable budget of £85m, in just thirteen weeks. This programme was later nominated for and won an award at the Consultancy Awards 2024 in their Productivity Improvement/Cost Reduction category. Due Diligence, Wholesale Networks Provider Darren’s next programme involved conducting commercial due diligence for a wholesale networks provider, working with their investors to review the feasibility of investing in a company specialising in telecoms software. This saw him evaluate their business model, examine the software’s features to identify any intellectual property and patents, and assess the business’ risk register to ensure that it was future-proofed. Darren’s due diligence work and focus led to the successful acquisition of the company. Vendor Performance Management, Russell-Group University For a prestigious academic institution, Darren conducted Vendor Performance Management and Service Performance Management, assessing their current performance delivery in order to identify areas where improvement was needed. During this time, Darren was responsible for all of the Vendor Performance for their three Modern Network Vendors, analysing data to identify areas for improvement, developing a communication plan, and presenting a negotiation strategy to the university. Get in Touch Across all of these projects and programmes, Darren has leveraged his commercial, contract management and vendor negotiation capabilities to streamline and strengthen each organisation he has supported. For more information on how Darren can optimise your business, contact him using the form below.
Since the origins of the quest for artificial intelligence (AI), there has been a debate about what is unique to human intelligence and behaviour and what can be meaningfully replicated by technology. In this article we discuss these arguments and the ramifications of 'ignorance' as it is expressed by current AI models. To what Extent can Artificial Intelligence Match or Surpass Human Intelligence? This article approaches the question of artificial intelligence by posing philosophical questions about the current limitations in AI capabilities and whether they could have significant consequences if we empower those agents with too much responsibility. Two recent podcast series provide useful and comparative insights into both the current progress towards Artificial General Intelligence (AGI) and the important role of ignorance in our own cognitive abilities. The first is Season 3 of 'Google DeepMind: The Podcast”, presented by Hannah Fry, which describes the current state of art in AI. The second is Season 2 of the BBC's 'The Long History of… Ignorance' presented by Rory Stewart, which explores our own philosophical relationship with ignorance. A Celebration of Ignorance Rory Stuart’s podcast is a fascinating exploration of the value that we gain from ignorance. It is based on the thesis that ignorance is not just the absence of intelligence. It feeds humility and is essential to the most creative endeavours that humans have achieved. To ignore ignorance, is to put complex human systems, such as government and society, into peril. The key question we pose is whether or not current AI appreciates its ignorance. That is, can it recognise that it doesn’t know everything. Can AI embrace, respect and correctly recognise its own ignorance: meaning it doesn’t just learn through hindsight but becomes wiser; and is fundamentally influenced, when it makes decisions and offers conclusions, that it is doing so from a position of ignorance. The Rumsfeldian Trinity of Knowns The late Donald Rumsfeld is most popularly remembered for his theory of knowns. He described that there are the things we know we know; things we known we don’t know; and things we don’t know we don’t know. Stewart makes multiple references to this in his podcast. At the time that Rumsfeld made the statement it was widely reported as a blunder—as a statement of the blindingly obvious. Since then, the trinity of knowns has entered the discourse of a variety of fields and is widely quoted and used in epistemological systems and enquiries. Let us take each in turn, and consider how AI treats or understands these statements. Understanding our 'known knowns' is relatively easy. We would suggest that current AI is better than any of us at knowing what it knows We also put forward that 'known unknowns' should be pretty straightforward for AI. If you ask a human a question, and they don't know the answer, it is easy to report this an an unknown. In fact, young children deal with this task without issue. AI should also be able to handle this concept. Both human and artificial intelligence will sometimes make things up when the facts to support an answer aren’t known, but that should not be an insurmountable problem to solve. As Rumsfeld was trying to convey, it is the final category of 'unknown unknowns' that tends to pose a threat. These are missing facts that you cannot easily deduce as missing. This includes situations where you have no reason to believe that 'something' (in Rumsfeld's case, a threat) might exist. It is an area of huge misunderstandings in human logic and reasoning; such as accepting that the world is flat because nobody has yet considered that it might be spherical. It is expecting Isaac Newton to understand the concept of particle physics and the existence of the Higgs boson when he theorises about gravity. Or following one course of action because there was no reason to believe that there might be another available: all evidence in my known universe points to Plan A, so Plan A must be the only viable option. In experiments with ChatGPT, there is good reason to believe that it can be humble; that it recognises it doesn’t know everything. But the models seem far more focused on coping with 'known unknowns' than recognising the existence of 'unknown unknowns'. When asked how it handles unknown unknowns, it explained that it would ask clarifying questions or acknowledge when something is beyond its knowledge. These appear to be techniques for dealing with known unknowns and not unknown unknowns. The More we Learn, the More we Understand How Much we Don’t Know Through early life, in our progression from childhood to adulthood, we are taught that the more you know and understand, the more successful you will be. Not knowing a fact or principle was not something to be proud of, and should be addressed by learning the missing knowledge and followed by learning even more to avoid failure in the future. In education we are encouraged to value knowledge more than anything else. But as we get older, we learn with hindsight from the mistakes we have made from ill-informed decisions. In the process, we become more conscious of how little we actually know. If AI in its current form does not appreciate or respect this fundamental concept of ignorance, then we should ask what flaws might exist in its decision-making and reasoning? The Peril of Hubris To feel that we can understand all aspects of a complex system is hubris. Rory Stewart touches on this from his experience in government. It is a fallacy to believe that we should be able to solve really difficult systemic problems just by understanding more detail and storing more facts about the characteristics of society. As Stewart notes, this leads to brittle, deterministic solutions based on the known facts with only a measure of tolerance for the 'known unknowns'. Their vulnerability to the 'law of unintended consequences' is proven repeatedly when the solution is found fundamentally flawed because of facts that were never, and probably could never be, anticipated. These unknown unknowns might be known elsewhere, but remain out of sight to the person making the decision. Some unknown unknowns might be revealed, by speaking to the right experts or with the right lines of enquiry. However, many things are universally unknown at any moment in time. There are laws of physics today that were unknown unknowns to scientists only few decades previously. The Basis of True Creativity Stewart dedicates an entire episode to ignorance’s contribution to creativity, bringing in the views and testaments of great artists of our time, like Antony Gormley. If creativity is more than the incremental improvement of what has existed before, how can it be possible without being mindful of the expanse of everything you don’t know? This is not a new theory. If you search for “the contribution that ignorance makes to human thinking and creativity” you will find numerous sources that discuss it, with references ranging from Buddhism to Charles Dickens. Stewart describes Gormley’s process of trying to empty his mind of everything in order to set the conditions for creativity. Creativity is vital to more than creating works of art. It is an essential part of complex decision-making. We use metaphors like 'brainstorming or blue sky thinking' to describe the state of opening your mind and not being constrained by bias, preconception or past experience. This is useful, not just to come up with new solutions, but also to 'war game' previously unforeseen scenarios that might present hazards to those solutions. What would you Entrust to a Super-Genius? So, if respecting and appreciating our undefined and unbounded ignorance is vital to making good and responsible decisions as humans, where does this leave AI? Is AI currently able to learn from hindsight – not just learn the corrected fact, but learn from the very act of being wrong? In turn, from this learning, can it be more conscious of its shortcomings when considering things with foresight? Or are we creating an arrogant super-genius unscarred by its mistakes of the past and unable to think outside the box? How will this hubris affect the advice it offers and the decisions it takes? What if we lived in a village where the candidates for leader were a wise, humble elder and a know-it-all? The wise elder had experienced many different situations, including war, famine, joy and happiness; they have improvised solutions to problems that they have faced in the past, and have learnt in the process that a closed mind stifles creativity; they knew the mistakes they had made, and therefore knew their eternal limitations. The village 'genius' was young and highly educated, having been to the finest university in the land. They knew everything ever written in a book, and they were not conscious of making a bad decision. Who would you vote for to be your leader? Conclusion The concepts described here are almost certainly being dealt with by teams at Google DeepMind and the other AI companies. They shouldn’t be insurmountable. The current models may have a degree of caution built into them to damp the more extreme enthusiasm. But I’d argue that caution when making decisions based on what you know is not the same as creatively exploring the 'what if' scenarios in the vast expanse of what you don’t know. We should be cautious of the advice we take from these models and what we empower them to do—until we are satisfied that they are wise and creative as well as intelligent. Some tasks don’t require wisdom or creativity, and we can and should exploit the benefits that these technologies bring in this context. But does it take both qualities to decide which ones do? We leave you with that little circular conundrum to ponder.
OUR OFFICES
SUBSCRIBE FOR LATEST INSIGHTS
FOLLOW US
THE FINE PRINT
