Cyber Security Predictions for 2024

John Madelin
Subscribe Contact us
John Madelin

“Cybercrime is the number one problem for mankind, and Cyberattacks are a bigger threat to humanity than nuclear weapons” - Warren Buffet

 

As we enter 2024, there are signs that the Cyber Security industry is teetering on the brink of a major transformation, culminating in a more coherent and business-involved approach which will ensure a better understanding and management of cyber risks.


Setting aside other associated factors for now, this metamorphosis is being fuelled by the astronomical rise in cybercrime that has been observable across the previous 3-5 years, turning it into a multi-trillion-dollar industry. The business leaders who missed this sudden rise in temperature, suddenly find themselves in boiling water.


These anticipated and imminent changes, accelerated by the lucrative and seemingly untouchable nature of cybercrime, will inevitably necessitate a more fundamental redefinition of cybersecurity strategies. The Dark Web’s explosion of sophisticated crime and the pivot from traditional crime streams, such as the illegal drug industry, to the high profit margins and low-risk profile of cybercrime is just too irresistible to a growing demographic. Between the intoxicating mix of easy money and apparent immunity, the appeal of cybercrime is reaching not only existing criminals, but new breeds.


This new era and new generation will force us to re-characterise what we mean by Cyber Security, as business leaders are set to thaw the icy divide between CISOs and the CIOs with whom they tend to work. This will push the industry into constructing a more deeply integrated and pervasive defence strategy overall.


However, this shift is not just about adopting new technologies; on the contrary, it amounts to a cultural revolution, and the associated liability, regulatory, maturity, quantification, integration, communication, and behavioural shifts in emphasis that are pulled into its current will be further catalysed by the growing ranks of ingenious cyber criminals and hackers at the gate, equipped to breach your defences with persistent creativity.


By now you may be thinking ‘wasn’t this a predictions article’? Yes, and so far I have tried to emphasise why the critical tactical actions that we begin today must be held to, not merely as piecemeal reactions to the cyber environment I have thus far outlined, but all the way to future proof. These tactical building-block priorities must become the planned foundations to support long-term resilience, we otherwise risk seeing the criminals melt into the dark web with our money and private data.


There’s a likelihood that absent vital improvements in our cyber defences, left by those still using old-school, gear-heavy, and fragmented defences, led by the autonomous and uncommunicative CISOs, those who fail to adapt will find themselves outmanoeuvred by the increasingly resourceful cybercriminals.


However, for those organisations in 2024 who recognise the gravity of the current climate and ingenuity of recent cybersecurity threats—and commit to more fundamental practices built into more IT and business integrated frameworks (which might also suggest a new breed of CISO)—the transition into 2025 is likely to be marked by a significant decrease in anxiety, and far more restful nights.


Traditional Technology Predictions for 2024


In this first section, we look at the more traditional, in-brief predictions for the gearheads, specifically falling within my Top 6 most pressing technology themes that will colour 2024:

 

Multi-Factor Authentication

 

Given how prevalent credentials are in attacks, we used to follow the rule of ‘Anything web-facing needs Multi-Factor Authentication (MFA)’. Now, in 2024, thanks to the cloud breaking into our legacy estate, our complete clarity on what exactly is being published to the web has become obscured. In 2024, the mantra must be changed to ‘everything needs MFA’, but this still has a long way to go.


Privileged Access Management

 

Since Privileged credentials are the holy grail for cybercriminals, these chinks in the armour need resolving urgently. This is exacerbated by the way in which responsibility for this resolution is spread across business units; tactical challenges can be resolved, but only if an appropriate leader, at an appropriate level, applies some pressure and urgency.


Systems are out-of-date, there are too many passwords, many of these are mismanaged, privileges themselves are too excessive, etc. In modern systems, the arrival of cloud multiplies these complexities, as does the expansion of responsibilities to third parties.


These systemic failings need to be addressed in 2024, and imminently. The way forward is a cross-functional emergency exercise, with a target to adopt and maintain serious discipline by this time next year.

 

Monitoring

 

You read that correctly—unbelievably, monitoring is much further behind than it needs to be as we move further into 2024, a fact that has somehow gone largely unnoticed.


This may be the reason why the cyber insurance industry weathered rough seas in 2020, and why we are now overwhelmed with high volumes of indiscriminate alerts.


We must improve basic log aggregation, normalisation, and correlations, through better IT integration. This reporting should be developed to enhance action, with a, perhaps uncomfortable, focus on more meaningful ‘one-ten-sixty’-style reporting.


With today’s current threat landscape, if the insurance losses are anything to go by, if your monitoring is not polished in 2024 then you can forget cyber insurance, as you can expect to suffer losses in 2024. 

 

Zero Trust

 

As a frequently misused and misunderstood phrase, it is important to establish a clear and consistent definition of what we mean by ‘Zero Trust’, first coined by Forrester’s John Kindervag many moons ago. The need for clarity is equally important to business leaders; they will expect quick intelligibility and relevance, or they will lose interest fast—and, for the first time in 2024, we need them seriously on board.


As you probably know, Kindervag’s core theme was to shift from the network’s ‘trust but verify’ model to ‘never trust but always verify’. This more cloud-ready mindset forces more emphasis on users, data, and devices across better segmented and more continuously monitored networks, also enhancing third-party risk management scenarios. Incremental steps in this direction, which reflect the need for more fundamental practices within more IT-integrated frameworks, can pay quick dividends in 2024.

 

AI Threats

 

I was reluctant to include this one, as I don’t believe that the use of AI either offensively or defensively will have a truly transformative effect on cyber defences in 2024/2025. I must, however, acknowledge that cybercriminals, who are after a quick win and are inherently street-smart, will use it to operate smarter and faster. At the very least, this will hopefully force companies to take care of their basics more effectively.


That being said, keeping an eye on AI is an increasingly critical aspect of security that is often overlooked, specifically the need to conduct regular, repeatable security testing of the AI technologies themselves. As the integration and use of AI tools becomes more pervasive, a new category is poised to become a bigger emphasis in 2024, one which continuously monitors AI systems for any unusual activities or anomalies, including tracking system performance and outputs.

 

IoT and OT (Complexity and Criticality)

 

Arguably, IoT is just more IP end points, which the networkers amongst you will be unphased by. I am using OT as shorthand (as many non-IT aware business leaders do) for ‘critical supply chain systems’. This amplification of the criticality of IoT as they continue to undertake more supply-chain functions suggests that we will need to distinguish which of them support critical business processes. In 2024, getting our arms around a near real-time and complex CMDB (the basic inventory of our IT estate), including this explosion of more integrated, more intelligent, and more mission-critical IP end points becomes of pressing concern. 


Conclusion


Some might argue that these predictions are a little basic, and you will have noted that I collected cloud and third party under ‘Zero Trust’, when arguably there is so much more to be said for both. However, I unapologetically remain of the opinion that, if we continue to build our infrastructure on sand, then we shouldn’t be surprised when it sinks.


A key theme in 2024, as we consider my predictions in the next section, is that we must first attack these ‘basic’ technical security categories in more meaningful ways before leaping into shinier, strategic topics that will remain moot if unsupported by solid foundations. 


What is Really Driving Change in 2024


The Business Sophistication of the Cyber-Criminal Fraternity


Cybercrime as a Service (CaaS) is an industry by which threat actors on the Dark Web sell their tools, expertise, and services to others, often in franchise or affiliate models.


Since the primary goal for such criminals is to make more money with less effort and less direct involvement, this exploding trend is a worrying, yet increasingly material, part of the criminal Dark Web. It is estimated that at least two thirds of ransomware, one of the largest categories of cybercrime, is conducted through a CaaS model (according to Cyber Resilience Insights).


There is a frightening level of organisation and sophistication with the roles, expertise, and infrastructure of these CaaS models that is making it easier for new entrants to subscribe to criminal franchises without the need for any technical or operational knowledge. Full-service CaaS operators will offer not only customer service to affiliates during ransomware campaigns, but they may also handle ransomware payments and decryption key access, for example.


The organisational sophistication of these franchisors is breathtaking, let alone their pricing and marketing capabilities. Operators such as Lockbit 2.0 offers guarantees on the speed of infection, not to mention service guarantees in recovery for those who pay the ransom.


In 2024 and beyond, his will continue to enable access to a wider demographic of new criminal profiteers in more resilient and integrated models that continue to evolve and improve with time and volume. More criminals will continue to exit lower profit and higher risk activities, such as people-trafficking and drugs, and move into cybercrime. 


Key 2024 Takeaway: This re-enforces the need to re-visit the basics; cyber activities will continue to be a volume game for the perpetrators. 

 

Visibility of Cybercrime to Non-Experts

 

Crime will become more visible, at last.


At the higher end of the size estimates for cybercrime are $10.5 trillion by 2027. Allowing for a certain amount of scepticism, even if we halve those numbers, the US Government estimates that IP theft alone now amounts to around $600 billion a year, suggesting that ‘trillions’ is now the sizing language for cybercrime.


It should be noted that this number is widely distributed across a wide variety of criminal activity. The criminal fraternity are not greedy, given that too much visibility raises risk levels from complete impunity to unnecessary minimum risk. Whilst, globally, 72.7% of all organisations fell prey to a ransomware attack in 2023 (Statista), too much of this goes unreported. Because it represents a huge volume of mid-level cash impact, it has been too fragmented for any single action to deliver any more attention-grabbing deathblows, but is instead amounting to a less visually compulsive ‘death by a thousand cuts’.


Attacks are becoming so widespread and persistent, as well as collectively reaching material levels from a wider demographic of criminals, and taking numerous variegated forms of profiteering (such as data theft, phishing, malware, ransomware, DDos), that the growth in visibility to the Boardroom will accelerate in 2024.


Key 2024 Takeaway: In the past, research has suggested that CISOs have gotten away with accepting ‘smile and wave’ feedback from the board. While that may have worked previously, this will now force security and IT leaders to be held more accountable in real terms in 2024, and we will see much sharper qualification and expectations from the Board in the coming year as a result.


Furthermore, this opportunity will not be lost on the more mature CISOs. They will use these almost absurdly unrealistic yet engaging and increasingly visible happenings to fuel strong anecdotal storytelling with board members, in order to catch and retain their attention.

 

Authorities will Continue to Turn Up the Heat on CISOs and Business Leaders

 

A recent set of straw polls from front-line incident response experts in 2023 suggested that between 70-90% of incidents are not disclosed and, in another significant proportion, ransoms are paid.


However, during July 2023, the Securities and Exchange Commission (SEC) in the US adopted rules requiring registrants to disclose any material cybersecurity incidents that they experience, and to disclose on an annual basis any information regarding their cybersecurity risk management, strategy, and governance.


For those breathing a sigh of relief that they do not work or reside within the US, the Commission has also adopted rules that effectively incorporate certain categories of foreign entity that pass a business contact or ownership test. These steps are expected to be adopted in Europe, and some of them have already been incorporated within the EU Cyber Resilience Act (CRA).


These new rules will require registrants to disclose any cybersecurity incident they determine to be significant enough on a formal reporting form, and to describe the aspects of the incident’s nature, scope, and timing, as well as its impact – or potential impact – on the registrant.


These changes will thus force a much closer relationship to develop with lawyers in 2024, who must be prepared for virtually real-time disclosure responsibilities and their impacts on personal and professional liabilities and fines. 


Key 2024 Takeaway: Disclosure warrants a significant amount of workload involving lawyers, regulators, clients, media, executive, and the board, not to mention all the paperwork around the crime scene and a host of behaviours affected by subject-to-privilege constraints.


With all of this in mind, it is even more important to run those tabletop exercises in 2024, and ensure that you have all of the internal help and flexible bench strength from a host of experts ready at hand.

 

Around 50% of CISOs will leave in 2024

 

Another recent survey has suggested that 94% of CISOs are affected by stress, and that, for 64%, these, stress levels are compromising their ability to do their job. The relentless barrage of incidents which consistently affect nights, weekends, and vacations, combined with the aggression with which such incidents are met from impatient work colleagues and business partners is traumatic enough, but it is increasingly becoming the norm for CISOs to be held personally liable.


Recent actions from the US Government display a growing practice of holding executives accountable for cybersecurity breaches. Notably, the US District Court in San Francisco brought criminal charges against Joe Sullivan, Uber’s former CISO, for his alleged role in covering up a 2016 data breach. Professional observers say that he narrowly avoided going to prison because he was the first, and thus the rest of us should see this as a warning; however, it should be noted here that his $50,000 fine, significant costs of defending himself, and three years of probation are not going to help CISO stress levels.


This is compounded by the latest news from SolarWinds suggesting that executives there are likely to be held personally liable for their cyber security threats. Admittedly, as of now, there hasn’t been a specific legislation or regulation that would lead to the staff at SolarWinds being personally liable, but the legal and regulatory landscape is evolving, with discussions surrounding the accountability for cybersecurity incidents at the corporate leadership level expected to accelerate. In short, it can be deduced that around 50% of CISOs are expected to change career paths by 2025.


More imminently, in 2024, all of this will result in the lawyers and leaders representing major organisations paying much more attention to cyber and their D&O insurance. This shift will force closer attention and alignment with broader efforts to strengthen cyber defence mechanisms and ensure responsible management of cybersecurity risks within organisations, where failures in attention to detail could still result in jail time and other uncovered and personal liabilities. 


Key 2024 Takeaway: This concerns those in business leadership specifically. If your CISO is a true front-line CISO, they will be suffering, and if you have not already done so, then now is the time to reach out and offer support. Accountability needs to be shared, or you’re going to lose your CISO and find them hard to replace. The days of autonomous and isolated CISOs being ‘left to do the expert cyber stuff’ are over.

 

Budgets and Quantifying Risk and Return in Cyber Security

 

In a recent board and CISO report, supported by thorough survey work and conducted by the analyst firm, Cyentia, the topics and concerns mentioned by board members that were cited as the most critical and pressing fell at the bottom of the priority list for CISOs.


I was closely involved in the first of the series, and personally spoke to dozens of CISOs, all of whom assured me of their close relationship and good communication with the board. The 75 board members surveyed universally disagreed—one quote in particular spoke volumes: ‘Security has a seat at the table, but has nothing to say. We’re listening, but security mumbles.’


The board-side lack of appetite to resolve these differences was amplified by the fact that, at the time (2017-2018), cybercrime did not have the visibility that it has today, in which it is near-impossible to ignore, and, in their words, ‘there’s no chance of fines or personal liability for me’.


Looking at the spending side, there has been almost unconstrained growth in Cyber Budgets in the period 2010 to 2020, expanding across a wide range from 6% - 14% of the company’s annual IT budget, and averaging at 10%. This has grown during a period in which, while experts could recognise the growth in cybercrime activity, business leaders felt no need to get involved.


Arguably, budgets were parcelled out to CISOs largely to keep the problem at arm’s length, during a time at which, according to my own survey expertise, leaders were paying lip-service to cyber defence and regulation.


Meanwhile, the evolving and escalating nature of cyber threats has hit the radars of most business leaders. In 2020, the FBI declared a record level of activity, unbeknownst at the time that this remarkable increase would continue to accelerate.


As cybercrime has exploded in size and diversity since 2020, budgets have been reducing. This is a strange coincidence, with one theory being that IT leaders and CISOs have suddenly found themselves being asked to hold themselves accountable for a spend that, over the last 15 years, has been tech-vendor-led, uncontrolled, and indiscriminate. This has led to the pause-button being hit in order to better understand what we have, before choosing to add any further investment.


‘Indiscriminate’ may seem like a provocative turn of phrase here, but it covers the reduced accountability for clear outcomes than are associated with other spending categories of a similar size. In the apocryphal words of some CISOs, the more you spend, the more ‘nothing’ (referring to peace of mind) that you get. This is not usually a good enough business case for a CFO.


Key 2024 Takeaway: The security community has tried and failed to engage the Board with any impact. The security community has struggled to meaningfully capture the Board's attention. However, there's a promising shift towards a new archetype of business savvy CISOs who embrace the 'listen more, speak less' approach, skilfully blending rigorous discipline with the nuanced 'narrate with data' soft skills required. Despite these advancements, bridging the gap between cybersecurity and executive engagement remains a significant hurdle, and there is still a long way to go.


In 2024, CISOs must identify with the business, build security awareness, be credible and candid, and provide ‘pointed evidence’. KPIs for the board should be based on underlying core business initiatives supported by security products and processes in a ‘by design’ approach that places security as an unobtrusive yet solid foundation to business offerings and the platforms upon which they sit.


Conclusion


While I anticipate the eye-rolls toward the Warren Buffet quote with which I opened this article, I hope we can all agree that he is not known for his hyperbole. Rather, he is known for due diligence across a wide cross-section of businesses. I am assuming he will have seen first-hand the Board members squirming as the temperature rises.


2024 will be the year to finally consolidate, integrate, simplify, and operationalise shoulder-to-shoulder with business and IT leaders, who will at last take an active interest in cyber security, and expect CISOs to operate like business leaders, together.


The interest and active engagement of the board will be amplified by the extraordinary scale and frightening growth, not to mention evolution, of cybercrime.


Attention will also be sharpened by the promise of serious personal and professional liability, with material amounts of money, and a stronger likelihood of being affected, coming into view for even the most sceptical of naysayers.


It is still going to be about getting the basics right in 2024, as the profound changes outlined in this article necessitate a more fundamental redefinition of cybersecurity strategies at a cultural level, involving a wider demographic of more actively interested leaders and lawyers determined to support the more coherent and integrated execution of threat defence strategy.


At Cambridge Management Consulting, we are equipped with a Cyber Security practice, led by John Madelin, which can accelerate, optimise, and strengthen your cyber-infrastructure, and support you in staying ahead of these trends and developments.

About Cambridge Management Consulting


Cambridge Management Consulting (Cambridge MC) is an international consulting firm that helps companies of all sizes have a better impact on the world. Founded in Cambridge, UK, initially to help the start-up community, Cambridge MC has grown to over 150 consultants working on projects in 20 countries.


Our capabilities focus on supporting the private and public sector with their people, process and digital technology challenges.


For more information visit www.cambridgemc.com or get in touch below.

Contact - Africa

Subscribe to our Newsletter

Blog Subscribe

SHARE CONTENT

Case Study: Energy Sourcing Review and Supplier Engagement

by Pete Nisbet 7 November 2024
edenseven Designs Energy Supply Strategy for H2 Green By conducting an energy sourcing review and engaging with suppliers H2 Green are a large-scale hydrogen storage business with a focus onsite close to towns and cities across the UK. H2 Green’s ambition is to build hydrogen hubs that deliver large amounts of hydrogen, providing security of supply for multiple users across whole regions. H2 Green engaged edenseven, one of the Cambridge Management Consulting group of companies, to build an electricity supply strategy to meet their growth aspirations and environmental requirements. Project Overview To provide a clear outline of the contracting structures within the UK electricity market which would support the green credentials of the business. Structures needed to range from REGO back supply contracts to more complex long-term renewables agreements. All contracting requirements needed to meet the ‘Renewables Transport Fuel Obligations’ and ‘Low Carbon Hydrogen Standard’. Investigate the commercial opportunities short short-term flexibility of assets and liaise with the supply commodity on product development. Support in consultations to government departments relating to the proposed price support mechanism. Skills & Knowledge An energy expert with a detailed knowledge of the UK energy market, with a specific understanding of the evolving policy landscape and how green hydrogen fits into the government’s forward plans. An insight into global commodity markets and the various contracting structures currently in place across the supply community. A clear understanding of how assets can be utilised in the short-term trading markets and the value of ‘optionality’. An individual who holds key relationships across the supply community to enable product development and the ability to influence existing standardised offerings. Outcome & Results Market Analysis : The delivery of a clear and concise view of all the contracting structures currently being provided with the UK electricity market; this included both physical and financial products. Engagement with Government Bodies : A well-considered submission to the relevant government bodies in response to a published consultation. This outlined the appropriate pricing and support structure needed to accelerate the Green Hydrogen Industry. Supplier and Investor Relationships : The creation of a strong link to key suppliers and investors within the energy market. Promoting the development of Green Hydrogen and the benefits it can bring to global decarbonisation.
A satellite over planet Earth with the sun glowing in the top left

An Overview of the Current Satellite Communications Industry

by Steve Tunnicliffe 15 October 2024
The Satellite Industry is in a Period of Momentous Transformation The satellite industry is going through a period of momentous transformation with the emergence of new entrants and new technologies in every segment of the value chain. For decades satellite communications have been dominated by a handful of GEO satellite manufacturers, satellite operators and ground segment manufacturers with almost a cottage-industry-like network of service providers and value-added manufacturers (BUCs, LNBs and antennas). This has been a linear and predictable business model with entirely proprietary technologies. We now see the emergence of new Non-Geostationary Orbit (NGSO), or multi orbit players in LEO, MEO and HEO building completely vertically integrated systems. This shift has significantly driven down capacity pricing: the price of satellite bandwidth for data services has dropped 77% over five years according to analysts Novaspace, formerly known as Euroconsult. Starlink, as the first to market, is making waves by disrupting market sectors historically monopolised by the established GEO players such as maritime, aero and enterprise connectivity. Two years ago, the industry would have dismissed Starlink's impact on maritime or aero connectivity segments. The sentiment was that Starlink has ‘no CIR’ (Committed Information Rate) and therefore would not be considered ‘reliable’ for mobile or critical communications. This notion has since been overturned and the naysayers have paid a price with a significant impact to revenues in maritime—the cruise industry in particular—with Starlink now making inroads into aviation and previously inviolable segments like defence. Starlink has also revolutionised satellite manufacturing, leveraging new technologies such as 3D printing to mass-produce satellites at a phenomenal rate, reducing costs to between $250,000 and $500,000 per satellite. The race is on, with Elon Musk’s Starlink trying to acquire as many subscribers as possible before the challengers like Amazon's Kuiper and Telesat's Lightspeed emerge. Forrester's Digital has predicted that SpaceX’s Starlink broadband-by-satellite system is likely to end 2025 with around 8 million customers (it ended 2024 with approximately 5 million), a remarkable growth rate when you consider that each of the leading GEO satellite operators typically have around 25,000 enterprise VSAT terminals activated. We also see the emergence of Small Sat and MicroGEO manufacturers disrupting traditional commercial models with innovations like satellite-as-a-service. This technology provides additional or targeted capacity for defence and government in hotspot areas. Twenty-five years ago, building and launching a satellite would have cost at least two billion USD. Now we see them being built and launched at a fraction of that cost (circa $60 million), reducing the price per gigabit equal to or below fibre. Starlink has also been fundamental to reducing launch costs. In 1981, launch costs were $147k per kilogram of payload. Starlink’s current generation of rockets have brought this down to $2300 and with the introduction of their new Starship rocket, Elon Musk is talking about a price as low as $100 per kilogram. This scale of reduction in launch costs is driving the democratisation of space by allowing new use cases for space to emerge. The satellite industry is also seeing unprecedented consolidation, coopetition and collaboration, creating a range of new offers to consumers, enterprise and governments. Significant transactions include: In April 2024, SES announced its intention to acquire rival Intelsat. If and when this completes, it will be a significant transaction In May 2023, Viasat completed its acquisition of Inmarsat In October 2023, Eutelsat and OneWeb completed their merger transaction In March 2024, prior to the SES announcement, Intelsat extended its partnership with competitor Eutelsat-OneWeb for LEO services.

Building an AI-Ready Infrastructure

by Duncan Clubb 6 September 2024
Artificial Intelligence (AI) is the hottest topic in technology for many reasons, good and bad, but it’s happening and it’s here to stay, so how do we build the infrastructure necessary to support it? To start with, we should recognise that there are many forms of AI. The one that has created the most buzz is generative AI, as seen in ChatGPT, Meta's LLaMA, Claude, Google’s Gemini, and others. Generative AI relies on LLMs (Large Language Models) which have to be trained using vast amounts of data. These LLMs sit in data centres around the world, interconnected by vast fibre networks. The data centre industry has not stopped talking about AI for at least 18 months, as it gears up for an ‘explosion’ in demand for new capacity. Some of the most respected voices in technology have predicted immense amounts of growth in data centre requirements, with predictions of triple the current capacity within 10 years being at the conservative end. That’s three times the current global data centre market, which has taken 30 years or more to get to where it is today. And, when we say growth, we’re talking about power. AI systems will require three times more electricity than data centres currently consume. Depending on who you ask, that’s about 2-4% of today’s global electricity production. And we’re talking about tripling that, or more. Data Centres So, what is ‘AI-ready infrastructure’ and how are we going to build it? The two key elements are data centres (to house the AI systems) and networks (to connect them with the rest of the world). LLM training typically uses servers with GPUs (the chip of choice for AI) and, for various technical reasons, these work best when in close physical proximity to each other – in other words, GPUs work best in large numbers in large data centres. Not just that, but the new generations of GPUs work best in dense data centres, meaning that each rack or cabinet of AI kit needs a lot of power. Most data centres are designed to accommodate older kit that is not so power hungry. The average consumption globally is about 8kW per rack, although many still operate at about 2kW per rack. The latest nVidia (the leading GPU manufacturer) array needs a colossal 120kW per rack. The infrastructure inside a data centre designed for these beasts is complex: the cooling systems (GPUs run very hot) and electrical distribution systems are much harder to design and set up, and are also expensive. So, data centres for AI training systems are mostly going to be new, as adapting older facilities is a non-starter. So, where do you put them? Finding land next to the vast amounts of electricity required is increasingly difficult in many European countries, especially in the UK. Most of the utility grids in Europe are severely lacking in spare capacity, and building new grid connections and electricity generation is a slow and expensive process. The answer might be to locate these new AI data centres near new renewable energy generation sites, but those are few and far between, so land with access to power now carries a hefty premium. Small nuclear reactors could also be an answer but might take a few years to materialise – we know how to build them (witness the nuclear submarine industry) but getting planning permission to put them on land is another matter. All in all, the data centre industry seems to be at least a few years away from being able to provide the massive upgrade in capacity that is expected. Even solving the land/power problem leaves the issue of actually building a new scale of data centre, 10 or 20 times bigger than what most would consider to be a gigantic site today. It can be done, we can solve the engineering challenges, but these are huge construction projects. Networks What about the networks? Actually, although very little real research has been done on the impact of large-scale AI rollouts on existing networks, we might be in a better position. The fibre networks in the UK and many European countries have benefited from significant investment over the last few years, so coverage is a lot better than it used to be. That does not mean that fast and large fibre routes, which will be a necessity for most AI systems, are all there, but it will be easier to build out new capacity than it will be to find power. Still, what we really need is some serious research into the amount of data that will need to be moved about and how that maps with existing network infrastructure. All in all, we have more questions than answers. Some people in the infrastructure industry are sceptical that things will ever get to the scale that some are predicting, but most of us do expect it to happen – it’s just a matter of time, and the race has already begun. Cambridge Management Consulting Duncan Clubb is a Senior Partner at Cambridge Management Consulting, specialising in data centre and edge compute strategy. Duncan has extensive experience as an IT consultant and practitioner and has worked with many leading organisations in the financial, oil and gas, retail, and healthcare sectors. He is widely regarded as a leading expert and is a regular speaker at industry events. If you or your organisation require support preparing your Digital Infrastructure for the emerging AI-industry, you can read about our array of Data Centre services, and get in touch with Duncan Clubb, through our designated Telecoms, Media, and Technology service page.

Legislating AI: A Comparison between the EU and the UK

by Rachi Weerasinghe 19 August 2024
The EU AI Act In March of this year, the European Union published their Artificial Intelligence Act, establishing a common regulatory and legal framework for AI across the EU. Two significant features of this act include the definition and prohibition of AI practices which pose an ‘unacceptable risk’; as well as the requirement for developers and ‘implementers’ to register high-risk AI models and maintain technical documentation of the model and training results. The AI Act is the first comprehensive AI legal framework in the world. It will help to shape the digital future of the EU and guarantee the safety and fundamental rights of people and businesses. Who does it Apply to? The Act applies to any marketing or use of AI within the EU, regardless of whether those providers or developers are established there or in another country. While this effectively makes the act global in scope, this will depend heavily on how effectively authorities can prosecute outside of the EU. A Risk-Based Approach The EU’s AI Act adopts a risk-based approach which categorises AI systems into different risk levels (Unacceptable, High, Limited, and Minimal Risk), and imposes corresponding regulatory requirements.
Carer pushing a service user in a wheelchair through a rural setting

Supporting Unpaid Carers: Spotlight on the Carers Network

by David Lewis 30 July 2024
Unpaid carers provide essential support yet face poverty and isolation. Learn about Carers Network’s work in London, trustee Nadia’s story, and how Cambridge MC supports this vital charity helping carers gain recognition, resources, and dignity.

Case Study: Market Evaluation and Go-to-Market Proposition Creation

by Pete Nisbet 23 July 2024
edenseven Helps ISS to Decarbonise their Operations By conducting a review of their market and target audience to align their organisation with their sustainability goals. ISS is a leading workplace experience and facility management (FM) company which provides placemaking solutions that contribute to better business performance and make working life easier, more productive, and more enjoyable. With a significant presence in the build environment, ISS has a clear focus on delivering sustainable services to their customer base, helping them to achieve their net zero ambitions. edenseven , one of the Cambridge Management Consulting group of companies, were commissioned to review ISS’ current sustainability market offering, and, through an engagement programme, make sure that it was aligned to the requirements of their customers’ long-term sustainability ambitions. Project Overview To review the current market relating to sustainability services within the sector and outline the different types of structures and products being offered. Assess the current product and service positioning of ISS and review how they are being presented and articulated to the internal delivery teams and customer base. Create a clear and concise value proposition which outlines ISS’ breadth of services, and which can be communicated to customers by a broad cross section of the ISS team. Through a customer engagement programme, test the value proposition with a set of key accounts and record areas where refinement would be needed to align it to their requirements. Present findings to the ISS UK board and provide clear feedback and next steps. Skills & Knowledge Data Analysis: A broad knowledge of both the FM and sustainability sectors, and an ability to articulate findings from market research and stakeholder/customer interactions in an effective manner. Report Generation: Create documentation and reports which deliver complex requests and findings in a concise and clear manner to senior stakeholders and customers. Stakeholder and Customer Engagement: Build a continuous feedback loop to senior stakeholders within ISS and across key customer accounts. edenseven captured and reviewed customer needs and service requirements to produce effective and timely decision making. Outcome & Results Market Awareness: A clear understanding of market trends and contractive characteristics relating to sustainability services in the FM sector. Organisational Clarity: An outline of current services and how they are delivered through the sales process. Value Proposition: A clear and relatable value proposition which captures all services in a format which can be delivered by a broad cross-section of the ISS workforce. Forward Planning: A board-level presentation and report outlining key findings and next steps to deliver existing and new services which are focussed on meeting key customer requirements.
A stately council building in England with a neon tint

The Funding Crisis in Local Councils in the UK: Causes & Consequences

by Craig Cheney 11 July 2024
It is no secret that Local Authorities throughout the UK have found themselves in a period of economic turmoil; struggling with a lack of funding and how to distribute it - or, often, deciding to withhold it. Since Northamptonshire County Council issued section 114 (the local council equivalent to declaring bankruptcy ) in 2018 – the first to be issued in nearly two decades – an average of two regional authorities have issued their own section 114 notice each year since. Three local authorities issued section 114 notices last year alone, including the largest in Europe, Birmingham City Council . Referring to this escalation, Jonathon Carr-West , Chief Executive of the Local Government Information Unit (LGIU), said: “This year’s State of Local Government Finance report reveals the desperate, ruinous financial situation councils find themselves in. “With over half of councils warning us they are at risk of bankruptcy within the next Parliament, it is no longer possible to blame individual governance issues.” What are the Causes? Funding The key driver is lack of central government funding. Council’s cannot borrow to run services and so rely on income and reserves in order to pay for day-to-day services. Central government funding cuts have seen councils lose nearly 50% of their government funding since 2010. This has been partially offset by council tax rises, but still means local authorities have lost nearly 20% of their funding in real terms since 2010, with those representing the most deprived areas reaching nearly 30% . Adult Social Care During this time spending on Adult Social Care (support provided to adults, including both older people and people of working age, with physical disabilities, learning disabilities, or physical or mental illnesses) has increased dramatically. An ageing population is driving increased demand while the cost of care home placements has increased by 35% . Child Social Care Spending on Children’s Social Care has increased significantly, particularly since COVID-19 with the number of children in secure units and children’s homes and the number with Education, Health and Care plans both increasing by over 30% between early 2020 and early 2023. The cost per placement has increased by almost 20% over that time period. Both Adult and Children Social Care costs have increased far above inflation over this time, coming on the back of a huge reduction in core spending power. Temporary Accommodation Finally, the cost of providing Temporary Accommodation has risen sharply over the past few years. An LGA report revealed that local councils were spending at least £1.74bn to provide temporary accommodation, with a severe shortage in social housing resulting in a portion of this going to private alternatives including hotels and B&Bs. These figures represented the current situation as of March 2023, when 104,000 households were living in temporary accommodation, an 89% increase over the past decade. Only 8 months later at the close of 2023, this had risen to 112,660 households in temporary accommodation—with the funding required to balance this increasing exponentially, pushed higher by a cost of living crisis and inflation. What are the Consequences? The most immediate and simple way look at this is that while bills have increased significantly for the average council tax-payer, services have been significantly scaled back. Cuts to park budgets, economic development, culture services, and the reduction in spending on Public Health, education, housing services, children's centres and everything else that local government is responsible for have left many cities, towns and villages looking neglected and often struggling with anti-social behaviour and boarded-up high streets. Behind the scenes, many of the essential back office functions have been stripped to the bone in order to protect frontline services: call centres are understaffed; planning services unable to cope with demand; not enough project managers, accountants or procurement staff to deliver on council ambitions or the transformation projects to reduce costs on essential services; not enough HR staff to support those on the frontline and not enough administrative staff to support the social workers, education & skills teams, the transport teams and the rest of local government trying to prop up essential local services. Local government is the government that touches all of us every day, even if we don’t always realise this. The new Labour government will need to focus on this issue for the benefit of every individual, community and region. How Cambridge MC can Help Local Councils If you are currently working in local government and are feeling the impacts of the economic crisis as outlined here, the Public Sector and Education team at Cambridge Management Consulting can work with you and your council to alleviate some of this pressure in both the short- and long-term. Our skilled procurement and contract management team can help you reduce costs; our programme and project management function offers fractional or interim leadership and full lifecycle support for challenging transformation projects; and our process and change management teams can help with process re-design and automation. We can also support your organisation with a range of cyber security issues you may be facing; potential or live, and our Digital and Innovation team can help solve your problems in new ways, using the latest technology to improve outcomes for your residents as well as reducing costs. Led by Craig Cheney, previous Deputy Mayor of Bristol City Council, our service combines an in-depth knowledge and awareness of the Public Sector, its operations, and challenges, with a business approach to help you identify and evaluate obstacles and opportunities for movement within your budget. Learn more about Craig and our Public Sector & Education service, and get in touch with our professionals at https://www.cambridgemc.com/public-sector-and-education , or use the form below.
Picture of African students in a classroom

Smart Schools, Bright Futures: The Role of ICT in Africa's Education

by Elia Tsouros 8 July 2024
Since the 1960s, significant strides have been made to provide and increase access to quality education for children and young people in Africa. The educational environment has not remained stagnant, and the continent is all the better for it. However, this unfortunately does not paint the whole picture, and there is a poignant reality that lies just behind the statistics. In short, merely having access does not guarantee an improvement to the actual quality of this education; as rightly noted by Faturoti, “Although all African countries have legal provisions recognising the right to education, there is no corresponding law on access to the Internet.” Yet, Africa’s unique combination of challenges has left more than just gaps in knowledge: 2019 saw 17% of African children not attending primary school, and 53% of teenagers not attending upper secondary school . The harsh blow dealt by COVID-19 has only deepened the educational crisis globally. Yet, despite these challenges, there is a resilient spirit that refuses to be extinguished. The pandemic has underscored a powerful lesson: technology, when harnessed with the right connectivity, can be a transformative force, offering a ray of hope in the quest to overcome educational barriers. In this article, we will explore how we can take the barriers blocking this intelligent future and support the growth of a digitally connected classroom, ensuring that no one is left behind in the continent’s transformation. The ways in which learning is conducted has never been more important: to learn is to grow and the progress which begins in the classroom will soon be reflected across the continent. From Challenges to Change: Barriers to a Connected Classroom In the expansive landscape of Africa, a sobering reality appears –only 39.7% of the population is woven into the digital fabric, standing in stark contrast to the global average of 66.3% as reported by the International Telecommunication Union (ITU). This digital divide is not just a technological hurdle but a societal challenge, one that deepens when faced with the simultaneous necessity to invest not only in advanced technology but also in financial literacy. As we grapple with the intricacies of digital inclusion, the first bridge we must construct is one that spans connectivity disparities: the use of online educational platforms can ensure that students not only have access to educational material relevant to their studies, but also that this material is the latest available. Electrical reliability stands as a foundational must-have for the successful implementation of digital learning initiatives. Investment in expanding telecommunications infrastructure , such as laying fibre-optic cables and deploying wireless networks, is crucial to bridge the digital divide and ensure widespread connectivity. Furthermore, enhancements in power generation including the use of traditional and renewable energy sources and distribution systems are essential to guarantee uninterrupted access to online educational resources. Uninterrupted power supply ensures that students can access online lectures, assignments, and collaborative activities seamlessly, fostering a conducive learning environment. Put simply, enhanced learning makes for more engaged and enlightened students. Furthermore, technical support is indispensable for ensuring the effective implementation and maintenance of digital learning infrastructure. However, limited access to skilled technical personnel, inadequate training, and insufficient resources present significant challenges. Training and capacity-building programs must be enhanced to equip individuals with the necessary skills to support complex ICT infrastructure effectively. There are many projects already underway which promise to forge this change and training. Investing in training programs, certification courses, and apprenticeship initiatives promise to cultivate a skilled workforce capable of delivering and, importantly, sustaining these changes. Addressing these interconnected challenges requires a holistic approach, encompassing political commitment, infrastructure investment, educational reform, and skills development initiatives. Without sustained political commitment and investment, efforts to expand internet access and improve electricity reliability risk being compromised, perpetuating the digital divide. The strategy was endorsed by the Thirty–Sixth Ordinary Session of the African Union Executive Council held in February 2020 , who recognised this: only through collaborative efforts and sustained investment can Africa bridge the digital divide and unlock the transformative potential of digital learning for all its citizens. Looking Forward and Building Change Yet, by overcoming these challenges, the future is bright and worth investing in. We must recognise what is at the core: education is a basic right to all communities, globally. Results are already beginning to bear fruit: UNESCO’s forum on quality public digital learning reveal how bright the prospects could be. Van Manen et al. (2021) emphasise the remarkable impact of digital learning on advancing SDGs , highlighting how it enables countries to address key challenges such as poverty, inequality, and access to quality education without the need for extensive physical infrastructure investments. By leveraging digital technologies, governments can reach underserved populations, bridge educational divides, and empower individuals with the knowledge and skills needed to uplift themselves and their communities. The continent’s digital uptake has also been staggering and speaks to a unique adaptability and adoptability when faced with change. In a 2020 study conducted by GSMA, it was revealed that over 1.4 billion subscribers on the continent utilise their mobile phones as powerful tools for educational enrichment , underscoring the widespread recognition of digital learning's value in shaping the future of African youth. From accessing online courses and educational apps to engaging in virtual classrooms and interactive learning platforms, mobile devices have become indispensable companions on the journey towards academic achievement. This should not be ignored: beyond mere convenience, this shift represents a democratisation of learning, where access to knowledge is no longer limited by physical proximity or socioeconomic status. Instead, digital learning empowers individuals to take ownership of their educational journey, enabling them to learn anytime, anywhere, and at their own pace. Yet, the role of ICT initiatives in classrooms can go even further, providing a visionary tool for tackling existing education inequalities. Behind stark statistics lie the stories of over 129 million girls’ dreams , which are deferred by the harsh realities of poverty, gender-based violence, and early marriage. Each day, countless young minds are forced to miss out on the transformative power of education: girls miss up to 50 days of schooling each year due to the lack of sanitary wear according to Life Healthcare . ICT-equipped classrooms do not promise to solve these issues but bridge the gap: if remote learning becomes a possibility, so does change. Key stakeholders are also ready, able, and actively engaging with the modern education landscape to make the path to learning easier. We’ve seen initiatives take root here in the UK, with Mobile network operators (MNO’s) offering zero rated connectivity packages for education platforms such as BBC Bitesize . Yet, these changes can be seen across the globe and felt deeply: in Kenya, Nigeria and South Africa, initiatives have revealed whole new possibilities for access to information . With software providers also offering free subscription platforms with available content and data, it is clear that the future is brighter than ever. Amidst these challenges, digital learning platforms emerge as powerful allies, tearing down barriers and extending the hand of opportunity to every corner of the globe. Through the magic of digital tools, students are no longer confined by the limitations of geography or circumstance. Instead, they can connect with specialists and mentors from across the world, unlocking new realms of knowledge and inspiration. Conclusion Connected classrooms provide a bridge to change, change which is exciting and necessary. Access to a learning which is digitally engaged promises to enrich education opportunities and better the outcomes for future students. Yet, beyond mere access, digital literacy becomes a lifeline, empowering individuals to navigate the complexities of the modern world with confidence and resilience. In the midst of a rapidly evolving digital landscape, these skills serve as a passport to a future where no dream is too big and no obstacle too daunting. How We Can Help At Cambridge Management Consulting, we stand out from the crowd, particularly in the dynamic and intricate landscape of Africa. Our commitment goes beyond quick fixes; it's about crafting tangible and enduring impacts that resonate with the unique challenges and opportunities present in this diverse continent. Just as digital education offers a cost-effective avenue for countries to enhance their performance on Sustainable Development Goals (SDGs) without the need for expansive physical infrastructure, our consulting philosophy embraces innovative solutions that recognise and leverage Africa's unique dynamics. At the heart of our approach lies our handpicked team of experts, deeply passionate and intimately connected to the pulse of Africa. With a nuanced understanding of the challenges and opportunities this diverse continent presents, we strive to positively impact businesses in the most authentic and sensitive manner, echoing this article's recognition of the transformative potential of digital education in Africa.
Row of old analogue telephones

PSTN Switch-Off Delayed to 2027: What this means for You

by Clive Quantrill 24 June 2024
Authors
More posts