skye consultancy international
AI Is About to Make Average Strategy Look Convincing
AI is rapidly raising the floor of analytical competence. When polished strategy, scenario modelling and board-ready outputs can be generated in minutes, advantage no longer comes from producing insight rather it comes from governing it. As intelligence becomes abundant, institutional design, strategy clarity, operating coherence, governance discipline and leadership alignment becomes the differentiator.
When Anthropic released Claude 3, much of the discussion focused on performance metrics: reasoning depth, context windows and comparisons with OpenAI. The technological progression is impressive. Yet the more consequential shift is institutional rather than technical.
Frontier AI materially compresses the cost of cognition. Models can synthesise extensive documentation, stress-test financial assumptions and produce structured outputs at a speed that fundamentally alters knowledge-work economics. McKinsey estimates generative AI could contribute between $2.6 and $4.4 trillion annually in productivity gains, largely by augmenting managerial and analytical tasks. In practical terms, the baseline of competence is rising.
When baseline analytical quality rises, differentiation shifts.
Intelligence Is Becoming Abundant. Judgement Is Not.
For decades, organisations were constrained by human bandwidth. Limited time restricted how many scenarios could be explored and how deeply assumptions could be tested. That friction, imperfect as it was, acted as a form of natural governance by slowing decision velocity.
AI removes that constraint.Models such as Claude can generate and refine multiple strategic pathways almost instantly. However, behavioural economics from Barry Schwartz’s work on the “paradox of choice” to broader research on decision fatigue shows that expanding options without structured evaluation criteria often reduces decision quality. Optionality without architecture leads to diffusion of responsibility and strategic drift.
As AI expands optionality, the value of institutional clarity increases proportionally.
The Risk Is Institutional Strain
As analysis becomes easier to produce, two structural risks emerge.
First, presentation can be mistaken for precision. Polished outputs create an impression of robustness even when underlying assumptions remain fragile.
Second, organisations can experience what might be termed decision inflation resulting in the generation of more scenarios and refinements without increasing strategic coherence. Activity increases, but alignment does not.
AI does not allocate capital, determine risk appetite or assume fiduciary responsibility. Nor does it resolve incentive conflicts or internal power dynamics. As intelligence becomes commoditised, those human dimensions become more exposed, not less.
The challenge, therefore, is not automation. It is absorption capacity.
The Competitive Gap Is Moving Upward
Research from Harvard Business School indicates that generative AI significantly improves productivity while narrowing performance gaps among knowledge workers. When average output improves and baseline competence converges, advantage depends less on generating analysis and more on the quality of judgement applied to it.
As models from organisations such as Anthropic and OpenAI become embedded infrastructure, the floor lifts. The competitive frontier consequently moves upward and toward strategic clarity, coherent operating models, governance maturity, incentive alignment and disciplined capital allocation under uncertainty.
This is not primarily a technology challenge. It is an institutional design challenge.
AI Changes the Nature of Leadership Work
As AI absorbs analytical bandwidth, leadership work shifts toward areas that are not reducible to computation. Strategy becomes less about generating options and more about committing to a coherent position under uncertainty. Execution becomes less about producing information and more about aligning structures, incentives and capabilities to support consistent delivery. Risk management becomes less about modelling possibilities and more about defining appetite, trade-offs and boundaries.
AI can inform these shifts, but it cannot design them.
Institutional coherence including the alignment of strategy, governance, operating model, leadership capability and risk readiness remains fundamentally human.
The Question That Matters
The conversation should not end with “How are we deploying AI?” A more consequential question is whether the organisation is structurally capable of governing accelerated intelligence without fragmenting.
Many firms are experimenting with tools. Far fewer are redesigning governance frameworks, operating models, leadership alignment and risk structures to absorb the velocity those tools introduce. That redesign is where durable advantage will be built.
At Skye Consultancy International, our work focuses on strengthening those institutional layers and clarifying strategic intent, aligning operating models with business objectives, reinforcing governance structures and ensuring organisational readiness so that AI augments strategy rather than amplifies internal complexity.
AI is raising the floor of competence. The organisations that lead will be those disciplined enough to raise the ceiling of institutional coherence.
Skye Consultancy International
Worried about cybersecurity risks across your portfolio? The M&S breach offers a clear lesson for Private
The cyber-attack on Marks & Spencer was not just a wake-up call for retail. It was a warning for any business with a digital footprint. For Private Equity firms, the implications are particularly serious: in a market where brand trust and operational resilience drive valuation, a single breach can wipe out millions in enterprise value overnight.
Yet cybersecurity is often treated as a post-acquisition concern, or worse: something to address only once an incident has occurred.
That approach is no longer sustainable. Cybersecurity is now a board-level, value-critical priority.
Why? Because the nature of risk has changed, but so has the opportunity.
Cyber threats are increasing in both volume and complexity. In 2024, the US Cybersecurity and Infrastructure Security Agency reported a 25% year-on-year rise in incidents targeting private companies. These ranged from ransomware attacks and data breaches to supply chain vulnerabilities. And to make matters worse? The majority of these incidents hit small and mid-sized enterprises the hardest.
This is, of course, a major issue for Private Equity, as SMEs often make up a significant proportion of the average portfolio. According to IBM, the average cost of a breach for SMEs rose to 4.6 million US dollars in 2024, a 10% increase from the previous year. This is not just an operational challenge. It is a financial liability with real consequences for hold periods, valuations and investor confidence.
But it’s also an opportunity. A 2024 McKinsey study found that companies with high levels of cyber maturity achieved EBITDA growth of 8 to 12% more than those with weaker capabilities. Cybersecurity is not only about avoiding losses: it’s also way to unlock value.
The takeaway is clear: cyber risk is investment risk. And cyber maturity can be a differentiator.
Lots of PE firms are already taking notice. PwC’s 2024 Global Private Equity Report found that 67% now list cybersecurity among the top three risks facing their portfolios. This is a significant shift in mindset – but it’s crucial that action follows next.
What did M&S get right (and why does it matter)?
When M&S was hit by a cyber-attack, their response was proactive, transparent and structured. That matters.
They didn’t hide. Customers and regulators, including the Information Commissioner’s Office and the National Cyber Security Centre, were promptly informed. M&S issued clear updates about what data had been accessed (such as names, contact information, dates of birth and order history) and, crucially, reassured customers that no payment details or passwords had been compromised.
They acted fast. Cybersecurity experts were brought in immediately to investigate and contain the threat. Password resets were rolled out across the board. Customers were given advice on avoiding phishing scams. Suppliers, particularly small ones, were kept informed and offered support to manage disruption.
They stayed ethical. M&S didn’t pay the ransom. Instead, they focused on rebuilding securely, following UK government and law enforcement guidance. That was a difficult choice, but one that demonstrated long-term thinking and integrity.
They invested for the future. Since the breach, M&S has upgraded their cybersecurity infrastructure, including identity and access management protocols and employee training. These are the kinds of actions that reflect maturity and help rebuild trust.
For Private Equity, this offers a clear lesson. It is not just the breach that defines the damage, but how you respond. Because the truth is, many portfolio companies would not be ready if a similar attack happened tomorrow. That’s why a strategic, portfolio-wide cyber assessment should be at the top of the agenda. Not a tick-box exercise, but a tailored plan based on each business’s digital maturity, sector exposure and commercial objectives.
So, where should firms start?
With a strategic, portfolio-wide assessment. This is not about a one-size-fits-all checklist. A credible cybersecurity assessment is tailored to each company’s digital maturity, sector exposure and commercial priorities. A well-structured approach should include:
- Business-aligned risk mapping
- Cybersecurity maturity scoring across the portfolio
- Infrastructure reviews and vulnerability scanning
- Incident response and disaster recovery planning
- A clear, actionable roadmap with timelines and investment requirements
We help PE firms move quickly from risk identification to strategic implementation. Our approach is built for the pace and complexity of Private Equity, and includes:
- Scalable support across multiple portfolio companies
- Sector-specific threat and risk insight
- Roadmap design aligned with hold periods and exit objectives
- Guidance on ongoing support, monitoring and reporting
The M&S breach won’t be the last headline-grabbing incident, but it should be the last time cybersecurity is seen as an afterthought.
At Skye Consultancy International, we understand that cybersecurity is not just a protective measure: it’s a strategic tool to preserve and grow the value of your investments. Let us help you turn it into a source of strength.
