ROI linked to cloud migration is soaring. This report illustrates why

MARCH 2025

ROI linked to cloud migration is soaring

This report illustrates why

The financial case for cloud migration has always been a compelling one. And as the costs associated with on-premises deployments continue to rise, that case is now impossible to ignore.

Get The Full Report

The benefit-to-cost ratio of cloud migration now stands at $3.86 for every dollar spent: up 12.5% in 30 months.

Several years ago, a study from global technology research specialists Nucleus Research found that cloud migrations returned $3.43 for every dollar spent on the migration project. The subsequent follow-up showed that in a period of 30 months, that had increased by 12.5%.

Read the full report for more details on the following:

On-premise hosting
Practically all areas of business operations have felt the effects of rising costs in the last few years. Cloud costs have increased. Crucially, however, the costs associated with on-premises operations have increased even further.

The price of hardware components and maintenance, an increased compliance burden, personnel costs, and energy: the report illustrates how rising costs in these areas make on-premise systems less and less attractive.

Pain-free, cost-effective migration
Lengthy and costly migrations benefit neither software vendors nor customers. To reflect this, reputable vendors and their trusted partners seek to make the process as smooth as possible. Discover what this means regarding lower cost barriers and more rapid return on investment.

On-premises costs will continue to increase
In terms of both the capital expenditure and the management overhead associated with legacy on-premises IT ecosystems, the future does not look bright.

Discover what this means and how it will cause the benefit-to-cost ratio of cloud migration to increase even further over the next couple of years.

Get The Full Report

The wider case for cloud migration: further resources

For any head of IT or finance looking for practical ways to curb capital technical infrastructure spend and day-to-day operational costs, the case for cloud migration is becoming increasingly strong.

But it’s not just about cost savings. Strategic advantages like scalability, flexibility, and performance make cloud migration a critical step for future-ready businesses.

At Millennium Consulting, we have helped countless businesses migrate to the cloud, successfully guiding organisations through the process across industries and complexities. With many more migrations underway, we know the challenges companies face—and how to make the transition smooth, fast, and cost-effective.

That’s why so many businesses turn to Millennium to guide them through the process.

We answer your most common Cloud Migration questionsThe Path to SaaS. Four Steps to a Successful Cloud MigrationUnit4 Cloud: Busting the Myths and Realising the Benefits

ERP Programme Discovery Framework

ERP Programme Discovery Framework

Thursday 22nd May 2025 at 3:00 PM GMT

Register

This May join Millennium Consulting CEO Philip Keet and Clive Godwin Senior Programme Delivery Lead as they introduce the ERP Programme Discovery Framework that delivers a comprehensive ERP systems review which evaluates current platform architecture and identifies potential future state options in a structured, strategic way that is essential to maximise Return on Investment (ROI) and deliver additional bottom line profit.

As technology evolves, organisations need to decide whether their existing ERP platform remains fit for purpose or whether they need to upgrade, re-engineer, or adopt a new one. An independent review of the current state and exploration of how future state ERP architecture can best serve the needs of the organisation is invaluable.

Scheduled for Thursday 22nd May 2025 from 3:00 PM to 3:30 PM GMT

Register here

Philip Keet

Millennium CEO Philip Keet has been supporting global organisation stake holders with ERP change programs for thirty years and possesses a deep understanding of the challenges multinationals face as they use technology to achieve competitive advantage in an increasingly challenging commercial environment.

Clive Godwin

Clive Godwin is a senior programme delivery lead of 30 years, who has successfully managed ERP rollouts, post-merger integrations and software development across the Financial Services, Telecoms, and Retail sectors. He is a trusted partner to global firms such as Bain Capital, NTT Data, Atos, Hertz, L&G, Virgin Media, Littlewoods, BT and Vodafone.  Clive is a best practice ambassador combining PRINCE2, MSP, SAFe Agile and Hybrid Waterfall, ensuring a smooth delivery of fit-for-purpose solutions for multi-national organisations.


Could you be fooled by a deepfake? Why CFOs need to boost their cyber awareness

Could you be fooled by a deepfake? Why CFOs need to boost their cyber awareness

Over the past few years, the social engineering threat has stepped up a gear, with criminals putting AI to work to mount spectacularly convincing fraud scams. As keepers of the purse strings, corporate finance professionals are prime targets in this new wave of cybercrime.

Here’s a closer look at the evolving social engineering landscape and the guardrails you should have in place to keep your business safe.

Deepfakes: no longer the stuff of sci-fi

Last year, CFO Dive reported how the UK engineering group Arup lost approximately $25 million after scammers used AI-generated “deepfakes” to pose as the company’s CFO and dupe an employee to transfer cash into a number of bank accounts. An Arup staff member got a fake message, claiming to be from the company’s CFO, regarding a “confidential transaction”. Following a video conference with the false CFO and other AI-generated employees, the employee executed transactions to five different Hong Kong-based banks.

In July, a Ferrari executive received a series of messages from an unknown number, purporting to be from the company’s CEO, Benedetto Vigna. The messages detailed a company acquisition, advising the Ferrari exec to maintain discretion and that an NDA would be needed. Following the texts, the executive received a phone call from the same number, with the caller mimicking Vigna’s distinctive voice (subsequent inquiries revealed that this had been created with an AI voice clone). Despite the scenario’s plausibility, the executive grew suspicious of certain aspects of the caller’s intonation. The exec asked the caller the name of a book Vigna had recommended to him just a few days earlier. The call suddenly ended.

How common is the deepfake problem?

Evidence suggests that sophisticated AI-driven fraud is now part of the mainstream.

A 2024 Medius poll of 1,533 US and UK finance professionals suggested that just over half (53%) of corporations have been targeted with financial scams using deepfake technology, with 43% falling victim to such attacks. Another report suggested that in 2023, deepfake incidents targeting the fintech sector increased by 700%.

According to Deloitte’s Center for Financial Services, total losses from financial fraud in 2023 amounted to $12.3 billion. By 2027, generative AI is predicted to enable losses to reach $40 billion.

The most popular deepfake techniques include the following:

  • Deepfake voice scams. With just a few seconds of audio, scammers use AI tools to clone a person’s voice. They then make fake phone calls or submit voicemails impersonating key company insiders
  • Deepfake video scams. Based on snippets from, for example, YouTube or corporate webinars, AI can generate fake video footage of a real person. The level of sophistication in this area has now reached a point where it is possible to clone a company executive’s face and voice to conduct entire real-time video conference calls
  • Fake ID and social media scams. AI can generate realistic fake profile pictures for scam accounts. These profiles can then be used as broader corporate fraud attempts
  • Fake AI-generated documents. AI can create counterfeit passports, IDs and other documents. These forgeries can help scammers bypass security checks in financial fraud and identity theft scams

A big part of the problem is that deepfake technology is available to pretty much anyone – if you know where to look. A booming dark web cottage industry sells scamming software of various levels of sophistication from $20 to thousands of dollars. You do not need advanced AI skills to mount an attack; you need cash.

Deepfakes and the wider social engineering landscape

Phishing – i.e. scammers attempting to trick people into revealing sensitive information – has long been part of the cyber threat landscape. An estimated 3.4 billion emails a day are sent by cybercriminals, designed to look like they come from trusted senders, which amounts to over a trillion phishing emails per year.

Finance leaders must be especially wary of ‘bespoke’, personalised attacks. Spear phishing is where messages – ostensibly from a known or trusted party, such as a supplier or customer – are sent to targeted individuals to induce them to reveal information or take specific actions. A highly refined version of this is known as “whaling”, where precisely engineered spoofing messages are created to trick CEOs, CFOs, and other senior stakeholders.

According to Barracuda, spear phishing campaigns make up only 0.1% of all email-based phishing attacks but are responsible for 66% of all breaches. The more targeted and personalised the social engineering campaign, the more likely it is to be successful.

Against this backdrop, deepfake technology extends the fraudster’s toolkit. It sits alongside existing phishing techniques, injecting them with an extra layer of realism.

For example, an attacker does some homework on your company. They obtain the details of your CEO and finance team members via LinkedIn. They hone in on an individual whose job title suggests the authority to execute substantial cash transfers. Looking at the company news section of your website, they also notice details of a couple of new deals or partnerships that they can use as possible backdrops from which to concoct a story.

Lifted from a webinar on your site, they have an excellent data extract of your CEO’s voice. Using a replication tool purchased on the dark web, they can use this for cloning and live voice manipulation.

Using a spoof email, they message the finance team member, pretending to be the CEO. The message requests a quick chat to discuss an urgent transaction. A call is arranged, and the fake CEO tells the employee where to send the cash.

How to prevent deepfake attacks

Good practice includes the following:

Raise awareness 

Most cyber attack techniques rely on human vulnerability, carelessness, and/or a lack of awareness on the victim’s part. This applies to all types of social engineering, including deepfakes.

As we’ve seen, there’s nothing new about phishing, so you should have awareness training in place already (if not, this is an area that needs to be addressed). This should include training on the telltale signs of phishing to look out for, such as irregular email domains or attachments, display name mismatch, or an undue sense of urgency within requests.

Update your training to cover the threats raised by advanced AI. This should include the signs of deepfake attacks, such as unnatural facial movements and expressions, slight visual distortions and imperfect lip synching in video, and slightly robotic speech patterns and inconsistent tone in audio.

Have set procedures in place 

Scammers thrive on inconsistency. If payments are routinely made in an ad-hoc way within a company, it becomes much more challenging for employees to spot a fake email, call, or Zoom session from a genuine one.

Especially for financial transactions, ensure you have set consistent protocols. Examples of this may include:

  • The requirement that every request needs to be accompanied by an invoice and submitted in a set format
  • Multi-factor authentication, e.g. requiring at least two levels of authentication for payment approvals
  • One-time passwords for high-value transactions
  • Multi-person approval systems
  • A strict call-back policy for unusual requests

Ensure that the rules apply to everyone 

Threat actors also prey on the fact that a kind of “Do you know who I am?” culture exists in many organisations. It’s easy to pull rank if you’re a senior exec. So, if you need a payment to be actioned, instead of following the relevant workflow, you telephone someone in accounts and tell them to make it happen.

This is precisely why highly personalised attacks involving senior stakeholders are so popular with fraudsters. If people at the top are routinely bypassing your safeguards, they start to lose effectiveness quickly!

What next? Future-proofing your information security stance

The rapid rise of deepfake attack techniques in such a short time highlights that no company can afford to stand still when it comes to cyber security. Risk analysis, awareness training, multi-layer defence strategies, and optimisation of transaction procedures all demand regular reappraisal and constant vigilance.

So are you currently making the right choices regarding keeping your business safe? Where are your vulnerabilities, and how can they be addressed? This is where Millennium Consulting can help. Combining expertise in cybersecurity and optimisation of office of finance processes, our consultants can review your existing processes, identify your weak points, fill in any skills gaps you may have, and ensure the implementation of an information security framework tailored to your specific needs.

Find Out More Here

Millennium Consulting Awarded ISO27001 & ISO9001 Certification

January 2025

Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard. The ISO 27001 certification now aligns with the latest ISO 27001:2022 standard.

VIEW OUR ACCREDITATIONS PAGE

Information Security Best Practice: what to look for when choosing a consultancy partner

Information Security Best Practice: what to look for when choosing a consultancy partner

Information Security Best Practice: what to look for when choosing a consultancy partner 

Your business takes its cyber and information security obligations seriously. But can the same be said of your partners? When appraising potential consultants and service providers, these are the trust indicators to look for.

Avoiding exposure: What makes a technology consultancy a potential infosec weak point?

What attributes do you look for when choosing a consultant to work with? Inside-out knowledge is a must-have. So, too, is responsiveness; you need a partner who ‘gets’ what you need and will work with you to deliver it. And especially when it comes to digital transformation, most decision-makers also want to see clear evidence of program success: “This is a significant move for our company, so can this consultancy actually deliver what we are aiming to achieve?”.

Alongside this, information security is a further area you need to look closely at. With any technological consultancy arrangement, there is an element of handing over the keys to the kingdom or, at the very least, a back-and-forth flow of some sensitive information. Depending on the project, your partner will need detailed information about – and often, direct access to – critical systems, processes, and data.

Threat actors are all too aware of this. They know that when they successfully infiltrate a professional services provider, IT consultancy, or software implementation partner, it potentially opens a rich treasure trove, exposing sensitive data relating to each and every one of their target’s clients.

According to Security Magazine, third-party attack vectors are responsible for 29% of all breaches. Three quarters of these third-party breaches are linked to software products and technological services.

An estimated 60% of organisations use cyber security risk as a key factor when determining transactions and business engagements with third parties, which suggests that a significant minority may be failing to give it proper thought. When it comes to technology projects and process transformation, this risk needs to be on the radar of every business.

So how can you tell if a particular consultancy takes cyber risks and information security seriously? Here are the areas to focus on…

They Have the Right Accreditations

To understand your business, your consultant will need to see items such as your business process maps, details of internal procedures, information on existing system priorities and vulnerabilities, and more general information linked to your future and growth strategies. Once the project is underway, they may need to move or process segments of your data across multiple locations or export it for analysis or testing. Obviously, you do not want this to fall into the wrong hands.
Look for consultancies that have been independently verified as having what it takes to keep your information safe. Probably the single most valuable trust indicator here is ISO 27001. If your consultant has an up-to-date ISO 27001 certification, it shows they have an effective ISMS (information security management system) in place. This means the following:

  • The consultancy has identified the risks to which its information assets – and clients – are exposed.
  • It has appropriate measures (i.e., controls) to protect those assets.
  • It has a clear action plan in case of an information security breach.
  • It adheres to clear accountability and auditability principles: i.e. you know exactly who the individuals responsible are for each step of the information security process.

They Embrace Security by Design

Security by Design (SbD) means that security is considered an integral part of a project at the beginning rather than being layered in later as an afterthought. It means that appropriate security measures are hardwired into new systems or processes at the outset, helping you avoid costly-post-deployment security fixes.

You can learn a lot about whether a particular consultancy takes SbD seriously by the questions they ask you as part of any initial needs appraisal process. The main point of this is to establish how you operate, what you want to achieve, and what needs to be done to help you reach your goals. At the same time, however, an SbD-focused consultant should also explore areas such as the nature and sensitivity of the data you hold, who need access to it, and details of any specific regulatory frameworks that apply to your business. Right from this early encounter, a consultant should consider the information security risks your business faces and factor them into their proposals and recommendations.

They Maintain Appropriate Safeguards

It’s easy for a business to claim that they prioritise information security. The proof is in the action they take. If a consultancy takes its responsibilities seriously, you should expect to see the following types of safeguards in place:

  • The consultancy has an information security policy in place
  • Regular security audits and risk assessments are carried out
  • They follow a recognised information security framework (e.g. ISO 27001). They have up-to-date accreditation to demonstrate this
  • There are clear measures in place to protect client data, including encryption for data at rest and in transit, access controls, and secure storage
  • Special care is taken with personally identifiable information (PII) and other categories of sensitive data. This includes GDPR compliance
  • If they need to do system or application testing using PII, this is anonymized or pseudonymized beforehand
  • Access to client systems and data is closely managed. This includes the application of the principle of least privilege (PoLP)
  • Auditability is taken seriously: they can track and log consultant access to client environments
  • Care is taken to revoke access after project completion
  • Appropriate DevSecOps practices are followed for software implementations
  • Incident response and disaster recovery plans are both in place and verifiable. This includes clear procedures for notifying clients in the event of an information security breach

Millennium Consulting: De-Risking Your Business Transformation Journey

Reputation counts for a lot when it comes to information security. The same goes for longevity.

In its 30-plus years of operating, Millennium Consulting has delivered significant business transformation projects for hundreds of organisations, including businesses in some of the most tightly regulated sectors out there.

Our approach to information security is a big part of our success and longevity. Far from being an afterthought, cyber and infosec best practices are hardwired into everything we do.

To discover more about de-risking and successfully transforming your business, speak to us today.

Contact us

Millennium Consulting Awarded ISO27001 & ISO9001 Certification

January 2025

Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard. The ISO 27001 certification now aligns with the latest ISO 27001:2022 standard.

VIEW OUR ACCREDITATIONS PAGE

Financials Focus: Year End Process Recording

Millennium Consulting Webinar Series

Financials Focus: Year End Process

Recording from Thursday 30th January 2025

This session covered:

  • What is a year end process in Unit4 Financials by Coda
  • Pre-requisites to a year end
  • Provisional year end
  • Undo year end


Phil Leaf

Principal Unit4 Functional Consultant at Millennium Consulting

Phil is one of the world’s leading experts in the use of Unit4 Financials, with over 25 years of experience providing strategic advice, project management, implementation, and migration services for clients across the globe.


Xledger Partnership Announcement

Xledger Partnership Announcement

February 2025

Millennium Consulting is delighted to announce it has signed a Partnership Agreement with accounting and financial management software company Xledger.

Xledger is a cloud-based finance software designed to automate financial processes, provide real-time insights, and scale with growing businesses.

“We are excited to announce the Millennium and Xledger alliance, a partnership that combines the strength of our companies. This collaboration will leverage Millennium’s expertise and customer-centric capabilities to expand our customer portfolio while sharing 30 years of industry best practices with a broader client base. Together, we are poised to deliver innovative solutions that drive success for our clients.”

— Jeremy Lucas, COO, Millennium Consulting

Xledger offers a comprehensive cloud-based ERP solution that streamlines financial management, automating key accounting, budgeting, and reporting processes. Its multi-entity, multi-currency, and real-time capabilities empower businesses to enhance efficiency, gain valuable insights, and drive growth.

“We are thrilled to be working with Millennium Consulting, our accounting software and their expertise in the market will support so many businesses going through finance transformation. Alongside our company cultures naturally aligning, our joint passion for innovative technology, expert advice and supporting businesses to thrive is the making for a great partnership.”

— Phil Chalmers, Strategic Partner Manager, Xledger UK

About Xledger


Xledger is one of the most automated and unified ERP systems on the market, designed to streamline financial management and enhance business performance. With five offices globally, Xledger empowers tens of thousands of customers worldwide, delivering real-time reporting, automation, and seamless multi-entity, multi-currency capabilities across industries.

https://xledger.com/uk/

About Millennium Consulting


Millennium Consulting is a trusted partner in delivering tailored technology solutions to businesses, backed by 30 years of finance and ERP implementation expertise. With a focus on customer-centric service and industry best practices, Millennium empowers clients to optimise operations and achieve long-term success.

Speak to Millennium Consulting today

Millennium Consulting Awarded ISO27001 & ISO9001 Certification

January 2025

Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard. The ISO 27001 certification now aligns with the latest ISO 27001:2022 standard.

View our Accreditations page

Updated and re-validation in January 2024

Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard.


Updated and re-validation in January 2023

Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard.


December 2021

Millennium Consulting passed another ISO 27001 & 9001 audit with flying colours!

In December 2021 the highly successful recertification process was completed with no nonconformities identified in the audit. With special thanks to Mike Deal and Andre Peter for ensuring that we continue to conform to ISO standards internally and externally.


February 2021

Millennium is proud to announce that during December 2020 we obtained ISO27001 & ISO9001 certification.

While adhering to ISO guidelines in recent years, in 2020 the decision was made to formalise this via accreditation. After an intensive 9 month period, we are delighted to announce that this goal has been accomplished.

By gaining ISO 27001 & 9001 certification, we continue to demonstrate our commitment to providing quality service, effective cost management and timely delivery to our customers while at the same time anticipating their demands. In future we will continue to review our management systems, policies and information security management processes to achieve our ongoing objective of providing the highest quality service to our clients. Finally, to maintain our ISO status, we will continue to invest in technology, development and processes so we can best serve you, our customers.


Millennium Consulting Named Sales Growth Partner of the Year by Unit4

January 2025

We are thrilled to announce that Millennium Consulting has been awarded ‘Sales Growth Partner of the Year' by Unit4

This recognition, presented at the Unit4 SKO conference in Amsterdam, celebrates our exceptional growth and the strength of our long-standing partnership with Unit4.


"We are delighted to be named Sales Growth Partner of the Year by Unit4. This award is a testament to our strong collaboration with Unit4 and our shared commitment to delivering exceptional ROI to our customers.”

— Jeremy Lucas, COO


This achievement reflects our teams’ dedication, expertise, and collaborative efforts. It also reinforces our unwavering commitment to fostering innovation and delivering outstanding results for our clients.

Why choose Millennium for Unit4?

We are an Elite Unit4 Partner with over a decade of experience working with Unit4 systems. That means we have the knowledge and expertise to design, implement and support the right Unit4 solution for your business. We also make it easy to extend your system, providing additional applications that allow you to augment and tailor your solution to meet your needs.

Find out more

Millennium Consulting awarded four Unit4 Partner Awards

January 2025

Millennium Consulting awarded four Unit4 Partner Awards

We are pleased to share that Unit4 has awarded Millennium Consulting four partner awards: Elite Commercial Partner, Elite Financials Services Partner, Select ERP Services Partner, and Select FP&A Services Partner.

Millennium Consulting has proudly upheld its Elite Partner status with Unit4 since the launch of the global partner program in 2020. The program is structured across three levels, emphasising capabilities, contributions, and customer satisfaction. Elite Partners represent the highest tier, awarded to those who consistently demonstrate exceptional success with Unit4 and deliver outstanding results for shared customers.


“Our long-standing Elite Partner status with Unit4 is a testament to the dedication and expertise of our team across all regions we operate in. This recognition reflects our unwavering commitment to fostering a strong, collaborative relationship with Unit4 while consistently delivering exceptional results for our clients. We are proud to maintain this standard of excellence and look forward to continuing our successful partnership with Unit4.”

— Jeremy Lucas, Chief Operating Officer at Millennium Consulting

Why choose Millennium Consulting?

We are an Elite Unit4 Partner with over a decade of experience working with Unit4 systems. That means we have the knowledge and expertise to design, implement and support the right Unit4 solution for your business. We also make it easy to extend your system, providing additional applications that allow you to augment and tailor your solution to meet your needs.

Find out more

Events


Millennium's 30th Celebration

Millennium celebrates 30 years

Join us as we celebrate three incredible decades of innovation, partnerships, and success at Millennium Consulting. This milestone is a testament to the trust our clients, partners, and team members have placed in us over the years.

Date: Thursday 1st May 2025

Time: 17:00 to 20:00

Venue: Moët & Chandon Bar, Hythe Imperial Hotel, Princes Parade, Hythe, Kent, CT21 6AE

RSVP

We would be delighted to have you join us for this special occasion. Please RSVP by 15th April 2025 to secure your place at the celebration.

Email us at events@millenniumconsulting.com or click the button below.

RSVP

A look back at 30 years

Since our founding in 1995, Millennium Consulting has led in Finance Transformation, delivering transformative solutions that empower organisations worldwide. Over the past 30 years, we’ve worked alongside our clients to achieve remarkable milestones and look forward to the future with the same passion and dedication.

This anniversary marks an opportunity to reflect on the journey, celebrate our shared successes, and thank the people who have been instrumental in our success.

Find out more

The venue

Moët & Chandon Bar, Hythe Imperial Hotel