Everyone Is Talking About AI. Few Companies Are Actually Measuring It

Fiona: Because pretending they’re separate is how companies get into trouble.

Think about what actually happens when a portfolio company “does AI” without governance. Marketing spins up one tool. Sales gets another. Engineering has three. Each department is expensing subscriptions nobody in finance knows about. There’s no data policy, so sensitive information is flowing into consumer-grade chatbots. And leadership is patting themselves on the back for being “innovative.” That’s not a technology strategy. That’s chaos with a budget.

Philip: Fair point. Let’s start with cost optimization then—the unsexy end of the value creation spectrum. What are you actually seeing in portfolio companies?

Fiona: The unsexy stuff is where the money is. Always has been.

Two things have changed though. First, SaaS sprawl has reached absurd levels. The average mid-market company has 130-plus applications, and finance is maybe tracking 40% of them through proper procurement. The rest is buried in expense reports, shadow IT, departmental credit cards. CFOs genuinely don’t know what they’re paying for.

Second—and this is important—the vendors have gotten smarter. They’re using your own usage data in negotiations. They’re bundling in ways designed to make comparison impossible. They’ve shortened renewal windows so you’re always scrambling. If you’re not proactive, you’re getting taken.

Philip: So how do you create leverage? The obvious answer is combining spend across the portfolio, but that feels too easy.

Fiona: It is too easy. Volume helps, but it’s not the real game.

The real leverage is pattern recognition. When I see one portfolio company overpaying 40% for a vendor, I already know three others probably have the same problem. We’ve built benchmarking data that lets me walk into any negotiation knowing exactly what similar companies are paying. That changes the dynamic entirely.

And beyond procurement, we’re sharing operational playbooks. If one company successfully migrated off legacy infrastructure and cut their run-rate by 30%, that playbook becomes an asset. The second implementation is always faster and cheaper than the first.

Philip: What’s the blind spot that keeps showing up?

Fiona: Scope creep. Especially Salesforce, but it applies broadly.

I consistently find companies that have been sold the Rolls Royce when they needed a Volkswagen. Too many modules, too many add-ons, over-specced for what the business actually requires. These platforms are powerful, but that power comes with complexity and cost that mid-market companies often don’t need.

The problem is asymmetry. Salesforce has a sophisticated sales team. Your portfolio company is negotiating with small business resources. They don’t know market pricing. They don’t know which modules are essential versus nice-to-have. They’re outmatched before they start. That’s where we add value—benchmarking data, negotiation experience, and the leverage that comes from representing multiple companies.

Philip: Alright, let’s talk AI. There’s enormous pressure to “do something.” How do you separate actual productivity gains from expensive hype?

Fiona: First question I ask any CEO: “What problem are you solving?”

Not “what tool are you implementing.” What problem. In business terms—reducing cycle time, improving first-call resolution, accelerating content production. If you can’t articulate that, you’re not ready for AI. You’re just buying technology.

Philip: That’s a lower bar than most companies are clearing.

Fiona: Exactly. From there, we focus on three categories: augmentation, automation, and insight. Augmentation makes humans better—code copilots, writing tools, research assistants. Automation removes humans from repetitive tasks. Insight surfaces patterns humans would miss.

Everyone wants to jump to automation because it sounds impressive. But augmentation has the highest ROI, lowest risk, and fastest deployment. Every time.

Philip: The measurement question is where most of these conversations fall apart. How are you actually quantifying productivity gains?

Fiona: This is where it’s getting genuinely interesting.

We now have tools that measure productivity across multiple AI platforms—Copilot, Gemini, OpenAI, Claude, others. We can see adoption patterns, who’s using what, how effectively.

Here’s what we’re finding: give AI tools to your high performers and they go up 250% in productivity. It works both ways—we’re seeing AI turn around functions that were struggling, while also making your best people truly extraordinary.

And by coupling usage data with workflow analysis, we learn which deployment patterns actually work. That intelligence feeds into how we roll out tools across other portfolio companies.

Philip: Let’s talk about the elephant in the room. Shadow AI. Employees pasting company data into ChatGPT.

Fiona: It’s rampant. And it’s where cost, productivity, and security collide in ways that should keep executives up at night.

I recently audited a portfolio company—14 different AI tools being expensed across the organization. ChatGPT Plus subscriptions, specialized writing tools, image generators. Zero governance. Zero data policy. Customer information going into consumer-grade chatbots that explicitly use inputs for training.

Philip: How do you respond without just banning everything?

Fiona: Prohibition doesn’t work. Never has.

Our approach has three elements. First, give people a sanctioned alternative. If employees are reaching for consumer tools, they’re usually trying to solve a real problem. Address that gap with proper enterprise solutions. Second, clear guidelines—not “don’t use AI,” but practical guidance on what types of data can and cannot go into external tools. Third, education. Most employees genuinely don’t understand the data implications. They’re not being careless—they just haven’t been given the context to make good decisions.

Philip: Let’s shift to cybersecurity. You’ve positioned it as a value creation lever, not just a cost center. Make that case.

Fiona: Two dimensions.

Defensive is obvious—protecting value. You can’t generate returns if ransomware takes your company offline for three weeks. We’ve seen deals where a cyber incident during the hold period wiped out a significant chunk of projected returns. Not theoretical. Happened.

But there’s an offensive dimension that gets less attention. Strong security posture is increasingly a competitive differentiator. Enterprise buyers demand SOC 2, ISO 27001, detailed security questionnaires. If your portfolio company closes deals faster because their security house is in order, that’s revenue acceleration. We’ve seen sales cycles compress by 3-4 weeks for companies with mature programs.

Philip: Common vulnerabilities when you first engage?

Fiona: Three things. Every time.

Identity and access management is always a mess. People who left years ago still have active credentials. Service accounts with admin privileges that nobody remembers creating. No systematic deprovisioning.

Third-party risk management is usually nonexistent. Dozens of vendors with access to sensitive data, no systematic security assessment. One portfolio company had an ERP vendor with remote access to production—shared credential, not rotated in four years.

Incident response planning. When I ask leadership what happens if they get hit with ransomware tomorrow, I get blank stares. That’s not acceptable anymore.

Philip: Portfolio-level leverage on security?

Fiona: Same playbook as cost optimization. Shared vendors, shared templates, shared benchmarks. We’ve negotiated portfolio-wide security agreements that individual companies couldn’t access alone. We’ve built a library of policy templates, incident response plans, training materials—customize rather than create from scratch. We also run tabletop exercises across the portfolio. Simulated breach scenarios, multiple CEOs in a room, working through the same situation. The learning compounds.

Philip: Final question. Advice for a CFO or CTO trying to drive this without operating partner support?

Fiona: Start with visibility. You can’t optimize what you can’t see. Build a comprehensive view of technology spend, AI usage, security posture. Most insights fall out naturally once you have that foundation.

Second, cross-functional alignment. Cost optimization that ignores security creates risk. AI implementation that ignores user experience creates waste. Get finance, IT, security, and business leadership working from the same data.

Third, be ruthless about prioritization. You can’t do everything. Pick the two or three initiatives that generate the most value in 12 months and execute relentlessly. A perfect strategy you can’t resource is worth less than a good strategy you can actually implement.