Skip to content
IIBA.org Business Analysts Are Key to Fighting Cybercrime

Business Analysts Are Key to Fighting Cybercrime

Disclaimer: The views and opinions expressed in this article are those of the author and may not reflect the perspectives of IIBA.
Receive free IIBA updates and exclusive content!    


Once quite rare, high-profile cyber attacks now occur with alarming regularity—and they’re getting more sophisticated.

Just in the last few months, there was a cyber attack on Pelmorex Corp., which owns The Weather Network. As a result of the attack, connected to a third-party software provider, The Weather Network app couldn’t send essential alerts.

This doesn’t exactly bode well for the future. A recent Reuters report found that a similar attack on a financial services payments system could cost a whopping $3.5 trillion globally.

And it isn’t just about the astronomical financial costs, either. According to new research, ransomware attacks on hospitals put patients’ lives at risk, with the mortality rate increasing from 20% to 35%.

Given the stakes involved, there’s a growing need for coordinated leadership and collaboration from many different industries to fight cybercrime effectively. Before exploring the role that business analysis can play, let’s look at some recent cases.

MGM Grand
The ransomware group ALPHV used social engineering techniques to access MGM Grand’s systems. Within just 10 minutes, the group had penetrated the systems and closed MGM Resorts International properties across the US. The attack cost the business over $100 million.

Caesars Entertainment
Cybercriminals stole Caesars Entertainment’s loyalty program database. The company paid a $15 million ransom to avoid an online leak of the data attackers stole. Data included social security numbers and driver’s licence numbers. 

Greater Manchester Police
The third-party supplier that provided the Greater Manchester Police with badges was robbed of police officer data, including names, ranks, and photos. The ransomware attack affected up to 12,500 officers and staff.

These prove just how costly and dangerous cyberattacks are. Fortunately, business analysis professionals are often the first line of defence in any organization’s battle against cybercrime.


Business Analyst = Cybersecurity Expert?

There’s a strong relationship between business analysis and cybersecurity. Business analysis roles can support cyber teams in organizations to mitigate cyber threats. Those who practise business analysis often work in tandem with cybersecurity professionals to safeguard data, specifically in roles like operations or application support.

Business analysis professionals can:

  • Manage security operations analysis
  • Work with risk management and compliance teams to perform enterprise-level analysis tasks
  • Connect the business environment to security and risk functions
  • Work with project and program management groups that perform analysis tasks relating to solution development, design, and deployment
These are some of the most common ways business analysts help companies keep vulnerable data safe. Given this role, some ask whether “business analyst” and “cybersecurity expert” are synonymous.

BA Times provides an answer: “So, does the business analyst really = cybersecurity expert? In some cases, yes. And in the case where there is no real security awareness, representation, or position on the project and in the organization, the answer – in my opinion – is a definite yes.”

Explore a first-hand take on the relationship between business analysis and cybersecurity in this episode of Business Analysis Live!, where special guest Bindu Channaveerappa ​​discusses her experience working in cybersecurity analysis. She also talks about the concept of “shifting left” to enhance the scope of business analysis to include security up front.

Make Cybersecurity Your Superpower

Hacker attacks happen every 39 seconds and can cost companies millions of dollars. By including business analysis professionals in cybersecurity teams, organizations can improve their chances of preventing cyberattacks. 

All business analysis professionals should possess some cybersecurity skills. Learning the basics of cybersecurity and getting certified can help professionals gain essential data security skills and a foundational understanding of the discipline of cybersecurity.

Fortunately, IIBA and IEEE Computer Society have partnered to offer robust learning and certification on cybersecurity analysis. Professionals can learn key cybersecurity concepts, best practices, and core competencies used by leading technology experts.

The more business analysis professionals can learn about cybersecurity, the more valuable they will become to organizations and IT security teams.

For a limited time, members save 20% on IIBA’s full suite of certification exams when they write between November 1 and December 29, 2023. Not an IIBA member? Simply purchase your membership first to take advantage of this exam rebate offer.  

Hurry! This offer won’t be around for long.

Get started.


About the Author
Tiffani Iacolino.png

Tiffani Iacolino is a Senior Manager, Product Marketing at IIBA and has 15+ years of marketing experience across the legal, technology, telecommunications, publishing, media, and professional services industries. She’s passionate about delivering meaningful products and solutions to the business analysis community. Hailing from the Greater Toronto Area, she enjoys an amazing cup of coffee, running, and yoga—between chasing her two adorable children!   

Must Read Blogs From IIBA

Cybersecurity

7 Cybersecurity Red Flags You Need to Know

Did you know social engineering is an escalating way cybercriminals are tricking users into performing actions that lead to security breaches? In a recent IIBA webinar, presenter Erich Kron, Security Awareness Advocate at KnowBe4, shared his seven social engineering reg flags you should be aware of.
Read the blog
Business Analysis

Why Should Business Analysis Professionals Care About Cybersecurity?

The fall issue of BAM! shares essential tips for Cybersecurity Awareness Month, provides answers to applying agile practices to mainframe projects, looks at task calibration, and more.
Read the Blog
Cybersecurity

Cybersecurity Made a National Priority in the USA

National Institute for Standards and Technology creating new framework to improve cybersecurity standards of practice. Providing good business analysis in cybersecurity is a major growth area. 
Read the Blog