About The SIG

Welcome to the SIG
Welcome to the SIG!

Business analysts play a vital role in helping organisations deliver change effectively, responsibly, and with a clear understanding of business needs. Our work connects people, processes, and technology — clarifying requirements, reducing delivery risks, and supporting the achievement of strategic outcomes but in a world where technology and threat landscapes are constantly evolving, this value can be compromised if we fail to recognise and address cyber-related risks.  

“Cyber” refers to more than just cybersecurity. It encompasses a broader set of concerns — including privacy, resilience, identity, trust, data protection, and digital ethics — that affect how organisations operate and how safe and sustainable their services are.  

As business analysts, we increasingly find ourselves working in environments where these issues are critical. Whether supporting a new digital product, a process redesign, or a transformation programme, we are often in a position to uncover risks, highlight gaps, and influence how secure and resilient a solution will be — even if “cyber” is not the primary focus of the project.

Why Cyber Matters to Business Analysts

Cyber risks are no longer the sole concern of technical teams. They are board-level issues with implications for compliance, reputation, and operational continuity. In practical terms, a cyber-related issue can:

  • Prevent a product from launching due to regulatory blockers

  • Erode customer trust after a data breach

  • Disrupt core services through ransomware or outages

  • Trigger costly rework when vulnerabilities are discovered late

  • Result in fines, litigation, or reputational harm

These risks often originate not from poor technical controls, but from design decisions, process assumptions, or unclear requirements — areas that fall within the scope of business analysis. When business analysts are cyber-aware, they can help mitigate these risks early, enabling better decisions and reducing the likelihood of late-stage blockers.

Understanding the Scope of “Cyber”

In the context of this SIG, “cyber” refers to a broad spectrum of domains where business analysis and digital risk intersect. These include:

  • Cybersecurity – Identifying and addressing risks to systems, processes, and data

  • Privacy and Data Sovereignty – Navigating legal and ethical requirements for data handling

  • Resilience – Ensuring business continuity and recovery from disruption

  • Identity and Access – Clarifying who needs access to what, and why

  • Digital Risk – Understanding how risk affects portfolios, programmes, and strategic outcomes

  • Governance and Compliance – Supporting organisations in meeting internal and external obligations

  • Emerging Risk Themes – Including quantum computing, AI governance, and digital ethics

These concerns are becoming increasingly interconnected — and increasingly important to get right.

Why the Cyber SIG Exists

The Cyber SIG exists to support business analysts working in, or adjacent to, these domains. It is a space to learn, share, and build confidence — whether you are new to the topic or working in cyber-aware roles every day.

By engaging with this community, you’ll gain insight into the challenges and practices that shape secure, resilient, and responsible change. And in doing so, you’ll strengthen not just your own practice, but the value of business analysis as a whole.