Do Business Analysts need Certifications in Cybersecurity?

‘But why?’ I often hear from stakeholders and peers when I asked the question of whether Business Analysts need a cybersecurity certification. ‘That’s why businesses hire Information Security (InfoSec) managers and technical teams.’ There is a distinct difference between specialist roles and those of Business Analysts, who collaborates actively with the wider business, which I will elaborate on in this article.

Cybersecurity and its growing impact on organizations

Cybersecurity, by definition, relates to the protection of data and computer networks, which involves the insecurity created through cyberspace and the non-technical practices of making it more secure. To address the insecurities, organizations adopt various policies, practices and tools. Business Analysts serve as a key liaison between project management and the technical domain and could possibly be called upon to either ensure that these are adhered to, or be involved with implementing further enhancement measures. Business Analysts are also often expected to be involved in measuring and evaluating performance with existing policies, followed by recommendations for improvements.

Modern organizations rely heavily on data they collect, whether it is market data or customers’ personal details. If a cybersecurity issue occurs, not only is there a strong possibility for this information to be stolen by another entity, but data may also be altered in a way that drastically damages the organization’s operational reliability in addition to the organization facing devastating financial repercussions. Cybersecurity issues have had significant impact on organizations. IT analytical forecasts are struggling to keep pace with the dramatic rise in cyber crime. As technology advances, so does the sophistication of cyber attacks. This can be supported by figures. Worldwide spending on cybersecurity products and services will exceed $1 trillion cumulatively over 2017 to 2021 and anticipate 12-%15% market growth through 2021 (Cybersecurity Venture, 2019). This means that there will be a demand for business people in technology who could translate technical requirements into understandable terms, evaluating possible options available either within an organization or those available in the market and playing a central role in risk management. As such, cybersecurity is gaining dominance in Business Analysts’ role in the near future. This is further supported by the Institute of Business Analysis (2019), who found that 21% of Business Analysis professionals reported being involved in their organization’s cybersecurity practice as a critical liaison between technology and the business.

Cybersecurity and the Business Analyst

Does a Business Analyst need a certification in cybersecurity, and what does this entail? Whilst some may argue that it is not currently a ‘must have’ in a Business Analyst’s CV or job specification, organizations are perceiving such certifications as increasingly valuable assets in the next several years as the risk of cyber attacks increases. When cyber attacks occur, organizations will be expected to act swiftly. As cyber attacks become increasingly sophisticated, organizations would be likely to be overwhelmed due to the relative frailty of their ecosystems, which makes them less adequately prepared to take unexpected incidents head on. It is therefore expected that Business Analysts as trusted advisors to have a firm awareness with the cybersecurity trends so that they can apply their knowledge on matters of data and cyber security readily throughout regardless of the circumstances. The acceleration in the cybersecurity domain has opened doors for Business Analysts in terms of gaining global market insights of the data and information security domain and its associated security knowledge areas such as regulations, disaster recovery, risk management and incident management.

A Business Analyst will not need to be a technical cybersecurity expert, nor will they replace technical experts or be a technical expert by obtaining a certification alone. However, having a fundamental level of knowledge in this domain will give the individual and their organization a further layer of ammunition and greater reassurance of its internal capabilities to mitigate and combat cyber attacks. With a fundamental understanding of cybersecurity on top of their core skillsets, Business Analysts can be sufficiently equipped to identify what the organization needs to protect, why it is important and helping their organizations to prioritize cybersecurity enhancements to keep ahead of the curve. Moreover, Business Analysts will increasingly find themselves immersed into various phases of cybersecurity project lifecycles, and those with the relevant certifications may find themselves more confident in conducting activities such as scenario planning, undertaking enterprise capability and process gap analyses, articulating regulatory and technological characteristics to stakeholders and testing. In many cases, the solution may not be technical in nature, but it may relate to either adjustments to existing processes or new sub processes as part of increasing controls as preventative measures. Business Analysts play critical roles in bridging the gap between an organization’s technical teams and its wider non-technical stakeholders. Having a firm grasp of fundamental knowledge in the cybersecurity domain makes liaising with technical leads a much smoother process.

Having a cybersecurity certification will not only be an indicator of a firm grasp of the key building blocks within the cybersecurity domain, it will also give customers greater assurance that projects and changes are completed at a high standard. The educational journey during the certification process offers individuals greater appreciation on the growing cybersecurity challenges faced by organizations and equips them towards forming their own outlook on this topic.  Furthermore, a certification on skillset that are increasingly demanded demonstrates one’s investment and commitment into their profession. 

Recommended Cybersecurity Course for Business Analysts

The IIBA has collaborated with the Institute of Electrical and Electronics Engineers (IEEE) to offer the Cyber Security Analysis certification that is specifically catered for Business Analysts, providing the basics of cybersecurity needed to assist in the overall cybersecurity solution and the tools Business Analysts professionals need to leverage collaborative effectiveness within their organizations.

Further details of IIBA’s Cybersecurity Analysis certification can be found here: https://www.iiba.org/standards-and-resources/cybersecurity-analysis/

Please drop your comments below.