How Business Analysts Can Tackle AI and Cybersecurity Risks

Would you ever trust something you don’t fully understand?

New technology is exciting, but artificial intelligence demands careful consideration. Ignoring risks can turn potential benefits into serious problems. AI is everywhere—your burger order, your inbox, maybe even this sentence. As it spreads across industries, organizations face a significant question: are they ready to manage the risks?

In a recent episode of Business Analysis Live, I spoke with Bindu Channaveerappa, author of Cyber Security and Business Analysis and a longtime IIBA community member. Bindu has explored the intersection of AI and cybersecurity worldwide and shared insights valuable to every business analysis professional.

When AI and Cybersecurity Collide

AI is transforming how society operates, but transformation brings risk. As Bindu says, "When there is technology, there has to be cybersecurity. It's like two ends of the stick."

When it comes to cybersecurity, reacting to breaches is one thing. But spotting vulnerabilities early, assessing risks, and embedding security into every phase of a project is a whole different ball game. That’s where business analysis professionals make a real difference.

Think of it as constructing a building. You wouldn’t finalize the design without checking the foundation. Similarly, embedding security at every stage prevents costly vulnerabilities later.

What AI Is and Isn’t

Bindu shared a memorable analogy: the story of the blind men and the elephant. Everyone touches a different part and comes to a different conclusion. One feels a trunk and says it’s a snake. Another touches a leg and says it’s a tree.

AI works the same way. Most of us see only a piece of the puzzle—automation, chatbots, data analysis, creativity—but few see the whole picture.

At its core, AI is math and algorithms learning from data. It can make decisions and take action, sometimes brilliantly, sometimes confidently wrong. Understanding what AI can and can’t do is critical.

We also need to consider the potential negative consequences of seemingly positive features. Bindu uses the example of Facebook adding a Like button, intending to spread joy. Yet they didn’t anticipate the negative impact on users who feel excluded or unliked.

This shows why business analysis professionals must examine not just what a tool can do, but also its unintended effects on users and society.

How Business Analysis Fits Into AI Projects

Fortunately, business analysis professionals are well-positioned to ask the right questions:

• Is AI really needed for this project?
• What risks does it introduce?
• Are we ready for the outcomes?

Bindu shared a striking statistic: 95% of AI projects fail. Not because the technology or teams aren’t capable, but because organizations jump in with high hopes and limited understanding.

Business analysis professionals can help organizations succeed by:

• Assessing data quality and readiness
• Identifying ethical and societal impacts
• Validating AI-generated decisions
• Advocating for responsible and transparent AI use

Reflection and Responsibility

One of the most thought-provoking parts of our conversation was about reflection. With tech innovations coming thick and fast, it’s worth pausing to ask: Are we adapting the right way? Are we thinking critically about the tools we use?

Business analysis is both a role and a responsibility. As business analysis professionals, we’re trusted to deliver clear, complete, and thoughtful analysis. That includes raising ethical questions, identifying risks, and looking beyond immediate outcomes.

Bindu compared this responsibility to a doctor delivering a diagnosis. Even if patients (or organizations) don’t ask for every detail, it’s still our duty to give them the full picture. Incomplete analysis leads to incomplete understanding, and in a world shaped by AI, that’s a risk that organizations simply can’t afford.

Security Mindset as a Core Competency

Security is no longer an afterthought. It must be part of every project’s DNA. Developing a security mindset means being able to:

• Recognize vulnerabilities others might miss
• Ask the right questions about data, systems, and decisions
• Raise concerns even when they’re not explicitly requested

Think of it as a sixth sense for trouble. Alert fatigue, rogue algorithms, and other sneaky risks are all on your radar. Business analysis professionals play a vital role in safeguarding organizations and ensuring AI is applied responsibly.

Security is everyone’s responsibility, and that includes us.

Final Thoughts

As AI becomes more embedded in systems and decisions, business analysis professionals can ensure it is used wisely, ethically, and effectively.

Want to dive deeper? Watch the full episode of Business Analysis Live on YouTube. Bindu shares practical examples, tools, and strategies you can apply right away—and a few surprises you won’t see coming.

Cybersecurity Awareness Month may be ending, but understanding and managing AI risks is just getting started. Use this opportunity to sharpen your skills and strengthen your impact.

Strengthen your cybersecurity expertise today—and save while you’re at it. Until October 31, enjoy 20% off the Certificate in Cybersecurity Analysis (IIBA-CCA) exam. 

Don’t miss out. Registration closes soon.

---

About the Author