Research shows that Cybersecurity risks do not get the attention it is due, resulting in security breaches. In most cases, senior executives may not fully understand the security aspects and their implications, raising the key question as to who should make them see and how do we do that. Business Analysts present their analysis findings in a business case, and often Cybersecurity and risk controls are missed.A typical Cybersecurity business case usually involves adding new cybersecurity capabilities, maturing existing capabilities, or adding new cyber services. For BA’s working in product development, there are many opportunities to “shift left” with cybersecurity principles and controls, thereby bringing Cybersecurity into the discussion early on, as part of the business case, and into the user stories.