Secure by Design demands that thorough preparation for risk management is conducted. Here, cyber security consultants are often asked to identify and list stakeholders. But why should we do this if it isn’t useful? How can a list of people contribute to good risk management? Having a list of interested parties is a great start but through secure by design we want to take this to a more practical level.