The trouble with Excel based Cyber Risk Management
The drawbacks of using Excel to manage your cyber risk register.
Many organisations use Excel to manage their cyber risk register. There are some benefits to this - one being, that it is 'free' of course. However, while this might be ok for a small organisation where resources are limited, there are some drawbacks we have seen in practice.
Some of the main drawbacks include the following:
#1 - Lack of security
Excel is a spreadsheet program, and as such, it does not have the same level of security controls as specialised cyber risk management software. This means that sensitive information could be at risk of being accessed by unauthorised individuals, which is a risk in itself.
#2 - Limited Collaboration
Although improved with Office 365, Excel is historically a single-user program, which means that only one person can access and edit a spreadsheet at any time. This can make it difficult for teams to collaborate on cyber risk management activities, and can lead to delays and inefficiencies. Since Office365 introduced collaboration, more than one user can edit. The added complexity though is that there is no auditing of who has changed what, and it is not possible to set users the ability to only edit certain information based on permission sets, meaning changes can be made without approval from the owner of the risk.
#3 - Inadequate reporting and analysis
Excel is not designed for the complex reporting and analysis required for cyber risk management. It can be difficult to organise and analyse large amounts of data, and it may not be possible to generate the types of reports that are needed to effectively manage cyber risks.
#4 - Lack of integration:
Excel is not typically integrated with other cyber risk management tools and systems, which can make it difficult to manage risks across the organisation. This can lead to silos of information and a lack of visibility into the overall state of an organization's cyber risks.
"Overall, Excel is a useful tool for managing simple, small-scale data, but it is not well-suited for the complex and dynamic task of managing cyber risks across an entire organisation." – Stephen Parsons, CEO, VISO
Using specialised cyber risk management software can help organisations to more effectively manage their cyber risks, and can provide better security, collaboration, reporting, and integration capabilities. The team at VISO have experience in both situations, and have actively sourced and implemented cyber risk management systems for our customers.
If you need advice or guidance in this area do not hesitate to contact us