Avoiding the honest spreadsheet mistake

Avoiding the honest spreadsheet mistake

Cybercrime is a frequent hot topic on most newsfeeds these days, but inadvertent internal errors can be more costly to companies than any single data breach, both financially and reputationally. Internal errors in databases or spreadsheets can skew the entire corporate information structure, leading to inappropriate decisions and expensive mistakes. However, many in the C-Suite don’t yet implement the tools available to protect the enterprise against these very real threats often because they still don’t understand how an honest but harmful error in one tiny aspect of the enterprise infrastructure can negatively affect the entire organization.

One error = too much damage

One Boeing employee simply wanted to share some company data with his wife but accidentally emailed her a spreadsheet that contained hidden columns with personal information of over 7,000 colleagues. The incident was especially embarrassing for Boeing because it also sells a data loss prevention program that “ensures that hidden information is not inadvertently included in and transmitted with a file.”

Although the risk of a further breach was small (there was no evidence that either the employee or his wife exploited the “personally identifiable information” goldmine), the aircraft manufacturer subsequently offered its workers a free two-year subscription to Experian’s identity theft protection service. One estimate put the cost to Boeing as high as $5.7 million.

Reputation loss exacerbates financial loss

Companies that suffer an inadvertent breach like what hit Boeing usually also experience a corresponding reputational hit, too. One expert service evaluated the reputational decline of 10 companies that have endured ethics and breach crises since 2010 (including Wells Fargo, Volkswagon and Uber) and concluded that:

  • Those companies all suffered a median share price decline that averaged 33 percent over two years.
  • All were able to repair the damage to a certain extent and regain their position in their industry.
  • Each company has spent billions to repair its reputation since the public reporting of the incident.

Inadvertent spreadsheet errors elevate the risk of reputational damage

Spreadsheet errors are more frequent than most people realize and can cause more harm than most C-Suite inhabitants expect. The European Spreadsheet Risks Interest Group estimates that as many as 90 percent of all spreadsheets contain errors and that most of those flaws are simple human mistakes that are completely avoidable. The most common forms of spreadsheet mistakes are erroneous inputs, mistakes in logic and simple “copy-and-paste” errors. Incorrect cell ranges and cell range omissions also cause expensive calculations errors, as do incorrect hard-coded value errors. According to the 2016 Insider Threat report, 71 percent of survey respondents were most concerned about this type of inadvertent data security breach: an inattentive user causing an accidental security breach.

Spreadsheet risk management avoids inadvertent errors

Automated spreadsheet controls go a long way to prevent or avoid inadvertent data errors and their long-term consequences. Reputational risk intelligence programming provides safeguards that scan for, detect and alert to spreadsheet errors that can create havoc for both companies and their clients. In addition to checking for accuracy and functionality, these advanced tools also look for other vulnerabilities typically found in spreadsheet use patterns such as version, audit, authority and access controls. By implementing a comprehensive spreadsheet risk management protocol, most companies can avoid the damage – both financial and reputational – that Boeing suffered.

Additionally, the Boeing case also offers perhaps the most educational spreadsheet security training lesson: When you have the technology available to avoid costly errors, your most important decision is to use it.

At Incisive, our continuous risk intelligence programming for spreadsheets will keep your organization safe from inadvertent insider errors so your data security professionals can watch out for the real crooks waiting just outside your security perimeter.  Watch our video to learn how Incisive can help you mitigate reputation risk.

About Diane Robinette

Diane RobinetteDiane Robinette is President and CEO at Incisive Software, a company helping risk executives reduce exposure in critical business and financial processes. Prior to Incisive, Diane served in executive and senior level positions at companies including BroadVision, Contivo (acquired by Liaison Technologies), Covigna (acquired by ProQuest/Snap-on), Perfect Commerce and Proximex (acquired by Tyco). She also held management positions at KPMG and EY. Diane believes that by taking a modern and automated approach, risk teams can move towards a risk resilient posture that allows them to anticipate and reduce exposure, no matter what is thrown their way.