Across regulated industries, governance, risk, and compliance (GRC) programs are straining under a tool that was never built for modern risk environments: the spreadsheet. SBS CyberSecurity CEO and Co-Founder Chad Knutson and Director of Product Development Toni Meyer were featured in a recent International Business Times article examining why organizations continue to rely on spreadsheets for compliance and why that reliance has become a structural and cybersecurity liability.
Meyer noted that the core problem is a lack of visibility into where a program stands.
"No one has a complete, real-time view of compliance status," she said. "This makes it nearly impossible to confidently answer a simple question like 'Are we compliant right now?'"
She explained that as programs scale, controls, risks, policies, and evidence become scattered across teams and systems, leaving no unified perspective and opening the door to duplication, outdated information, and manual errors.
Knutson pointed to how deeply spreadsheets are embedded in the culture of compliance, shaped in part by how regulators distribute control sets.
"Spreadsheets become more than a tool," he said. "It becomes the default language of compliance."
A central theme of the feature was the shift from periodic, checklist-driven compliance to a continuous process of review and evaluation that static tools cannot keep pace with. Knutson also drew a distinction that frames the broader conversation: Compliance is meant to be the floor of good security, not the ceiling, and a strong audit result does not guarantee protection against real threats.
For organizations working to modernize their GRC programs, SBS offers TRAC, its integrated risk management platform, which brings controls, risks, and evidence into a single operational view and automates traditionally manual risk assessment work.
Read the full International Business Times feature to hear more from Meyer and Knutson on what modern, unified compliance requires.
