Still running on spreadsheets: the hidden cost of outdated infrastructure

I often hear some version of this: We should probably modernize it… but to be honest, the Excel spreadsheet works just fine. It’s usually said with a shrug, as if running a key business process on a two-decade-old file is just how things are done.

We joke about it. We meme about it. But the truth is this: some of your most essential operations are still running on duct-taped Excel files built years ago by someone no longer with the company. That’s not just inefficient; it’s reckless.

You know the one.

The spreadsheet that handles pricing logic for every customer quote. Or the one that reconciles financials before reporting. Or the one with color-coded columns that only Kyle understands — and he’s on holiday.

Every organization has one. Sometimes dozens. And most are mission critical.

In fact, a study found that some firms maintain millions of spreadsheets, with a substantial number in daily operational use. These aren’t minor convenience tools; they’re accidental legacy systems at the core of business operations.

How we got here

Spreadsheets are brilliant. They’re flexible, fast, and accessible to everyone. They let business teams fix gaps, test ideas, and move quickly without waiting three months for IT to approve a ticket. That’s why they took root, and why they’ve become indispensable.

But what starts as a quick fix in someone’s Downloads folder slowly mutates into something far more dangerous: unofficial infrastructure.

This isn’t just a theory. The research backs it up. In their study Lessons from Mission-Critical Spreadsheets, Grossman and colleagues highlight how spreadsheets often evolve into production-grade tools without any formal development process. No documentation. No testing. No governance. Just layers of complexity added over time; until no one really understands how it works, but everyone depends on it.

Soon, you’ve got a dozen interconnected workbooks, each with their own fragile formulas, circular references, and hidden sheets. There’s no documentation; just a colleague named Martina who knows which cells not to touch. Half the logic lives in a macro written in 2016. The other half? Copied from somewhere and tweaked until it worked.

And this isn’t for tracking office snacks. It’s forecasting revenue, calculating commissions, or feeding data into a board report. A single corrupted cell, and the whole house of cards collapses. Because now you’re not just relying on a spreadsheet; you’re relying on a ghost system with no governance, no backup plan, and no accountability.

The hidden debt of spreadsheet dependency

Every time we lean on a spreadsheet to do the job of an actual system, we quietly rack up hidden costs. Here’s what that debt looks like:

User experience debt

Most business-critical spreadsheets are unusable unless you’ve been initiated into their secrets.

• There’s no UI, just cells and chaos
• Errors propagate like wildfire
• Training new staff means walking them through 18 undocumented steps and praying they don’t press the wrong filter

You wouldn’t accept this in a customer-facing app. So why do we accept it in our internal backbone?

security risks

Spreadsheets get emailed. Uploaded. Downloaded. Left on USB sticks. Copied into random Teams chats. Synced across four cloud accounts. Dragged into personal folders just for backup. Then they sit there, untracked, unsecured, and forgotten.

(And please, don’t tell me your users would never do that. We both know they already have.)

The result? You’re not just dealing with bad habits; you’re dealing with a security disaster hiding in plain sight:

• No access control: Anyone with the link, or just the file, can see everything. Customer pricing, payroll data, contract terms. It’s a goldmine for the wrong person.
• No audit trail: Who changed that number? When? Why? No one knows. And no, last modified in Windows Explorer or your SharePoint library doesn’t count as governance.
• No encryption — Most Excel files are wide open. Even password-protected ones can be cracked in minutes. And if they’re stored in an unprotected location, you’re already out of compliance.

Add to that the rogue versions scattered across devices, the shadow copies in email chains, and the manual updates happening off the radar, and you’ve got an environment where a single spreadsheet can undo years of trust, reputation, and regulatory effort. This isn’t a warning. It’s reality. One that too many organizations only recognize after the breach. And even then, they rinse and repeat.

Lack of governance

Who owns the spreadsheet? Who updates it? What happens if that person goes on leave, changes departments, or just stops responding to emails?

Even in organizations using SharePoint or OneDrive (yes, with version history technically enabled) that safety net unravels quickly. Why? Because people still save copies to their desktop. They still email attachments back and forth. They still rename files with cryptic labels like Q2_calc_FINAL_v2_UseThisOne.xlsx. They sync files across devices, edit them offline, and accidentally break the logic across three versions without realizing it.

So even if versioning is available, it doesn’t help when the right file isn’t in the right place, or when no one agrees which version is the source of truth. That’s not a tooling gap. That’s a governance void.

When something breaks (and it will), five people open five different versions, trying to reverse-engineer where it all went wrong. Everyone’s responsible. Which usually means no one is.

This kind of chaos would be unthinkable in your ERP or CRM, but somehow, it gets a pass when it lives in Excel. Until Kyle leaves… and takes half the operational logic with him.

Innovation gridlock

Sure, you can automate a process that relies on spreadsheets stored in shared drives. You can feed AI models with the output of nested IFERROR(VLOOKUP()) logic. But just because you can, doesn’t mean you should.

Because the real question isn’t what’s technically possible. It’s whether you can trust it, scale it, govern it, and explain it.

When your so-called data pipeline is a loosely managed web of spreadsheets — some on SharePoint, some on local machines, some emailed back and forth — you’re introducing friction at every step:

• No single source of truth
• No guaranteed structure
• No lineage or auditability

And no confidence that what you’re automating is even correct

Data excellence is more than having numbers in rows and columns. It’s about consistency, validation, structure, and accountability. Without that, you’re not automating a process; you’re just automating chaos.

This is why so many digital transformation efforts stall. The tools are capable. The ambition is there. But the data is scattered across files, teams, and assumptions — full of outdated formulas and silent errors.

Spreadsheets are not the enemy. But building on them as if they were real systems? That’s just building on sand.

Operational fragility

Payroll doesn’t run because the macro didn’t. Compliance reporting gets delayed because the file won’t open. Revenue forecasts go sideways because someone broke a formula and didn’t notice. These aren’t edge cases. They’re everyday risks when your business relies on fragile spreadsheets.

In 2021, a UK health authority lost track of 16,000 COVID-19 test results due to Excel’s row limits. That’s not a tech problem. That’s using the wrong tool for the job — with real-world consequences.

Let me say it again:

Your spreadsheet is not a database.

It works fine — until it doesn’t!

Executives often justify the status quo with variations of:

• We’ve always done it this way
• It’s not worth the cost to replace
• We’re too busy to change it now

But the real cost isn’t in the migration. It’s in every wasted hour, every manual fix, every security hole, every innovation that never ships because your data is stuck in Excel jail. You’re not saving money. You’re leaking value.

How to break the cycle

This is a call to use Excel for what it was built for: personal productivity and prototyping — not mission-critical operations.

Here’s how to start the shift:

• Inventory your risks: Which spreadsheets support strategic decisions or operational workflows? You can’t fix what you don’t see.
• Modernize incrementally: Don’t start with a six-month platform project. Start by moving logic into structured databases, and rebuilding workflows in Power Platform.
• Establish ownership: Every spreadsheet with real business value needs a named owner, lifecycle policy, and documentation.
• Invest in skills, not just tools: Equip your teams to design resilient processes, not just workarounds. This isn’t about replacing Excel; it’s about building maturity. And yes, this means investment in time and money.
• Make the invisible visible: Track how much time is spent maintaining or correcting spreadsheet-based work. Show the hidden cost of doing nothing.

The bottom line

Spreadsheets aren’t the problem. Treating them like enterprise systems is. If you’re serious about innovation, resilience, and responsible governance, then it’s time to ask the uncomfortable question: What are we still propping up on Tom’s spreadsheet?

And what’s it going to cost us when that spreadsheet finally breaks?