Generating Cyber Risk Reports in PowerPoint

By: Varun Mehra (Senior Principal Software Engineer)

In today’s data-driven world, generating dynamic, customizable, and visually rich reports is a common requirement for many businesses. While generally not considered a reporting tool, PowerPoint presentations have become a standard for delivering information in a visually appealing manner. So when the Cyence team at Guidewire began considering alternatives for the easy creation of cyber risk reports for our customers, we were pleasantly surprised to find PowerPoint could meet our specific requirements.

In this blog, we will dive into some of the technical details that describe how Guidewire leveraged PowerPoint customization capabilities to achieve what we needed.

Business Use Case

Cyence provides highly specialized software that allows cyber insurance providers to assess and quantify cyber security risks for the companies they serve. Effective selling of cyber insurance often requires providers to quickly summarize the risks individual companies are facing, which is where PowerPoint-based cyber risk reporting comes in. By making it easy to generate these reports, providers can engage and make the value of cyber insurance much more clear and compelling during the selling cycle.

Powerpoint vs PDF Reporting

When it comes to formatting, sharing, and presenting information, two common formats often come to mind: Microsoft PowerPoint (PPTX) and Portable Document Format (PDF). Both formats have their merits, but in this blog, we highlight why PowerPoint was the preferred approach to address the use case described above.

The key advantages of using PowerPoint include:

1. Flexibility for Editing: PowerPoint files are editable, which means that presenters can easily make changes to the content or information using widely understood editing tools. This flexibility is valuable in situations where information may change or needs to be tailored to specific clients or stakeholders.
2. Brand Representation: PowerPoint presentations can easily be customized to include brand-specific colors, logos, and themes.
3. Presenting Complex Information: PowerPoint is often a better choice as it allows presenters to display information in a structured and visually appealing way.
4. Interactivity and Engagement: PowerPoint includes the ability to add animations, transitions, multimedia (videos, audio), and hyperlinks that can help improve engagement and make the presentation more memorable.

Generating Reports from Cyence

Cyence is delivered as a complete cyber risk modeling platform that includes a unified front-end application for performing company-specific risk assessment, scenario analysis, and related cyber risk analytics. Following is a high-level architectural diagram showing how an end-user can generate reports with a simple click of a button within the Cyence user interface.

The key components utilized include:

1. Web Application: Availability of report generation is controlled by feature flags, enabling or disabling the functionality based on specific contract or customer requirements. Once invoked, the necessary application data is extracted in JSON format and seamlessly updated in the PowerPoint template. This dynamic approach allows for flexibility and customization in generating reports as needed.
2. PowerPoint Template File: A base template in PPTX format that receives and incorporates the JSON data to create the final report.
3. JSON Data Source: A JSON file is generated using server-side Node.js logic with the data to be updated in the PowerPoint template. The keys in JSON are designed to match the template variables. If the template includes charts or tables, developers can define mappings to specify which data from the JSON source should be used to update each type.
4. Python Script: A standalone script designed to accept a template file and JSON data as its inputs, facilitating the generation of the final PowerPoint-based report.

An example report is shown below:

Under the Hood: Technical Insights

Understanding PPTX Files

A PPTX file is essentially a collection of XML files, media, and embedded data, all compressed and saved with a .pptx extension. PowerPoint presentations were originally saved in the .ppt format, which had a proprietary file structure that was difficult to integrate with.

In 2007, Microsoft made a significant change by adopting the PPTX format. This new format was standardized through ECMA International as “Office Open XML” where the ‘X’ in PPTX stands for XML. The use of XML as a base made it an open format that could be utilized and implemented by developers everywhere.

Templating & Slide Parser

Before automating PowerPoint file generation, we convert a draft or sample PPTX file into a template that can be used programmatically. Template variables are represented as object paths prefixed with “xx.” For instance, a template variable might look like xx.company.name.

The PowerPoint slide parser processes each slide, replacing template variables in paragraphs, tables, and charts with dynamic content. Additionally, images can be positioned at specific coordinates (x, y) with defined dimensions (height and width) in the JSON input.

python-pptx Package

To create and update PowerPoint files programmatically, we leverage the power of the python-pptx package. This package offers various capabilities, including:

• Populating text placeholders in slides
• Adding images, text boxes, and tables to slides
• Manipulating column, bar, line, and pie charts
• Working with charts in custom ways, such as donut charts and gauge charts

You can find more details and the latest version of python-pptx on the official website. I would like to extend my heartfelt gratitude and acknowledgment to Steve Canny, the brilliant mind behind this package.

ObjectPath Query Language

When dealing with semi-structured data such as JSON, we often encounter complex nested tree structures. To simplify working with such data, we employed a query language called ObjectPath. This language facilitates easy navigation through API responses, making data parsing more efficient. If you want to explore ObjectPath further, check out their official website.

References

http://objectpath.org/
https://python-pptx.readthedocs.io/en/latest/

If you are interested in working on our Engineering teams building cutting-edge cloud technologies that make Guidewire the cloud leader in P&C insurance, please apply at https://careers.guidewire.com.