During the grid planning process, electric power grid companies evaluate different options for the long-term grid development to address the expected future demands. The options can be passive measures, e.g., traditional reinforcement or building new lines, or active measures, e.g., support from ICT-solutions during operation to increase the power transfer capability. The ongoing digitalization of the electric power grid inevitably push the grid companies to assess potential cyber risks as part of the grid planning process. This applies especially for active measures which to a greater extent rely on support from ICT-solutions to operate the system closer to its limits. However, current grid planning approaches do not adequately provide the support needed in practice, and the industry is struggling to adopt and execute cyber-risk assessments. The contribution of this paper is threefold. First, we interview six companies from the energy sector, and based on the interviews we identify seven success criteria that cyber-risk assessment methods for the electric power sector need to fulfil to provide adequate support. Second, we present four risk assessment methods and evaluate the extent to which they fulfil the identified success criteria. Third, we address the specific need for approaches that are easy to use and comprehend, especially for grid planning purposes, and propose a low-threshold approach to support high-level cyber-risk assessment in an electric power grid planning process. Based on our findings, we provide lessons learned in terms of gaps that need to be addressed to improve cyber-risk assessment in the context of smart grids.