Today, the investment decisions the law firm must make are not just about the clients it wants to serve and where to grow tomorrow. Increasingly, they're also about the technology strategy it needs to adopt to survive and be successful.
The recent reports on cyber risks faced by the legal sector from Government Communications Headquarters, the UK's government intelligence, security and cyber agency, and France's Agence Nationale de la Sécurité des Systèmes d'Information (its national cybersecurity agency), should have sent a shock wave through the profession.
This is not by any means the first time that such reports have been issued about the risks facing the legal profession: in fact it is the second report directed at the UK legal sector by GCHQ in a year. It illustrates just how big a target legal businesses are for hackers and fraudsters, how international this threat is, and also how vulnerable many legal organisations are to this kind of threat, particularly as a result of widespread home-working policies and the security vulnerabilities this has introduced.
Some firms have developed sophisticated defences, invested in technology and people resources to secure themselves, and raised awareness actively among their people of the part they play in keeping their firms safe.
But even for these firms, cyber-security isn't a one-fix wonder: as the threat keeps evolving, so must the safeguards. Vigilance needs to be eternal. We have seen too often through experiences at top firms the nightmare that results from flaws in systems and data security, and then the impact on operations and the damage to client and market reputation. It's not a list you want your name to be on.
One thing, perversely, that is adding to the cyber-security risk is AI. Generative AI solutions like ChatGPT have been used by criminals to find vulnerabilities in computer code which they can exploit. Equally, GPT can help identify patterns associated with a cyber-attack and so help resolve it. It's an illustration of just how widespread the applications of AI are.
And AI is that another key investment decision law firms need to make on technology. Eversheds Sutherland set out its public goals for AI and described its internal programmes last week. This includes a 30-person team focused on the AI strategy for the business.
The positive applications of AI on law firm operations are potentially many and varied, from automating routine processes such as responses to billing enquiries, to conducting research on case law, precedents, statutes and regulations, creating marketing material for social media posts or standard internal documents such as job descriptions, and reviewing contracts to identify anomalies, concerns and patterns.
Whether it's time to make that investment now, and how firms apply it, is a decision to be made by each firm. But the time to focus the firm's mind on this is now. Every week that passes is a week lost as this technology advances and other firms develop their approaches and strategies, as Eversheds illustrated last week.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
