Horizon scanning: How can law firms prepare for emerging risks?

The legal sector is facing a pivotal moment in its long and illustrious history: new technologies, global geopolitical instabilities and increased regulatory scrutiny are disrupting and transforming the way law firms operate and deliver their services. How firms respond to these changes will determine their ability to withstand the risks and challenges that lie ahead. This article examines some of the most important business and compliance risks facing the profession in the future and how law firms can adequately prepare for them. We also explore how in-house legal advisors – especially General Counsel (GC) – will play a key role in protecting and future-proofing law firms against these emerging risks.

Artificial Intelligence: rapidly developing, poorly regulated and on track to irreversibly disrupt the legal market 

Generative Artificial intelligence (Gen AI) is the next frontier for legal services, with the potential to transform the way core tasks are performed, including analysing contracts, drafting or summarising documents and conducting legal research. Specialist legal AI platforms are being developed at pace, such as Dentons’ fleetAI (a client-safe alternative to ChatGPT) and Lexis+AI (a research, document analysis and legal citation assistant).

The industry appears to have an appetite for AI-based law tech, with a recent Clio study confirming that 19% of lawyers already use Gen AI in their daily work and 68% want to learn more about it. Clients also seem keen, with almost half expressing approval for their legal counsel to use AI if it would result in reduced fees, and 30% believing lawyers should use AI for legal research and drafting. It feels inevitable therefore that AI will become increasingly integrated with the way lawyers work and provide their services. These innovations pose exciting opportunities for tech-savvy and pioneering law firms to gain a competitive advantage in the industry.

AI use among legal professionals comes with significant risks such as negligence and liability exposure caused by errors and inaccurate outputs resulting from the tendency of Gen AI platforms to “hallucinate”.  One also shouldn’t underestimate the potentially negative impact on lawyers’ learning and development caused by over-reliance on AI. Maintaining client confidentiality and protecting data is another significant concern, as the privacy and security of information used as “input” data into an AI model depends on the service provider’s policies and the underlying source code used. Intellectual property and copyright issues worry 37% of lawyers, with concerns around ownership of the “output” data generated by an AI platform. And, last but not least, law firms must consider ethical risks such as the impact of AI on access to justice and its predisposition for unconscious bias and discrimination.

In August of this year, the Law Society updated its guidance to help law firms understand and manage AI-related risks, particularly in the current climate of limited regulatory oversight. The key take-away is that any work generated using AI tools will be subject to the same professional conduct rules and duties, and lawyers are not absolved of liability if errors occur. Law firms must carefully factcheck an AI platform’s outputs and carry out thorough due diligence on suppliers and service providers. The Law Society further stresses the importance of negotiating key contractual terms with AI vendors on warranties, indemnities and limitations of liability and to understand suppliers’ processes and policies for handling data.

Cyber Security: the ever-present threat

Cyber security is another tech-based risk threatening the stability and success of law firms. Industry commentators predict cyber security challenges will continue to plague law firms for years to come with cyber-attacks becoming increasingly politically motivated - fuelled by geopolitical tensions and global conflicts. For example, Iran has perpetrated several cyber-attacks against US financial institutions and, since the Russia-Ukraine war broke out in 2022, cyber-attacks against users in NATO countries have increased by 300%.

Law firms are prime targets for cyber-attacks, because they hold a vast quantity of confidential information and client funds, but also because they may be part of the supply chain of a government or high-profile business. Hackers may therefore attack a law firm’s systems to gain access to the real target entity in the firm’s supply chain (like a vendor or client). Conversely, hackers can gain access to a law firm’s systems and data by exploiting vulnerabilities in the systems of its own vendors and suppliers – such that even law firms with robust IT systems in place can never completely ensure their protection from a cyber-attack.

A recent investigation by the SRA found the legal industry’s protection levels and preparedness for a cyber-attack are insufficient. Out of 40 firms visited by the SRA, 75% reported having been the victims of a cyber-attack, 25% did not encrypt their laptops and half of the firms had granted unrestricted use of external data-storage media. The rise in flexible and remote working in law firms has further contributed to increased cyber risks and vulnerabilities.

Experts in cyber risk management emphasize the importance of incident response planning and leadership in a cyber crisis – with both functions falling firmly with the remit of the GC or other senior legal counsel who should understand the firm’s risk profile, assess security gaps, educate and train executives, and formulate and implement an effective and flexible strategy for responding to breaches. Cyber incidents typically engage complex regulatory procedures and reporting requirements that are also best left to the in-house legal team to manage.

Sanctions: constantly evolving and stricter regulation

Sanctions issues have been on law firms’ risk radars for several years especially since Russian’s invasion of Ukraine, when the UK sanctions liability regime expanded rapidly, such that it now applies to all law firms operating in every sector. In 2023 alone, over 21,000 new sanctions were imposed. As modern businesses with global cases and clients, law firms will continue being affected by the geopolitical tensions and military escalations fuelling the UK’s increasingly stringent and widening sanctions regime.

In January 2024 the SRA published guidance on the importance of conducting firm-wide sanctions risk assessments. It stressed that inexperienced solicitors and law firms who struggle to identify sanctions risks are more likely to be targeted by sanctioned individuals wishing to exploit them and by-pass the UK’s strict liability regime. Implementing robust firm-wide risk assessments – with input from internal legal and risk advisors – can help law firms protect themselves and ensure none of their dealings with suppliers, clients, and even the counterparties and opponents on their matters violate sanctions rules.

Law firms can also prevent sanctions breaches by keeping up to date with rapidly changing regulations and sanctions registers across all relevant jurisdictions, conducting appropriate due diligence on client activities and external dealings, and ensuring robust procedures are in place for educating and training partners and fee-earners on their obligations under the regime. As with the other risks identified in this article, the role of the GC and other internal legal advisors is paramount to safeguarding firms against sanctions-related risks.

Employee wellbeing: law firms must do more than lip service

The last few years has seen heightened scrutiny of law firms’ track record on workplace culture and preserving mental health and wellbeing among lawyers. In 2023, the Law Society introduced a new set of rules and guidance to help law firms foster positive working environments, highlighting individual lawyers’ and firms’ obligations under the SRA Code of Conduct to treat colleagues fairly, respectfully and avoid bullying, harassment and discrimination. The guidance places an obligation on firms to take concrete action, especially around ensuring staff compliance with organisational values and expected behaviours.

The risks associated with failing to tackle negative workplace cultures include increased claims linked to mistakes and errors arising from employee stress and mental health issues. Research carried out by Travelers found that large loss negligence claims against law firms have persisted and become more expensive since 2000, affecting firms of all sizes, and are overwhelmingly the result of simple employee mistakes caused by stress or fatigue-induced distraction. Law firms may also face regulatory action by the SRA for failing to tackle bullying, discrimination or harassment in their organisations and resulting reputational damage. Once again, law firms will benefit from having trusted legal advisors within their organisation who can identify and address cultural risks and red flags in the workplace.

How can law firms protect themselves against tomorrow’s risks and challenges? 

A common theme that has arisen in this article when considering how law firms can and should prepare for the challenges they are likely to face in the future, is effective leadership. Knowledgeable risk and compliance professionals are vital, both in the planning and prevention phase and, crucially, when it comes to crisis management and resolution. Law firms take the emerging risks highlighted in this article seriously and should make sure they have the right skills and capabilities within their organisations to plan effectively and prepare for them.

One of the core areas of expertise at Cyan Partners is helping law firms recruit GCs and entire in-house legal teams. Our expert recruiters, Chris Cayley and Michelle Corneby, can help you find the right match for your firm or organisation. Contact us today for an initial call to find out how we can help.