Five IT-Related Risks for Law Firms to Prioritize in 2020

Matt Gillis | February 25, 2020

Law firms face a wide range of risks associated with the information technology (IT) operations in their firms. The most obvious tech-related risks are cybersecurity threats and business continuity needs in the event of an IT infrastructure outage. These are indeed high-stakes risks that are deserving of the news headlines and conference keynote addresses in recent years.

Increasingly, we see and hear about a number of less obvious IT-related risks to law firms that are just as damaging and most often overlooked. Identifying and understanding these risks is an important first step for law firm IT decision makers to take in 2020 — and developing a strategy to manage these risks is key to a law firm’s competitiveness in the future.

Here are five key IT-related risks to law firms, each of which successful firms are addressing to avoid serious competitive disadvantages and potential impact on profitability.


1. Strategic Focus

Many law firms assign to their IT teams the basic tasks of “keeping the lights on” at the firm — the networks running, the servers patched, phone and desk-side tech support for end users, and other mission critical but ultimately non-strategic responsibilities.

While this day-to-day IT infrastructure work is important to the operations of the firm (in fact, even mission-critical), it is time-consuming and comparatively low-value. Most firms, however, do not have the resources, time or expertise to be proficient in both the day-to-day IT operations and the deployment of innovative technologies that will drive competitive advantages for the firm. Given this tension, the urgent will always take priority over the strategic and — for internal IT professionals assigned the task of keeping the status quo working properly — delaying or derailing higher-value initiatives that advance the goals of a practice or the firm.

This common dynamic leaves firms’ IT teams chronically distracted and falling further behind the state-of-the-art in legal technology. Examples of missed opportunities include: consulting with practice area leaders on business problems and recommending technology solutions; deployment of practice-specific applications that differentiate the firm from its peers; and more strategic use of advanced technologies across the firm (e.g., AI, predictive analytics, etc.) or innovations that can help the firm better serve its clients.


2. Scale

As in all other areas of procurement, obtaining the best pricing on IT hardware, software and services requires organizational scale. The reality of the legal services industry, however, is that very few law firms are big enough on their own to secure optimal discounts for IT resources they must purchase. This is not a reflection on law firm management, it is simply a mathematical reality: technology providers consider most law firms to be midsized or even small businesses based on gross revenues and they offer pricing accordingly.

This creates a risk to law firms of paying too much — from both their capital and operating expenditure budgets — for crucial technology infrastructure components, more than competitors who have deployed strategies that allow them to benefit from greater economies of scale. After all, if you negotiate with a vendor (e.g., data center, telecommunications, software, etc.) once every three years, it is inevitable that you will get a less favorable result than a business that is interacting with these same providers every single day — on behalf of both your firm and your competitors — and knows the current market conditions intimately.


3. Staffing

What would happen if the top three IT people — you know who they are — in your firm suddenly resigned at once? For most firms, this would be a serious problem. It is a major challenge for law firms to recruit and retain the best technology professionals. The fundamental problem is that the best talent will be aggressively sought out by technology companies that are likely able to make more generous compensation offers — and may be more attractive employment destinations to these professionals — than law firms.

Moreover, the top IT performers in law firms will be targeted by large technology companies that are looking to poach the best people available in the IT workforce. This is exacerbated by law firms’ business structures and cultures, in which “back office” professionals (non-lawyer staff) are secondary in importance and authority to “front office” professionals (lawyers).

This leaves law firms with a persistent inability to hire and keep talent in IT functional areas, which creates turnover headaches and potential staffing shortages at any given time. This can be a serious business risk if the firm loses key institutional knowledge and develops continuity holes opened by unplanned attrition.


4. Experience

Technology systems and applications continue to grow more sophisticated and complex, demanding more robust infrastructure. Law firms must therefore make new capital investments in IT hardware every 3-5 years in order to replace infrastructure that is at end of life. In addition, law firm IT teams are expected to be on the leading edge of the latest and greatest business and practice-enabling technologies at all times, a rapidly moving target in the legal services industry. In a world where both sectors are advancing quickly with new entrants by the dozens — if not hundreds — each year, this is an impossible task.

Most law firms have neither the budget, expertise nor time to stay current with their infrastructure technologies (e.g., storage, compute, networking, security, etc.) and advanced practice-enabling technologies; they face a Hobson’s choice as to which is most pressing in the moment. This creates a risk to firms of slipping behind the curve when it comes to how current their technical capabilities are at any given time.

This risk can emerge for two reasons: (1) The firm is unable to allocate sufficient budget or capital dollars to acquire the right technology or talent; or (2) The firm’s IT professionals are in the dark on an important innovation that other law firms or alternative legal service providers (ALSPs) have already embraced. The graphic below illustrates this dilemma as firms often must make difficult IT priority decisions and often focus on areas that are necessary, not differentiating. (Size the bubbles for yourself based on strategic significance to your firm and then go back and size them based on your actual current investment levels.)



5. Vendor Management

All law firms enter into contracts with outside vendors who can provide specialized services or perhaps supplement the firm’s internal resources in key areas of operations. This is especially true with respect to IT requirements, which can include contracting with website developers, database administrators, e-discovery providers and managed communications vendors.

The problem is that it can be quite onerous for a law firm’s IT managers, who are tasked with day-to-day operational requirements, to effectively manage these one-off vendor relationships. And, as mentioned earlier, most firms do not have sufficient interactions with any single vendor to truly evaluate what a good deal looks like and how an optimal pricing model might be structured with that vendor.

This situation poses another lurking risk to law firms because the failure to properly manage vendors can result in firms overpaying for services — as we spelled out above — and poor renewal management. Moreover, insufficient vendor management can increase the risk of an outside service provider making a mistake that reflects badly on the firm.



Law firms are all too aware of their IT-related risks that make daily headlines, such as data breaches, ransomware attacks and disaster recovery crises. But they also need to be aware of lurking IT-related risks to their organizations that are more existential in nature, such as challenges impacting staffing, strategic focus, technical currency, scale and vendor management. So how can firms address these multiple risks, while improving their strategic position and driving growth?

An increasingly popular law firm IT risk management strategy is to partner with expert services providers that assume operational responsibility for some or all of the firm’s core IT systems and operations. These day-to-day tasks might include desktop support for the firm’s employees, management of the firm’s network, servers, databases and applications, first-level help desk support, and monitoring and resolving IT issues.

This innovative model enables a law firm to turn over the day-to-day IT infrastructure requirements to a service provider — a strategic partner who can do it at a lower cost and with greater efficiency — and to redirect the time of their full-time staff members toward higher value functions that drive the firm’s business forward.

The IT managed services model also solves a law firm’s problem of attracting and retaining the top-tier IT talent necessary to build, deploy and maintain their technology infrastructure. Once an expert services provider is in place to handle the day-to-day IT needs, the firm can convert its “back office” employees into “front office” value creators for their new strategic partner. This is a true win-win for the law firm and for the IT employees.

Finally, law firms can turn capital expenditures into more predictable operating expenditures, smoothing out their year-over-year investment profile and avoiding the risk of a surprise capital expenditure for additional hardware necessary to keep the firm running.

For firms that are just beginning to identify these various IT-related risks, an easy first step might be to seek counsel from outside experts who focus exclusively in the legal services marketplace. A thorough evaluation of the firm’s IT risk profile can help to identify gaps and explore possible solutions for firm management to consider in 2020.

To learn more about IT risks or an assessment for your firm, please contact me or another member of HBR’s team.



See all