￼Who Is In Charge and How Are We Doing? INSIGHTS FROM THE 2017 AMERICAN LEGALNET RISK MANAGEMENT SURVEY By Erez Bustan PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | WINTER 2017 Risk management is now high on the priority lists of many legal IT professionals, and for good reason. In 2017 several breaches dominated headlines, including cyberattacks like WannaCry ransomware, Equifax’s crippling data breach and continually breaking evidence of hacking and cyberinterference impacting major American elections. Debacles like these make it clear that the risks facing law firms and their clients are formidable and ever-changing. IT professionals at law firms must protect not only their firms but also the firms’ clients and their data. Otherwise the firms could be exposed to security threats, malpractice suits and other woes. Law firms must determine who is responsible for risk management, what threats are looming and how technology tools and strategies can…Read More
￼Who Is In Charge and How Are We Doing?
By Erez Bustan
Risk management is now high on the priority lists of many legal IT professionals, and for good reason. In 2017 several breaches dominated headlines, including cyberattacks like WannaCry ransomware, Equifax’s crippling data breach and continually breaking evidence of hacking and cyberinterference impacting major American elections. Debacles like these make it clear that the risks facing law firms and their clients are formidable and ever-changing.
IT professionals at law firms must protect not only their firms but also the firms’ clients and their data. Otherwise the firms could be exposed to security threats, malpractice suits and other woes. Law firms must determine who is responsible for risk management, what threats are looming and how technology tools and strategies can best address them. Technology can be a formidable ally for legal IT in fighting these battles, but outdated, decentralized or limited software can leave big gaps in protection and fail firms and their clients.
During ILTACON 2017, American LegalNet conducted its third annual Risk Management Survey, polling ILTA members about the greatest risks to their firms and how prepared they felt to address them. The number of respondents in 2017 more than doubled the 2016 respondent pool, showing a surge of interest in the topic.
Responses to the 2017 Survey
While 44 percent identified as CIO/CTO/IT Director and IT Manager, the rest of respondents were distributed across diverse job areas like Risk and Compliance, Practice Support, Director-Legal and System Analyst. The “Other” write-in category garnered 38 percent, encompassing a wide variety of job titles.
Compared to 2016’s 72 percent IT professionals, those surveyed in 2017 were much more differentiated. This points to the possibility that ILTACON is attracting a more varied audience outside of legal IT.
The 2017 survey respondents came from law firms of all sizes, with the largest majority coming from firms with 500+ attorneys (25 percent) and 101–250 attorneys (20 percent). In comparison with 2016, the 2017 responses from the largest 500+ attorney firms increased by 6 percent, firms with 101–250 attorneys decreased by 8 percent, and other attorney brackets stayed fairly consistent.
Whose Job is Risk Management Anyway?
The 2017 survey made it clear that law firms are still struggling to determine who is primarily accountable for risk management. Two answer options were added for this question, including Governance Committee and IT Director. The debut of the IT Director answer may partially explain the significant drop in the CIO/CTO answer from 2016 to 2017,
but from 2015 onward we clearly see a downward trend. In 2016, 38 percent of respondents identified the firm’s General Counsel as having overall risk management responsibility, but in 2017 less than half that number pointed to GCs. Note the surprisingly robust 29 percent who answered “Don’t know.”
Top Risk Management Challenges
Survey respondents were asked, “What is the single biggest risk management challenge your firm faces over the next 12 months?” In 2016, the top challenge selected was cyberthreats (56 percent), but only about half that number (28 percent) gave the same answer in 2017. Two new answer choices — “Malware, ransomware and viruses” and “Negligence/human error” — made strong debuts at 22 percent each. At 13 percent, “I don’t know” was the only other 2017 response of note, with all other choices scoring below 9 percent.
Self-Assessing Capability to Address Risk
Answers for the 2017 survey were mixed on this topic, with most firms expressing great confidence in their risk management approach and others admitting they had more work to do. Seventy-seven percent responded that they were either “Capable,” “More than capable,” or “Extremely capable.” Twenty percent said, “We have work to do,” and only 3 percent said “Minimal,” all of which seems positive.
Note, though, that “We have work to do” has increased each year (from 10 percent in 2015 up
to 20 percent in 2017) and that taken together the three Capable ratings (Capable, More than capable and Extremely capable) have dropped each year (2015’s 90 percent drops to 81 percent in 2016 and down further to 76 percent in 2017). Admissions of shortcomings plus reduced confidence in capability show a gradual downward trend in respondents’ readiness to address risk management.
Increasing Investment in Risk Management
More than half (58 percent) of 2017 respondents said that within the next 12 months, “Yes — we will be making additional budget available for risk management initiatives.” This is an 11% increase over 2016. Twenty-one percent of 2017 respondents answered, “No — we need to increase investment but we are unable to invest due to budget constraints,” so there was acknowledgment
of need but no money available. Another 21 percent replied, “No — we have made all the investment we need at the current time.” Many firms are clearly seeing the need to allot more funds to address challenges in the coming year, and a substantial contingent realizes that investment is necessary, even if budget is not there yet.
Malpractice Risk on the Rise
Nearly half (49 percent) of 2017 respondents agreed that “the risk of legal malpractice suits has gone up significantly in recent years.” Only 7 percent disagreed, with 44 percent not sure. In 2016, 40 percent had agreed; with agreement increasing more than 9 percent in 2017, malpractice concerns are apparently alive, well and growing.
The Threat of a Decentralized or Outdated Docketing System
Since one of American LegalNet’s key areas of interest is calendaring and docketing solutions, the survey asked whether a “decentralized or outdated docketing system creates significant risk for my firm.” Sixty percent agreed, 9 percent disagreed and 31 percent responded, “Not sure.” The number agreeing increased nearly 4 percent from the 2016 finding.
The 2017 survey’s results showed there is much progress to be made for firms to update their docketing solutions. When asked to weigh in on whether their “current docketing solution is built on the latest technology,” only 20 percent agreed, with 44 percent disagreeing and 36 percent responding, “Not sure.”
A new 2017 question asked, “Is your docketing/ calendaring solution cloud-based?” A majority (72 percent) said no, 10 percent answered yes and 17 percent did not know. For all the publicity the cloud receives and however popular it may be for other software categories, law firms are clearly not buying many cloud-based docketing calendaring systems yet.
Having conducted our risk management survey for three years now, it is clear that risk management is evolving at law firms and is still very challenging. Firms continue to struggle with the question of who is responsible for risk management. This year’s threats will still exist next year and most likely new ones will appear, so risk will only expand over time.
The good news is that those surveyed either planned to invest in risk management in the coming year or at least recognized reasons to invest more in the future. Buying new technologies, providing curated content to prevent infected search engine- based downloads and updating core systems like docketing and calendaring would clearly bring relief from some risk management woes, either preemptively or to correct specific problems. We hope the 2018 survey will show that respondents have gained confidence and certainty that risk management is being handled successfully at
their firms, and more will have proper funding to address threats to the firms and their clients. P2P
ABOUT THE SURVEY The 2017 Survey respondent pool was more than double that of the 2016 survey, and was comprised of a diverse group of legal IT, general counsel, risk & compliance, and practice support professionals.
The 2017 survey had 44% IT department respondents and more than half specializing in other areas like legal, risk/ compliance and practice support. The 2016 survey responders were primarily IT professionals (72%).
The largest 2017 survey majorities responded from the biggest firms with 500+ attorneys (25%) and from firms with 101-250 attorneys (20%). 2017 marked a 6% increase over 2016 in responses from 500+ attorney firms.
For more information or to receive the survey results, CLICK HERE.
To read the entire issue CLICK HERE