Technology provides law firms and their clients with an enormous upside, which they are uniformly keen to discuss. But first there is the significant, and less discussed, downside.

"IT security is possibly the number one issue. Any managing partner who isn't having sleepless nights over it is not doing their job properly – it's a huge issue for us and for all UK and international law firms, which are under pretty constant attack from cyber criminals." Blunt words from Michael Chissick, managing partner of Fieldfisher, which get to the heart of the matter.

"The problem with cybersecurity," he adds, "is that no one wants to talk about it, because if you have a breach you can't tell anyone – law firms don't want to for reputational reasons." Chissick's assessment is reinforced by a PwC survey, which last year revealed that 73% of the top 100 UK law firms had suffered a security incident during 2015-16.

In one publicly reported incident, New York security firm Flashpoint identified 48 law firms – including Allen & Overy (A&O), Freshfields Bruckhaus Deringer and Hogan Lovells – that had been targeted by a Russian cyber criminal to steal M&A-related information in order to benefit from insider trading. Cravath Swaine & Moore, one of the 48, confirmed that its systems had indeed been breached.

Although reticent about security breaches, firms readily acknowledge the paramount importance of vigilance and defence. The key is: education, education, education. "All law firms recognise the criticality of information security," says A&O IT and shared services director Andrew Brammer.

"Cybersecurity is obviously taken extremely seriously – we have an extensive, sophisticated cybersecurity programme with dedicated individuals, teams and a lot of resources, but our policy is that we don't comment on any specifics," adds Ash Banerjee, global CIO at Hogan Lovells.

Typical of high level security programmes are those operated at Bird & Bird, where IT director Karen Jacks (pictured) identifies the firm's "global certification to ISO 27001 on people, processes and technology, including implementation of a third-party managed security service to provide 24/7 security operations, monitoring and response".

Matt Peers, director of information systems and strategy at Linklaters, outlines the challenges for firms: "We have been focusing most recently on how we would respond in the event of a cyber attack, and this includes working with the most senior people in our firm as well as investing in ongoing training and awareness of cyber threats." But, he concedes, training and awareness can be difficult: "Our lawyers are all really busy, so our challenge is to develop training modules that capture their attention and that they want to complete."

Similarly, Clifford Chance (CC) CIO Paul Greenwood suggests: "The single most important thing is trying to improve the awareness and understanding of all our employees – the front line of defence is your people; educating and helping them understand. Because if you look at most of the successful breaches, they nearly all start with an email to somebody that's plausible: 'click here' or 'open this attachment'. That action opens up a small window which can then – very patiently and carefully – be used by hackers to make it wider and wider until they've got access to very sensitive information."

Earlier this year, every employee at one leading firm (not identified in this feature) received an email from Ocado. "Of course nearly everybody opened it, but I suspect that over 80% of those who did, don't even shop at Ocado," says the firm's IT director. "But as soon as you open it, in comes the malware." More seriously, the finance director of another prominent firm recently received an email purporting to be from the managing partner, requesting a substantial transfer of money. The firm in question almost paid out before it was stopped at the last minute.

Any managing partner who isn't having sleepless nights over IT security is not doing their job properly

Spending on IT security has certainly mushroomed, as DAC Beachcroft IT director David Aird explains: "There has been a significant upswing in investment. Lawyers have seen the need to invest heavily in systems and processes." Detection is becoming more sophisticated too. One firm, for example, has an AI-based tool that sits on its network, looking for unusual activities that have never happened before.

"Like any prudent commercial law firm, DAC Beachcroft has robust systems in place to protect itself in the event of cyber attack. But how do you effectively benchmark success – by having no attacks? We always look closely at things we've managed to block, but it's not possible to know about them all ahead of time."

Travers Smith IT director Ann Cant concludes: "Ultimately, the prevention of cyber attacks is almost impossible, so we concentrate on detection and remediation."

On the upside, law firms are testing and implementing myriad clever systems. "Predicative analytics, big data tools, artificial intelligence – emerging technologies are now firmly at the top of the agenda," says Ken Heaps, chief information officer at Latham & Watkins. "Across several practices, we are evaluating and piloting a range of exciting technologies, including applications and tools that leverage machine learning."

For firms investing millions of dollars in an IBM Watson licence or, like Norton Rose Fulbright, £75m for its firmwide SAP management system, technology can be very expensive – and often with no guaranteed return over the long term. As one IT director comments: "You see some firms making investments which may make or break them."

Having created bespoke products, others are reaping the benefits. At A&O, Brammer points specifically to "aosphere, our derivatives service that creates and maintains only databases of complex legal information; MarginMatrix, which is a digital derivatives compliance system to help major banks deal with new regulatory requirements; and most recently, the introduction of technology to facilitate e-signing".

Linklaters is coy on details of innovation: "We have been developing a software solution for a client that will see us providing legal advice via a technology solution on a regular basis," says Peers. "Most of our engagements with clients are over single matters, so to have the chance to do something that involves clients using our solutions on a very regular basis is a new way of working for our firm."

Greenwood is equally circumspect about giving the names of brands, products or systems used at CC. However, the firm "has been introducing a whole host of things", he says. At a personal level, this includes "better remote access technologies, more portable devices, very lightweight laptops and tablet-laptop hybrids". He adds: "We've been deploying double screens for all users, which is very simple, but makes a big difference to the work of a lawyer working intensively on documents."

If you have a breach you can't tell anyone – law firms don't want to for reputational reasons

In a "significant portfolio of projects", Hogan Lovells is reviewing its core business systems: finance, practice management and human resources. "We're in the process of upgrading them, going to global platforms for all three," says Banerjee. "The intention is to improve our lawyers' ability to obtain information for business decision-making." Deploying a common system that serves the needs of an entire firm across multiple offices is complicated, he adds. "The best analogy? Imagine a table set for a few thousand people and you decide to lay the tablecloth under a fully laid dinner service without any of the guests noticing that you've done so."

Lucy Dillon, chief knowledge officer at Reed Smith, suggests their most innovative offering "is not one system, but an efficient combination of a number of different processes". Known as the Deal Performance Platform, "it has streamlined deal closings significantly, both internally and for clients", she adds.

Several firms claim firsts in their innovative use of technology. Chissick is enthused by Fieldfisher's new system, provided by LexisNexis, called LexisOne: "It's a new integrating HR and financial practice management system based on Microsoft Dynamics, the world's largest finance system. We will be the first European law firm to go live with it next June – it's pretty revolutionary."

Bird & Bird's focus has primarily been on client relationship management, as Jacks explains: "We were the first international law firm to engage with OnePlaceCRM, a solution based on the Salesforce platform. This replaces an in-house bespoke CRM solution and offers us huge and exciting potential in terms of consolidating contact and financial data, mailing lists and event lists."

Meanwhile, the firm's recent relocation to new London premises also included moving from a cellular to a non-cellular environment. "A single smart card," says Jacks, "now controls much of what we do in our new building from access control to buying lunch, along with how we deliver system access and telephony."

Travers has made major efforts to reduce what technology should have delivered long ago: paper reduction. "We're using workflow tools to replace paper-based systems such as file opening and resource booking," says Cant. "We have installed a system that allows collections of documents to be stored in a single folder which is up to date and available both in and out of the office. These processes allow our users to work in a more agile way as they are not tied to paper processes any more."

Technology can present as many challenges as opportunities. So what is the biggest challenge? "Making sure that we can focus time and money on technology that helps with delivery of solutions to clients," says Peers. "We always seek to exploit new technologies while avoiding just buying the latest solution," agrees Jacks. "We are very excited about emerging technologies, but of course need to ensure we adopt solutions that will bring value to us and our clients."

Cant comments: "The sheer quantity of data is a constant challenge both in terms of storage and being able to find what you need accurately and quickly, and this is where I believe big data and AI will naturally evolve." Heaps adds: "As technology influences so much of the running of the business, increasingly it is critical to have resources with the right technical expertise working side by side with the lawyers. To deliver this, we need to grow technical competencies throughout the business."

Meanwhile, Dillon hopes: "To increase our agility in delivering and adopting impactful technologies, given the pace at which technology develops."

That increasing pace of change is of course a challenge in itself, as Aird confirms: "Getting lawyers to just change day-to-day working practices is the biggest challenge. People are only human – we can only change at a certain pace." Banerjee highlights logistical concerns from an IT management perspective: "Managing the equation of demand and supply is very challenging: demand from clients, from partners, from the business in general, exceeds our supply."

Even though it is central to his role, Greenwood remains stoic: "IT is still only a tool – it's not what people are paying for when they use a law firm. Competitive advantages purely through technology can be quite shortlived."

• This year's Legal Week Strategic Technology Forum is co-chaired by Gavin Gray, North American regional operating officer, Baker McKenzie; and Derek Southall, partner, head of innovation and digital, Gowling WLG. It takes place from 7-9 June at Grand Hotel Des Iles Borromees, Lake Maggiore, Italy. For delegate enquiries email [email protected]; for sponsorship information call Peter Connolly on +44 (0) 0)203 868 7527 or email [email protected]