For Midsize Law Firm Leaders, 'It Takes Dollars' to Tackle Tech Initiatives
Vendors are one thing. But many more costs are internalized, and law firm technology spending is a growing part of the budgetary discussion.
March 21, 2018 at 11:41 AM
7 minute read
From IT upgrades to cybersecurity to e-discovery, law firms are seeking answers, which can be challenging when legal and tech personnel speak different languages. But the language of dollars and cents is universal.
Vendors are one thing. (For example, cybersecurity consultant Gideon Lenkey previously told the Law Journal that penetration testing can cost a firm anywhere from $7,500 to $70,000, while his hourly rates for other tasks is $280.)
But many more costs are internalized, and law firm technology spending is a growing part of the budgetary discussion, including at midsize firms.
At Chiesa, Shahinian & Giantomasi in West Orange, the technology budget was $1.4 million in 2017, compared with $1.1 million the prior year, and in each year, the number accounted for at least 2 percent of firm revenue, according to firm leaders. And that budget includes only hardware and software—no salaries or overhead for IT personnel, which include an IT director and four others.
The tech budget “has increased significantly, both in terms of absolute dollars and as a percentage of expenses,” according to Chiesa Shahinian managing partner Daniel Schwartz.
“It takes dollars, and these have been nondiscretionary dollars we've devoted to this over the last few years,” Schwartz said in an interview. ”Even [as] a law firm in West Orange, New Jersey, of 130 lawyers, we are taking this very, very seriously.”
About four years ago, the firm entered a “catch-up mode,” said firm executive director Jim Cunningham. Technology spending in eras past had been treated as a “necessary evil,” with the prevailing attitude among lawyers: “why are we spending this much money?” But that attitude has evolved into an acceptance, that money must be devoted to the issue, Cunningham said.
According to Schwartz, news of breaches at other law firms and client demand for efficient document-management and accounting systems have caused lawyers to be more interested than ever in technology issues. And that opens the lines of communications, it seems.
Accounting for the year-over-year $300,000 increase in Chiesa Shahinian's IT budget (a 27 percent spike) were the full virtualization of the firm's technology structure at the office and at the data recovery center in Pennsylvania: a series of servers working in tandem versus individual servers dedicated to certain programs. There was also the addition of a new encryption system that protects data that is “at rest,” as well as data being transferred. Budgeted for 2018 are penetration testing, whereby the firm's cybersecurity measures are subjected to simulated attacks, and the potential move to a cloud-based storage system.
When it comes to cloud storage vendors, “every indication is they can do it better than we can,” Cunningham said.
Schwartz said he considers the firm's five-person IT department “lean,” though he noted that the firm uses vendors for many functions.
These and other issues are discussed by the firm's technology committee, which sets the technology budget, and whose January meeting involved 30 proposed initiatives rated at one of three levels of priority, leaders said.
At Bridgewater-based Norris, McLaughlin & Marcus, a firm of about 135 lawyers, cybersecurity has taken up an increasing amount of the firm's budget in recent years, and accounts for about 1 percent of revenue and 35 percent of the firm's annual IT budget, according to Mike Blumel, information technology director.
Getting to that point was an achievement in itself, it seems.
“It was tough in the law firm to sell the litigators who have traditionally run the firm,” he said. “That took a few months of back and forth,” and, in some cases, “arms getting twisted by our clients,” he added.
The prevailing attitude in eras past was “what we have works,” Blumel said. “'I turn on my computer and I'm working on my brief—what's the problem?'”
Hardware should be replaced more often at law firms, he said.
“They just don't get it. It's not what they do. They practice law. … [But] tomorrow, when this 8-year-old server doesn't work, you're going to yell at me,” Blumel said.
Last August, the firm implemented a cybersecurity artificial intelligence program, Darktrace, which goes beyond intrusion detection by simulating patterns of human users to track abnormalities. The program, he said, can stop the spread of malware such as “zero day” beyond the first workstation. “It's really saved us,” he said. “The value is tremendous,” even though it is expensive compared to some other products, he added. (Splunk, he noted, is another big player in AI cybersecurity.)
Apart from serving clients in regulated industries, there aren't well-defined guidelines on what cybersecurity measures a law firm should have, according to Blumel. “It's like a gray area—how much is enough?” he said. He did note, however, that the International Information System Security Certification Consortium, or (ISC)2, which trains and certifies cybersecurity professionals, is the “gold standard” on best practices.
Headlines about law firm cyberattacks motivate midsize and small firms to act, he said, but because cybersecurity products are licensed by user and by device, firms of 100 to 500 lawyers are in a tier where the cost could hit them harder.
Apart from costly cybersecurity programs, there's also annual penetration testing, whereby cybersecurity professionals simulate attacks. For Norris McLaughlin, that can run $10,000 to $15,000, while internal policies and contracts are reviewed by hired contractors.
Other cybersecurity measures such as multifactor authentication, where remote network access requires not only a password but email approval by the user; a “sandbox” email feature, where all messages are diverted temporarily if they contain suspicious URLs; and yearly cybersecurity training—which some attorneys resist having to attend, according to Blumel—also cost money to implement, he added.
No Red Flag
Technology can cost dollars and save dollars, but it can also generate them. And sometimes staying out of the red is a victory.
The six-member litigation support group at Haddonfield-based Archer & Greiner is not a profit center, according to litigation technology manager Michael Reeves. But “I've told people numerous times, as long as we don't pop up as a red flag in the accounting department, we're good,” he said.
The group does primarily client work. They bill at $80 to $125 per hour, but don't charge clients a per-gigabyte hosting fee, and the service is intended as a “value-add” for clients, Reeves said.
Reeves, who previously held jobs at Philadelphia firms Conrad O'Brien and Wolf Block, came to Archer & Greiner in the early 2000s to help build databases for document review. Years later, he's the head of a full litigation-support group made up of four technologists and two paralegals.
Discussions about tech initiatives are ongoing. For example, Archer & Greiner has yet to fully virtualize its data storage with a cloud-based service. Reeves, like many others who discuss the consideration of cloud-based storage, cited client concerns about security that go along with such moves. But there's also a savings.
“The cost of maintaining servers and infrastructure behind a firewall … is becoming more expensive,” while cloud-based services “scale up and down” and can “do more with less,” Reeves said.
“The trade-off is, either your people go work for [the vendor], or are out of a job, bluntly,” he said. “We're at a time in the industry where we're doing a balancing act.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllElection Law Spending Is on the Rise, but Big Firms Have Reasons Not to Cash In
6 minute readTroutman Pepper Accused of Inattentive Case Management in $59M Malpractice Suit
7 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250