Cybersecurity problems are distressingly apparent in the City of Brotherly Love these days. The city court's website has been shut down by a virus since May 21 (the website went back online Monday, July 1). A decade after Philadelphia courts instituted an e-filing system, law firms have reverted to filing hard copies of documents the old-fashioned way. For young attorneys, the idea of filing and serving paper documents is a brave new world. For their more experienced colleagues, the feeling is more akin to “Back to the Future.”

Philadelphia officials continue to avoid revealing any detailed information regarding the security breach. The official story is a virus was found on only certain computer programs, and were shut down as a precaution. Most observers expected the “precaution” of the shutdown to last a day or two at the most. That was over four weeks ago.

This is not the first time a major metropolitan area had their services disrupted by a cyberattack. Baltimore dealt with an apparently similar issue when a ransomware attack on May 7 exposed the vulnerability of their system. Experts reported part of that malware was created by the NSA before being hacked itself by foreign actors in 2017. While Philadelphia's City Hall remains silent, many in the Center City legal community hypothesize the same Baltimore malware may have struck again. That attack reportedly cost Baltimore more than $18 million and officials were heavily criticized for their slow response. Greeneville, North Carolina was also struck by what some are now calling the “RobbinHood” malware. Time will tell the final cost in Philadelphia, but the disruption to legal proceedings is already significant.

The broader digital transformation of the legal profession has been nothing short of remarkable. Today law students only use the library as a quiet place to study. Legal research is performed online and firms are transitioning to digital case files. The predictions of artificial intelligence performing legal work, and employment from home replacing physical offices, once seemed far-fetched. Now they're increasingly considered foregone conclusions.

The recent cyberattacks in Philadelphia and Baltimore may give the tech-prognosticators pause. Technology is not an unqualified panacea and rapid adoption involves inherent risks and vulnerabilities. The shutdown of judicial computer systems should serve as a reminder that the legal world is not immune from cybersecurity threats. Now is an appropriate time to stop and take stock of the potential trade-offs of the digital revolution, particularly for young, digitally native attorneys who have never known an alternative.

Futurist Roy Amara once famously observed, “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.” In the 1990s leaders including President Bill Clinton and then-Gov. George W. Bush predicted the internet would bring down authoritarian regimes across the world and hasten the spread of democracy. Today authoritarian regimes have learned to use technology for their own benefit. After the backlash against Facebook following the 2016 election, it's becoming increasingly common to see social media in particular as an obstacle, rather than a mechanism for legal or political transformation.

These social media controversies are a great example of “Amara's Law” in action. Regardless of the impact of technology on short-term news events, the long-term consequences seem to be underestimated. The average American now spends more than two hours per day on their smartphone. Confidential information such as financial transactions, written communication, and yes, legal filings are all performed online. Ten years into this transformation, it's unthinkable to return to the old ways. This is exactly why the current situation in Philadelphia is remarkable and interesting. In the race to maximize speed and convenience, professional communities including legal and financial services have made implicit trade-offs against long-term security and privacy.

These trade-offs are particularly significant for attorneys and law firms. Due to the quantity and quality of sensitive client information held by firms, attorneys are a prime target for hackers. Ransomware attacks are by no means exclusive to courts. In 2017 several large law firms had their own problems with ransomware attacks and unfortunately this is far from the only threat.

Hacked email accounts and phishing attacks are another growing area of vulnerability. Many attorneys now use platforms like DocuSign or Dropbox in their daily practice. These logins are predisposed to sophisticated cyberattacks with potentially disastrous consequences. Secure file sharing is an absolute necessity for every firm. Information security policies should be constantly reviewed and updated to prevent any potential leak of confidential information.

Not surprisingly, some firms are now facing legal malpractice claims due to inadequate cybersecurity protocols. Although it's still too early to tell, it would be surprising if this trend did not continue in the future.

The ABA 2017 Legal Technology Survey reported 22% of law firms experienced a cyberattack or data breach. Data seems to indicate the likelihood of being attacked increases with the size of the law firm. But solo practitioners and small firms cannot afford to rest easy. Because of their smaller size, these offices may also lack the resources and capabilities to adequately address the threat of an attack.

The recent attacks have been dangerous, but they can also be learning experiences for the future. The Gartner “Hype Cycle” theory hypothesizes five stages in the adoption and growth of new technology. First, there is a trigger event that creates initial publicity. This is followed by the peak of inflated expectations where success stories from early adopters produce predictions of imminent and unrealistic benefits. This is followed by the trough of disillusionment where previously underappreciated problems become better understood. Next, the slope of enlightenment produces second and third generation products with improvements based on the lessons of the past. Finally, technology reaches a plateau of productivity with widespread, mainstream adoption.

The Hype Cycle model has been fairly criticized and is probably more instructive than it is scientific. Still, it reminds us that technology must fail and expectations must reach maturity before new platforms can improve. In the legal community, cybersecurity is an ongoing commitment and a cost of doing business in the 21st century. There is no endpoint, only a constant, unfinished struggle to stay ahead of the most advanced hackers in the world. It's not surprising cybersecurity insurance is becoming increasingly popular with firms, especially since data breaches are not covered by professional liability policies.

In Philadelphia, young lawyers are learning to practice old-school with wet signatures and hard copies. While the future remains uncertain, cyberattacks like Philadelphia and Baltimore should help the legal community become more careful, thoughtful and intelligent in how we use technology to represent our clients. While the convenience of new technology is undeniable, so are the trade-offs.

Patrick McKnight is a law clerk at Wilson Elser Moskowitz Edelman & Dicker. He is a JD/MBA candidate at Rutgers University and will graduate in 2020 with a certificate in corporate and business law. He focuses his practice on defense litigation, corporate law, design and professional liability, construction defect liability, personal injury defense and cannabis law.