Market research by LexisNexis and Legal IT Insider into the drafting habits of lawyers has revealed that lawyers still rely heavily on email for sharing confidential documents and that there is very little firm-wide uniformity in the way client documents and precedents are handled, despite the huge risks that data leaks present to law firms.

The research, which involved in-depth interviews with around 100 lawyers or purchasers of software as well as a survey of just under 100 more, revealed that, while the majority of UK and global top 100 law firms have deal rooms and client portals, the vast majority of partners still send their documents to clients for review by email.

A litigation partner at one UK top 20 law firm interviewed for the research, which spanned corporate, dispute resolution, banking and professional support lawyers, said: “We do have a couple of good extranet sites where clients can pull documents or view where the case is, the costs, and the time. They can get a snapshot of the case. Even so, emailing documents remains the main solution.”

 A litigation associate at a UK top 40 firm added: “We share documents with clients the traditional way, by emailing documents for review, rather than using any software, portal or extranet.”

While there are email and document management solutions that guard against security breaches, it is notable that in a 2016 federal indictment against three Chinese nationals who allegedly hacked into the servers of two elite New York law firms, the market sensitive information on which they then traded and made $4.2m was in both cases obtained from partner emails after a spear phishing exercise.

The explanation for the lack of adoption of secure collaboration technology often comes down to the fact that lawyers are struggling to keep up with the pace of technological change as well as clients’ own preferences. One litigation partner at a top 60 law firm, who uses a mixture of email and the law firm’s extranet to share documents, said: “Sometimes having numerous different software, methods and programs, you can get a little bogged down in different horses for courses.”

However, of more concern is the fact that partners and associates are in many cases continuing to operate autonomously, following their own systems and practices of working, with seemingly little strong leadership from senior management within the firm.

This is clear when it comes to the use and storage of precedents. Here, UK top 100 and global law firms are evidently investing heavily in document automation and drafting tools, which by their nature will help to achieve more uniformity. However, the research found that many transactional lawyers still revert to a recently-completed and un-redacted document of a similar nature, presenting the risk that changes made for one client will inadvertently be left in for another. The practice also means that many firms hold on to client documents for longer than they are entitled or expected to by the client.

Crispin Passmore, executive director, policy at the Solicitors Regulation Authority, told Legal IT Insider: “Information security remains a priority risk for us. Cybercriminals are not just after money but are looking for sensitive information, so the legal sector is an obvious target.

“The onus is on law firms to assess their business models, identify any risks and take steps to protect themselves and their clients.” However, he stressed: “It would not be appropriate or practical for us to provide detailed guidance, given the huge diversity of the more than 10,000 firms we regulate.”

Passmore continued: “Cybercriminals do not stand still. The risks evolve rapidly, so firms need to be constantly vigilant, keep analysing the risks, and make sure their systems and processes are up to date. Yet as so much cybercrime relies on deception, it is about people as much as technology. We have been clear that compliance is a firm wide issue. Well trained staff are just as important as up to date antivirus systems.”

This article first appeared in our free monthly newsletter – sign up here for your copy.