One
thing
I
noticed while practicing law: we
tend
to
focus
on
reports,
data,
surveys, and
even
conferences that
are
directed solely
at legal.
Yet
there
is
a
world
of
valuable
information about
those
we
serve:
our
clients. Indeed,
one
thing you
hear over
and
over from
in-house
counsel
and business
people is
that
their
lawyers
don’t
understand
their
business. One
way
to
do
that
is
to
get
out
of
the
box
and
listen
to
what they
are saying.
That’s
why
the
annual Risk Barometer Report of the
global
insurance
carrier, Allianz,
about what
keeps
business
people
up at night
is
so
important. And
what
keeps
them
up? According
to
the
Survey, they
believe
the top
risks to
their
business are cyber
incidents
(42%)
followed
by
AI
(32%). Both
ranked
in
the
top
five
in
every
region
and
across
every
sector.
For
US
businesses,
cyber
is
also
number
one,
followed
by
business
interruption
and, not
surprisingly,
legislative
change.
AI
risks
were
fourth.
The
Survey
While
I
can’t
vouch
for
everything
in
the Survey,
to
say
it’s pretty
comprehensive would
be
an
understatement. Allianz
talked
to
some
3,338
customers,
risk
consultants,
underwriters,
senior
managers,
claims
experts,
and
other
risk
professionals.
It
included
representatives
from
23
industry
sectors. And
the
nature
of
it
lends
credibility:
the
information
is
just
as
valuable
to
Allianz
as it
is
to
its
insureds,
so
it
better
be unbiased.
So???
So
why
is knowing
about
business
risks important
to
lawyers?
Law
firms
are
businesses that face
the
same
risks
as
every
other
business.
It’s thus a
good
idea to
know
what
the
world
of
business considers
the
significant risks
to
them and
their
revenue.
It
helps
to
prepare
and
be
proactive.
Secondly,
for
those
lawyers
who
represent
businesses, the
best way
to
get
a
better
understanding of
a
client’s business is
to
know
what they
think
endangers
their
livelihood.
It
helps
us
guide
and
advise them.
And,
in
the
process, become more valuable.
The top two risks
—
cyber
and
AI
—
are particularly important both
for
law
firms
and
for lawyers advising
and
representing clients.
The
Cyber
Threat
This
is
the
fifth
year
in
a
row
that
cyber
risks
have
topped
the
list. And
the
margin
is
higher
than
ever
before.
It’s
the
top
risk identified by
businesses
in
almost
every
country and
across
businesses
of
all
sizes. The particular cyber risks
cited
included
cybercrime,
IT
network
and
service
disruptions,
malware/ransomware,
data
breaches,
fines,
and
penalties.
Reflecting
the
growing
concern
with
cyber,
a
decade ago
it
was
eighth. Indeed, according
to
the
Report, the growth is
reflective
of the deepening
reliance on digital technology
while
the
bad
guys continuously evolve their attack mechanisms.
The Report also
notes that
“AI
is
supercharging
threats,
increasing
the
attack
surface
and
adding to
existing
vulnerabilities”:
At
the
same
time,
attackers
are
also
increasingly
using
AI
to
automate
attack
processes,
which
enables
them
to
carry
out
more
attacks,
faster
and
more
efficiently.
AI
is
also
lowering
the
bar
for
threat
actors,
making
it
easier
for
criminals
who
lack
technical
skills
and
ransomware
expertise
to
execute
attacks.
Companies
are
also
seeing
tightening
regulations
globally
particularly with
respect
to
privacy
and
cyber
security
which
also
increases
risk.
Cyber
and
Legal
I
have recently written about
the
threat
of
cyber
to
law
firms
and
the
legal
community.
It’s
a
threat
that
is
often
not
taken
as
seriously
as
it
should.
But
the
Allianz Report underscores the
danger
and
risks
to
every
business,
including
law
firms. Like
most
other
businesses,
law
firms increasingly rely
on
the
digital
world, magnifying the
risks.
And
like
all
businesses,
law
firms
need
to
recognize
the
impact
of AI
on
cyber
threats. It’s not
time
to
get
complacent.
Think
about
this:
your
law
firm
is
hit
with
a cyber
attack and
your
timekeeping
and
billing systems are
frozen.
Your
attorneys
can’t
do
work
and
bill
time.
Consider
the
business interruption
cost. If
that
doesn’t
keep
you
up
at
night,
I
don’t
know
what
will.
Law
firms
have
sensitive
valuable
client
communications
and
information
in
their
digital
vaults.
That
makes
that
information
valuable
both
to
the
law
firm
and
to
the
bad
guys.
Moreover,
arming ourselves
with
knowledge
of
the cyber risks
and client concerns makes us valuable. We need
to be
able
to
convince
our
clients
we
are
serious
about cybersecurity and that we
are
protecting the information entrusted
to
us. We need
to
be able to
advise
clients
about
the
threats,
warning
them
of
things
like
creating digital discovery
trails and
the
AI
threats.
Moreover, those
lawyers
with
expertise
in cybersecurity and
handling
cyber
incidents
will
be
in
demand. So, there
are
lots
of opportunities for
lawyers
to
take
advantage
of
their clients’
legitimate
cyber
worries.
And all
of
this
is
compounded
by
the
second
big
risk:
that
posed
by
AI.
AI
Risks
Clearly AI exponentially
increases the cyber
threat.
But the respondents also
identified
risks posed
by AI
implementation,
liability
exposure,
and
misinformation/disinformation as
concerns.
Indeed, AI
risk
climbed
from
number
10
last
year
to
number
two
this
year.
It
was
one
of
the
top
five
concerns
in
every
industry
sector;
most
believe
the
risk will
continue
to intensify. The
rapid
spread
of
generative
and
agentic
AI
systems, paired
with
their
growing real-world use,
has also raised awareness
of
just
how
exposed organizations have
become.
Interestingly, about
half
of
the respondents think
the benefits of
AI outweigh the
risks. About
20%
say
just
the
opposite; the
rest
aren’t quite
sure
yet. Businesses
are
concerned
about
things
like
education, retraining,
and
upskilling
their
workforces
and
are
taking
actions
in
these
areas.
And
despite
all
the
hype,
according
to
the
Report, most
organizations
remain
in
pilot
mode with only
a
few
scaling
AI
across
their enterprise.
This means investments
and
expectations are
rising but
ROI
may
not
be obvious.
This can
lead
to false
conclusions
about
AI
impact
which
in
turn
increases
risk.
Importantly: “new liability
exposures
are
emerging
around
automated
decision-making,
biased
or discriminatory models,
intellectual
property misuse and uncertainty over
who
is
responsible
when
AI
generated
outputs
cause
harm.”
The
Report
also mentions
the threats of
deepfakes and automated persuasion to
brand integrity and political stability.
AI
and
Legal
Just
as
with
the
cyber
threats, lawyers,
legal
professionals,
and
law
firms
would
be
well
advised
to recognize the
AI
risks
to
themselves
and to their
clients. AI
not
only increases cyber
risks
to
law firms, but
it
also
poses
the
same
education,
retraining,
and
upskilling
challenges identified
by the
Survey respondents.
An
even
bigger
challenge
is
that
posed
to
law
firms and their business
models,
as
I,
along
with
countless
others have
discussed over
and
over.
Not recognizing these
challenges
is
folly.
As Michael
Bruch,
Global
Head
of
Risk Consulting
Advisory
Services
of
Allianz
Commercial,
is
quoted
in
the
Report:
AI’s
transformative
potential
means
it
cannot
be
underestimated…Those
businesses
that
can
develop
risk
management strategy and resilience strategies—that
are
forward
looking,
strategic
and
functional,
and
agile enoughto
adopt
to
rapid
change—will
be
best placed
to capture opportunities presented
by
transformative technologies…
Keeping abreast
of
developments,
reading industry
reports
like
that
of
Allianz,
and
becoming
skilled
in the risks
and
benefits
of AI
are
all
ways
to
meet
the
challenges.
Bottom
line:
take
AI
seriously.
For
better
or
worse
it
threatens
to
change
the
profession.
Knowing
that
is
critical.
And
when
AI
is
the
number
two
concern
of
our
clients,
we
better
know
as
much
as
they
do
about
it. We need
to
lead our clients,
not
wait
for
them to tell
us
what
to
do
and mandate AI use. Want
to
be valuable to
your
clients:
help
them
understand
the
risks
and
benefits
of
AI.
Help
them implement
(or
decide
not
to
implement)
AI
tools.
To
do
that,
you have
to know
as
much
about
AI as
your
clients,
if
not
more.
Getting
Outside
the
Box
As
I
said
at
the
outset, finding
out
what’s
important
to
our
clients (remember
them,
those
you
serve?) means getting
outside
the
legal
box. Do
that by reading what
they
read and going
where
they
go.
I
remember
the
first
time
I
attended the
annual
CLOC conference and
being
amazed
at
how
few
actual
practicing
lawyers were
there.
Yet
it
was
an
ideal
way
to
learn
about
what
businesses were doing
and
how
they
saw
the
legal
ecosystem.
About
skating
to
where
the
puck
is
going
not
where it’s been,
to
use
a well-worn sporting cliche.
The
same
thing
applies
to
reports
like
that
of Allianz. Reading
it forces
you
to
get
outside
the legal
ecosystem and
look
at business concerns.
Want
to
be
valued
by
your
client?
Learn
and
understand
those concerns.
Help
them
sleep
better
at
night.
You
can’t
do
that
by reading
legal
reports
and going
to
conventions
with
rooms
full
of
lawyers
just
like
you.
Stephen
Embry
is
a
lawyer,
speaker,
blogger,
and
writer.
He
publishes TechLaw
Crossroads,
a
blog
devoted
to
the
examination
of
the
tension
between
technology,
the
law,
and
the
practice
of
law.