Category: Features

On 7 May 2021, Colonial Pipeline, the largest petroleum pipeline in the US, was shut down following a cyber attack. It remained closed for five days, causing panic buying, fuel shortages and national security soul-searching. For cybersecurity experts, the most surprising element of this episode was that a key part of US infrastructure was not brought down by the actions of a hostile state (at least directly), but by a small group of cyber-criminals deploying a devastating form of online extortion software: ransomware.

After gaining access to a company or individual’s system, the attacker will make files inaccessible in some way. At the lower end of the scale, the malicious programme may simply lock the computer, an easily fixable situation for an IT professional and no great problem for a large company. But when deployed by more sophisticated attackers, the software will encrypt the victim’s files so effectively that recovering them without the decryption key is virtually impossible.

The Colonial Pipeline ransomware attack was just one of several high-profile events that have struck ostensibly secure organisations over recent months. May 2021 also saw a ransomware attack on meat processor JBS Foods, a $53bn company that is deemed vital to US food security. The attack, which led to closure of some of the company’s facilities, was reportedly ended after an $11m ransom was paid.

While the scale and severity of recent attacks has surprised many, the growing popularity of ransomware comes as no surprise to specialists in the field.

‘My first response to the upsurge in ransomware attacks lately was that we analysts have been warning about this for over a decade, and we all predicted this was going to happen’, says David Fidler, senior fellow for cybersecurity and global health at the Council on Foreign Relations.

‘Now it’s here we have another round of gnashing of teeth, but opportunities to mitigate the danger have been missed time and time again over the intervening years.’

Fortunately, even for those who may have missed the early warning signs, hope is not lost. GC speaks to some of the leading counsel and cyber experts to find out what the rise of ransomware means for business, and what lawyers can do to help prepare their defences.

The unlocked door

The rise in attacks affecting everything from water and energy utilities to fuel distribution systems is a sign of things to come. From a cybersecurity perspective, the truly frightening aspect of these attacks is that, once systems have been compromised, there is little IT professionals can do to regain control. Bhavani Thuraisingham, Founders Chair Professor of Computer Science and the Executive Director of the Cyber Security Institute at The University of Texas at Dallas, comments:

‘When the malware enters the system, it has access to almost everything, and in a ransomware attack [hackers] will encrypt everything and demand a payment in exchange for the key to unlock the files. As of today, AES 256 encryption cannot realistically be broken with modern computing methods. Unfortunately, this means that if the attack progresses to this stage, you have really no access to anything in the system unless you get the key to decrypt the data’.

Richard Forno, senior lecturer in the University of Maryland, Baltimore County Department of Computer Science and Electrical Engineering, puts it even more succinctly: ‘If you haven’t been conducting cybersecurity best practices and a sophisticated attack takes hold of your systems, you’re screwed’.

As a result, victims of high-profile ransomware attacks have been left with little option but to pay up. In the case of Colonial Pipeline, hackers demanded a ransom payment of $4.4m in the form of bitcoin, which they promptly received in exchange for codes to unlock the company’s systems.

More troublingly, the lines of attack hackers are exploiting are not easy to defend against. For example, phishing attacks in which members of staff are fooled into downloading malicious software by seemingly genuine emails are becoming increasingly effective. This, says Forno, is increasingly dangerous given the rise of social media as a means of validating an unknown person’s identity.

‘Using artificial intelligence and machine learning, you can identify, develop and even create fake personas that are very detailed. This can allow you to make a phishing email that is much more convincing to the target, particularly if
you’re targeting a particular individual, such as the CEO of a company.

What’s more, even those who follow every reasonable security protocol and measure can, unwittingly, become a victim of the more sophisticated hacks. Increasingly, [malicious] software is being downloaded through perfectly legitimate websites via ad networks. [If a hacker] is able to compromise a content or software distribution network, malware could be injected into this such that users of a legitimate website would then be downloading malware through the network.’

This type of attack, say the cybersecurity experts interviewed for this report, has already been detected on some of the world’s largest website, often with little or no awareness among their users.

Adds Thuraisingham: ‘Ransomware spares no one. It could attack an 80-year-old great grandmother, a major financial company or even critical infrastructure. With that said, the more pain the attacker causes, the more publicity they get and the more money they can extort; sectors that allow them to cause maximum damage may therefore be more vulnerable. These will include major hospitals, government organisations and, especially, financial companies.’

Of course, cyber experts are aware that ransomware attacks are now big news, and that reporting biases undoubtedly skew toward them. Even so, says David Fidler, senior fellow for cybersecurity and global health at the Council on Foreign Relations, the underlying reality is that such incidents are on the rise. In fact, says Fidler, the true extent of the problem has probably been under-reported.

‘There has been an increase in ransomware attacks, and that increase has been felt across the entire corporate sector in North America and beyond. Beyond this, there is a large number of institutions – typically hospitals or
other bodies that hold large volumes of data – that have been victims of ransomware attacks without the public or media ever becoming aware of it. So the problem is growing and the scale of the problem is perhaps larger than one would imagine.’

The GCs who came in from the cold

From the perspective of the US government, ransomware is a clear and present danger. The increase in the size, sophistication and public awareness of these attacks, as well as their ability to damage critical infrastructure, puts general counsel on the fault line of what, for some organisations, will be the most important challenge of the coming months.

‘The connection between criminal ransomware attacks and how the United States government perceives our adversaries as providing havens for cyber criminals is key’, says Fiddler.

The government has already accused Russia and China of tacitly allowing cyber criminals targeting US companies to operate free of constraints. We’re seeing movement toward more offensive actions on the part of the US government aimed at cyber-criminal organisations based in potentially hostile territories because, clearly, our defences are not effective in preventing these attacks.

If the government does move in that direction, that is a much more dangerous context for businesses to be in, because we do not know cyber-criminal groups are going to respond. They could become even more sophisticated and try to test how much further we’re willing to escalate’.

The thought that corporations might unwittingly get caught in this cat-and-mouse game of testing and defending critical infrastructure is no longer an abstract item on the risk agenda. Even smaller companies that are not deemed essential parts of the US economy now face the prospect of becoming collateral damage in the tit-for-tat exchanges brought on by the escalation of opportunities for cyber attacks and the escalation of deterrence by punishment.

‘For GCs, understanding the potential threat is key’, adds Fidler. ‘Understanding what the threats are from this potential escalation on the part of the government may help persuade the C-suite of the need to make more investments in their own cyber defence.’

Of course, only a minority of companies will fall victim to the most serious of incidents, but indirectly almost every single organisation will end up paying the price, whether through increased demands on security and compliance or changes to their relationships with customers and commercial partners.

Insurance has long been one of the major tools used by corporates to mitigate their exposure to cyber risk, but as the number of cyber-related insurance pay-outs topping seven figures grows, policies are being hastily rewritten.

‘[Last year] was an unprecedented year for ransomware attacks and the payment of related insurance claims’, notes Lavonne Hopkins, senior managing legal director for security, resilience and digital at Dell. ‘As a result, the cybersecurity insurance market is hardening as insurers revaluate how to keep their cyber insurance offers profitable.

I have observed that insurers are focusing more on evaluating organisational cybersecurity maturity and preparedness when making coverage decisions and determining premiums and deductibles. We can only expect this trend to increase. Organisations should start to prepare for a future that potentially excludes ransomware coverage from cyber liability policies and requires self-insurance models.’

A worrying thought. And even those who can find suitable policies should not be complacent against the threat, says Thuraisingham.

‘Certain insurers are now offering specific products that cover the threat of ransomware attacks but relying on this can be extremely risky. To activate the coverage a company must first lose its data in a ransomware attack; only then will the insurer release funds to pay the ransom.

This is obviously not ideal, as the protection offered does not typically compensate for the reputational damage or staff costs associated with the incident. I would advise taking all the preventive measures you can before relying on insurance.’

The price of this sort of ‘kidnap insurance’ coverage is also likely to increase markedly as insurers keep a watchful eye on cybersecurity developments. A report issued recently by Hiscox, an Anglo-Bermudan insurance provider that specialises in niche categories of risk, noted insurers faced a 50% year-on-year increase in pay-outs for cyber-related policies, with ransomware attacks accounting for the biggest contributor to this growth.

Outsmarting the hackers

Even the most generous insurance policy can only be triggered once a cyber attack has taken place, by which time financial compensation alone may not be enough to repair the damage. For general counsel, the only real way to defend against risk is to go on the attack.

David Mace Roberts, general counsel of transport information systems provider Electronic Transaction Consultants (ETC), has been working to keep one step ahead of cyber attackers for many years. For Roberts, the most notable feature of a good cyber risk plan is that it looks unlike anything else on the market.

‘A lot of companies will pull up a one-size-fits-all cyber response plan, but that’s really not good enough. A bespoke cyber response plan needs to be custom crafted for both you and your industry.

Thuraisingham echoes Roberts’ comments. ‘Just as with health concerns, the best method is prevention. Protect all your systems, data and processes so that the attackers cannot gain access in the first place. Perhaps most important, companies that do not mandate backups and do not have extremely stringent security policies are most in danger. Do continuous backups of data and processes. I cannot emphasise proper backup procedures enough’.

Indeed, as Richard Forno notes, none of these measures are difficult to implement, but business has tended to ignore expert advice for too long.

‘The problem I see is that a lot of companies and governments of all sizes fail to do basic cybersecurity best practices, things that we in the industry and academia have been urging people to do for 20, 30, 40 years. This can be things as simple as having a really strong password or using multiple forms of authentication for critical or sensitive systems’.

The most important aspect of effective defence against a ransomware attack, however, comes with employee training. Human error is overwhelmingly likely to be the biggest weakness in a cybersecurity defence package, as well as the first thing a criminal group will look to exploit. To guard against this, says Roberts, the only option is to train relentlessly, ‘If you only train once a year then training loses its impact and offers minimal protection.’

Lavonne Hopkins of Dell agrees. ‘Unfortunately, ransomware most frequently originates from human error, and over half of ransomware victims suffer repeat attacks. Training and education are critical to ensure a comprehensive cyber preparedness strategy and prevent these ransomware attacks. Organisations should mandate cybersecurity training, including phishing training, for all employees and contractor. Employees are the first line of defence and need to be equipped with the knowledge to help prevent an attack’.

Before any of the above can take place, senior management needs to take the risk to business from cyber attack seriously. As Thuraisingham notes, it is all too common to encounter business leaders who consider cyber strategy as a matter for IT professionals.

‘When you’ve hired the best risk analysts and cyber teams money can buy it is very easy to conclude that you’ve done everything you can. This is fundamentally wrong. Businesses will always be vulnerable to these attacks, so there needs to be a constant awareness of just how serious the consequences can be.’

Unfortunately, awareness of cyber risk as among the c-suite seems to remain limited. Our survey of over 200 general and corporate counsel in North America revealed that while legal teams felt there was a very high risk of cybersecurity breaches to their organisations, fewer than half were actively involved in shaping cybersecurity risk planning.

For many organisations, it may come back to haunt them. As Roberts concludes, ‘If you are a senior member of a public company, you’d do well to look at the SEC, the NYSE and NASDAQ who are all really pushing cybersecurity. Do you want this on the front page of the Wall Street Journal or the Washington Post? Do you want to have to answer to the boards, or to the securities regulators? If not, then taking the risk seriously now is the best defence.’

In 1954, The Westinghouse Electric Corporation unveiled the world’s first colour TV. With a price-tag of $1,295 – or nearly $20,000 in today’s money – the H840CK15 was the type of luxury purchase that stood as a solid signifier of economic success.

‘I grew up in a world where lawyers were among the few middle-class professionals who could afford the latest technology’, comments one senior lawyer at a large multinational bank.

‘Now, we are among the few middle-class professionals that ignore technology. It’s a strange thing that so many lawyers have chosen to overlook the transformative power tech has had on the world of work, and I am part of a growing number of in-house professionals that seeks to address the oversight.’

To rephrase the problem – well-known in economics – why does the cost of technology consistently fall relative to the rate of inflation while the cost of services, encompassing everything from healthcare to education continues to rise?

The answer, in short, is that machines cannot (yet) do what humans do. What machines can do, however, are the things humans do not want to do. From this perspective, technology is not a threat but an opportunity. It allows lawyers to move higher up the value chain. And, let’s be honest, no one wants to be stuck doing low-level work.

‘Lawyers are afraid of technology taking their jobs’, comments Lisa Marcuzzi, general counsel and country counsel for ArcelorMittal Dofasco in Canada. ‘But I don’t know of a single lawyer that feels unhappy that they will have to give up reviewing NDAs or sales agreements. As far as I can see, technology will free lawyers to do the jobs they trained for.’

The wider in-house legal community in the US and Canada clearly agrees. While 90% of respondents felt that technology had disrupted the legal profession over the last five years, and nearly all (97%) felt it would do so over the next five years, over three quarters (76%) said this disruption was a positive outcome for the legal profession.

Far from fearing tech, in-house lawyers are waking up to the freedom it can grant them – 87% of those we surveyed said their wider teams were receptive to the use of technology, while 78% said their businesses were supportive of finding new ways to work.

This widespread optimism, many respondents pointed out, was based on direct experience of available technologies. ‘I spent many years reviewing and negotiating documents that were up to 100 pages long’, commented one general counsel in the finance sector. ‘Typically, 90% of that document would either be boilerplate or unnecessary. If I add up the time I have spent reviewing superfluous material and account for cost then it comes to a shocking level of waste.’

In short, corporate counsel are looking forward to the freedom tech will grant them, and few fear their jobs are at risk. As one respondent commented, ‘The idea that lawyers will be replaced is just not realistic. Imagine a Fortune 500 company dismissing its legal team and saying, “we’ll just rely on technology to do all this stuff.” It won’t happen – it would be insane.’

What will happen is a continuation of the trends that have been in play for several years. The in-house legal team will move closer to the time-critical or economically important aspects of the business, law firms will be brought in to help with the types of matters where it just doesn’t make economic sense to employ a team of internal specialists, and technology will be used to remove a lot of the work that was never strictly legal work in the first place.

Eleanor Lacey, head of legal and general counsel for work management platform Asana, comments: ‘In the knowledge sector, tech never works by replacing people. It works by augmenting people and freeing them up to work on higher-value matters.’

‘There is a great sense of freedom now that we as corporate legal teams can really solve a lot of the problems we have seen time and again by introducing often inexpensive tech fixes. It’s a great time to be working in the legal industry. Anyone who says otherwise is just not seeing the big picture.’

Moving up the value curve

What are the grounds for this optimism?

Let’s take the single most important item an in-house lawyer deals with – the contract. Lawyers deal with contracts. Lots of contracts. So too do their employers. As Chris Young, general counsel for digital contracting platform Ironclad, puts it, ‘At a basic level, all lawyers are contracts lawyers and all the businesses they serve are contracts businesses. It’s the most fundamental unit that commerce is based on.’

In this contract-driven world, the central hub for contract review runs through the legal department. When a business grows, how does its legal department choose to scale? Does it add bodies, or does it use technology to scale up and meet demand?

For the last several decades, the answer to that question would have been the former. General counsel had one demand above all else: more staff. As our survey of legal teams in the US and Canada shows, attitudes are changing, and the answer is increasingly likely to be “new ways of working”.

Central to the evolving skillset of the in-house counsel is getting comfortable with communication. Those we surveyed were clear: documentation can be automated, and any lawyer who is essentially reading a document aloud can be replaced at will. But that, many feel, is a good thing. The rise of legal tech means the in-house team can finally sound like the rest of the company.

‘We don’t need to tell business, “The documents say this”’, comments one respondent, senior counsel at a large US medical services provider. ‘Any literate person can see what the documents say. We’re guardians of nothing but the obvious if we tell them what they can read for themselves.

‘That’s great – being freed from routine tasks is not a case of lawyers being replaced. It’s a case of lawyers being able to use their skills for the benefit of business. We should embrace it. Lawyers have been trained to do some very sophisticated work, but large parts of the contracting process are not that work. If we can relegate that to a system or use technology to complete it then we are going to have a lot more time to do the work that is expected of business leaders. The days of pushing paper around may finally be over.’

Chris Young, general counsel for digital contracting platform Ironclad notes that ‘In-house teams used to ask their law firms about technology. Now it’s the reverse. GCs are encouraging their firms to adopt technology, and firms are hearing about the most useful software and tools from their customers.’

For many firms, this will come as unpleasant news. But there is an upside. As Young points out, ‘In-house lawyers will always need law firms, and the industry won’t be transformed by one side alone. The more forward-thinking law firms should see this moment of change as an opportunity to gain a competitive advantage and become a true strategic partner to their clients.’

Judging by the results of our survey, it is an opportunity many have failed to grasp. Under half (45%) of the more than 200 senior counsel we polled for this report said their firms were using technology to deliver legal services and solutions, while a similar number (41%) were unsure how their external firms were resourcing matters.

As one respondent noted, ‘Knowing what goes on at a lot of firms is a game of Schrödinger’s Cat. They may be using some pretty sophisticated software to bulk process our matters, but they are unlikely to tell us about it unless we push them.’

This lack of transparency was widely cited as a source of frustration. Indeed, nearly three quarters (74%) of those we spoke to said they were not satisfied with their firms when it came to technology.

Law firms should take note: 88% of legal teams said it was important that their law firms kept up with developments in technology, with 32% saying it was crucial for them to do so.

We should not place the blame entirely on law firms here. In-house lawyers may complain that their firms behind the curve, but fewer than half (44%) are asking about their external advisers’ use of technology when undertaking
panel reviews.

With so many GCs either unsure of or dissatisfied with their firms’ use of technology, it is no surprise to see that few are looking to them as a source of inspiration. Just over a third of respondents (38%) said they now looked to their firms for guidance when it came to finding or implementing legal technologies, while under a quarter (23%) reported having been advised by their firms on the use of specialist legal technology. Only 21% of respondents said their firms had offered to share technology with them.

This, for some GCs, has been a dealbreaker. ‘One of the factors that motivated me to change firms was the lack of use of technology by my old external firm’, comments the general counsel of a large commodities business.

Of course, the technology used by law firms is often very different to the technology needed by corporate legal teams. Firms tend to operate in scales and volumes that are far beyond the requirements of their clients, making tech transfer a far from simple matter.

Even so, it may trouble those in private practice to know that legal teams are beginning to look for solutions elsewhere. Almost half (47%) of those surveyed said use of technology within the legal team had already impacted their relationships with external firms.

The good news? Law firms that take a proactive approach are winning clients. As Michael Shour, general counsel and secretary of Banyan Software, concludes:

‘If a firm is wise to the implementation of appropriate technology solutions, it can allow them to complete tasks more efficiently and cost-effectively. When I see a firm doing things like this, I can’t help but appreciate that they are driving efficiently for their clients and am impressed that they are on top of things – and that can only be a good thing for business.’

From all of us here at World Services Group, it is my pleasure to welcome you to the fourth edition in our series of GC Special Reports, examining the impact and influence that technology continues to have on legal practice.

The past two years have seen the legal profession impacted by technology more than any other period in history, a fact of course driven not by a single seismic innovation, but rather by necessity. And by all accounts – as the pages that follow in this report detail – both in-house and private practice teams alike have thrived, as our collective work environments, habits and processes have shifted, in almost every case, literally overnight.

But amongst the litany of success stories that have emerged, so too did several material challenges faced by businesses as a direct result of these shifts in our professional lives – challenges that are sure to shape the face of the profession for years to come. Data privacy, protection and integrity, cybersecurity, as well as of course, specialist legal technology, are near-universal issues faced by enterprises – and more specifically – their legal departments.

As corporate leaders, general counsel and their teams will be on the front lines during this transition, charged with both setting the rules of engagement for their business and guiding the wider organisation throughout a period that is likely to be characterised as much for its upheaval as it is for the evolution it represents.

At World Services Group, our membership have made it clear that they not only want to be a part of this change – they want to be in a position to lead it. Collectively, we strive to be part of the solution to the issues facing our industry and profession at large and together, we have an opportunity to affect positive change for the profession as a whole.

With an international mandate and broad sectoral representation at World Services Group – in addition to a forward-looking digital prospectus – our network is in an ideal position to capitalise on the bold digital transformation set to define what it means to be a successful legal department in this new digital age.

I would like to extend my sincere thanks to all of those in the legal community who continue to contribute to the ongoing success of this series. By sharing the benefit of your own experiences and actively engaging in discourse around these pertinent issues for the wider profession, collectively, we can chart a brighter future for the lawyers of today and tomorrow.

Ramon Ignacio Moyano
Chairman
World Services Group

Partner
Beccar Varela

Apple, Amazon, Facebook, Google, Microsoft, Netflix – the last year and a half has been hard, but without these familiar names it would have been unthinkable.

Ever since Bill Hewlett and David Packard founded HP in a Palo Alto garage in 1937, the young and tech-smart have been engines of economic growth across the US. Pandemic aside, the S&P 500 is surging at an all-time high, with companies in the tech sector proving to be the safest bet.
Five of the above listed companies alone – Apple, Amazon, Facebook, Microsoft and Google-parent Alphabet – already represent over 20% of the S&P 500’s total market cap. With the pandemic-induced shift to e-commerce and remote working, it is a trend that is unlikely to end any time soon.

Surely in the US, with an economy skewed heavily toward innovation and a premium placed on doing things better, faster and smarter, the lawyers must be doing things differently? Well, not quite. For all the talk of a quiet revolution taking place in the corporate legal teams of US and Canadian blue chips, the reality is much more complicated.

To make sense of it all, GC magazine teamed up with World Services Group to get the inside story on legal tech in North America. Drawing on a detailed survey of over 200 general and senior counsel working at a variety of companies across both the US and Canada – including many of the global leaders in their sectors – our findings show that tech has not been quite the disrupter many predicted. Yet…

Stacking it up

In spite of the advantages legal teams in the US and Canada have when it comes to the availability of legal tech, many feel they are no further ahead in their adoption of new ways of working.

Fewer than half of respondents to our survey (46%) felt that their teams were in a good place to capitalise on technology compared to their peers. Even more surprisingly, legal teams in the tech sector were just as likely to struggle as those in other industries. Just under two thirds (60%) of respondents working for technology businesses felt confident that they benchmarked favourably in their use of legal tech. In fact, across all the sectors surveyed, those employed in the tech industry (broadly defined) were among the least likely to feel that their use of technology was adequate.

Of course, they were also the most likely to be aware of the technological shortcomings of the legal team. As Liz Benegas, GC of enterprise management software provider Totango, comments:

‘When you’re in an environment that really pushes technology as a solution to business problems, you can find yourself asking a lot more questions about how you approach your own work. That can lead to a lot of new ideas, but it also puts you under pressure to bring your “A” game to everything you do.’
Another respondent, senior counsel at a global technology business, gave an even simpler answer: change is hard, particularly when it comes to tech.
‘[Our company] is generally seen to be at the forefront when it comes to bringing tech to market, and I would say we are way ahead of the curve in terms of our own use [within the legal team].

But still, large parts of what we do are built onto a tech stack that has been around for years. When we look to introduce a new contracting system or cloud-based technology we can’t just assume it will work well with what we have in place. I would imagine these problems only increase when you’ve got an older or more complicated stack to deal with.’

Plus ça change

For many general counsel the first year of working in-house comes as an epiphany. The experience of working at a law firm had shown them a world where partners and associates – often some of the most capable, knowledgeable and dedicated people they had ever known – were forced to work in an environment that either did not seem to support them or that actively worked against them by making highly-qualified people undertake work in an absurdly inefficient fashion. After making the move in-house, the realisation comes: “It’s not the law firms, it’s the lawyers”.

The average GC continues to have the same worries that their team is behaving in an inefficient or technologically unsophisticated way. The central problem, as one senior counsel at a global entertainment and media company observed, is how to continue to deliver value while eliminating bottlenecks. ‘Lawyers will not be replaced by technology, just as doctors will not be replaced by technology. The problem we must solve is how we get rid of bad habits while retaining the good ones. That is something we are only just starting to find answers to.’

The problem with technology, respondents to our survey agreed, is not having too little of it. It is having too many resources that are not used properly. Legal teams in North America are, for the most part, able to access the tools and systems they want. In fact, nearly all of those we surveyed (97%) reported that their legal functions were using more technology now compared to five years ago, with well over half (58%) saying they were using significantly more tech.

But having access to technology is only ever a partial solution to the problem of efficiency. Knowing what to do with it is just as important, and it is often not within the skillset of GCs to make sure a department is joined up when it comes to its use of technology.

Our survey shows North America’s in-house lawyers are less worried about technology than they are about their profession’s ability to use it effectively. Fewer than half (48%) of those polled said they were confident in their team’s ability to harness tech effectively.

Positive externalities

If anything is likely to push legal teams to adopt technology, it will be a global pandemic that has forced large numbers of businesses to shift to remote work. The first challenge for many legal teams when the call to work from home was issued was the realisation that existing ways of tracking and managing work were no longer going to cut it. Knowing what the team is doing can be relatively simple when most of its members are sitting in the same office. Asking, “What are you busy with right now?” over Zoom is not entirely practical.

While it is no surprise to see that 67% of those surveyed said their businesses had ramped up investments in tech as a result of the pandemic, the direct – and, many suspect, lasting – change this has had on the way legal teams handle work is something that caught a number of respondents off guard.

Nearly four fifths (78%) of respondents reported making greater use of technologies such as Zoom and Teams to keep their departments functioning during lockdown, while nearly half (48%) had moved their work onto platforms shared with the rest of the business to make handling matters more effective.

‘What Covid really did’, comments one general counsel for a medium-sized US software company, ‘was shine a light on how poorly aligned a lot of departments were across the business. It forced us to move from a situation where everyone had developed their own practices and habits – either as a team or as an individual – to a situation where we all had to move in lockstep to keep the planes from falling out the sky.’

But finding new ways to manage workflows is only the start of it. When nobody can leave their house, getting documents signed is a problem. Except it is not. As many legal teams have come to realise, the problem was relying on ways of thinking and acting that had already outlived their utility.

By forcing teams to rethink the ways in which legal work is completed, Covid has given impetus to a far more radical transformation in the in-house legal function. Nearly a quarter (24%) of the teams surveyed said that they had already redesigned their processes to cope with lockdown, and the results have been positive. As one respondent, director and assistant general counsel for a US-headquartered multinational consumer goods corporation, put it: ‘Having to serve business remotely was probably the best thing that ever happened to us.’

‘With the call to “work from home where possible” we had to take a step back and think about what it actually means to support the various divisions of our business. That was a moment of crisis, but it was also a period of productive reflection.

Instead of automatically following the same steps each time without ever thinking about outcomes, we had to think about what the intended outcomes were and plot the best path to them. Sure, we still have to process sales requests, but do we need people to do it, or is there some better way of getting to the same point?’

Now, as many lawyers return to the office, there is a feeling that legal work will never be quite the same as before. As Michael Shour, GC and secretary for Banyan Software, comments, ‘Especially with the Covid pandemic, it just makes so much sense for a lot of this stuff to move online. Whether it’s sharing information with colleagues or signing documents, we have seen how easy it is to digitise this type of thing and it will be very difficult to unlearn those lessons and go back to the old ways of working.’