emailfacebookinstagrammenutwitterweiboyoutube

Navigating the minefield of legal technology investment

Calum MacLean, risk manager at Miller Insurance Services, offers guardrails for ensuring safe usage of software products, and avoiding regulatory and operational vulnerabilities

Calum MacLean|Risk manager at Miller Insurance Services|

Modern law firms are now significant investors in technology. If there was any doubt, Miller’s 2025 benchmarking report quashes it, evidencing that IT spend frequently exceeds professional indemnity insurance (PII) spend, particularly in larger firms. The adoption of new technologies has transformed legal practice, and this trend is only accelerating with the uptake of genAI tools.

This shift has inevitably led to an increasing reliance on technology solutions. Firms using the law firm IT provider CTS, for example, experienced this first-hand when a cyber breach left many unable to process conveyancing completions due to loss of system access.

Miller Insurance Services
Contact:
Taurai Ushe
0207 031 2487
More Miller Insurance Services Insights More Miller Insurance Services Case Studies More Miller Insurance Services Resources Go to Miller Insurance Services 's Website

Selecting the right technology

Basing your procurement decision on the apparent functionalities of a system is, on its own, insufficient. The reality of most IT procurements is that, once adopted, systems can be difficult to change or exit, even if they do not deliver as expected, given the high financial and practical barriers to transitioning to an alternative system. Selecting the right system, and the right service provider, is therefore a valuable investment of your time.

It is not uncommon for law firms to cite choosing a Law Society accredited provider as their rationale for selection. However, such accreditation is not a guarantee of quality or suitability for your firm’s needs. A more rigorous selection process is essential.

Regulatory requirements

The obligations imposed on firms by the SRA’s Code of Conduct, Standards and Regulations, data protection regulations and the like have implications for the systems you use. Your IT solutions must handle client information securely and ensure data integrity. To act in your clients’ best interests, you need to take reasonable precautions to ensure your systems are robust and that you have tested contingency plans for unexpected outages.

Data losses, loss of client monies, or service failures due to inadequately selected third party providers can, in extreme cases, result in regulatory action — as well as management liability and professional indemnity exposures.

Third-party due diligence considerations

The Law Society’s Cloud Computing Guidance (March 2025) provides a valuable overview of what law firm managers should consider when selecting software products. A lack of technical expertise is not an excuse to delegate these decisions entirely to your IT staff. You must understand the key aspects of the systems under consideration, even if the technical specifics are left to experts.

For example, choosing a public cloud service without end-to-end encryption for confidential client data could expose you to regulatory risk if there is a data breach. Where possible, select legal profession-specific solutions that are more likely to comply with regulatory standards.

Your due diligence checklist should include:

  • Public cloud, private cloud, or hybrid
  • End-to-end encryption (128-bit minimum; 256-bit preferred)
  • Multi-factor authentication (MFA) enabled
  • Role-based access controls (reduces the risk of a breach accessing all areas of data)
  • SSAE-18 certified data centres
  • Data centre locations
  • ISO27001 (information security standard), ISO27017 (security standard specifically for cloud service providers)
  • Insurance covers (including Cyber and PII)
  • Business continuity planning
  • Data control/ownership (should remain with you) and access/recoverability of data
  • Audit results
  • Testimonials
  • Service Level Agreement terms (% up-time, timing of planned maintenance and robustness of contractual protections in the event of service failures)
  • Financial strength
  • Use of third parties, due diligence, audits, and controls

This list is not exhaustive but highlights key areas for evaluation.

Service quality and flexibility

A key benefit of cloud services is scalability — they can be expanded or reduced to fit your business needs. A reputable provider will also invest more heavily in IT security than most individual law firms could, ensuring systems are continually updated and improved.

A common challenge with SaaS providers is the gap between what is demonstrated and what is delivered. Problems often arise from poor implementation: disorganised data, overlooked required fields, or inadequate user training can all result in subpar outcomes.

Systems rarely work ‘out of the box’ as they do in sales demos. The more complex or tailored the system, the truer this is. While some tools, such as time-management systems, can be simple add-ons, more comprehensive solutions like practice management systems (PMS) require significant customisation.

It is sensible to seek feedback from your network about potential suppliers before making a commitment. Consider their responsiveness, flexibility, support for customisation, ease of report generation, and the accessibility or extractability of your data — whether for business continuity, reporting, or if necessary, switching providers.

Selecting and managing legal technology can be complex. To support firms, Miller is running a dedicated workshop event in conjunction with EC3 Compliance on Legal Software on 21st April. Contact us to book your place.

LPM Conference 2026

LPM Conference 2026

The LPM annual conference is the market-leading event for management leaders in SME law firms

The productivity playbook