Technology and risk move fast in the legal industry, and it’s easy for the day-to-day demands of running a firm to crowd out the bigger picture. This roundup pulls together five developments from recent legal technology and cybersecurity reporting, along with a look at how the right IT partner helps firms respond to each one with confidence rather than catching up after the fact.
Smaller and mid-size firms have become a bigger target
For years, the assumption was that large firms drew the most attention from cybercriminals. Recent reporting tells a different story. Law.com’s Mid Market coverage found that small and mid-size firms are increasingly losing client data to social engineering scams, in part because attackers see them as easier to breach than firms with larger security budgets. Industry-wide statistics back this up: nearly a fifth of surveyed firms reported being targeted in the past year, and the average cost of a law firm data breach now exceeds five million dollars.
The takeaway for administrators is straightforward. Firm size is no longer a reason to assume you’re below the radar.
Attackers are skipping encryption and going straight for extortion
A growing share of attacks against law firms now follow a quieter path. Rather than locking up systems with ransomware, some groups are using phishing and impersonation to gain access, then exfiltrating sensitive files and threatening to release them unless they’re paid. BakerHostetler’s 2026 Data Security Incident Response Report found that law firm ransomware and extortion incidents nearly doubled year over year, with phishing and third-party vendor access among the leading entry points.
Because there’s no system outage to signal something is wrong, these incidents can go unnoticed longer, which makes early detection and employee awareness more important than ever.
AI use in legal work is now a malpractice and compliance exposure
AI adoption inside firms has outpaced firm policy in many cases, and courts are starting to respond. Sanctions tied to AI-generated filings with fabricated citations have appeared in multiple jurisdictions this year, and Baker Donelson’s 2026 AI legal forecast frames the shift plainly: after a period of experimentation, AI governance has become an accountability issue rather than an optional best practice. Coverage from Law.com’s Legaltech News has also noted that insurers are beginning to add AI-specific exclusions to liability policies, which raises the stakes for firms without a documented AI use policy.
For administrators, this is less about whether to allow AI and more about how clearly its use is defined, reviewed, and recorded.
Cyber insurance underwriting has gotten more demanding
Insurers are no longer taking a firm’s word for its security posture. According to Dataprise’s 2026 cyber risk planning guide, carriers are asking firms to demonstrate multi-factor authentication across email, VPN, and admin accounts, along with monitored endpoint detection, tested backups, and documented vendor risk reviews before renewing or pricing a policy. Some client engagement letters are even starting to require fast breach disclosure timelines that mirror public company standards.
Firms that can show their controls in writing are in a stronger position at renewal time. Firms that can’t are finding that out at the worst possible moment.
The industry is moving from generic AI tools to governed AI adoption
A clear pattern is emerging across legal technology coverage this month: firms and vendors alike are stepping back from broad, general-purpose AI tools in favor of narrower, auditable systems built for specific legal tasks. Legal IT Insider reported this month on new platform capabilities designed to help regulated organizations move from open-ended AI experimentation to governed execution, and a recent legal technology trends roundup describes the same shift, noting that buyers increasingly judge AI tools by whether they understand a specific legal document type rather than whether they simply have AI built in.
For firms still in the early stages of AI adoption, this points toward building structure now rather than retrofitting it later.
How Innovative Computing Systems supports firms across each of these areas
None of the trends above call for panic, but they do call for a plan. This is where having a technology partner who treats your firm’s risk as their own responsibility makes the difference.
- For firms concerned about being an easier target: Our Essential Risk Controls and Advanced Cyber Security services bring endpoint detection, multi-factor authentication, single sign-on, and continuous monitoring to firms of every size, not just the largest ones.
- For firms worried about quiet, low-noise attacks: Our Advanced Cyber Security services, including managed detection and response, SIEM monitoring, and regular vulnerability assessments, are built to spot the early signs of unauthorized access, such as unusual login behavior or lateral movement across systems, before attackers have a chance to exfiltrate data.
- For firms navigating AI risk and compliance: Our Managed Intelligence and AI Policy Development services help firms put structure around AI adoption, including governance frameworks, acceptable use guidelines, and training, so AI is used safely and consistently across the firm.
- For firms preparing for tougher insurance underwriting: Our IT Foundational Standards and Security Fundamentals work gives firms the documentation and controls insurers are asking to see, well before renewal season.
- For firms wanting to adopt AI the right way the first time: Our Managed Intelligence framework guides firms through a structured rollout, from strategy and pilot testing to training and measurement, so adoption is deliberate rather than reactive.
We’ve had your back for more than 35 years, and that doesn’t change as the risks evolve. Whatever shows up next in legal technology, our job is to make sure your firm’s technology stays safe, secure, and reliable, so you can stay focused on your clients.
If you’d like to talk through where your firm stands on any of the areas above, we’re here to help.
