St. Mary's Journal on Legal Malpractice & Ethics

First Page


Date Created



St. Mary's University School of Law


Hannah C. Mery

Last Page



In response to the COVID-19 outbreak, law firms conformed their activities to the Centers for Disease Control and Prevention (CDC), Occupational Safety and Health Administration (OSHA), and state health authority guidelines by immediately reducing the size of gatherings, encouraging social distancing, and mandating the use of protective gear. These changes necessitated the expansion of law firm remote operations, made possible by the increased adoption of technological tools to coordinate workflow and administrative tasks, communicate with clients, and engage with judicial and governmental bodies.

Law firms’ increased use of these technological tools for carrying out legal and administrative activities has implications for their staffing needs, office space requirements, and management/supervisory procedures. Actions taken in each of these areas give rise to certain risks, which are by-products of the COVID-19 virus, albeit, not caused by it. Due to the pandemic, law firms have had to address certain secondary (i.e., not health-related) risks arising from (i) non-compliance with professional conduct norms, (ii) legal malpractice, (iii) increased cybersecurity vulnerability, and (iv) need for cyber-insurance. In the twelve months after March 2020, there was an overall drop in lawyer productivity. It is not clear how long clients will accept this situation to continue.

What has been the impact of COVID-19 on law firms? It seems there has been a growing gap between the “haves” and the “have-nots,” with the former getting a bulk of the “high-end” work. In the near term, remote operations combined with personnel reductions seem to have had a negative impact on most law firms’ efficiency and, ultimately, revenue. It should not be a surprise that certain law firms have found that adopting “austerity measures” can ensure profitability.

Remote operations make law firms more vulnerable to cyber-attacks. Most law firms tend to disregard these risks unless their clients or regulators insist on their adoption of new cybersecurity measures. While a dramatic increase in successful cyber-attacks on law firms and other private-sector organizations might change this situation, profitability will remain the top objective of law firm partners.

As a result, it is unlikely that law firms will increase their investment in cybersecurity in the form of expensive equipment, software, services from outside contractors, and cyber-insurance policies with high face-values and expensive premiums. Perhaps law firms can find the needed funds by leasing less expensive office premises. A failure to find adequate funds for cybersecurity improvements not only makes law firms more vulnerable to cyber-attacks but also makes it difficult for them to comply with professional responsibility norms, thus resulting in greater legal malpractice and other risks.