Howden: Top 5 claims risks to law firms in 2025 banner

Howden: Top 5 claims risks to law firms in 2025

  • Posted on

Law firms must become more proactive in understanding and mitigating the various risks being faced by the profession, as they evolve every year and can have a direct impact on levels of service, reputation and profitability.

 

In this article, we explore the top five risks that we believe law firms will face this year and how they can prepare for the challenges ahead.

If you would like to find out more about any of the topics discussed or about how we can help, please do not hesitate to contact us.

1. Artificial Intelligence (AI)

AI is all around us and its implementation into legal services work is gathering pace, as more and more firms are installing generative AI which can transform business practices, enhance efficiency, mitigate risks and avoid human error. Whilst there are many opportunities and benefits to law firms using this relatively new technology, there are also some risks and uncertainties.

The SRA’s latest Risk Outlook report delves into the various challenges presented by AI for the legal sector[1].. The risks can include:

  • Using AI to draft documentation may lead to inaccuracies in output due to these not being checked properly;
  • Staff being unfamiliar with using AI and using it incorrectly as the use of AI can be harder to supervise effectively; and
  • Data breach/confidentiality issues with putting information into an AI tool
  • AI providing incorrect information which is relied on, such as AI hallucinations and biases.

There is also a concern that criminals can use AI tools to carry out fraud or more advanced and fast-acting cyber-attacks against their targets. The Law Society, in conjunction with a leading insurer in the solicitors’ PI market, Travelers, has recently published an article explaining what firms can do to protect themselves against this new threat[1].

Insurers are clearly taking an interest in this area of risk and at renewal may wish to know about how your firm is using AI and the procedures you have in place to avoid things going wrong, including how your staff are being trained to work collaboratively with AI in areas where human input may still be considered as the most reliable resource. However, because AI is still relatively new and regulation has not caught up with its fast-paced development, insurers’ approach to the use of AI is still evolving.

Firms remain accountable for the outputs from AI tools and systems being used and are responsible for any errors in advice provided to clients as a result. As such, they need to understand the risks and be able to adopt effective risk management practices to ensure high levels of service are maintained and to avoid the risk of claims.

2. Building Safety Act

The Building Safety Act (“BSA”) is still a hot topic despite there not having been much claims activity to date. The changes introduced by the Act are of particular concern to firms that carry out conveyancing work as there are new requirements and expectations in respect of ‘relevant buildings’ which has affected property transactions.

Firms and Insurers remain very wary of the BSA in view of a lack of official guidance to date and we are seeing Insurers ask more detailed questions about this type of work due to the potential risks and the claims which may arise. The Law Society has published a guide which should give a little more clarity on the conveyancer’s duties in relation to BSA[2] but further updates and guidance are still awaited to address uncertainties as to what is expected from firms.

Clients will expect their solicitors to understand and be able to explain the complex implications of the BSA, particularly in relation to the sale and purchase of properties that fall within the remit of the Act. It would be prudent to ensure you have the relevant expertise before accepting instructions on cases which involve the BSA and that the complexity of the advice and any additional time and resource required is taken into account when providing fee estimates.

At policy renewal, firms should be prepared to provide answers about any work they undertake which may involve the BSA on their proposal forms which will give Insurers the reassurance they require and ease any concerns in relation to potential exposure to claims.

3. Cyber security issues

Unlike professional indemnity insurance, cyber security protection is not a compulsory insurance for solicitors and despite claims continuing to arise and new cyber threats being on the increase, not all law firms are choosing to purchase cyber security cover.

The Law Society have has recently set out that, whilst 65% of law firms have been a victim of a cyber incident, 35% of firms still do not have a cyber mitigation plan in place[2]. The number of successful cyber-attacks against UK law firms rose sharply by 77% in the year to August 2024, according to a new study of the threat[3].

Data breach issues as well as ransomware and phishing attacks remain the predominant causes of claims against law firms, who will usually be targeted due to their storage of sensitive data and client monies held on account.

Chartered accountants Lubbock Fine say 'The data that law firms hold on behalf of their clients is often highly sensitive and, therefore, valuable if you intend to blackmail a law firm. This makes them a very attractive target. Hackers will often demand a blackmail payment from law firms or threaten to post that sensitive data on the internet.'

The sophistication of cyber-related attacks is hard to keep pace with and we are seeing more third-party losses leading to claims being made under law firms’ Professional Indemnity policies. The Cyber exclusion within the PI wording means there is usually no cover at all for law firms themselves for any first-party losses, so cyber security should be high on the agenda and systems and controls reviewed regularly. Cyber cover could be a critical support to a firm’s business should an attack arise.

4. Mental health and wellbeing of fee earners

In recent years the legal profession has been paying far more attention to mental health and wellbeing within the workplace and Insurers are supporting and encouraging the continued progression in this area, particularly as Insurers are aware of the risks here and that claims can arise because the fee earner concerned was struggling to cope, under extreme pressure, or suffering with anxiety.

Law firms may experience issues with recruiting new talent which can be influenced by workplace culture and the environment. There is generally an increasing emphasis on having a positive workplace, and this is reflected in recent changes to UK legislation. Since 26th October 2024, employers have had a new duty under the Equality Act 2010 to take reasonable steps to protect employees against sexual harassment to make employees feel safe in the workplace[4]. There are also plans for further legislation, following the introduction of the Employment Rights Bill, to improve working conditions and increase productivity.

Effective supervision of those providing legal services is another important consideration. It is a regulatory requirement to have appropriate supervision arrangements, especially for junior members of staff, to ensure the best possible outcome for the client and to maintain public confidence generally in the services provided.  While negligent provision of services is not always due to a failure to supervise, effective supervision has a role to play in managing the risk of negligence claims.

Hybrid working can make for a better work-life balance, although the risk of mistakes can increase when supervision isn’t immediately on hand or available. Flexible working policies are usually more successful if the right balance has been considered, and the support offered to staff members remains the same whether working remotely or on site.

Fee earners will usually experience stress in the workplace and so creating a healthier work environment should be a consideration for law firms. With the best culture in place, client outcomes can improve and productivity can increase.

5. Regulatory issues/SRA breaches

In the SRA’s latest annual report, it was found that there was a significant increase in regulatory intervention into law firms. Following an independent review by Carson McDowell which criticised the SRA’s handling of the Axiom Ince fallout, it is likely that SRA will continue to be more proactive in reviewing law firm practices and standards.

2024 for example saw a rise in SRA investigations into firms’ and individuals’ conduct arising from a breach of the SRA Accounts Rules (“SAR”). Client account management and adherence to the rules should be of the utmost importance to a law firm as an obligation to remedy a breach of the SAR is a defined claim under the PI policy and procedures and controls will be of significant importance to Insurers. Regular training is essential to ensure fee earners are aware of their regulatory obligations.

The SRA has a number of other hot topics on its radar which law firms should be aware of and they should give attention to the warning notices periodically issued by the SRA. Recently a warning notice was issued to firms undertaking claims management activity relating to financial services and products. They cautioned against acting for individuals without specific consent, poor due diligence leading to low quality or inaccurate claims and failure adhere to client instructions.

SLAPPs (“Strategic Lawsuits Against Public Participation”) have been the subject of another recent SRA warning notice as it expects solicitors not to be involved in abusive litigation on behalf of their clients – including using the legal system improperly by pursuing SLAPPs. The SRA is encouraging those who believe they have been a target of a SLAPP to report it.

AML is also high on the SRA’s list as it tries to help solicitors and law firms stop criminals using the profession to launder money, by reinforcing the basics of anti-money laundering compliance. In October 2024, SRA have helpfully collated the most recent guidance and resources in relation to law firms’ AML obligations on their website. Firms should review and utilise and keep up to date with legislation to prevent being the subject of an SRA investigation which could lead to fines and/or other sanctions.

Whilst cover may be available under the PII policy for SRA investigations costs related to a notified claim or circumstance, a Management Liability/D&O policy can provide cover for regulatory issues not covered by the PII policy.

At Howden, we are able to advise you on the most appropriate policy for your firm should this be of interest.

 

https://www.lawsociety.org.uk/topics/cybersecurity/partner-content/as-cybercriminals-use-ai-to-escalate-threats-how-can-law-firms-protect-themselves

Building Safety Act 2022: a guide for conveyancers | The Law Society

Cyber attacks on law firms jumped by 77% over the past year | Law Gazette

New protections from sexual harassment come into force - GOV.UK