P2P

W ithin technology, the competition for project funding and support is fierce. Security, day-to-day operations, remote working, business process improvement, innovation and incubator projects and no/ low code legal builder types of technologies are but a few of the many needs and promising technology areas in our field. These both help drive progress and client value while also assist in keeping businesses out of trouble (legal, regulatory, operational issues). And, of course, law firms and legal operations must fund a variety of functions. Technolog y initiatives will always be in competition with other common cost centers such as employee payroll, office space, business development and several others for managerial support. Thus, the development of solid, defensible financial analytics using models understood by Chief Financial Officers is paramount to successfully moving projects forward. Although this article will not explore financial models in depth, whenever possible, it behooves technology leaders to strive to quantify the costs and benefits of proposed projects. Any time-based details which can be provided (e.g. costs in Year 1, 2, 3, etc.) are also generally welcomed by financial departments (they will be converted to a number in today's dollars using a discount rate and net present value technique). Our foundation in place, here are four key technology imperatives within the legal operations area, and some common approaches for providing financial use-cases for each. Security Business Rationale This hardly requires explanation for anyone who follows the news and is familiar with companies who have suffered adverse events in this area in the past few months. No one wants to be the entity who is dealing with ransomware or seeing confidential data for which you are a data steward bandied about on the web. Financial Supporting Arguments This is an easy one. Tactics best practice companies might employ to protect the enterprise are reasonable to quantify. Managed services providers (MSP) offer protection such as patching and security remediation to infrastructure (servers, firewalls, computers) on a per-unit basis. Employee training programs are similarly priced (per employee). And if you are SaaS (Software as a Service) cloud based in your application suite, that's a per person price as well. Other costs (security scans, annual software/ hardware maintenance) are more of a "per event" or annual costs, but also something one can budget for. In that environment, it is probably not unreasonable to suggest a spend rate of $300-500 per employee for your MSP, training, maintenance and core applications services (Office, Document Management System, File Storage, etc.) is in the ballpark, depending on the level of sophistication within a professional services firm. On the flip side, damages associated with "an event" can be substantial. Not just technology or other costs related to an incident such as remediation, data recovery payments or legal fees, but the impact of business interruption and to an entity's reputation must come into play. Hard to put a ceiling on those costs and, thus, relatively easy to build out a financial-based use-case for hardened security. 33 I L T A N E T . O R G

• Cover