Law firms aren’t short on technology options. What they lack is clarity.
Firms that will do well in 2026 aren’t the ones chasing every new tool. They’re the ones simplifying, governing and aligning technology decisions to how work actually gets done, say Nancy Griffing, CEO and founding partner of 3545 Consulting, and Frank Mariello, vice president of Legal Practice at Afinety.
That mindset matters most in three areas that continue to dominate IT planning conversations: AI, document management systems and security. Treated separately, each creates risk. Treated together, they form a practical operating model for the year ahead.
AI is no longer optional. Chaos is.
AI has moved from “interesting” to “unavoidable.” The challenge is how firms reacted and what steps they already took in 2025. Nancy has seen firms swing between two extremes: experimenting with everything out of fear of being left behind or avoiding AI altogether out of fear of getting it wrong.
“Neither one of those is a good way to approach 2026,” she said.
In firms that attempted to ban AI, usage didn’t stop. It simply moved out of view. Attorneys relied on browser tools, built-in features and personal devices without firm oversight.
One attorney explained it bluntly to Nancy: “If I’m not allowed to use it here, then I’m going to take my personal laptop and go across the street to the cigar shop and use the AI tool that I choose to use.”
That highlights the real risk. A ban doesn’t reduce exposure. It just relocates it.
Nancy pointed out that when AI use isn’t governed, firms are often surprised by how much experimentation is already happening.
“We found that on average, it’s 120 or more different solutions,” she said.
The answer isn’t more tools or stricter avoidance. It’s intentional governance that reflects reality.
Governance requires both policy and controls
A workable AI approach starts with defining boundaries. Nancy described the importance of identifying which tools should never be used with client data, which tools can be piloted under supervision and which tools are approved for firm-wide use.
“If it isn’t governed, then we know for a fact that this rampant use of AI is going to continue,” said Nancy. “And that doesn’t serve any business purpose at all.”
Frank emphasized that governance can’t live only in policy documents. Firms need technical controls where possible, even if those controls are imperfect.
“One easy way to deal with that restriction is to say, ‘hey, maybe we block that category globally,’ and then you can always do allowlists,” he said.
At the same time, both acknowledged that firms can’t control everything, especially when work happens outside the office. That reality makes education and communication just as important as enforcement.
“Understanding the why behind the governance is critically important for employees to embrace the policies,” said Nancy.
Start with business problems, not tools
Another common issue is firms investing heavily in AI platforms and then barely using them. Nancy described seeing technologically capable attorneys struggle to get value because they weren’t sure what to ask AI to do.
“The more time I spend in law firms, the more I realize how difficult it is for them to conceptualize what to ask AI to do for them,” she said.
Frank agreed that AI adoption works best when it’s tied to real workflows.
“Finding the business problems is probably the first step versus saying, ‘I’m going to use AI,’” he said.
One example Nancy shared came from a partner worried about what would happen to years of institutional knowledge if she were no longer there.
“That’s a business strategy problem that AI can solve,” she said.
That framing shifts AI from novelty to utility and makes governance easier in the process.
DMS decisions can no longer wait
While AI attracts the most attention, document management is quietly forcing decisions that firms have delayed for years.
Legacy platforms are being retired. Licensing restrictions are tightening. Support timelines are shrinking. For firms still on older DMS platforms, 2026 isn’t about whether change is coming. It’s about how prepared the firm is to manage it.
Many firms assume DMS performance issues stem from the software itself, particularly in hosted environments. Nancy indicated that in some conversations, people had asserted that NetDocuments could not function in virtual desktops. “It’s not NetDocuments that is a problem,” Nancy said. “The problem is that you haven’t spoken with Afinety yet.”
Successful migrations, however, require more than moving files. Cleaning and mapping data, aligning the system to current workflows and ensuring consistent configurations across environments all play a role in long-term adoption. When those pieces are handled well, modern DMS platforms can support cloud-first strategies without sacrificing usability.
Security has shifted from promises to proof
Security expectations have also changed. Clients and insurers increasingly want evidence, not assurances.
Frank described the reality firms are facing: long questionnaires, detailed audits and follow-up requests for documentation.
“It’s not enough to just fill out the spreadsheet. You better have the technical controls in place that you’re saying that you do have,” he said.
He also cautioned firms to be honest in cyber insurance applications. “It’s better to say no than it is to say yes,” noting that claims are now closely reviewed against stated controls.
From Frank’s perspective, certain security measures are no longer optional.
“Anybody who’s not doing multi-factor at this point is really missing the boat,” he said.
He also emphasized modern endpoint detection, email threat protection, security awareness training and tested backups.
And as an attendee pointed out, the loss of reputation and trustworthiness is often the longest-lasting consequence of a security incident.
One operating model, not three separate projects
AI, DMS and security are often planned as separate initiatives. In practice, they’re deeply connected.
AI depends on secure, well-managed data. That data lives in the DMS. The DMS depends on consistent environments and access controls. Security depends on both technology and human behavior.
Frank summarized the approach simply: “Fewer priorities lead to better execution.”
For many firms, success in 2026 will come from narrowing focus, finishing what was started and aligning decisions across these three areas instead of treating them as competing projects.
Progress, not perfection, is what moves firms forward.
Learn more
To explore these topics in more detail, watch the on-demand webinar with Nancy and Frank and download the 2026 IT planning guide.