Redefining Cyber Talent: Ronak Shah on the Evolving Role of Lawyers in the Age of AI

AI, cybersecurity, and data privacy aren’t just tech issues, they’re reshaping the way legal teams operate. At Future Lawyer Canada, Ronak Shah, Global AI, Privacy and Tech Counsel at Cassels Brock & Blackwell LLP will share his insights on the panel “Cyber Talent in the Legal Sector: From Outsourcing to In-House Innovation (Part II).”

Ronak has deep experience bridging the worlds of law, technology, and risk management, he helps organizations build resilient, future-ready legal strategies while equipping legal talent to navigate the evolving cyber and AI landscape.

In this conversation, he shares his perspective on how legal teams can effectively harness AI, strengthen cybersecurity, and navigate data privacy challenges, all while building in-house capabilities that keep pace with rapidly evolving technology and regulatory demands.

As Counsel in the Information Technology & Data Privacy Group, your practice covers a wide range of issues from AI to cybersecurity. What area do you find clients are most actively seeking guidance on right now, and why?

RS: Clients are most engaged on issues related to the adoption of artificial intelligence at the enterprise level, and more recently in relation to Agentic AI. We advise clients on a wide range of matters in this space: board preparedness; development of AI governance frameworks; AI vendor contracting and licensing; AI literacy; regulatory compliance; data licensing; AI incident response management etc. 

While there is a surge in AI related questions from clients, privacy and cybersecurity continue to be forefront issues as well. From a privacy perspective, organizations are increasingly concerned about use of biometrics information and updating their privacy programs with ongoing changes in privacy laws in Canada and how AI and privacy laws interact. 

What is the most common vulnerability you find among organizations today, and what simple steps can they take to improve their posture?

RS: With threat actors leveraging AI, including using deepfakes, social engineering attacks are increasingly more sophisticated making it harder for employees to spot phishing or business email compromise attacks. This means, the weakest link in most instances is an employee. Continuous training and awareness coupled with stronger technological controls and better data segregation are keyways for organizations to address this issue.

What specific skills related to AI and data privacy are currently lacking in the Canadian legal talent pool?

RS: I tell all lawyers that to better understand the risk and promise of AI, we need to experiment with AI tools – not just read about it. This helps us better appreciate the technology, its capabilities, and limitations. Only when you are well versed in the technology can you truly relate to the issues your clients may be facing on AI and privacy.

From a legal firm's perspective, how can a lawyer who specializes in information technology and data privacy best collaborate with the internal IT and forensic professionals during a breach investigation?

RS: The best way to work with the internal IT and forensics teams during a breach investigation is by doing the leg work before. This means working with your clients, their IT teams, and forensics vendors on cyber prevention and preparedness issues. That way you have important institutional knowledge as a breach coach that would be key to know in the middle of a crisis. Additionally, you would have hopefully developed trusted relationships with the teams, which makes it easier to work through a breach investigation, which can be high pressure environments.

Given the rapid evolution of technology and regulation, how can legal professionals ensure they remain "current" and competent in cyber-related matters?

RS: In addition to attending relevant privacy and cybersecurity forums, keeping in close communication with IT colleagues and forensics providers is a good way to stay updated on current cyber-related matters.  

Ronak Shah's expertise is a critical guide for the modern legal enterprise. The challenges posed by AI, cybersecurity, and data privacy are fundamentally governance issues, not just technical ones. As he points out, even with advanced tech, the most common vulnerability remains the human element, emphasising the vital need for continuous training. The key takeaway is that legal teams must move beyond passive reading about AI and actively engage and experiment with the technology to become truly effective advisors.

Want to learn how leading organizations are equipping their legal teams to navigate this evolving landscape? Don't miss Ronak Shah on the “Cyber Talent in the Legal Sector: From Outsourcing to In-House Innovation (Part II)” panel at Future Lawyer Canada.

Private Practice and In-House professionals can claim complimentary passes to learn, connect, and be part of shaping the future of law.