How much does professional indemnity insurance cost for IT consultants in the UK?

Reviewed by Matthew Bartlett, Director · Last reviewed 8 July 2026

IT consultants' professional indemnity in the UK sits in a market that has changed rapidly over the past decade, particularly since the growth of GDPR liability and the rise of cyber-related loss. There is no statutory regulator for the profession as such, but professional bodies including the British Computer Society (BCS) set expectations for members, and client contracts drive the practical requirement. Premium is set by an underwriter reading a submission that reflects the practice's service mix, contract exposure, claims history, and the interaction between PI and cyber cover. This page sets out what actually drives the number for IT consultancies and how Apex Insurance Brokers approaches an IT consultants' PI submission.

What determines the premium

Turnover or fee income is the anchor. Underwriters rate on gross professional income, and the rate moves with service mix. Software development, particularly bespoke build for enterprise clients, sits at the higher end of the rating scale because of the loss potential on project failure. Systems integration, cloud architecture consultancy, and cybersecurity consultancy each carry distinct risk profiles. Independent contractors placed via agencies on time-and-materials terms sit differently again, and those inside IR35 or engaged through umbrella arrangements have their own considerations.

Contract exposure is central. Fixed-price deliverable contracts carry a much heavier PI exposure than staff-augmentation arrangements. Contractual limits of liability, indemnities given to clients, and the presence of consequential loss and data-loss carve-outs all feature. Underwriters read the standard terms of business the practice uses and note where the practice deviates from them under client pressure.

Claims and circumstances history is read on substance. A software project that overran and was settled by contract variation is different from a project that failed and led to litigation. The number and seniority of consultants, professional certifications held (including BCS Chartered IT Professional (CITP)), quality management systems, and version control and testing discipline are all factored in. Firms handling client data in volume, particularly special-category personal data under UK GDPR, will see that reflected in the rating and in questions about the interaction between PI and cyber cover.

The regulator's requirements

There is no statutory regulator for IT consultancy in the UK. The British Computer Society (BCS, The Chartered Institute for IT) is the licensed professional body for the sector and offers Chartered IT Professional (CITP) registration and Chartered Engineer (CEng) registration via the Engineering Council. BCS Code of Conduct expects members to maintain competence and to conduct themselves professionally, but does not set a specific PII floor.

Client contracts typically drive the requirement. Standard framework agreements from large enterprises, public sector bodies, and financial services clients often specify minimum PI limits (commonly £1 million to £5 million each and every claim, sometimes higher) and require separate cyber cover. Data protection obligations under UK GDPR and the Data Protection Act 2018 create material exposure to Information Commissioner's Office (ICO) enforcement and to data subject claims where a data breach involves the consultant's work. IR35 (the off-payroll working rules under Chapter 10 of ITEPA 2003 as amended) affects how independent contractors are engaged and priced but does not by itself change the PI risk.

The interaction between PI and cyber is important to understand. A traditional PI wording responds to claims arising from professional services (design, advice, deliverables). A cyber wording responds to first-party incident response, business interruption, and third-party liability from a cyber event. Where a professional error leads to a data breach, both wordings may respond, and the way the two policies dovetail is worth attention.

How Apex approaches IT consultants' cover

Apex Insurance Brokers is authorised and regulated by the Financial Conduct Authority (firm reference number 724952) and places PI and cyber cover for IT consultants across the sole-trader, small consultancy, and mid-sized firm spectrum. We are a named-broker practice: Matt Bartlett or a named colleague reads every submission personally, drafts the presentation to reflect the service mix and the PI/cyber interaction, and negotiates on the firm's behalf.

Our client retention rate across the book is approximately 95%. Our approach is to engage on the actual contract book and the standard terms in use, so that the underwriter sees the risk as it actually is rather than as a rolled-forward version of last year's numbers.

Ballpark ranges — with the health warning

Any range published on a web page is a starting point for conversation, not a quote. With that on the record: a sole IT contractor at modest income, working on a time-and-materials basis with capped liability contracts, will often see PI premiums starting in the low hundreds of pounds a year. Small consultancies doing bespoke development work under fixed-price contracts should expect materially higher rates.

Mid-sized firms with a mixed book often pay a rate on turnover in the low single digits of a percent for PI, with cyber priced separately. The number moves with contract profile, claims history, data-handling volume, and the limits purchased. Firms with clean records and a lower-risk service mix should expect the market to compete for them. The specific figure comes out of the underwriter's assessment of the submission, not from a table.

Get a quote

Want a proper indication for your firm? A named broker reads every submission and comes back with terms within one working day.

Get a quote for IT consultants → or call 0117 325 0027