Reviewed by Matthew Bartlett, Director · Last reviewed 8 July 2026
The renewal invitation has landed and something is off. The premium has climbed while the contract book has not, the wording review did not engage with the data-controller obligations you took on last year, or the broker never asked about the incident you reported to the ICO. IT consultancies change broker at renewal for reasons like these and the mechanics are well established. This entry sets out what to expect, what your current broker has to release, and the cyber-adjacent and GDPR points that must be handled correctly in the handover.
Look for observable signals rather than a general dissatisfaction. The premium moved and the underwriting rationale is not on the file. The wording review was a covering paragraph, not a written analysis of the “professional services” definition, the technology exclusion, the cyber sub-limit and the data-breach carve-in. The broker did not ask about the shift from body-shopping into fixed-price delivery, the new SaaS product, the change in the customer base or the ICO reportable incident from earlier in the year. The submission went to a single insurer’s facility rather than an open-market panel that understands tech-PI risk. Terms landed late. A cluster of these is usually a prompt to look properly.
Under ICOBS 2 information duties and the wider FCA client-service framework, the current broker is required to provide the information you need to make an informed decision at renewal. That means the current wording in full, the schedule, the claims record, the renewal invitation and any change in terms since inception. Consumer Duty (PRIN 2A) applies where the principal is treated as a consumer of the broking service. A written request for the file is enough. You do not owe an explanation for leaving.
There is no single regulator setting a minimum-terms floor for IT consulting PI, which puts the whole weight of the risk picture on the wording review at every broker change. The BCS Chartered IT Professional route is the main chartered framework, but it does not prescribe insurance in the way that ARB or the SRA do. What matters instead is the contract portfolio: fixed-price versus time-and-materials, the presence of liability caps, the inclusion of consequential loss carve-outs, and the SaaS or platform obligations you have accepted. PI and cyber sit next to each other and increasingly overlap; the incoming broker should show the split in writing and confirm where a data breach with client harm falls. Under UK GDPR and the Data Protection Act 2018, any personal-data incident during the year that was reported to the ICO is a material fact under section 3 of the Insurance Act 2015 and needs disclosure at re-broking. IR35 status of contractors flowing through the consultancy and the change in the corporate customer base — particularly moves into regulated sectors — also belong on the presentation. Cross-border delivery into the EU or US carries jurisdictional exposure that the new wording should be checked against.
Take the mechanics in order.
First, do not cancel the current policy until the new one is bound. A claims-made policy needs an unbroken chain. Second, give the incoming broker the current wording, schedule, claims record and any pending ICO or contractual notification alongside a summary of the contract portfolio. Third, the fair-presentation duty under section 3 of the Insurance Act 2015 continues at renewal and at every material variation — disclose the ICO incident history, the fixed-price shift and the cross-border delivery honestly. Fourth, any circumstance already notified to the outgoing insurer stays with that insurer; the new policy responds to claims made during its own period. Fifth, confirm the retroactive date on the new policy matches the outgoing inception so historic delivery files remain within cover. Sixth, read the technology exclusion, the professional-services definition, the cyber carve-in and the aggregation clause on the new wording against the outgoing one.
A broker doing the work properly on a tech consulting file looks like this. A named broker reads the wording and writes down the analysis. The submission uses the current contract mix, delivery model, incident history and claims record to build the risk picture, and goes to a specialist tech-PI panel on an open-market basis. The PI-and-cyber overlap is shown in writing, not glossed over. Material variations mid-year are handled at the point they happen. When IT consultants move to Apex Insurance Brokers from another broker, they say the difference is the same broker on the phone and a wording review that engages with the actual delivery model rather than treating the account as a generic professional-services risk. That is the working model, and it is why the retention rate on the tech consulting book runs at 95%.
Renewal at hand?
Send us your current renewal terms and we’ll take a look. A named broker will read every submission and come back within one working day with a proper comparison.