How much PI insurance cover do I need as an IT consultant in the UK?
~2 min readIT consulting has no statutory regulator prescribing minimum limits. Sizing is driven by three things: client contract requirements, the PI-and-cyber overlap for consultants handling data, and the scale of project delivery exposure. This entry sets out how IT consultancies should size PII, where cyber cover should sit alongside, and the specific triggers that push sizing up.
Short answer — market ranges
- Independent contractor via PSC, work for SMEs: £500k–£1m primary.
- Small consultancy (2–5 consultants), mid-market clients: £1m–£2m primary + separate £500k–£1m cyber.
- Mid-sized consultancy (5–15 consultants), enterprise or public sector: £2m–£5m primary + £1m–£2m cyber. CCS / Digital Marketplace typically specify £5m+ minimum.
- Larger consultancy (15+ consultants), enterprise transformation programmes: £5m–£10m primary with £5m+ cyber.
- Financial services or regulated-sector specialist consultancies: £5m–£15m primary with specific regulated-sector wording extensions.
Client contract requirements — the primary driver
- Crown Commercial Service Consultancy Framework: £5m PI + £2m cyber typical
- Digital Marketplace: £5m minimum on higher-value engagements
- Large private-sector FTSE 100 vendors: £5m–£10m PI, £2m–£5m cyber
- Financial services clients: £5m–£10m PI, cyber extending to third-party GDPR liability
- Healthcare / NHS Digital: £5m minimum, clinical safety wording on healthcare-adjacent projects
The PI/cyber overlap
IT consultants sit in the intersection of professional negligence (PI) and cyber events (cyber insurance). A single incident — a consultant misconfigures access controls, leading to a client data breach — can trigger both. Sizing needs to cover both dimensions with clean policy coordination.
GDPR / data processor exposure
Any IT consultant handling client personal data is a data processor under UK GDPR Article 28. Article 82 provides direct liability to data subjects. Consultancies with material data-processing work should size PII with the ICO enforcement exposure in view.
Project delivery claim triggers
- Scope creep without formal change control
- Missed acceptance criteria at UAT or in production
- Technology choice failure — recommended stack unsuitable
- Delivery methodology failure — waterfall/agile unsuited to client context
Worked example
Illustrative only. An eight-consultant boutique cloud migration and data engineering firm serving mid-market financial services. Fee income £3.8m. Cyber Essentials Plus. Client contracts require £5m PI + £2m cyber. Broker recommendation: £5m primary + £2m top-up for £7m tower; separate £2m cyber; contract limitation-of-liability provisions reviewed.
Ready to size your cover properly?
Pick your profession on our proposal form and a named broker will come back with structured options.
Get a quote →Related reading
See IT consultants regulatory framework, PI vs cyber insurance, GDPR and ICO exposure, and the IT consultants PI insurance guide 2026.
Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Firm reference number 724952. This entry is general information, not advice on any particular policy.