Consulting is one of the broadest labels in the UK professional-services market. The management consultant advising a FTSE 250 board, the software specialist running a data migration, the marketing consultant briefing an agency on a rebrand and the HR specialist advising on a redundancy consultation all describe themselves as consultants. The professional indemnity (PI) exposure behind each role differs in shape and size, but the principle is the same: the consultant is paid for expertise, the client relies on it, and when the outcome falls short a claim can follow. This guide sets out how PI cover works across the main consulting disciplines, how to size a limit that reflects the actual work being done, and where wording detail matters most.
PI insurers do not use a single template for consultants. They classify by the type of advice or work product being delivered, because that is what drives the claim scenarios they expect to see. The main categories we place cover for are set out below.
Strategy, operating-model design, change management, post-merger integration, procurement transformation and public-sector advisory work all sit here. Engagements are typically project-based, deliverables are reports and recommendations, and the claim scenario tends to be that the recommendations were flawed or based on inadequate analysis and the client relied on them to their financial detriment.
Software project delivery, cyber assessments, DevOps work, ERP implementations, cloud migrations and system integration. Some IT consultants operate as sole practitioners through a personal service company, others inside a small delivery partnership. Claims often follow a project that ran over budget, over deadline or produced a system that did not meet specification, and increasingly involve data loss or a security incident during the engagement.
Brand strategy, digital marketing, campaign planning, media buying and agency-side account direction. Marketing consultants sit close to a legal boundary — advertising standards, GDPR, intellectual property — and claims tend to follow campaigns that produced a regulatory challenge, a competitor complaint or a demonstrable failure to deliver the growth built into the client's commercial plan.
Recruitment advice, employment-law adjacent work, redundancy planning, TUPE consultations, executive compensation and benefits design. HR consulting is high-severity for its price point: a single piece of poorly documented redundancy advice can lead to a multi-claimant tribunal exposure.
Non-regulated advisory work — a tax specialist advising on VAT structure, a corporate finance consultant supporting a fundraise, a treasury consultant advising on hedging. It sits outside the FCA perimeter but generates claims when advice leads to an HMRC penalty, a transaction failure or a structural error that only surfaces at audit.
A newer category growing quickly. Carbon reporting, science-based-target work, materiality assessments and sustainability disclosure support. Claim exposure is rising as UK reporting regimes tighten and greenwashing litigation becomes a live risk for corporates who relied on external advice.
Instructional design, competency framework work, executive coaching and leadership development. Claim severity is generally lower than the disciplines above, but contract-driven PI requirements from corporate clients still make cover essential.
Consulting is delivered through every legal structure. The structure affects the insured entity, the retroactive date and how client contracts need to be drafted, but not whether the cover is needed.
Three pressures push a consultant towards PI, and any one is usually enough. The first is claims exposure: when a client alleges the advice given or the work delivered caused financial loss, PI is the policy that responds, and the sums involved are almost always much larger than the fee earned on the engagement — a failed acquisition, an aborted programme, a system that had to be rebuilt.
The second is contract. Corporate procurement requires PI as a condition of engagement, typically specifying a minimum limit, claims-made basis, retroactive date and sometimes a named insurer. A consultant without PI is unlikely to pass supplier onboarding at any client of scale.
The third is the common-law position. Even absent a contract, English common law recognises a duty of care owed by a person giving professional advice to a person who relies on it. The Hedley Byrne v Heller principle of negligent misstatement means a claim can arise without any formal written engagement — PI is what stands between the consultant and personal exposure.
This separates consulting from the regulated professions covered elsewhere on this site. Solicitors carry PI under the SRA Minimum Terms. Architects carry PI under ARB Standard 8. Surveyors carry cover under RICS Rule 9. Chartered accountants carry cover under ICAEW Bye-law 61. IFAs carry cover under FCA IPRU-INV 13. In each case the regulator sets a minimum limit, scope, run-off requirement and claims-made framework.
Most consultants have none of that. They are not members of a statutory regulator and there is no minimum limit imposed by law. That does not make PI optional; it means the drivers are different. Professional bodies — IoD, CIPD, CIM, CIPS, BCS — each set expectations that touch on PI, but none has the enforcement teeth of an SRA or an ARB.
Contract-driven PI is therefore the norm. A typical corporate procurement pack requires £1m to £5m for a mid-tier engagement. Large corporate clients running strategic projects routinely specify £5m to £10m for the duration of the engagement, and financial services and healthcare clients often carry additional requirements around named insureds and specific endorsements.
The scenarios below are the ones we see most often. Every claim turns on its facts and its wording, but they show where the pressure points sit.
Strategic advice on a bolt-on acquisition where the target failed on due diligence points the report had not surfaced. A change programme that missed its benefits case, with the client alleging the delivery model was unsuited to the operating environment. An operational restructure that produced industrial-relations fallout the recommendation had understated.
A botched ERP implementation where go-live had to be rolled back. Data loss during a cloud migration where a backup was assumed but not verified. Integration failure between two systems where the interface specification proved incomplete. A cyber breach during a project where the consultant had access to production data.
A campaign that attracted an Advertising Standards Authority ruling. A brand rollout that infringed a third-party mark. A GDPR breach arising from marketing data handled during a segmentation project. A digital campaign whose targeting breached cookie or ePrivacy rules.
Advice on a redundancy consultation that led to unfair-dismissal claims. An error in handling collective consultation timescales under TUPE. A discrimination complaint arising from a recruitment process the consultant had designed. Executive compensation advice that produced unanticipated tax consequences.
Advice on a VAT scheme that later attracted an HMRC assessment and penalty. Corporate finance work where a transaction failed on a structural point the consultant did not flag. Fee-arrangement disputes where the engagement letter did not adequately record scope.
Consultant PI limits are set by looking at the shape of the practice, not by ticking a compliance box. Six factors dominate. Fee income is a proxy for exposure and the primary rating factor insurers apply. Client size matters more than most consultants realise: a blue-chip client can generate a much larger claim than a mid-market client for the same piece of work, because the downstream financial impact is measured against a bigger balance sheet. Project value follows the same logic — insurers look at the largest projects a consultant is involved in, not the average, when setting a limit recommendation.
Contract requirements often set a floor: if a client requires £5m and the consultant carries £2m, the choice is to walk away or increase the limit, and the sensible answer is usually to carry a limit that meets the largest reasonable contractual requirement across the client base. Historic claim experience is factored in at renewal and shapes wording appetite. Sector exposure is the final input — a consultant working substantially for regulated clients in financial services, healthcare or defence carries a claims profile weighted towards regulatory investigation and multi-year exposure.
All PI operates on a claims-made basis; in that respect consulting PI is identical to SRA, RICS and ARB cover. The policy responding is the one in force when the claim is made, not the one in force when the work was done. But wording variation across the consulting market is much wider than in the regulated professions, where minimum terms are prescribed. Two consulting policies from different insurers can differ substantially in definitions, aggregation approach, sub-limits and exclusions.
Aggregation clauses matter here. Where a consultant runs multiple similar engagements for clients in the same sector or on the same framework contract, the way the policy aggregates related claims can be the difference between one limit and several. Cyber overlap is now a significant feature: many consulting policies include limited cyber cover, but standalone cyber is often still needed for the full breach-response picture, particularly for IT consultants. Contract-driven retention is a further point — some client contracts specify a maximum policy excess, and a consultant whose policy carries a higher excess is technically in breach of that contract.
IT consultants and IR35. Where the consultant operates through a personal service company on outside-IR35 engagements, the policy needs to sit at the right entity level and cover the individuals doing the work. Insured-persons definitions and sub-contractor endorsements matter. Inside-IR35 arrangements sometimes shift the coverage question towards the end-client's own arrangements.
BCS-registered IT consultants. The British Computer Society code of conduct sets expectations on competence, confidentiality and integrity. A well-drafted PI wording aligns with those expectations and picks up disciplinary defence cover where the wording allows.
CIPD HR consultants. Employment-law adjacent work has higher claim severity than fee income suggests, because the downstream cost of a failed redundancy consultation or a botched TUPE handover is measured in tribunal awards. Cover levels generally need to sit higher than headline fee income indicates.
CIM marketing consultants. GDPR breach exposure is now a major driver of claim frequency. Marketing consultants routinely handle customer data, campaign segmentation and behavioural analytics, and the ICO enforcement pipeline has shortened. Data-protection endorsements and standalone cyber cover both deserve attention.
Sustainability and ESG consultants. Greenwashing exposure is growing as UK disclosure regimes tighten. Consultants advising on carbon reduction, science-based targets or materiality assessments face potential claims where a corporate has relied on external advice to make a disclosure a regulator subsequently challenges.
Retroactive date preservation across renewals — the date that sets the earliest work the policy will respond to; losing it at renewal creates a gap. Cyber sub-limit or standalone cyber policy — consulting PI cyber cover ranges from nothing to a meaningful sub-limit, and IT consultants in particular usually need standalone cyber. Dishonesty of employees — some wordings include it, others exclude it. Sub-contractor cover — consultants who bring in associates need cover that responds to work done by those associates. Waiver of subrogation — client contracts frequently require this; some wordings accept it on request, some require an endorsement, some resist it. "Any one claim" versus aggregate structure — consulting PI is written on both bases and the right choice depends on the shape of the practice.
Apex Insurance Brokers is an FCA-authorised broker (FRN 724952) with a book weighted towards professions and small-business PI. Matt Bartlett, the director, holds SMF3, SMF16 and SMF17 approvals and is directly involved in placement. We place consultant PI across FCA-authorised insurers with appetite in the consulting market, matching wording and limit to the specific shape of each practice. Our published sector-mechanics content is written by the team who place the cover and reviewed by the director whose name appears on the disclosure below.
Consultants are not usually statutorily required to hold PI, but in practice most need it. Client contracts routinely require it, common-law duty of care means a claim can arise without a written contract, and the sums involved in a consulting claim are typically much larger than the fee earned on the engagement.
Cover levels are set by fee income, client size, project value, contract requirements, historic claim experience and sector exposure. Typical corporate requirements sit between £1m and £5m, with strategic-consulting engagements at large corporates often specified at £5m to £10m. The answer for any given practice is a conversation, not a formula.
Most are not. Unlike solicitors under the SRA Minimum Terms, architects under ARB Standard 8, surveyors under RICS Rule 9 or accountants under ICAEW Bye-law 61, most consultants operate outside a compulsory regulatory PI regime. Voluntary body frameworks — IoD, CIPD, CIM, CIPS, BCS — set expectations, and contract requirements from clients set the practical floor.
The claims-made structure is common, but risk drivers differ. IT wordings focus on software project failure, data handling and cyber overlap. Marketing wordings focus on advertising rules, GDPR and intellectual property. HR wordings pick up employment-law adjacent claims where severity is high relative to fee income. Insurer appetite is not uniform.
Some consulting PI policies include a cyber sub-limit which may respond to third-party liability from a breach during a project. Scope varies substantially. Standalone cyber cover is generally needed for first-party breach response costs, business interruption and the full third-party picture — particularly for IT consultants who hold client data.
Outside-IR35 engagements delivered through a personal service company work in the standard consulting PI framework, provided the insured entity and named individuals are correctly recorded. Inside-IR35 arrangements shift the working relationship closer to employment, and PI cover then interacts with cover the end-client or umbrella arrangement carries. Worth a specific conversation when IR35 status changes.
For deeper coverage see the Ultimate UK management consultants PI guide 2026 and the Ultimate UK IT professionals PI guide 2026. On wording detail, see Aggregation clauses by regulator and Hedley Byrne and negligent misstatement. On broker authorisation, see Directly authorised versus appointed representative brokers. On consumer vs commercial cover, see Consumer versus commercial PI insurance.
Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Firm reference number 724952.