Professional indemnity insurance broker for IT consultants in the UK

Reviewed by Matthew Bartlett, Director · Last reviewed 8 July 2026

A specialist professional indemnity broker for IT consultants places cover that distinguishes correctly between PI and cyber, understands where a software project failure crosses the line into a professional negligence claim, and reflects the contract structures IT consultancies actually operate under. IT consultancy is not a formally regulated profession in the same sense as law or accountancy, and that fact often leads generalist brokers to treat it as low-risk commercial. The claims record does not support that view.

Why the regulator's rules matter to the broker choice

There is no single statutory regulator for IT consultancy in the UK. The nearest equivalent is BCS, The Chartered Institute for IT, which awards Chartered IT Professional (CITP) status and maintains a Code of Conduct that expects members to act with due skill and care and to hold appropriate insurance where they contract on their own account. Practices carrying out data controller or data processor work operate under the UK GDPR and Data Protection Act 2018, enforced by the Information Commissioner's Office. Consultants operating through personal service companies must apply the IR35 off-payroll working rules, which can affect who carries which liabilities on a given engagement.

The regulatory backdrop matters to the broker in two ways. First, contracts frequently attempt to shift ICO enforcement and data-loss consequences onto the consultant, and a specialist broker knows how the PI wording responds. Second, the PI market treats software project failure differently from data-breach exposure, and a specialist broker structures cover so both are addressed rather than either being left to fall through the gap.

What a specialist broker actually does differently

The first difference is placing PI and cyber correctly. PI responds to the consultant's professional negligence, missed deliverables, code that does not work as specified, and advisory failures. Cyber responds to first-party breach costs, ransomware response, notification obligations and third-party liability arising from the consultant's own security failure. A specialist broker understands where the boundary sits and places cover on both sides where the work justifies it.

The second difference is contract review. IT consulting contracts often include unusual liability provisions: uncapped liability for data loss, back-to-back obligations flowed from the end client to the consultant, indemnity clauses that pull the consultant into third-party disputes, and IP indemnities that survive termination. A specialist broker reads these against the wording before binding.

The third difference is submission quality. Under section 3 of the Insurance Act 2015 the firm owes a duty of fair presentation. A specialist broker structures the submission around fee income by engagement type (bespoke development, systems integration, cloud migration, cyber consulting, ongoing managed services), contract length and value distribution, data handled on behalf of clients, use of subcontractors, and any historic project overruns or disputes.

The signs a broker is not a specialist in IT consultants' PI

Ask the broker how the wording distinguishes between PI and cyber cover and where the boundary sits. Ask how it responds to a software project that fails to meet spec and results in a client claim for wasted expenditure. Ask about coverage for third-party IP infringement arising from delivered code. Ask how the wording handles a data breach where the consultant is a data processor. Ask about contractual liability endorsements and how they respond to uncapped indemnities. Ask whether the wording carves out cover for open-source components.

A broker who is a specialist will answer all six on the phone. A broker who is not will describe cover generically and hope the wording holds.

How Apex handles IT consultants' PI

Apex is a named-broker firm. A director-level broker owns the placement, reads the wording, structures the submission for fair presentation, and represents the firm to the underwriter. Around 95 per cent of our clients renew with us year on year, which is our internal measure of whether the approach is working.

We are authorised and regulated by the Financial Conduct Authority (firm reference number 724952) and hold professional indemnity cover in line with MIPRU 3. We place IT consultants' PI, and where the engagement warrants it a paired cyber policy, across Lloyd's syndicates and specialist company markets that write technology risks. Submissions are structured around the specific PI-versus-cyber exposure the consultancy carries and returned with a written note on any endorsements affecting IP, data or contractual liability.

Talk to a specialist

Want a specialist PI broker for IT consultants? A named broker reads every submission and comes back with terms within one working day.

Get a quote for IT consultants → or call 0117 325 0027