IT Contractor Insurance: Professional Indemnity and Cyber Cover

If you work for yourself in tech, IT contractor professional indemnity insurance is the policy most clients will ask to see before you start. It pays to defend and settle claims that you gave negligent advice, wrote code that failed, or made a mistake that cost a client money. Pair it with cyber cover and you protect both sides of the modern contractor’s risk: the work you deliver, and the data and systems you touch while delivering it.

This guide explains what each policy actually covers, the limits agencies and end clients now demand, and how IT contractors and consultants should think about putting cover in place.

What professional indemnity insurance covers

Professional indemnity (PI) is the core policy for anyone paid for their skill, advice or output. For an IT contractor or consultant, it responds to claims arising from your professional work, including:

• Errors in coding, configuration, system design or implementation.
• Negligent advice or a recommendation that turned out to be wrong.
• Missing a deadline or a deliverable in a way that caused the client a loss.
• Accidental loss or destruction of a client’s data.
• Unintentional breach of intellectual property or confidentiality.

The policy covers your legal defence costs as well as any damages awarded, which matters because defending even a baseless claim can be expensive. PI is written on a “claims made” basis, meaning the policy that pays is the one in force when the claim is made, not when you did the work. That is why contractors are usually advised to keep cover running (and to consider run-off cover) after a contract or limited company ends.

Why IT contractors also need cyber cover

PI handles mistakes in your professional work. Cyber insurance handles what happens when systems and data are attacked or breached. The two overlap but neither replaces the other.

Cyber cover for a contractor typically responds to a security incident that disrupts a client’s business or exposes data: ransomware, a breach of credentials you hold, a compromised cloud environment, or a network security failure that an error of yours helped cause. It can fund incident response, legal costs, notification under data protection law, and third-party claims. If you handle client data, access credentials or cloud infrastructure, this is no longer optional. Our guide on what cyber insurance covers sets out the cover and the common exclusions in detail.

A useful way to see the split: PI answers “your advice or code was wrong”, cyber answers “data or systems were breached”. Many contracts now require both, and some insurers bundle a cyber section into a contractor PI policy.

How much cover do clients require?

Contracts and agencies almost always set a minimum PI limit, and you cannot start until you meet it. Typical limits run from £250,000 up to £2 million, while government departments, banks and large corporates frequently demand £5 million or more. Check the contract or statement of work before you quote, because the required limit drives the premium. It is common to hold a baseline level and increase it for a specific high-value engagement.

Whatever limit you choose, read how it applies. An “aggregate” limit is the most the insurer pays across all claims in the policy year, while “any one claim” resets for each claim. Larger clients often insist on the latter.

Other cover IT contractors and consultants should weigh up

PI and cyber are the headline policies, but most IT contractors and software developers carry a small stack:

• Public liability for any work on a client’s premises, in case you injure someone or damage property.
• Employers’ liability, which is a legal requirement the moment you take on staff or technical subcontractors.
• Directors’ and management liability if you run a limited company, protecting you personally as a director.

Business consultants and management consultants outside pure IT need the same PI foundation; the difference is mostly in how cyber and product-specific extensions are configured. The principle holds across consultant insurance generally: cover the advice you give, then cover the data and systems you handle.

Buying cover as a limited company or sole trader

Most UK IT contractors run through a limited company, and the policy should be in the company’s name, with the limit matched to your contracts. Sole traders and umbrella-company contractors should check whether any cover is already provided for them, as some umbrella arrangements include a basic PI limit that may fall short of what an end client demands.

The contractor insurance market in 2026 has more capacity and competitive pricing for well-run contractors, but client and agency onboarding checks have tightened, with more of them verifying your certificate as part of supply-chain compliance. Keep your certificate current and to hand. Specialist insurers such as Hiscox publish the cover types contractors typically combine, and the ICO sets out your data protection duties, which feed directly into the cyber exposure your policy is there to cover.

For a wider view of how cover is priced, see our cyber insurance cost guide and the do I need cyber insurance explainer.

Frequently asked questions

Is professional indemnity insurance a legal requirement for IT contractors? No, it is not required by law, but it is almost always required by contract. Most clients and recruitment agencies will not let you start an engagement without proof of a minimum PI limit, so in practice it is unavoidable.

What is the difference between professional indemnity and cyber insurance? Professional indemnity covers claims that your advice, code or professional work was negligent or caused a loss. Cyber insurance covers the costs of a security breach or attack, such as ransomware, data exposure and incident response. Contractors handling client data usually need both.

How much professional indemnity cover does an IT contractor need? It depends on the contract. Limits commonly range from £250,000 to £2 million, with large corporate and public-sector clients often requiring £5 million or more. Always check the limit specified in your contract before buying.

Do software developers need different insurance from IT consultants? The foundation is the same: professional indemnity plus cyber cover. Software developers may weight cover towards coding and product errors, while consultants weight it towards advice, but both buy from the same core policies.

Does my limited company or my umbrella provide cover already? Some umbrella companies include a basic professional indemnity limit, but it is often lower than an end client demands. Check the exact limit and whether it names you correctly, and top it up if a contract requires more.

What happens to my cover when a contract or company ends? Because PI is claims-made, a claim can arrive after the work is finished. Run-off cover keeps you protected for past work after you stop trading or close the company, which is why many contractors keep cover in place beyond the final invoice.