Short answer: professional indemnity insurance can help protect a UK professional firm against allegations that advice, design, service, analysis or judgement caused a client financial loss. In 2026, firms should review AI use, cyber incidents, subcontractors, contract limits, quality controls and run-off obligations before assuming an existing PI limit is still enough.
Professional indemnity insurance is often bought at renewal and then left alone until the next proposal form arrives. That is risky when a firm has added new services, signed a larger client, used artificial intelligence in production workflows, changed subcontractor arrangements or accepted contract terms that increase liability. The policy that looked sensible last year may still be right, but the evidence needs checking.
This Business Insight is written for consultants, accountants, designers, engineers, marketing agencies, IT contractors, surveyors, recruiters, architects and other UK firms that sell expertise rather than physical goods. It supports the main professional indemnity insurance page and should be used as a practical renewal checklist, not as legal advice. Exact cover depends on your activities, policy wording, insurer appetite and contract terms.
of UK businesses reported a cyber breach or attack in the 2025 Cyber Security Breaches Survey.
of businesses reported being insured against cyber security risks in some way.
of businesses had a board member responsible for cyber security in 2025, down from 38% in 2021.
Why this is a 2026 issue
The immediate search opportunity is clear. In the available Google Search Console tracker, the main professional indemnity page recorded 22,850 impressions from 7 April 2026 to 6 July 2026, but only five clicks. That points to a commercial topic where Insure24 already has visibility but needs stronger supporting content, clearer internal pathways and a more current reason for professionals to engage.
The topical reason is also clear. The UK Government's Cyber Security Breaches Survey 2025 reported that just over four in ten businesses had experienced a cyber security breach or attack in the previous 12 months. The same report highlighted AI impersonation as an increasingly mainstream concern in qualitative interviews. Separately, current reporting on the FCA-commissioned Mills Review has pushed AI, fraud, cyber threats and consumer harm into the financial-services risk conversation.
For professional firms, these trends do not sit neatly in one policy box. A bad client outcome may involve professional judgement, cyber security, data protection, software dependency, subcontractor error, miscommunication, breach of contract and reputational harm. That is exactly why a renewal review should not ask only, "what was last year's PI premium?" It should ask what the firm now does, what it has promised clients, what technology has changed and which policy would respond if a client alleges financial loss.
The 2026 professional indemnity checklist
Use the following checkpoints before renewal, before signing a major contract or before expanding into a new advisory service. The purpose is to make the insurance presentation clearer so a broker can approach appropriate markets with fewer assumptions.
1. Map what you actually sell
List each service line, not just the trading description. "Consultancy" is too broad if revenue now includes technical design, compliance reviews, software configuration, regulated advice support, project management, recruitment screening or outsourced administration.
2. Split revenue by activity
Insurers often care about the difference between advice, implementation, design, audit, training and managed service work. A clear turnover split helps avoid a proposal that hides the part of the business most relevant to the risk.
3. Review contract liability caps
Check whether client contracts cap liability at fees, a multiple of fees, a fixed amount or the insurance limit. A contract requiring £2 million PI cover is not the same as a contract that leaves liability uncapped.
4. Record AI use
Document where generative AI, automated analysis, code assistants, client chatbots or decision-support tools are used. Note whether outputs are checked by qualified staff and whether client data is entered into third-party systems.
5. Check cyber overlap
A data incident, phishing loss or system outage may sit closer to cyber insurance than PI, but a client may still allege negligent advice or poor service. Review cyber insurance versus professional indemnity before assuming one policy solves both problems.
6. Evidence quality controls
Keep records of peer review, sign-off, file notes, version control, complaints handling, training, client approvals and scope changes. These controls can matter as much as the headline service description.
AI does not remove professional responsibility
AI tools can improve drafting, research, coding, design, analysis and client service. They can also produce inaccurate outputs, expose confidential information, blur accountability and make it harder to prove how a decision was reached. A professional firm using AI should be able to explain where the tool sits in the workflow, who approves the output and how errors are caught before a client relies on the work.
The key insurance question is not whether a firm "uses AI" in an abstract sense. It is whether AI changes the professional service being delivered, the type of client data being processed, the evidence trail behind advice, the likelihood of error or the size of loss if the output is wrong. A marketing agency using AI for first-draft copy has a different profile from an engineering consultant using automated calculations, an IT contractor deploying scripts into a client environment or a financial services supplier using AI-assisted triage.
At renewal, firms should avoid vague answers. If AI is used only for internal administration, say that. If it is used in client deliverables, explain the guardrails. If clients require AI policies or prohibit certain tools, record those requirements. Where the exposure is significant, ask the broker to clarify whether the professional indemnity, cyber, technology errors and omissions or management liability programme needs adjustment.
Insure24 commentary: "The most useful PI renewal conversations now include technology governance. A firm that can explain its AI controls, contract review process and cyber incident planning gives insurers a clearer view of the risk than a firm that simply repeats last year's business description."
Contract terms can quietly outgrow the policy
Many professional indemnity problems begin before a claim. A firm wins a bigger client, accepts a procurement template, agrees to a higher limit of liability or promises cover for a longer period than the current insurance programme supports. The policy may remain unchanged, but the commercial obligation has shifted.
Before renewal, collect current contracts and note any clauses dealing with indemnities, consequential loss, fitness for purpose, intellectual property, confidentiality, cyber security, professional standards, subcontractors, notification duties and insurance evidence. Then compare those obligations with the policy limit, excess, retroactive date, territorial scope, jurisdiction, civil liability wording, exclusions and notification conditions.
Firms working in construction, engineering, technology, finance, recruitment, design and regulated support roles should pay particular attention to project values and customer evidence requirements. Useful supporting pages include how much professional indemnity cover is needed, professional indemnity insurance cost and professional indemnity claims.
Cyber, data and professional negligence can collide
The Cyber Security Breaches Survey provides a useful board-level reminder: cyber incidents are common, but cyber governance remains uneven. For professional firms, a breach can create several separate issues. There may be breach response costs, client notification, forensic investigation, business interruption, contractual penalties, complaints, regulatory correspondence and allegations that the firm failed to exercise reasonable care.
Cyber insurance may support incident response, data liability and interruption depending on wording. Professional indemnity may be relevant if the allegation is that the professional service itself was negligent. Public liability usually responds to different third-party injury or property-damage exposures. Because policy lines can overlap, firms should be careful with notification. A single event may need to be reported under more than one policy.
The practical review point is simple: do not buy PI in isolation if the firm's advice, systems and data handling are connected. Review cyber controls, data processing, supplier access, multi-factor authentication, backups, incident response plans and contractual security requirements alongside the professional indemnity presentation.
Run-off and retroactive dates matter
Professional indemnity is commonly written on a claims-made basis. That means the policy in force when a claim is made can be critical, not only the policy that existed when the work was carried out. Firms that merge, close, sell a book, stop trading or change insurer should check retroactive dates, continuity, pending circumstances and run-off requirements carefully.
A consultant who completed a project in 2024 may not receive a complaint until 2026. A design agency may stop trading but still face a claim from previous work. A professional firm moving insurer may need to explain known circumstances or avoid a gap in retroactive cover. This is not an area to tidy up after the event; it belongs in the renewal checklist.
What to prepare for your broker
A better renewal submission should be concise, but it needs substance. Prepare turnover by activity, largest contracts, client sectors, contract limit examples, staff qualifications, subcontractor controls, complaints and claims history, quality assurance procedures, cyber controls, AI governance notes, data processing overview, overseas work, regulated activities and any professional body requirements.
Also prepare what changed since the last renewal. Insurers do not only need the current state; they need the direction of travel. New AI-enabled services, larger clients, changed contract templates, US exposure, higher project values, new subcontractors or expanded advice lines can all affect appetite and terms.
Internal linking and related reading
This article supports the main professional indemnity insurance money page. For deeper comparison, read what professional indemnity insurance covers, professional indemnity versus public liability and professional indemnity claims examples.
Related Business Insights include the Contractor Insurance Review Checklist 2026, where contract works and client evidence requirements often overlap with PI, and the Manufacturing Insurance Review Checklist 2026, where cyber, supply chain and professional design responsibilities can affect wider commercial insurance reviews. You can also download the professional indemnity renewal checklist PDF for broker preparation meetings.
Sources used for this insight
- UK Government Cyber Security Breaches Survey 2025.
- UK Government Cyber Governance Code of Practice.
- UK Government AI Cyber Security Code of Practice.
- Current reporting on the FCA-commissioned Mills Review and AI risk in financial services.
Review professional indemnity before the contract is signed
If your firm has changed services, added AI tools, signed larger contracts or taken on higher-value advice work, review your PI cover before renewal. Insure24 can help UK businesses compare suitable professional indemnity options and related commercial cover.