Is cyber insurance covered by professional indemnity insurance?

What is cyber insurance? Is it included under the SRA minimum terms and conditions of professional indemnity insurance (PII)?

Cyber insurance can cover certain costs and losses if your firm experiences a data breach or is the subject of a cyberattack that affects the firm’s computer systems.

The Solicitor’s Regulation Authority (SRA) minimum terms and conditions (MTCs) explicitly exclude first-party losses (those affecting the firm) resulting from a cyber event.

Firms should:

  • give serious thought to their potential liability, and
  • consider purchasing appropriate cyber insurance

Although cyber insurance is not a strict regulatory requirement, it is a sensible precaution.

Cyber insurance may help firms to meet their regulatory responsibility to ensure they “identify, monitor and manage all material risks to [their] business” (paragraph 2.5 of the SRA Code of Conduct for Firms).

Cyber policies vary in scope and coverage.

Unlike PII, there is no prescribed list of minimum terms and conditions.It’s important to look at the policy wording in detail to secure the best cover for your firm’s needs.

Our guide on cyber insurance for law firms explains the factors you should consider when purchasing insurance.

For further information, explore our practical cybersecurity resources.


While every effort has been made to ensure the accuracy of the information in this article, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept any responsibility for liabilities arising as a result of reliance upon the information given.

Have you got a practice question?

Call the Practice Advice Service on 020 7320 5675 or email

The Practice Advice Service is staffed Monday to Friday from 9am to 5pm.

Maximise your Law Society membership with My LS