ICAEW.com works better with JavaScript enabled.

PII market update: COVID, sanctions and cyber

Author: Professional Standards department

Published: 12 Aug 2022

In our latest update on professional indemnity insurance (PII), we look at the continuing hard market and how some key issues – from COVID-19 and Russian sanctions to the ever-present risk of cyber attacks – could affect the renewal process.

Many accountancy firms are already acutely aware of the challenges involved in navigating the recent hard market for PII. But the ongoing fallout from the COVID-19 pandemic and the crisis in Ukraine are adding further complications.

“Over the past four to five years, we’ve been in the hard phase of the market cycle, which means a reduction in capacity and an increase in premiums,” explains Edward Partridge, Senior Vice President, Marsh Commercial.

“Across different sectors, we've seen big increases in premiums and in restrictive coverages placed on policies,” he adds. “Other challenges include higher policy excesses and cover being changed from an any one claim basis to an aggregate basis.”

Certain sectors have been particularly hard hit. “For example, some design and construction businesses, mainly off the back of the Grenfell Tower fire, have seen premium increases of as much as 400 to 500%,” he says.

The accountancy sector in general has been less dramatically affected, but it has not escaped the impact. “For the majority of fairly straightforward accountancy businesses doing day-to-day activities, capacities remain quite readily available, especially where brokers have access to exclusive schemes,” explains Partridge. “So we haven't seen the kind of premium increases we’ve seen in other sectors.”

“There are, however, certain elements of accountancy work, such as mergers and acquisitions, corporate finance, tax mitigation and insolvency that have been – and remain – areas that are relatively difficult to place,” he adds. “And this has driven up prices and potentially restricted coverage.”

“Whereas before they may have provided an any one claim limit without any inner restrictions, insurers may now start applying changes to the limit of indemnity or applying inner restrictions, so for example limiting the amount that can be claimed for a specific type of work.”

He advises firms to look out for any such changes in their policies and check these don't cause any problems either from the perspective of meeting ICAEW’s minimum requirements under the PII Regulations, or in terms of being able to obtain sufficient cover for their business.

“Some of our firms have seen, and continue to see, real challenges and difficulties in this hard market,” says Sarah-Jane Owen, PII and Regulatory Manager, ICAEW. “We advise firms to speak to their broker if they don't understand what any change to their policy means for their business or from a compliance perspective.”

Probing questions

Two of the most common challenges firms face are timescales and underwriters asking for more detailed information about specific risks or areas of the business. “While capacity is certainly available and cover is there, generally insurers want to know more about your business and its activities,” says Partridge.

“Off the back of COVID-19, there are some emerging trends,” he adds. “For example, an increase in the number of businesses going under due to COVID has led to an increase in insolvency work. And insolvency work is traditionally quite a difficult area to get cover for. So that has driven some concerns.”

Advice given about furlough schemes is another issue. “The feedback from ICAEW firms is that furlough and other COVID scheme advice is certainly one of the areas where insurers are asking additional questions,” says Owen. “So firms are having to provide more details about this aspect.”

The crisis in Ukraine and imposition of sanctions on Russian individuals and entities are also affecting  PII cover, with insurers asking for details about firms’ activities and clients in affected territories. “We’re hearing from firms that they’re having to give a lot of information about their exposure to Russia, Ukraine and other areas,” says Owen. “And they’re having to turn around quite detailed information pretty quickly.”

“That can sometimes be quite burdensome in terms of the percentage of fee income it represents for a business,” adds Partridge. “So a firm might have just one or two contracts in those areas, but it could be taking up three-quarters of the renewal process in terms of information gathering.” 

“We recommend firms contact their broker to discuss what additional information may be required in relation to sanctions, so they can prepare for the questions at the earliest stage,” says Owen. “Firms also need to talk to their brokers about individual insurers’ positions and appetite for risk and to ensure any policies are compliant with ICAEW’s PII requirements.” 
“Many insurers are going a step beyond UK government sanctions and looking at their own appetite for writing business in certain territories,” explains Partridge. “It's a very tricky landscape to navigate. So the key is to be absolutely clear about how your policy responds, including towards past exposures.”

Cyber risks

The threats posed by cyber attacks and other cyber-related events are already familiar to most businesses. But the pandemic and subsequent shift to home and hybrid working has further added to the risk.

Firms in the financial services sectors, including accountancy, are especially vulnerable because of the type and volume of data they collect, process and hold. In 2021, ICAEW made changes to its minimum approved PII policy wording to clarify the extent of cover for cyber-related claims. The changes were a response to a wider regulatory requirement on insurers to be clear about cyber cover in insurance policies.

When firms are looking at whether they have sufficient cyber cover to meet their business needs, they should consider current exposures and their cyber risk management policies and procedures. “ICAEW’s PII Committee has issued guidance about the benefits of separate, standalone types of cyber cover” explains Owen.

“We talk about cyber risks with all of our policyholders,” says Partridge. “It's often the bigger businesses you hear about when it comes to cyber events, but in reality a large proportion of SMEs get attacked and regularly report phishing or cyber breaches.”

“Some SME businesses don't see themselves as being big enough to be a risk, but actually they're probably targeted more by cybercriminals because, in some cases, their level of protection and their cyber protection policies aren't necessarily as sophisticated as big businesses.”

“We explain the role that standalone cyber insurance can play in cyber risk management,” he explains. “It’s critical that firms know this exists, and that it covers both first party and third party losses from cyber events.”

Firms also need to be aware of the difference between cyber cover and crime cover. “If we take phishing or social engineering type events, for example, that might be considered a crime event, as opposed to a cyber event, in some instances,” says Partridge. “So some phishing exposures aren't covered under a core cyber policy and you might need a separate crime policy.”

“If you’re looking at buying cyber, make sure it includes cover for social engineering and/or crime,” he advises. “Nuances in the policy wording can be quite complex, so choose a broker with knowledge in this area and access to a number of different policies, and get quotations for several different limits because cyber events can escalate in cost very quickly.”

Five top tips

Firms have already been navigating a hard PII market for the last few years. As other challenges emerge in the wake of the pandemic and an increasingly volatile global political landscape, the key messages remain the same:

  • Prepare early for renewal and get advice from your broker.
  • Look out for any potential changes in policy wording or coverage.
  • Understand your risk profile and exposures.
  • Be prepared to answer probing questions about your business.
  • Act to cover any gaps or potential compliance issues.