Silent Cyber and Professional Indemnity insurance

Understand Silent Cyber and the coverage provided by Professional Indemnity policies

SILENT CYBERPROFESSIONAL INDEMNITY INSURANCECYBER INSURANCEMODERN BUSINESS RISKCYBER THREATSCOMMERCIAL INSURANCE

Jon Layton

1/26/20263 min read

Silent Cyber and Professional Indemnity Insurance policies

In the modern world, the development of technology and ever-increasing reliance on electronic data has led to a quickly-expanding scope of potential cyber exposures for both policyholders and by insurers.

‘Silent cyber’ (or non-affirmative cyber) is the term used to describe potential cyber exposures within traditional insurance policies where cyber coverage was not clearly included or excluded or even anticipated when originally developed. This resulted in an increased risk of disputes between policyholders and insurer.

Since 2021, insurers have been required to clarify their position on ‘silent cyber’ in Professional Indemnity (PI) policies and the majority of insurers now have a clause in their policy wordings that exclude most cyber-triggered losses from coverage.

Crucially, this clause excludes:

  • a cyber act

  • a partial or total failure of any computer system

  • the receipt or transmission of malware

  • malicious code

  • the failure or interruption of services relating to core infrastructure

  • breach of data protection law

It is important that businesses appreciate that the cover under a PI policy for cyber events is limited and may not indemnify losses arising from all cyber events and therefore a dedicated cyber policy would be needed.

Here are some examples to help you understand the risks involved:

Theft of first-party funds via cyber hacking (hacker changes details, leads to wrong payment)

Normally, first-party losses (those affecting only the firm) are not covered under a PII policy. A cyber insurance policy should respond to this type of loss.

Theft of third-party funds via cyber hacking (hacker changes details)

As this is a third-party loss (affecting individuals or organisations outside the firm) it should be covered by the PII.

Mandate fraud (also known as Payment Diversion Fraud (PDF) and Business Email Compromise (BEC) (social engineering) (First Party)

This is a first-party loss which is not normally covered under a PII policy. A cyber insurance policy should respond to this type of loss.

Mandate fraud (also known as Payment Diversion Fraud (PDF) and Business Email Compromise (BEC) (social engineering) (Third Party)

As this is a third-party loss, it would be covered by PII.

Malware spreading to clients

This is intended to be excluded. A cyber insurance policy should respond to this type of loss.

Liability for client loss from failure to give advice (due to ransomware event)

The failure to provide advice would be within the civil liability of the PII protection so this would not be excluded.

Professional error due to corrupt professional software

The provision of professional advice is within the scope of PII. We would therefore expect this to be covered.

Claim for damages alleging breach of UK GDPR and Data Protection Act 2018

If the only causes of action relied on by a claimant are under data protection legislation, the exclusion will apply, and the claim will not be covered. A cyber insurance policy should respond to this type of loss.

As a result it will be more important than ever to consider whether a separate Cyber insurance policy is required to ensure a higher level of protection for your business.

Accountants are seen as an attractive target to cybercriminals for the following reasons:

Sensitive client information

Accountants handle extensive confidential information, including financial records and personal data. This sensitive data makes them attractive targets for cybercriminals looking to profit from valuable information.

Limited cybersecurity measures

In comparison to other industries, many accountancy firms have under-invested in their cybersecurity measures. This makes them more vulnerable to cyberattacks, as hackers often exploit weaknesses in security systems, outdated software, or inadequate employee training.

Lack of cybersecurity awareness

Accountants may not always prioritise cybersecurity or stay updated on the latest cyber threats. This lack of awareness can make them susceptible to phishing attacks, social engineering, or other tactics used by cybercriminals to gain unauthorised access to the firm's systems.

Potential for extortion

Given the sensitive nature of the information accountancy firms possess, cybercriminals may leverage the data for extortion. Threatening to expose confidential information could to both financial loss and reputational damage for your practice.

Conclusion

In today's digital age, Accountancy Firms must navigate an evolving landscape of cyber threats. While PII provides essential protection, Accountants should recognise the limitations of PII and supplement it with a dedicated cyber insurance policy.

Contact us now for clarification and to discuss your current and future coverage needs.

REMEMBER: All AccountancyPro Cyber quotations come with a FREE RISK ASSESSMENT of your network and domain to help you address any vulnerabities or issues and supplement your overall cyber defence strategy!

AccountancyPro Limited is authorised and regulated by the Financial Conduct Authority FRN 1009730 as an Appointed Representative of Clifford Lane Ltd who are authorised and regulated by the Financial Conduct Authority FRN 794917. Company registered in England and Wales No. 15324805.

© Copyright AccountancyPro Limited 2026.