What We CoverOur ApproachClient StoriesInsightsAboutSchedule a Consultation
All insights

Financial lines insurance for Singapore marketing agencies: PI, cyber, and D&O explained

Marketing agencies in Singapore hold client data, produce IP-sensitive creative work, and carry contractual performance obligations on every brief. Here is what professional indemnity, cyber, and D&O insurance cover for creative and marketing firms.

A marketing agency in Singapore takes a client brief, builds a campaign, publishes the creative, and delivers a report. At every stage of that process, something can go wrong in a way that creates financial liability for the agency. The creative uses a stock image without the right licence. The campaign makes a claim that the client's product cannot substantiate. A data breach exposes the customer lists the agency holds for a retargeting campaign. A client says the campaign underperformed and holds the agency responsible for the revenue shortfall.

None of these are unusual scenarios. They are the routine liability exposures of a professional services firm that works with intellectual property, personal data, contractual performance obligations, and client relationships. Yet many marketing agencies in Singapore carry little or no professional financial lines insurance, and discover the gaps only when a dispute arrives.

This post explains the three financial lines products most relevant to marketing and creative agencies in Singapore, why each matters, and what the regulatory environment in 2026 makes more pressing than it was even two years ago.

Professional indemnity insurance

Professional indemnity (PI) insurance covers claims made against the agency for errors, omissions, or negligent acts in the course of providing professional services. It responds to the legal costs of defending the claim and any damages or settlement awarded.

For a marketing agency, the claims scenarios are broader than most owners initially appreciate.

Campaign performance disputes. A client engages an agency to manage a paid digital campaign with agreed key performance indicators. The campaign does not deliver the expected results. The client alleges the strategy was negligent, the targeting poorly executed, or the reporting misleading. Even where the agency disputes fault, legal costs accumulate from the moment the client's lawyer sends a letter.

Intellectual property infringement. A common indemnity clause in Singapore marketing agency contracts requires the agency to hold the client harmless against IP infringement claims arising from the agency's work product. If the agency uses an image, a piece of music, a font, or a design element without the appropriate licence, and a claim is made, the agency bears the liability. PI cover typically extends to unintentional IP infringement in professional work.

The risk here is not only from external photographers or music licensors. In Siemens Industry Software Inc v Inzign Pte Ltd [2023] SGHC 50, the Singapore High Court held that a company was liable for copyright infringement committed by its own employee during the course of their work. The principle extends directly to agency creative staff who incorporate unlicensed third-party assets into client deliverables: the agency, not the individual employee, carries the liability.

Misleading advertising claims. The Advertising Standards Authority of Singapore (ASAS) administers the Singapore Code of Advertising Practice (SCAP), which requires all advertising to be legal, decent, honest, and truthful. Where an agency produces content that makes a claim on behalf of a client that cannot be substantiated, both the agency and the client can face scrutiny from ASAS. The agency's PI cover responds to claims arising from its professional acts in producing that content.

Influencer and content creator liability. ASAS guidelines require sponsored content to be clearly disclosed. MAS digital advertising guidelines, which took effect in March 2026, apply additional requirements to financial product advertising. Where an agency manages influencer or creator campaigns and disclosure requirements are not met, or where content breaches platform policies resulting in campaign loss or account suspension, the professional liability of the agency is engaged.

Contract disputes over deliverables. The most common marketing agency contracts in Singapore cap the agency's total liability at the fees paid in the preceding 12 months, but exclude from that cap areas such as gross negligence and IP infringement. A claim in one of these uncapped categories exposes the agency to unlimited liability at common law. PI cover provides a financial backstop for exactly this scenario.

Standard PI policies written for consulting firms are not always structured for the specific risk profile of a creative or marketing agency. A policy wording should extend to creative services, digital marketing, campaign management, and content production, not only to strategic advisory work. Confirming the policy covers what the agency actually does is worth checking at inception rather than at claim time.

You can read more about our professional indemnity cover on the products page.

Cyber insurance

Marketing agencies hold substantial volumes of personal data. Customer email lists for email marketing campaigns. CRM records from client databases. Social media audience data. Event registration information. Lead generation data collected through forms and landing pages.

Under the Personal Data Protection Act 2012 (PDPA), every organisation that holds personal data in Singapore must make reasonable security arrangements to protect it. Between 2019 and 2024, the Personal Data Protection Commission (PDPC) issued over 100 enforcement decisions, with financial penalties ranging from S$5,000 for minor breaches to S$1 million for large-scale systemic failures. The PDPC has made clear that size is not a mitigating factor: small agencies have been investigated alongside large corporates.

For a marketing agency, the PDPA exposure is compounded by the fact that the data held often belongs to the client's customers, not the agency's own contacts. A breach that exposes a client's customer records creates both a direct PDPA liability for the agency (for failing to make reasonable security arrangements for data it was processing on behalf of the client) and a contractual liability to the client under the mutual indemnification provisions in most agency contracts.

The scale of this exposure is illustrated by a decided Singapore case. In Razer (Asia-Pacific) Pte Ltd v Capgemini Singapore Pte Ltd [2022] SGHC 310, the Singapore High Court found that an IT services provider was liable after a security misconfiguration by one of its employees caused the personal data of approximately 100,000 Razer customers to be exposed. The court held that Capgemini had breached both its contractual obligations and its duty of care, and awarded Razer damages of approximately USD 6.5 million. Capgemini was not a marketing agency, but the liability mechanism is identical: a professional services firm handling a client's customer data makes an error, the client's customer data is exposed, and the service provider bears the legal and financial consequences. For any agency that holds client customer databases, email lists, or CRM records, the same exposure exists.

Cyber insurance covers the costs of responding to a data breach from both directions. First-party costs include the forensic investigation to establish what happened, legal advice on the PDPA notification obligation, the cost of notifying affected individuals, and business interruption while systems are restored. Third-party costs include the liability to clients whose data was exposed as a result of the agency's breach.

Beyond data breaches, marketing agencies face a specific cyber exposure from ransomware. An agency that loses access to its campaign management systems, its creative asset library, or its analytics platforms faces both operational disruption and the risk of missing client deliverable deadlines, which creates a compounding PI exposure at the same time.

You can read more about our cyber insurance on the products page and about the practical cost of a cyber incident in our post on The Cost of a Cyber Incident in Singapore.

Directors and officers insurance

For marketing agency founders and directors, D&O insurance is the third financial lines product worth considering, particularly as agencies grow and take on clients with more sophisticated contractual and governance requirements.

A director of a marketing agency carries personal liability under the Companies Act for governance decisions made on behalf of the company. Where an agency faces a significant client dispute, a regulatory investigation, or a data breach enforcement action, the question of whether the directors exercised reasonable care and diligence in managing the agency's affairs can arise in parallel with the agency-level claim.

D&O insurance covers the personal legal costs of directors who face claims made against them in their capacity as decision-makers, separate from the agency-level PI or cyber claim. For founder-directors of small agencies who personally hold client relationships, key licences, or have provided personal guarantees, this personal exposure is worth understanding clearly.

You can read more about our D&O cover on the products page.

The three covers working together

For a marketing agency, the three financial lines products address three different layers of exposure.

PI covers claims against the agency for professional errors and IP infringement arising from the work it delivers. Cyber covers the costs of a data or security incident involving the client or customer data the agency holds and processes. D&O covers the personal liability of the agency's directors where governance decisions are challenged.

The three can interact in the same event. A data breach that exposes client customer data can simultaneously trigger a cyber claim (the agency's own response costs), a PI claim (the client's claim against the agency for the breach), and a D&O-level governance question about whether adequate data security controls were in place. Reviewing all three together at each renewal, rather than treating each as a separate annual transaction, is a more effective approach.

If your agency is reviewing its current financial lines insurance, or if you have not previously held PI or cyber cover and would like to understand what is relevant for your size and client profile, we would be glad to work through it with you.

This article provides general information only. It is not insurance advice. Policy availability, terms, conditions, and exclusions vary by insurer and product, and cover is subject to the full policy wording. Please contact TZY CO for advice on your specific situation.

Wondering how this applies to your business?

Schedule a Consultationor message us on WhatsApp →
Back to all insights