A few years ago, a technology company in Singapore might complete a client engagement without the question of insurance ever arising. That has changed. Corporate clients, in particular those in financial services, healthcare, and the public sector, are increasingly requiring their technology vendors and service providers to carry professional indemnity cover and, often, cyber liability cover alongside it, before a contract is signed.
This shift is not incidental. It reflects a wider change in how technology risk is managed across supply chains in Singapore, and it has practical consequences for any tech firm looking to grow its client base.
Why insurance has become a contract requirement
The pressure flows from regulation and governance expectations at the enterprise level. The Monetary Authority of Singapore's Technology Risk Management (TRM) Guidelines set out how financial institutions should assess and manage the risks posed by their technology vendors. Although the guidelines apply directly to regulated financial institutions, they require those institutions to apply equivalent scrutiny to the vendors and service providers they rely on. In practice, that scrutiny arrives in the form of vendor due diligence questionnaires and contract clauses that specify minimum insurance cover.
As at May 2024, the MAS Notice on Technology Risk Management took effect with legally binding requirements on critical system availability and incident notification, reinforcing the framework further. Vendors supporting banks, insurers, and other MAS-regulated entities now routinely face contractual requirements to carry professional indemnity and cyber cover as a condition of onboarding. The same expectation has begun to migrate into procurement by large non-financial corporates and government-linked entities applying similar standards.
For a technology firm that did not previously carry this cover, an inbound request from a prospective client is often the first time the issue becomes urgent.
What technology professional indemnity covers
A standard professional indemnity (PI) policy is built around professional advice: it responds where a client suffers financial loss because a professional gave negligent advice or made an error in the course of providing a service. For a law firm or an accountant, that framing fits well. For a technology company, it is often incomplete.
Technology professional indemnity, sometimes called technology errors and omissions (Tech E&O) or technology liability insurance, extends the same core protection to cover the specific risks that technology products and services carry. This includes claims arising from software defects or coding errors that cause system failures or data loss; failure to deliver a project to the specification agreed; loss or corruption of a client's data held or processed by the vendor; and, depending on the wording, unintentional intellectual property infringement in software or deliverables.
The key distinction from standard PI is that technology liability cover responds not just to advice but to the products and deliverables themselves. You can read the outline of our professional indemnity cover on the products page.
Where cyber insurance fits alongside it
Technology liability and cyber insurance address related but distinct exposures, and a growing number of contract requirements specify both.
Technology PI responds to claims made against the business by a client who has suffered loss because of the vendor's error or failure. It is third-party liability cover: the client is the claimant.
Cyber insurance addresses a different set of costs, primarily the first-party costs the business itself incurs following a security incident: incident response, forensic investigation, notification costs, business interruption, and, under some policies, ransomware and extortion. It can also respond to third-party liability for data breaches affecting client data, which is where the two covers have an area of overlap.
For a technology company, the question is not usually which one to carry but whether the coverage across both policies is coherent. A cyber incident that exposes client data and disrupts a delivered system can trigger costs under both a cyber claim and a professional liability claim simultaneously. Understanding how the two policies interact, and where the combined cover sits against what a client contract actually requires, is the more useful question to answer at placement rather than after a claim.
We looked at the cost and mechanics of a cyber incident in more detail in The Cost of a Cyber Incident in Singapore.
Common gaps worth knowing
A general PI policy that pre-dates a company's move into technology services may not extend to software products and deliverables. Policy wordings vary, and a technology company that has grown from consulting into software development, or from project delivery into managed services, may find that its original cover does not match what it now does.
Sub-contractor and agent liability is another area to check. Where work is delivered through contractors or third-party developers, the policy wording determines whether claims arising from their errors fall within the cover.
Finally, the sum insured matters independently of whether cover exists at all. A client contract that specifies a minimum of $1 million or $2 million in PI cover sets a floor. Whether that figure also reflects the realistic scale of a loss is a separate question, and one that should be answered before a significant contract is executed rather than when a claim has already been notified.
A practical way to approach it
If your business is responding to a client's insurance requirement for the first time, the most useful starting point is the specific wording in the contract. The types of cover required, the minimum limits, any endorsements or extensions specified, and the territorial scope all determine what needs to be in place. Working from the contract outward is more reliable than working from a general sense of what the market offers.
If your business is reviewing cover it already holds, it is worth checking whether the current policy wording extends to your actual deliverables, including software products, and whether the sum insured is consistent with the contracts you are now signing.
We would be glad to work through either scenario with you, including how your technology liability and cyber covers sit together against the requirements you are facing.
This article provides general information only. It is not insurance advice. Policy availability, terms, conditions, and exclusions vary by insurer and product, and cover is subject to the full policy wording. Please contact TZY CO for advice on your specific situation.