Professional indemnity policies can still leave firms guessing whether a cyber loss is actually covered.
Chris Davies, Executive Director at Howden, has spent decades in financial services across advice, regulation, and insurance broking.
On Sense of Identity (Episode 13), he explains how professional indemnity (PI) cover works for advice firms, what silent cyber means in practice, and why many advisers still under-prepare for cyber risk.
Davies' career path runs from financial adviser through regulation into the private market side of the industry, with a consistent focus on growth and adviser workflow. At Howden, he works at a global scale on insurance broking while staying close to the day-to-day realities advice firms face when they buy and rely on PI cover.
Why Professional Indemnity Cover Matters for Advice Firms
PI insurance sits at the centre of how regulated advice firms manage risk from past recommendations.
Claims can arrive years after the original advice was given, which makes underwriting and claims handling as much about judgement as about policy wording.
Balancing Insurer Needs With Adviser Reality
Davies describes PI as an art of balancing what insurers need to price risk with what advisers experience in practice.
The goal is for insurers to understand how advisory work is changing so policies can respond to real advice risks, not only historic templates.
"Professional indemnity insurance is crucial because it's about understanding and managing the risks associated with advice given, sometimes years ago, but claimed against today."
Chris Davies, Executive Director, Howden
That long-tail nature of advice risk is one reason cyber and technology change can create surprises inside PI programmes that were not written with today's threat landscape in mind.
What Silent Cyber Means in PI Policies
Silent cyber describes policies that neither clearly include nor clearly exclude cyber-related losses.
When wording is ambiguous, firms and insurers can disagree after an incident about whether a claim falls inside PI, cyber, or another line of cover.
Why Lloyd's Pushed for Clearer Wording
Davies explains that Lloyd's reviewed how policies responded to cyber incidents and pressed insurers to state explicitly whether cyber coverage is included or excluded.
The practical effect for businesses is less ambiguity when they read what their PI policy will and will not respond to.
"'Silent cyber' refers to insurance policies that neither explicitly include nor exclude cyber coverage, leading to ambiguity. Lloyd's conducted a review to ensure policies responded consistently to cyber incidents, pushing insurers to explicitly state whether their policies include or exclude cyber coverage."
Chris Davies, Executive Director, Howden
For advice firms reviewing renewals, the useful question is no longer only "do we have PI?" but whether cyber exposure is addressed clearly across PI, dedicated cyber cover, and operational controls.
Cyber Insurance Uptake Among Financial Advisers
Despite rising cyber threats, Davies notes that uptake of cyber insurance among financial advisers remains surprisingly low.
Attackers do not limit themselves to large enterprises. Smaller advice firms hold valuable client data and can be attractive targets.
Preparedness Beyond the Policy Document
Insurance is one part of readiness. Davies also stresses having a response plan in place before an incident, so firms know how to contain, report, and recover when something goes wrong.
That includes thinking about how client communications are protected when sensitive data moves by email or other digital channels. Firms reviewing those workflows may find the Mailock guide to secure email for financial services a useful starting point alongside their insurance review.
"Adviser firms need practical routes to protect everyday client email without adding friction that pushes clients back to insecure channels or unnecessary support calls."
Carole Howard, Head of Networks, Beyond Encryption (Mailock)
Checks Before Your Next PI Renewal
Does your PI wording explicitly include or exclude cyber-related losses?
Is dedicated cyber cover in place where PI does not respond to incident types you face?
Do you have a tested response plan covering client communication and data handling?
Those questions sit alongside the wider shift in regulation and client expectation that keeps advisers under pressure to modernise processes without losing sight of insurable risk.
Growth, Regulation, and Adviser Realities
Davies' own path reflects how the sector has changed. He started as a financial adviser, moved into regulation, and later joined the private market side of the industry with a focus on helping firms grow while making day-to-day processes more efficient.
Why Howden Drew Him In
He joined Howden to apply that experience at greater scale, using the firm's global reach while staying connected to adviser workflow challenges.
Technology continues to change how advice is delivered and how risk is underwritten, which makes ongoing dialogue between brokers, insurers, and advice firms more important than a one-off renewal conversation.
Handling Sensitive HR Or Recruitment Emails?
Learn how Mailock helps teams protect personal information in email while keeping communication straightforward for recipients.
When asked what he would tell his younger self, Davies keeps the answer simple: listen more and talk less, because other people's experience can accelerate both personal and professional growth.
FAQs
Who Is Chris Davies?
Chris Davies is Executive Director at Howden. His career spans financial advice, regulation, and insurance broking, with a focus on business growth and adviser-facing risk.
What Is Silent Cyber in Professional Indemnity Cover?
Silent cyber refers to insurance policies that do not clearly state whether cyber-related losses are covered or excluded. Lloyd's pushed insurers to make that position explicit so businesses can understand their coverage more clearly.
What Did Chris Davies Say About Cyber Insurance Uptake Among Advisers?
He said uptake remains surprisingly low given evolving cyber threats, noted that attackers do not discriminate by firm size, and stressed that cyber insurance and a practical incident response plan should form part of a firm's risk management approach.
What Did Chris Davies Say About Professional Indemnity Insurance?
He described PI as essential for managing risks from advice given in the past that may be claimed against today, and said insurers need to understand how advisory work is evolving to price and respond to those risks appropriately.
Paul, CEO and Founder of Beyond Encryption, is an expert in digital identity, fintech, cybersecurity, and business. He developed Webline, a leading UK comparison engine, and now drives Mailock, Nigel, and AssureScore to help regulated businesses secure customer data.
Paul Holland
.svg)
Previous post