Search "professional liability insurance for webmasters" or whatever "that" would be in the language of your country.
Only look ( in depth ) at the results that apply to your country ..
Members here at WebmasterWorld are from all over the world ..so almost any advice would be irrelevant ..plus free legal advice from a forum ( with for the most part anonymous members ) is worth exactly what you you paid for it.
State that "the client will hold the contractor harmless for any future attacks that may or may not compromise the security of their web site." This would go in the libilities section [webmasterworld.com] of your proposal/agreement. If it gets down to a battle of lawyers the agreement may mean very little, but this at least puts it on the table.
You will also want to put an expiration date on your guarantee. I think the average is less than 1 year.
It seems silly to say but if in a year from now a new vulnerability comes out that we can't know about today and the site gets hacked using it you shouldn't be on the hook for something no one knew about at the time the site was built, and you should rightfully be able to charge to fix those types of things that crop up. You shouldn't put yourself on the hook for any future vulnerability.
@accent2010 - Caveat - I'm not a lawyer so please don't take this as legal advice. I meant a business structure as in an S-Corp or C-Corp or something that separates you as an individual and you as a company. One of the reasons I operate under an S-Corp is that should things go south, my personal assets are not involved. The company's assets are.