Case Study: How one Canadian nonprofit strengthened its cyber resilience through insurance review
Case Study: How one Canadian nonprofit strengthened its cyber resilience through insurance review
Faced with rising cyber threats, a Canadian nonprofit organization turned to our Insurance Advisory team for help. The result? Greater clarity, improved protection, and peace of mind.
This case study shows how a proactive insurance review can enhance your cyber resilience — especially for organizations handling sensitive data.
Our client, a Canadian nonprofit organization, plays an important role in their community. And like many organizations in the social services sector, they rely on technology to help manage sensitive information and coordinate services.
However, they also knew that cyberattacks were growing in frequency and in sophistication. They thought they were covered, with no gaps in their cyber insurance coverage, but engaged an external third-party for an assessment. Just in case.
Already an MNP client, the organization was referred to our insurance advisory team for a comprehensive review of the existing policy.
The challenge
The leadership team of our client was growing increasingly aware of the rise in cyber threats targeting nonprofit and public sector organizations. Their concern was whether their existing cyber insurance coverage would adequately protect them in the event of a breach or a social engineering scheme, like phishing emails.
So, they engaged our team to perform a detailed review of their policy. We were tasked with assessing whether their current policy met industry best practices and provided thorough protection for their unique risk profile.
Our approach
Leveraging our deep industry expertise and understanding of existing and emerging cyber risks, we conducted a full review of our client’s cyber insurance policy. This included:
- Identifying any gaps and risks
- Comparing existing coverage against industry best practices
- Offering recommendations to update their current cyber insurance policy
- Offering recommendations for future policy renewals
The result
Our review revealed several significant coverage gaps, including a lack of protection against phishing, social engineering, and invoice manipulation incidents.
It should be noted that these findings came as a surprise to our client, as they had invested heavily in internal training on phishing and social engineering. So, it was a shock to see that these weren’t the kinds of attacks their cyber insurance would cover. And it serves as a good reminder to regularly review your policy.
But by identifying these shortcomings, our client was able to gain clarity on their actual exposure and was set up to take proactive steps to negotiate a more comprehensive insurance policy.
Overall, this engagement empowered our client to make more informed decisions, as well as provided them with peace of mind that their cyber insurance policy would better align with evolving cyber risks.
Are your policies up to date?
Insights
-
Progress
October 30, 2025
Learn how to plan your next chapter with confidence by aligning wealth, family, and purpose for a secure and meaningful retirement.
-
October 28, 2025
How can an ESOP support your succession goals? These considerations can help you understand if an ESOP is the right strategy for your construction business.
-
Confidence
October 27, 2025
The VDP is a valuable opportunity for Canadians to correct past tax filing errors. Recent changes have made it more accessible and increased the relief available.
