Not-for-profit organizations are navigating a far more complex risk environment than they faced even a few years ago. These groups are on the front lines of community support, often serving children, seniors, and other vulnerable populations, yet they frequently operate with limited resources and thin margins. That combination makes them especially sensitive to shifts in the insurance landscape.
According to Carlene Forde (pictured), director of the care and non-profit sector at Markel Canada, exposures now range from increasingly sophisticated cyberattacks to property damage in aging facilities, with liability and governance challenges also on the rise.
Cyber risk is top of mind for non-profits, especially smaller organizations that are still building awareness around data security. With many holding sensitive client information, including medical records, a breach can have devastating consequences.
“We see an increase in cyberattacks that can corrupt or destroy data and systems. The care and non-profit sectors are mission-driven and often identified as low-hanging fruit for cybercriminals, often due to limited resources and high data sensitivity,” Forde said, noting that organizations must consider whether a dedicated cyber policy is now essential.
Charities and community groups often operate from older facilities, where fire, theft, and vandalism are persistent concerns.
In addition, structural issues like mold damage are becoming more common, and in residential care environments, pathogens and bacteria have emerged as serious threats in the wake of the pandemic, she noted.
Liability exposures are heightened by the populations these organizations serve. Forde emphasized that abuse claims do not always involve sexual misconduct – they can stem from aggressive handling of clients or other forms of mistreatment. The emotional intensity of the work, particularly in caregiving environments, can make these risks more likely.
“In high-stress environments, emotional strain can escalate quickly, which may lead staff to respond more firmly when managing client interactions,” she said.
From a directors and officers (D&O) perspective, non-profits are increasingly facing claims tied to mismanagement. Harassment and discrimination cases have also risen in recent years, putting additional strain on organizations that already struggle with limited resources.
Despite the growing awareness of risks, many not-for-profits still underestimate the breadth of protection they need. Cyber insurance, in particular, remains a blind spot.
“Cyber coverage is no longer an optional coverage for these types of organizations – it has to be part of the governance framework,” Forde said. “There’s an education gap that needs to be addressed, and a lot of times we engage with our broker partners to explain why this coverage is essential and how it will protect them in the long run.”
Budget pressures often compound the problem. With funding streams already stretched thin, many groups struggle to justify the cost of additional coverage. As a result, cyber is sometimes left out of liability policies despite the sensitive personal and medical information that many organizations handle.
Abuse coverage is another area where misconceptions persist. Although well-established in the Canadian insurance market, some organizations continue to dismiss it as unnecessary. “We still see groups saying, ‘I just need a liability policy, I don’t need abuse [coverage],’” Forde said. “But when you’re working with vulnerable populations, this type of coverage is almost mandatory given the exposures.”
The need for risk management support also points to a gap in the market. Unlike standard liability policies, specialized packages can provide access to a dedicated risk manager who works with clients to tailor protocols, procedures, and training schedules. That level of hands-on guidance is still rare among carriers, yet it can be crucial in ensuring that policies stay relevant as risks evolve, she said.
Forde highlighted basic but often overlooked questions that non-profits need help answering: How do you write an abuse protocol? What must be included? How often should staff be trained, and how frequently should the protocols themselves be reviewed? Without ongoing updates, she warned, organizations risk relying on outdated safeguards that don’t reflect today’s environment.
“There are quite a few gaps that need to be considered in the non-profit and charity space,” she said. “It’s not just about having a policy in place – it’s about making sure the protections and procedures behind that policy are current and effective.”
For Forde, insuring non-profits isn’t just about technical expertise or checking boxes on a policy form. Success in this niche requires empathy, adaptability, and above all, strong relationships.
“It’s imperative,” she said. “We’re dealing in a space that’s all based on relationship building. Having those soft skills is crucial for success in this area.”
Unlike other sectors, there’s no strict manual for underwriting or broking in the charity space. Market conditions shift, funding sources change, and organizations often launch new programs in response to emerging community needs. That makes education and communication central to the role insurers and brokers play.
“It takes a lot of conversation – constant communication between the insurance company, the broker, and the client,” Forde explained. “It’s not an instance where you issue a policy renewal and then disappear until the next year. These organizations are delivering services year-round, and they need engagement throughout.”
At times, that engagement goes beyond traditional risk transfer. Some clients even reach out during the planning stage of new initiatives, seeking guidance on potential exposures and how to mitigate them. “That’s the way you’ll have success in this area,” Forde said. “It’s all purely based on relationship.”
