All United Churches have Cyber Liability protection coverage at no cost to them.

The United Church of Canada has obtained cyber liability protection on behalf of all congregations starting on April 12, 2021, paid by the national office out of the self-insurance plan, which has built a controlled surplus over its 20-year existence.

We have been examining the related cyber risk exposures and coverage options for a few years now (also referring to the growing incidents being reported in the news), and we feel comfortable with the CFC “all in” group policy format, which is similar in structure to what we previously set up for Directors & Officers Liability. Both of these exposures are expanding and evolving in today’s world, and we have determined that it is prudent and necessary to secure this specialty insurance to protect our financial interests, assets, and employees/volunteers.


$100,000 limit per congregation subject to $5 million annual aggregate ($2,500 deductible per claim).

  • The scope of coverage includes system damage along with systems business interruption costs, including the costs to restore, recover, or recreate lost or corrupted data following a cyber attack.
  • The policy additionally provides network security/privacy/media liability, including related fines or penalties, and full incident response costs to help triage and manage the scope of the incident as soon as you become aware. This includes support for privacy breach management, crisis communication, post remediation, and consequential reputation harm.
  • There is a $50,000 sub-limit for what’s called “cyber-crime,” including social engineering, extortion/ransom, funds transfer fraud, identity theft, telephone hacking, and unauthorized use of computer resources.

Incident Reporting

This insurance package also includes a digital mobile application (download CFC Cyber Incident Response application from the Apple or Google Play store – reference policy #ESJ0031086721). Downloading the app will allow you access to real-time threat intelligence in the event CFC is able to detect a cyber vulnerability and will directly notify you should they find a compromise. The app additionally allows members to access free risk management services in advance, including dark Web monitoring, deep scanning, and employee phishing training.    

Should you become aware of a suspected or actual cyber event, it is recommended that you alert through the Incident Response app. Members can also access the Cyber Claims team at the following:

The in-house security team is ready to help you 24 hours a day, 365 days a year.


Attachment Size Type
CFC Cyber Policy Document 548.1 KB PDF
Cyber event notification and risk management 295.85 KB PDF