November 19, 2025: Ecclesiastical Insurance is urging museums, galleries, and heritage sites across Canada to strengthen their cybersecurity and data protection measures following reports that the password to the Louvre’s video surveillance system was, at one point, simply “Louvre.”
The revelation follows last month’s audacious seven-minute heist, in which thieves stole an estimated $102 million in jewels from the museum’s Apollo Gallery. It’s a striking reminder that even the most prestigious institutions can be compromised by a single digital vulnerability.
A Wake-Up Call for the Heritage Sector
As the Louvre incident shows, a weak password can be as dangerous as an unlocked door. When attackers gain access to systems such as cameras, alarms, or collection databases, the consequences can extend far beyond theft, potentially disabling security infrastructure or exposing sensitive information.
“The lesson from Paris is stark: sophisticated systems can be defeated by simple weaknesses,” said John Del Grande, SVP Business Innovation (& Cyber), Ecclesiastical Insurance. “Canadian institutions steward irreplaceable cultural assets. Protecting them means treating cyber risk with the same rigour as physical security, every day, in every workflow.”
With operations, collections management, and visitor engagement increasingly reliant on digital systems, heritage organizations are now as vulnerable to cyberattacks as any modern business.
Safeguarding Canada’s Heritage for Over 50 Years
For more than half a century, Ecclesiastical Insurance has specialized in protecting Canada’s most treasured art galleries, museums, and heritage properties. Our expertise in both physical and digital risk management enables us to support organizations that preserve history and culture for future generations. From environmental monitoring and collection care to cyber resilience and business continuity, Ecclesiastical partners with clients to safeguard irreplaceable assets from evolving threats.
Seven Steps to Strengthen Cyber Resilience
Ecclesiastical’s risk management experts recommend a layered approach that combines technology, training, and governance.
1. Use strong, unique passwords and enable multi-factor authentication (MFA)
Avoid dictionary words or default credentials. Use complex passwords supported by a trusted password manager, and activate MFA for all key systems.
2. Train and empower staff
Regular training helps employees recognize phishing attempts, suspicious links, and other social engineering tactics. Cybersecurity is everyone’s responsibility.
3. Keep systems updated and segmented
Ensure firewalls, antivirus, and security patches are always current. Keep critical systems (like CCTV and alarms) isolated from general networks to limit exposure.
Rotate passwords periodically, especially when administrators or other key personnel who had knowledge of the password leave the organization.
4. Backup and test recovery plans
Maintain encrypted off-site or cloud backups and test recovery procedures regularly. Quick restoration limits downtime and data loss.
5. Limit access rights
Ensure only authorized users can access sensitive systems or data. Review permissions whenever staff or contractors leave.
6. Protect personal and donor information
Follow Canadian privacy laws by securing all personal data with appropriate technical, physical, and organizational safeguards.
7. Integrate physical and digital security
Align physical protection and cybersecurity protocols so both systems complement each other, especially for alarms, surveillance, and environmental monitoring.
Leadership Commitment Is Key
“Cybersecurity is now a core element of collections care,” said Colin Robertson, Chief Risk Management & Customer Officer, Ecclesiastical Insurance. “Organizations need to ensure the right safeguards are in place, systems are updated and staff are trained so that simple failures don’t lead to catastrophic outcomes.”
Support and Resources
Ecclesiastical Insurance’s Risk Management team can help you:
- Assess your cyber readiness
- Develop a tailored response plan
- Integrate cyber resilience into your collections and facilities management
- Complete our Cyber Risk Management Specialist School module
- Review our risk bulletins on Cyber Risk Management: Security & Protection in an Online World and Cyber Security Best Practices for Charities, Non-Profits, and Small Organizations
Learn more at ecclesiastical.ca/risk-management or contact your Ecclesiastical representative for guidance on protecting your heritage site from digital threats.