From left: Matt Gorham, leader of PwC’s Cyber and Risk Innovation Institute, sits with Diane Brown, vice president, IT risk management at ULTA Beauty, and Scott McBride, chief global asset protection officer and CSO at American Eagle Outfitters Inc., at NRF PROTECT 2025.
After a motivational keynote that encouraged attendees of NRF PROTECT 2025 to become the best version of themselves — and to show up for others — the slate of sessions during the conference’s first day reinforced the importance of seeing retail security as a “team sport.” Today’s threats go far beyond one department to potentially impact every area of a business.
Whether educating employees about phishing and smishing dangers; highlighting the fact that proprietary information shouldn’t be entered into ChatGPT; training store associates to handle consumers fired up by mis/disinformation; establishing relationships with law enforcement before an event occurs; or taking tabletop exercises to the worst-case scenario — awareness, planning and preparation may be more important than ever before.
Explore NRF's hub for engagement on key technology issues that have significant policy and risk management implications for the global retail industry.
“Mitigating Enterprise Risks: A Comprehensive Approach” saw Matt Gorham, leader of PwC’s Cyber and Risk Innovation Institute, sit down with Diane Brown, vice president, IT risk management with ULTA Beauty, and Scott McBride, chief global asset protection officer and CSO at American Eagle Outfitters Inc. They dove into, for example, taking a “Goldilocks” approach to finding the right level of executive protection, referencing the fatal shooting of UnitedHealthcare CEO Brian Thompson in late 2024: There’s no one-size-fits-all.
Lisa Kaplan, founder and CEO of Alethea, presented “Navigating an Evolving Information Ecosystem: Mitigating Threats to Digital and Physical Assets Posed by Mis/Disinformation.” She spoke about bad actors’ attempts to influence and change behavior through social media algorithms, curating content that aligns with previous actions and preferences. That can generate strong emotions — and inspire real-world actions.
It’s not illegal; it’s speech, and the narratives being created could impact business continuity. Kaplan shared a case study of a group of brands called out for harboring undocumented immigrants. It led to people showing up, stalking patrons in-store and creating risks of violence.
Companies must define their own risk, she said, based on the actors involved (who is spreading the information); their behaviors (how are they doing it); the content (what are they saying); and who it targets (whether the brand or an individual).
An afternoon session on “Navigating the Multiverse of Retail Theft and Fraud” included Jennifer Dayss, senior manager, fraud and ORC investigations with Signet Jewelers; Claire Rushton, senior director at Walmart Inc.; and Ryan Themm, corporate investigations manager at Meijer. Other presentations of note included “Together Against Fraud: A Consumer-first Approach to Prevention & Support” with Abigail Bishop, head of external relations at Amazon, and Amy Nofziger, director of fraud victim support at AARP, in addition to talks on “Developing a Blueprint for Workplace Violence Prevention,” “AI-Powered Asset Protection: Understanding, Applying & Innovating” and “Managing Cyber Threats to Restaurants.”
The “Together Against Fraud” session with Amazon and AARP suggested best practices and solutions for brands, including simple, accessible tools and information to help consumers avoid scams; supportive, well-trained teams to assist with scam recovery; and clear, consistent communication on how to stay safe. Amazon is an early retail adopter in partnering with the AARP Fraud Watch Network to fight fraud and help protect consumers.
The interactive talk invited audience members to pull out their phones and see how easy it was to find their own company’s fraud page and contact details. “Very difficult” was the most common response. How much more difficult would it be for a consumer – of any age – in the heat of the moment?
Partnership was also a key theme in the “Navigating the Multiverse of Retail Theft and Fraud” session. Panelists urged collaboration not only with external sources including law enforcement, attorney general task forces, other retailers and organizations such as NRF, but also internally.
One speaker mentioned the importance of being in on the “ground floor” as various company departments might launch new ideas and initiatives without considering potential risks. The session encouraged assessing the impact of threat and fraud in the company for better prioritization, as well as always considering remedial measures for the business — without discounting small steps forward.
Fraud, one panelist noted, is “huge. And it knows no boundaries.” No one can fight it alone.
