Cyber Risk Resources

Must-read educational content powered by the NRF Cybersecurity Advisory Group

NRF has partnered with leaders of the cybersecurity industry including members of the NRF Cybersecurity Advisory Group to share research, whitepapers and other resources for retail leaders.

Selecting a Trusted Cybersecurity Partner
Selecting a Trusted Cybersecurity Partner

This whitepaper will provide you with a view on what smart building owners should be aware of while in the selection process for new suppliers. It will touch on who is responsible for cybersecurity and will delvel into what could be done to be prepare for cyber threats in times of unrest due to environmental conditions. Moreover, the reader will have a glimpse on how emerging technologies play a crucial role in maintaining secure environments specially when coupled with strong polices and protocols. Ultimately, the reader will have a better understanding about cybersecurity and how to start to take a more proactive role in selecting, specifying and deploying physical security systems.

In partnership Johnson Controls - Tyco.

Retail's greatest innovator: COVID-19
Retails greatest innovator: COVID-19

This study aims to explore COVID-19’s immediate business impact, through an industry-focused lens, and offer strategies for retailers to thrive in a postpandemic world.

In partnership with goTRG.

How to Reduce eCommerce Chargeback and Fraud Costs

2020 has upended traditional commerce. While some models are failing, eCommerce channels have seen striking – and unexpected – growth. That growth, and the adoption of new models, means more fraud, chargebacks, and manual reviews, but without new resources. Every department is under pressure to grow ecommerce revenues, minimize damages from fraud and chargebacks, streamline operational costs, and deliver an exceptional customer experience. In short, businesses need to do more with fewer resources.

In partnership with Kount.

Privacy Programs

As retailers bring employees back to workplaces in the wake of COVID-19, a vaccine is still unavailable. Contact tracing in some form will be a key strategy to manage employees' health status and movements, preventing flare-ups in their facilities. But privacy specialists worry that without a national privacy law in place, contact tracing could gather more personal data on Americans than they realize. This article explores the possibility of a law and the related privacy implications.

Powered by PwC.

Shift left with IaC

This paper explores why organizations innovating in the cloud must address security issues before runtime. By proactively incorporating security and compliance through infrastructure as code templates much earlier in the CI/CD pipeline, security teams create better security experiences for DevOps teams, increase participation in and quality of security, and improve product security and quality.

In partnership with DivvyCloud. 

Cloud security in the customer experience

This guide offers information for retailers seeking to achieve the full benefits of cloud while ensuring security and compliance. It frames the challenges that many retailers face and explains how to build a roadmap to security and compliance using culture, frameworks, and systems.

In partnership with DivvyCloud.

Cloud Security for the Retail Sector

This report looks at the retail industry’s use of cloud services and examines the risks associated with migrating to cloud environments. It provides recommendations on how retailers can mitigate these risks, through tools and processes such as data inventories, strong identity and access management practices, data encryption and the use of cloud-based security tools.

In partnership with The Chertoff Group.

Phishing campaigns

Organizations that incorporate phishing exercises into their annual assessment of cybersecurity defenses are often faced with the question of whether or not their click rate is palatable or below the industry average. Is your company's click rate defensible?

Powered by PwC.

NY Shield Act

New York State’s new Stop Hacks and Improve Electronic Data Security (SHIELD) Act will have a broad impact simply due to the size of the state. Here’s what you need to know about this new privacy law.

Powered by PwC.

Meeting the needs of CCPA, consumers and the bottom line

Privacy regulation may sound onerous, but it doesn’t have to be. With the right approach, retailers and consumer-packaged goods (CPG) companies can deploy the latest data gathering and analysis tools, meet or exceed customer expectations for personalization and privacy, and comply with regulatory demands.

Powered by PwC.

US businesses doubt they will meet CCPA deadline

Only half of US businesses affected by the California Consumer Privacy Act of 2018 expect to be compliant by the 2020 deadline, according to a PwC survey of more than 300 executives at US companies with revenues of $500 million or more. Fewer than half of retailers count themselves among those that expect to be compliant in time. 

Powered by PwC.

Are we ready for the Fourth Industrial Revolution?

To make the most of the Fourth Industrial Revolution (4IR), companies must listen closely to their customers and employees. From smartwatches that measure your heart rate to artificial intelligence (AI) that monitors your bank account, digital technologies are changing our lives at home and at work. Consumer and employee comfort with—and trust in—4IR technologies will likely determine the potential opportunities for growth and efficiencies that these technologies can offer businesses. Indeed, PwC’s Consumer Intelligence Series found that while 4IR—also known as Industry 4.0—may be everywhere, not everyone is yet fully on board.  

Powered by PwC

Four Steps to Better Cloud Security

Cybercriminals are drawn to the cloud to exploit increasing amounts of valuable data. The challenge for your business: how to protect it all.  

Powered by PwC

Guide to a Passwordless Customer Experience

One way in which businesses have reacted to the rise in fraud (and the resulting loss of customer trust) is by requiring users to make their passwords more complex. However, to create a passwordless experience for your customers, the challenge is to not let the threat of breaches lull you into the false comfort of forcing stricter password regulations. Passwordless authentication starts with having the proper user context. Check out this interactive page to better understand the challenge between password frustrations vs. passwordless bliss and how IBM Security can help with your Digital Identity Trust journey. 

Powered by IBM

Ponemon Cost of a Data Breach

Mega data breaches are a growing problem and they aren't going away or getting any cheaper. How much would a data breach cost your organization? The average cost for a Retail organization in the United States is $6.4M, according to the 2019 Cost of a Data Breach Study by the Ponemon Institute sponsored by IBM. Click here to read the full 2019 report and learn insights specific to the Retail industry.

Powered by IBM

Top Policy Trends 2020: Data privacy

Fourteen months after the EU's General Data Protection Regulation (GDPR) took effect, the world of data privacy has shifted its focus from guidance to stepped-up enforcement. The large fines on three multinationals levied by two data protection authorities (DPAs) in 2019 are just the beginning. Will 2020 also mark the shift to consumers exercising their rights over their data?

Powered by PwC

Threat Intelligence for Retail Security

Data discovery solutions like Echosec enable retailers to find relevant threat data faster in a variety of online spaces. The company offers social media, deep web, and dark web monitoring tools, as well as a platform API that gives retailers direct access to data sources that are not searchable through most other commercial and official APIs. These solutions are focused on quickly gathering and assessing relevant threat intelligence from a variety of sources using AI and machine learning technology. This enables security teams to efficiently prevent, mitigate, and react to the major threats facing retailers today.

Powered by Echosec

The Risk of Client-Side Attacks on eCommerce Websites

With attacks on eCommerce websites on the rise, ensuring that your customers’ payment and personal information is protected should be a priority if you want to avoid the implications of a data breach.

Download this white paper to learn more about: 

  • Attacks on eCommerce websites including Magecart and Formjacking attacks
  • Approaches to mitigating website client-side attacks
  • Major implications of targeted attacks
  • Monitoring and detection methods

Powered by Source Defense


More resources

NRF Cyber Risk Exchange
Designed exclusively to help retailers defend against cyber threats.
Learn more
Read the latest articles and insights related to retail sector cybersecurity and learn how to get involved.
Read more
Retail Safety and Security Tools
Tools and research for retail loss prevention and asset protection professionals.
Access tools