Cyber Risk Resources

Must-read educational content powered by the NRF Cybersecurity Advisory Group

NRF has partnered with leaders of the cybersecurity industry including members of the NRF Cybersecurity Advisory Group to share research, whitepapers and other resources for retail leaders.

Phishing campaigns

Organizations that incorporate phishing exercises into their annual assessment of cybersecurity defenses are often faced with the question of whether or not their click rate is palatable or below the industry average. Is your company's click rate defensible?

Powered by PwC.

NY Shield Act

New York State’s new Stop Hacks and Improve Electronic Data Security (SHIELD) Act will have a broad impact simply due to the size of the state. Here’s what you need to know about this new privacy law.

Powered by PwC.

Meeting the needs of CCPA, consumers and the bottom line

Privacy regulation may sound onerous, but it doesn’t have to be. With the right approach, retailers and consumer-packaged goods (CPG) companies can deploy the latest data gathering and analysis tools, meet or exceed customer expectations for personalization and privacy, and comply with regulatory demands.

Powered by PwC.

US businesses doubt they will meet CCPA deadline

Only half of US businesses affected by the California Consumer Privacy Act of 2018 expect to be compliant by the 2020 deadline, according to a PwC survey of more than 300 executives at US companies with revenues of $500 million or more. Fewer than half of retailers count themselves among those that expect to be compliant in time. 

Powered by PwC.

Are we ready for the Fourth Industrial Revolution?

To make the most of the Fourth Industrial Revolution (4IR), companies must listen closely to their customers and employees. From smartwatches that measure your heart rate to artificial intelligence (AI) that monitors your bank account, digital technologies are changing our lives at home and at work. Consumer and employee comfort with—and trust in—4IR technologies will likely determine the potential opportunities for growth and efficiencies that these technologies can offer businesses. Indeed, PwC’s Consumer Intelligence Series found that while 4IR—also known as Industry 4.0—may be everywhere, not everyone is yet fully on board.  

Powered by PwC

Four Steps to Better Cloud Security

Cybercriminals are drawn to the cloud to exploit increasing amounts of valuable data. The challenge for your business: how to protect it all.  

Powered by PwC

Guide to a Passwordless Customer Experience

One way in which businesses have reacted to the rise in fraud (and the resulting loss of customer trust) is by requiring users to make their passwords more complex. However, to create a passwordless experience for your customers, the challenge is to not let the threat of breaches lull you into the false comfort of forcing stricter password regulations. Passwordless authentication starts with having the proper user context. Check out this interactive page to better understand the challenge between password frustrations vs. passwordless bliss and how IBM Security can help with your Digital Identity Trust journey. 

Powered by IBM

Ponemon Cost of a Data Breach

Mega data breaches are a growing problem and they aren't going away or getting any cheaper. How much would a data breach cost your organization? The average cost for a Retail organization in the United States is $6.4M, according to the 2019 Cost of a Data Breach Study by the Ponemon Institute sponsored by IBM. Click here to read the full 2019 report and learn insights specific to the Retail industry.

Powered by IBM

Top Policy Trends 2020: Data privacy

Fourteen months after the EU's General Data Protection Regulation (GDPR) took effect, the world of data privacy has shifted its focus from guidance to stepped-up enforcement. The large fines on three multinationals levied by two data protection authorities (DPAs) in 2019 are just the beginning. Will 2020 also mark the shift to consumers exercising their rights over their data?

Powered by PwC

Threat Intelligence for Retail Security

Data discovery solutions like Echosec enable retailers to find relevant threat data faster in a variety of online spaces. The company offers social media, deep web, and dark web monitoring tools, as well as a platform API that gives retailers direct access to data sources that are not searchable through most other commercial and official APIs. These solutions are focused on quickly gathering and assessing relevant threat intelligence from a variety of sources using AI and machine learning technology. This enables security teams to efficiently prevent, mitigate, and react to the major threats facing retailers today.

Powered by Echosec

The Risk of Client-Side Attacks on eCommerce Websites

With attacks on eCommerce websites on the rise, ensuring that your customers’ payment and personal information is protected should be a priority if you want to avoid the implications of a data breach.

Download this white paper to learn more about: 

  • Attacks on eCommerce websites including Magecart and Formjacking attacks
  • Approaches to mitigating website client-side attacks
  • Major implications of targeted attacks
  • Monitoring and detection methods

Powered by Source Defense


More resources

NRF Cyber Risk Exchange
Designed exclusively to help retailers defend against cyber threats.
Learn more
Read the latest articles and insights related to retail sector cybersecurity and learn how to get involved.
Read more
Retail Safety and Security Tools
Tools and research for retail loss prevention and asset protection professionals.
Access tools