Retail “shrink” may be shrinking – but there are new security risks for retailers to contend with. According to the National Retail Federation’s annual National Retail Security Survey, the retail industry’s instances of theft, fraud and other losses are on the decline - with total shrink dropping 4.3% from 2016 to 2017. But even as the instances of traditional theft have declined, there are new kinds of issues looming on the horizon. The report’s authors cited the growing risk of cybersecurity threats creating additional concerns for retailers. While the cumbersome nature of mattresses has historically safeguarded the industry against some of the more common types of theft, digital crime could potentially have a more potent impact on the market as it is not limited to what can be surreptitiously carried out of a store. This kind of theft is of greater concern for consumers as well. Thanks to a handful of widespread and highly publicized retail data breaches, cybersecurity has become a major purchasing consideration for many consumers. As the threat of digital crimes becomes more prevalent, it is important for mattress retailers to get serious about protecting themselves against online risk.
Published in partnership with the University of Florida, NRF’s new report surveyed 63 “loss prevention and asset protection professionals from a variety of retail sectors.” The research found that the total number of losses due to theft or fraud dropped from $48.9 billion in 2016 to $46.8 billion in 2017. Overall retail shrink averaged 1.33% of sales in 2017, which was down from 1.44% in 2016. The most common example of retail theft continues to be shoplifting; the report found “organized retail crime” to be one of the main causes of retail shrink last year. But the physical stealing of goods is not the only kind of theft that retailers have to protect themselves against. The report found that "internal employee theft" (33%), "administrative paperwork errors" (19%), and "vendor fraud or mistake" (6%) also contributed to retail shrink.
In addition to exploring the traditional sources of retail shrink, this year the survey also explored how loss prevention professionals are working to fight cybercrime. More than 85% of respondents said their companies had a cyber-security incident response plan in place — and roughly two-thirds of loss prevention professionals said they meet at least quarterly with their IT and cyber-security departments. But more than 14% of respondents said they never meet with their IT teams on cybersecurity, a statistic that is concerning to the reports lead authors.
“Cybersecurity concerns are top-of-mind for retailers today as criminals continue to become more sophisticated in this area," said Richard Hollinger, a University of Florida criminology professor and the lead author of the report. "This is a growing threat that will require more resources going forward. Retail executives need to invest more in loss prevention to reduce these losses to their bottom line."
Shoppers are already ahead of the curve when it comes to worrying about data protection. According to the IBM Cybersecurity and Privacy Research survey, cybersecurity is now a top priority for consumers. This survey, which was conducted by The Harris Poll on behalf of IBM in March of this year, found that consumers now see cybersecurity as a “crucial consideration when making purchasing decisions” - and 75% of consumers will not buy products from companies that they don’t trust to properly secure their data.
And this trend is expected to continue to grow. In a new report released at the WPP Global Retail Forum, two global marketing executives set out to define what the future of digital retail will look like. According to report author Jon Bird, the Executive Director, Global Retail & Shopper Marketing for VML, one of the key findings of the research was that “shoppers’ biggest concern about technology will be protection of personal information from data hackers.”
Of course, cybersecurity concerns are not particular to e-commerce stores, especially as more and more brick-and-mortar retailers turn to cloud-based POS systems. Just as some stores have invested in security tags and cameras to minimize in-store theft, it is now necessary for retailers to update and expand their loss prevention strategy to safeguard against digital crime as well. Retailers that do not are risking more than just monetary losses; they risk losing the trust of their customers.
Does your retail store have a cyber-security incident response plan in place?
This post originally appeared in Sleep Retailer eNews on June 14, 2018.
Click here to get Sleep Retailer eNews delivered straight to your inbox.