Retail Shrink Tops $50 Billion

Theft, fraud and losses from other retail “shrink” totaled $50.6 billion in 2018, up from $46.8 billion the year before as industry security executives said there is a growing overlap between loss prevention and cybersecurity efforts, according to the annual National Retail Security Survey by the National Retail Federation and the University of Florida.

“We are seeing dramatic changes in the risks faced by retailers, and loss prevention practices and priorities are evolving to meet those challenges,” NRF Vice President for Loss Prevention Bob Moraca said. “As criminals find new ways to steal, loss prevention teams are finding new ways to stop them. Increasingly, this is a battle focused on technology.”

According to the report, shrink averaged 1.38 percent of sales during 2018, up slightly from 1.33 percent in 2017, but has held steady around 1.4 percent over the past few years. With the percentage largely unchanged, the increase in the dollar amount is due primarily to growth in retail sales.

The largest losses per incident came from robberies at an average $2,885.15 (down from $4,237.02 in 2017), followed by employee theft at $1,264.10 (up from $1,203.16), and shoplifting/organized retail crime at $546.67 (up from $543.28). Robberies are comparatively rare, however, while shoplifting/ORC and employee theft together typically account for about two-thirds of shrink each year, with most of the remainder coming from vendor or paperwork errors.

While 43 percent of those surveyed said the largest increase in fraud is occurring in stores, 30 percent said it is happening online and 22 percent said it is coming in multichannel sales, such as those where the purchase is made online but the merchandise is picked up in store.

Of challenges that have grown in priority for LP teams over the past five years, cyber-related incidents are the top issue, according to 68 percent of those surveyed while 65 percent also pointed to ecommerce crimes and another 51 percent cited return fraud, including incidents involving purchases made online but picked up in stores. ORC was cited by 65 percent, and internal theft by 60 percent.

A total of 89 percent said there is increasing overlap between retail loss prevention teams and cybersecurity teams, but only 30 percent of LP executives said they were regularly involved in cybersecurity issues. Most of the time, LP is brought in after the fact on cyber issues, with 60 percent saying they are called in for incident response with only 26 percent involved in threat analysis.

LP executives are preparing for increased involvement in cyber issues, with 62 percent seeking analytical skills in new hires and 40 percent seeking cybersecurity skills.

“These are changing times in retail and that means changes in loss prevention,” said University of Florida criminology professor Richard Hollinger. “As always, the challenge is for the honest to stay ahead of the dishonest.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.