The British Retail Consortium’s (BRC) Retail Crime Survey looking back on 2016 has laid bare a growing new frontier of retail crime, driven by rising cyber-enabled incidents. The 18-page document also reports a 40% increase in violence and other forms of abuse against retail workers in the past year.
The findings reveal that ever more sophisticated forms of crime are being perpetrated against retailers and their customers. Examples of the cyber-enabled crimes being committed include phishing, the theft of consumer data, ‘doxing’ (the Internet-based practice of researching and broadcasting private or identifiable information, and especially personally identifiable information about an individual or organisation), social engineering and a host of other increasingly elaborate scams.
The BRC’s report highlights concerns among retailers that existing deterrence isn’t effective enough, despite the fact that the average capital spend per retailer on crime and lost prevention stands at £6.7 million, coupled with a growing sense among those working in the retail industry that offenders are able to act with impunity. 56% of retailers questioned offer the view that the police service’s performance is either ‘Poor’ or ‘Very Poor’.
The overall number of retail crimes committed has risen to 3.6 million, with the direct financial cost of crime to the retail industry reaching a grand total of £660 million in 2015-2016.
Overseen by the BRC’s Heads of Security Members Group, the BRC’s annual Retail Crime Survey has a long tradition and represents the organisation’s main statistical output on the character and impact of all forms of crime facing the UK retail industry. The BRC measures this annually because retail crime has wide-reaching consequences for businesses, their employees and customers. Offending in retail stores creates negative perceptions of the local community, while criminals who target businesses also commit other types of criminal activity.
Deeply concerning trend
Helen Dickinson OBE, CEO at the BRC, stated: “These figures reflect a deeply concerning trend. Attacks on retail workers are intolerable, as are attempts to defraud customers. A significant aspect of the cyber security challenge for retailers is the attractiveness of customer data from the point of view of the criminals, many of whom operate outside of the UK’s borders, but can nevertheless gain relatively easy access to UK digital networks.”
As a preliminary and conservative estimate, the 2016 Retail Crime Survey finds that crimes such as hacking and data breaches represent 5% of the total direct cost of crime to retail businesses (accounting for an approximate direct financial loss to the industry of £36 million per annum).
Separately, the BRC also asked retailers to estimate the percentage of the total cost of fraud levelled against them that was conducted online (ie ‘cyber-enabled fraud’). This was estimated at 53% – approximately 15% of the total cost of crime – representing a total direct cost of cyber-enabled fraud on the retail industry of around £100 million.
To help combat this high priority threat, next month the BRC will publish a brand new Cyber Security Toolkit for Retailers. Developed under the auspices of the organisation’s Fraud and Cyber Security Member Group, this new product is designed for the whole industry and aims to be a practical, step-by-step, user-friendly guide that will have widespread application.
Dickinson added: “Retail crime isn’t limited to violence and cyber crime. In line with previous years, our survey provides a snapshot of industry perceptions on, and the impact of, other types of crime facing our industry including theft, insider threats, burglary, robbery and episodes of criminal damage. Customer theft remains the most common type of crime, accounting for 75% of crime by incidents and 66% of the direct cost of retail crime, which is valued at a total of £438 million.”
Malicious insider incidents
Some 29% of retailers reported that their business had seen an increase in malicious insider incidents in the past two years, highlighting the ongoing severity of the problem. More specifically, all respondents suffered theft by employees in 2015-2016. There have been notable rises since last year in cyber-related criminality at the hands of employees, suppliers, contractors or others with inside access.
Thankfully, there is some good news. The cost per incident of robbery, burgary and criminal damage has fallen. Several factors might account for the decreases, including the emergence of opportunities for criminals to focus their efforts on cyber-related crime, but the downturn is also likely to have been driven by the fact that better reporting means more marginal or ‘smaller’ crimes are now being captured that much more effectively.
That said, the financial costs of these crime types are not insignificant (robbery stands at £5 million, burglary £11 million and criminal damage £3 million), and need to continue to be addressed and monitored carefully. Reflecting the BRC’s own retail crime risk assessment, though, the data suggests that these forms of crime may be unlikely to represent the highest priorities for the industry in 2017.
In view of the challenges outlined in its report, the BRC believes that retail crime must be addressed through even stronger co-operation between industry, the Government, law enforcement and the private security industry. “It’s co-operation that needs to be focused on both the prevention of crime and the response to it,” urged Dickinson. “While this presents a major partnership opportunity, there’s much to do to improve and organise forms of collaboration between the UK’s retail industry and its partners, and raise standards of security and policing across the country.”
Standard approach “isn’t working”
“Clearly, the standard approach of the security sector to retail crime isn’t working,” observed Simon Chapman, managing director at Lodge Service, “with crime rising to record levels, and the direct financial cost suffered by the industry measured at no less than £660 million.”
Chapman continued: “At least in terms of the way in which they’re used on a conventional basis, it must be recognised that CCTV, tagging systems, security guarding and other measures are not working. A strategy based on intelligence data and focused deployment is the only proven way in which to counter the increasing professionalism and specialisation of criminals wherever criminality occurs in the supply chain. This includes dealing with the rise in malicious insider incidents, which some 29% of retailers report are rising.”
According to Chapman, it’s “totally unacceptable” that retail staff continue to suffer high levels of violence and abuse.
“The data and technology is available to target and tackle this problem,” suggested Chapman, “together with the training that staff need to avoid or diffuse situations of potential violence and danger. This has been an area of disinvestment by many retailers when, in fact, a targeted approach can reap dividends at no extra cost.”
*This year, the BRC’s Retail Crime Survey sample covered 37% of the retail industry by turnover and 35% by staff, accounting for 1.1 million employees