Proven Mitigation Strategies Can Help Secure the Future of U.S. Retail from Emerging Risks

    June 24, 2025
    Managing risk within the U.S.-based retail sector is a continual process that requires a solid framework and the ability to evolve as needs change.
    Credit: AEKKARAT DOUNGMANEERATTANA
    Technology is rapidly changing, and the development and performance of large language AI models are set to continue disrupting the retail industry.
    Technology is rapidly changing, and the development and performance of large language AI models are set to continue disrupting the retail industry.

    U.S.-based retailers are experiencing rapid changes in the customer shopping experience, technology, systems, and artificial intelligence, as well as shifts in the employee and associate landscape, and risks to the organization. With numerous threat vectors and higher-than-average employee attrition rates, keeping assets and employees safe while minimizing losses has become a moving target for the retail industry.

    According to The Impact of Retail Theft & Violence 2024 study from the National Retail Federation (NRF), retailers reported a 93% increase in average shoplifting incidents in 2023 compared to 2019, and 91% of retailers stated shoplifters were exhibiting more violence and aggression during the same period. Many states have established criminal laws with increased penalties to help retailers combat organized retail crime or repeat shoplifting offenders who intend to resell stolen goods. Forty-eight U.S. states operate an Organized Retail Crime Association, which brings law enforcement and retailers together to share information for investigations and prosecution.

    However, to share sufficient data that impacts loss prevention, retailers must have a strong foundation of processes and procedures and a platform that streamlines sharing and facilitates quick and efficient data collection. Modern, reliable security technology and systems are essential for navigating changes in the risk landscape and helping to close operational gaps and response deficiencies. 

    Technology is rapidly changing, and the development and performance of large language AI models are set to continue disrupting the retail industry. AI can help tackle pain points while enabling proactive risk mitigation and a robust forensic environment for investigations and training. As AI continues to develop, retailers can utilize it to reduce investigation time further and increase the accuracy and detail of forensic content. 

    Four Pillars of Modern Retail Risk Mitigation

    To mitigate risk in the present and be prepared for the smooth adoption of newer technologies in the future, security and risk stakeholders must lay the groundwork now by making the following considerations:

    1.  Assess Risk

    Assessing risk is a dynamic entity within the retail organization that requires annual assessments or, at the very least, a yearly review of the evaluations. Due to the continually evolving threat landscape within retail and the unique, growing threats to individual store locations, risk assessments enable security stakeholders to identify hotspots, areas of vulnerability, and necessary changes in security operations or protocols. In addition to thorough assessments and reviews, site visits enable key stakeholders to highlight specific environments and assess the effectiveness of safety and security protocols.

    For example, some organizations or locations may have particularly high levels of gift card fraud or point-of-sale fraud. Others may have risks associated with location, such as proximity to homeless encampments, gangs, or drug activity. Organizations strive to minimize losses, ensure employee safety, and deliver a positive customer experience. Taking a bird's-eye view of the organization and its locations will enable security stakeholders to approach protection holistically and inclusively, encompassing all points of vulnerability, such as storefronts, supply chains, and e-commerce platforms.

    For security leaders new to an organization or seeking validation of their current assessments and strategies, bringing in a third party can be helpful for budget justifications or technology investments. Third-party risk assessment can also help organizations that lack a structured environment for safety and security protocols and procedures. Likewise, third-party experts can be beneficial for support or guidance through regulatory or legal issues during the next strategic planning phase. 

    2.  Plan Strategically

    Risk assessments have the most significant impact on the retail organization at this stage, as they aid strategic planning and help specify standard processes, both of which are imperative for ensuring safety and security. Whether security executives are forming new policies or procedures or reviewing current ones, bringing in the right stakeholders is essential to lay the groundwork for a transparent and solid framework.

    Retail security executives must plan their environment to achieve the following outcomes: an enhanced ability to be proactive in incident response and operations, and a robust infrastructure to aid forensic review for investigations and disrupt repeat offenders. Mapping out generational technology upgrades and end-of-life protocols for systems will help retail executives budget necessary expenses and streamline the adoption of technological advancements. 

    Not only do legal, IT, customer and associate affairs, marketing and communications, and other strategic partners within the organization bring their unique perspective to strategic planning, but they also bring necessary expertise to regulations and organizational policies, potential hurdles, and communication and processes that will help the security executive plan and implement successful initiatives and procedures. Failing to include appropriate stakeholders from the outset can lead to misunderstandings, barriers to acceptance, and the development of ill-informed protocols. 

    Retail security executives must plan their environment to achieve the following outcomes: an enhanced ability to be proactive in incident response and operations, and a robust infrastructure to aid forensic review for investigations and disrupt repeat offenders.

    Two critical areas that must be included in strategic planning are infrastructure and regulatory issues. On the infrastructure side, security stakeholders need to ensure that their current physical systems and technology meet their needs. For several reasons, retail organizations may find themselves with disparate or proprietary technologies or systems, which prevent them from integrating or communicating with other systems or locations within the organization. If the organization has made proprietary technology investments, this could hinder streamlining processes and future technology adoption. 

    Evaluating technology and the ecosystem of available partners and integrations is critical today. If the organization’s solutions can’t be integrated or ingested into a larger dataset, the strategic plan should reevaluate current infrastructure and consider that as a starting point for reinvestment. Specifying open platforms and open technology systems, and utilizing partners that can collaborate with traditional or third-party partners, will enable security executives to future-proof their operations. 

    Additionally, having a single central platform (or as close to a unified view as possible) will not only leverage the organization’s data to its fullest but also streamline sharing capabilities, response times, investigations, and automation. A video management system (VMS) or other management platform will help facilitate a layered approach to security operations, enabling operators to make data-driven decisions.

    On the regulatory side, strategic partners bring their perspective and expertise to selecting technologies and developing protocols and responses that comply with regulations, the current legal landscape, and organizational policies and procedures. Including key stakeholders in the process helps establish buy-in for the security team’s initiatives, justifies investments, and facilitates the rollout of new technologies. 

    These detailed conversations should involve compliance issues, such as GDPR and PCI DSS, among others. Specific store locations may be located in states that prohibit the use of facial recognition, for example, and the organization may decide to use the technology in some states but not others. As the subject matter experts in this area, the organization’s legal department or attorneys can sign off on initiatives, introduce changes to remain compliant, and monitor evolving mandates. It’s also for this reason that, like risk assessments, strategic planning should be considered a fluid process, as needs or legalities may dictate updates.

    3. Take a Layered Approach

    As technology has progressed, many retail organizations have found that layering technology is one of the most essential tools for risk mitigation and forensic collection. Specifying security technology and systems that provide capabilities for proactive decision-making, situational awareness, and robust investigations will help retail organizations close the gap between incident detection and response, whether through real-time Standard Operating Procedures (SOPs) or data to aid law enforcement. In this step, camera design and integrated solutions that can talk to one another and have an autonomous impact on operations should be a primary consideration.

    Retail executives should consider solutions that address geographic location, employee safety and security, asset protection, executive protection, and other key concerns. Organized retail crime is more sophisticated than ever, with offenders now having access to advanced tools, including encrypted apps that enable them to mobilize and communicate quickly and efficiently. To effectively combat this never-ending game of mousetrap, retail organizations must adapt with more tools, advanced technology and robust data. The most effective way to achieve this is by taking a holistic, multi-pronged approach to risk mitigation and protection, which involves detecting, deterring, and disrupting threats. 

    Protection should start as far from the location’s perimeter as possible and incorporate supply chain security and social media tracking when necessary. This might include cameras, sensors, analytics, access control, body-worn surveillance, license plate recognition, electronic article security, public view monitors, lighting, sirens, audio, and intercom capabilities. 

    Modern IP cameras provide high-resolution, high-quality video, which, when combined with analytics, can be crucial for identifying repeat offenders, individuals of interest, or distinctive characteristics for forensic investigations. Analytics such as loitering detection, crowd detection, or crossline detection can add a layer of protection to perimeter locations. Inside the store, point-of-sale surveillance, people detection in specific hotspots, and body-worn cameras are beneficial for incident response and investigations. Cameras, geo-fencing and LPR technology can be useful for supply chain security. Smart search capabilities save retail organizations significant time and reduce human error. 

    Creating a comprehensive picture of an incident, from the perimeter to inside the store and back out again, is a game-changer for retail investigations. But, to achieve this, a shared dataset across technologies and locations is imperative. Ideally, with an open technology, centralized platform, integrated systems, and shared data, response, operations, and investigations can be further optimized, and future responses can be shaped. Integrating systems and sharing data across one VMS and/or a crime intelligence platform will bring response efficiencies and the substance of investigations to a whole new level.

    Creating a comprehensive picture of an incident, from the perimeter to inside the store and back out again, is a game-changer for retail investigations.

    In addition, leveraging the shared dataset provides operators with critical information for informed decision-making while automating alerts and responses. For example, suppose a car or person is detected at a storefront at 1 a.m. In that case, the system can send an automatic alert to staff with a video clip, while simultaneously triggering floodlights or an audio response on the intercom to alert people to the area surveillance. For organizations with hundreds of locations, having the ability to automate specific deterrents is extremely useful.

    4. Don’t Forget Training

    Training is another critical piece to laying the groundwork for a strong safety and security framework. Just as risk assessments, security systems, and technology should be considered in strategic planning, so should training. While layers of technology will help empower the operator or frontline employee and enable the SOP or response, the technology can only do its job if the appropriate stakeholders have been given proper training.

    Take smart search capabilities, for example. On the forensic side, smart search is incredibly beneficial in reducing time and human error, and providing a fuller, fact-based picture of an incident, but only when the operator knows how to utilize this capability effectively. 

    Another example is body-worn devices. With body-worn cameras, employees report feeling an extra layer of protection and safety knowing their interactions are being recorded. The devices also present management with a valuable opportunity to use past incidents as powerful training tools for future responses. However, such devices require training with employees on how and when to use them. 

    Outside of technology training, regular customer service training, aggression and de-escalation training, and associate awareness campaigns will help empower employees and give them additional tools to feel safe and protected. 

    Modern Threats Demand Strategic Alignment, Scalable Systems, and Smart Investment

    Retail security is no longer a standalone function — it’s an enterprise-wide imperative that intersects with infrastructure, data strategy, compliance, and customer experience. The best organizations positioned to mitigate risk and adapt to tomorrow’s challenges are those investing today in flexible, intelligence-driven ecosystems that scale and integrate across the business.

    As threats grow more sophisticated, the advantage lies in operational cohesion: unifying risk assessments, strategic planning, technology deployment, and training into a seamless framework. Open-platform systems, centralized data, and automation aren’t just tools for defense — they are enablers of faster response, stronger investigations, and continuous improvement.

    Resilient organizations aren’t built by reacting to each new risk but by designing infrastructure and processes that evolve with the landscape. By aligning strategy with execution, retailers can shift from managing threats to outpacing them, transforming security into a driver of resilience, agility, and trust.

    About the Author

    James Stark | Segment Dev. Mgr., Retail, Axis Communications

    James Stark is the Segment Development Manager for Retail at Axis Communications. In this capacity, he is responsible for developing strategies and building channel relationships to expand Axis's presence in the Americas retail market. Stark is a subject matter expert with dynamic experience spearheading cross-functional initiatives by leveraging business data analytics, strategic planning, and specialized systems and tools to optimize security measures, risk management, and customer experience. He brings over 30 years of experience working with the retail industry and specializes in loss prevention, safety, e-commerce fraud, and supply chain security.