No announcement yet.

The evolution of loss prevention

  • Filter
  • Time
  • Show
Clear All
new posts

  • The evolution of loss prevention

    With advanced cyber crimes becoming evident and the declining sales at shopping centers. Where do you see the Loss Prevention of the future?

  • #2
    Loss Prevention (or by any other title) are already involved in cyber crimes and will continue to include it in there operations. You don't think it's just about catching shoplifters, do you?
    Retail Security Consultant / Expert Witness
    Co-Author - Effective Security Management 6th Edition

    Contributor to Retail Crime, Security and Loss Prevention: An Encyclopedic Reference


    • #3
      Originally posted by Curtis Baillie View Post
      Loss Prevention (or by any other title) are already involved in cyber crimes and will continue to include it in there operations. You don't think it's just about catching shoplifters, do you?

      Curtis, allow me to rephrase the question as to be more clear.

      In 2014 13 major retailers were victims of major data breaches, estimating 375 million stolen or lost data records. Niether small nor large chains were discriminated by hackers. Impacting rising sandwich chain, Jimmy Johns, with 200 of its stores being infiltrated with malware that swallowed its customer payment card information. To retail giant, Target, reporting one of the biggest hacks of the year costing it's shareholders $148 million, forcing the stepping down of a CEO.

      With the obvious gap in appropriate security apparent within the retail industry. Where do we see the role of "Retail Security Professionals" evolving? Do you feel 2014 was a fluke or is the rise of data breaches and cyber crimes a problem the retailers need to take more seriously.

      Additionally with 15% of U.S. malls estimated to fail in the next 10 years and major mall anchors such as as JC Penney, Macy's and Sears closing multiple units, with fingers being pointed at rising e-commerce sales. Will the role of the traditional LP Dept. Move into a new role?
      Last edited by Charles Torres; 03-06-2015, 03:18 PM.


      • #4
        Definetly an interresting question and an interesting look on retail fading away. I agree with you that retail stores and such as Sears and JCpenny may be going away in the near future, but I believe or I hope that there will be another store right behind them with a different business model. These stores like Sears have not kept up with the times thus becoming a dinosaur. Some stores have done the opposite and gone from online sales only to building retail locations all over the country like Bass Pro Shops.

        I think the role of the loss prevention officer in a retail store needs to evolve with the times, just the same as any security position. In the 90's when I was in loss prevention, we were chasing after people that were writing bad checks, and employees that were stealing cash out of their registers. In the 90's there was no homeland security. Security as a whole needs to constantly be changing to keep up with the next new threat, if not you become a Blackberry or Kodak and in the security world that means you lose and the bad guys win.


        • #5
          I would argue, and granted this is based on just my experience and may not be the case in every establishment, loss prevention has kept pace at least as well as other areas of the security industry has.

          Keep in mind, loss prevention extends beyond retail establishments. You find similar positions or at least policies in casinos and gaming, larger construction companies, parking and facilities management companies, banks and financial institutions, hotels, the list goes on. Most of them don't necessarily use "floorwalkers," but loss prevention extends far beyond that.

          In most larger corporations, cyber security falls under the responsibility of either the security department, IT security, loss prevention, or risk management. I think, referring to the security and loss prevention ones, they've kept pace with each other.

          Cyber security is a difficult industry to perfect, though. Now granted, I'm not a cyber security expert - I can use the systems and implement the procedures that we use, but I'm absolutely not qualified to act as an adviser or a consultant in that industry. What I have found, though, is that industry is like a game of cat and mouse. Anticipating how the attacker will penetrate a system and creating countermeasures to prevent. When infiltration occurs, it's patchwork.

          I know that cyber security is a very difficult industry not because the industry is new. There's been some aspect of cyber security for many, many years - almost as long as we've had electronic devices that can be penetrated. The theory is the game, but the technology is not, and continues to become more advanced, more complex, and as a result, more vulnerable. Consider how difficult it was to infiltrate a computer from the 1990's (manually) vs infiltrating one now (remotely), even with the newer systems having compounded security programs. Better security, but more vulnerabilities and typically contains more information.

          I think that security and loss prevention have kept pace with what cyber security professionals have provided, but the game is as much to do about managing the disaster and resiliency as it is preventing it from the get-go.


          • #6
            I don't quite understand the question as it's been posed, especially since "loss prevention" takes in virtually anything that an organization does to safeguard its assets (including human assets) from threats, whether "cyber" or otherwise. This includes literally all of what we would call "security", and even some other related domains such as safety and industrial hygiene, emergency management, auditing, legal and regulatory compliance, etc.

            Organizations assess their risks and implement measures to minimize their loss exposure. They do this by eliminating risks that can be eliminated, mitigating others, and in some cases they transfer the risk (for instance, by outsourcing a hazardous activity, by purchasing insurance, etc.). Some risks they may simply choose to accept, or "self-finance".

            So, the answer to your question is - organizations that face risk from cyberthreats will deploy resources appropriate to those threats, and others that don't have such exposure won't. This seems pretty obvious, doesn't it? Organizations will adapt to changes in their risk environment, and they'll do so in proportion to their assessment of the likelihood of loss.
            Last edited by SecTrainer; 04-11-2015, 10:50 AM.
            "Every betrayal begins with trust." - Brian Jacques

            "I can't predict the future, but I know that it'll be very weird." - Anonymous

            "There is nothing new under the sun." - Ecclesiastes 1:9

            "History, with all its volumes vast, hath but one page." - Lord Byron