Physical security risk management for retail
At store-fleet scale, the question is never whether to invest in security. It is which stores, and nobody can defend that allocation on instinct. Holtium brings your whole fleet into one place, puts a dollar figure on the risk at each store, and helps your team decide where the next dollar goes.
If your operation is carriers, warehousing, and distribution networks rather than stores, see Holtium for Logistics.
The stakes
in estimated US inventory shrink in 2025, a dollar line your CFO already reads every quarter.
Appriss Retail, 2026 Total Retail Loss Benchmark Report.
increase in external theft incidents reported by retailers in 2024, with organized groups active across stores, cargo, and online channels.
NRF, The Impact of Retail Theft & Violence 2025.
rise in threats or acts of violence against employees during theft events, with weapon-involved incidents up 16 percent.
NRF, The Impact of Retail Theft & Violence 2025.
Every store carries a different exposure, and the budget treats them the same
Crime exposure differs block by block. Two stores with the same format, the same layout, and the same planogram can carry completely different risk depending on the address, the hours, and the parking lot outside. Your budget has to cover all of them, and fleet-wide standards spend the same dollar at both.
Most asset protection teams manage this with shrink reports that describe what already left the building, incident logs in a separate system, and allocation decisions defended by tenure and judgment. When the CFO asks why guard coverage goes to these 40 stores and not those, there is no evidence behind the answer. That is the gap this page is about.
Business risk through a physical security lens
Organized retail crime treats your fleet as a system to exploit rather than a store to steal from: 67 percent of retailers report the involvement of transnational groups, and half or more report ORC-driven increases across shoplifting, cargo theft, and e-commerce fraud (NRF, 2025).
Lawmakers are responding, with 15 states enacting new ORC statutes in 2025 alone (ICSC), but enforcement is uneven and the exposure sits with your stores in the meantime. A boosting crew's take is a replacement cost. The escalation when an associate steps in, and the resale channels that keep crews coming back, cost far more.
Violence is the fastest-rising concern in retail security. Retailers that track these events reported a 17 percent increase in threats or acts of violence against employees during theft incidents, and a 16 percent increase in events involving a weapon (NRF, 2025).
Each incident carries a safety response cost, duty of care that cannot be evidenced compounds into legal exposure, and the stores where incidents repeat pay again in turnover and the productivity lost to unfilled shifts.
Shrink is the one security number the business already tracks in dollars, an estimated $90B across US retail in 2025 (Appriss Retail). That makes retail the industry where this conversation is easiest to start and easiest to get wrong.
Shrink is a trailing measure of inventory that already left. It says nothing about which store is likely to lose next, and it never captures the losses that matter most, such as an associate injured in an incident or a flagship closed for a week.
The standard playbook secures a fleet by format: every store of a given type gets the same package of cameras, tagging, and procedures. But exposure follows the address, not the format.
So the quiet store is over-controlled while the exposed one carries risk nobody has written down. At hundreds or thousands of stores, those two errors compound into real money, overspending where it is not needed and unpriced exposure where it is.
Urban flagships and high-street locations carry a category of risk the rest of the fleet does not: civil unrest, flash-mob theft, and smash-and-grab incidents that arrive with little warning.
The losses stack, replacement and repair first, then the productivity cost of a closed store, then the reputation cost of footage that circulates for years. Preparedness for these events differs city by city, and it belongs in the same risk picture as everyday theft.
The platform your asset protection team runs the program on, tuned to how retail operates
Holtium brings your risks, controls, locations, and spending into one place, helps your team decide what to do next, and measures it all in dollars so leadership can act on it. A Holtium team works alongside yours, so you get the analysis without building it.
Your risk register covers the risks this industry actually carries: organized retail crime, violence against store associates, burglary and after-hours intrusion, civil unrest at urban locations, and incidents in the parking lots your duty of care extends to. Build it in the platform, or bring in the one you already have.
Control mapping connects every control you already run, cameras, EAS tagging, guards and off-duty officers, alarm monitoring, cash handling procedures, and parking lot lighting, to the risks it reduces and the stores it covers, so you can see which stores are over-controlled for their exposure and which are carrying more risk than anyone had written down.
The roadmap turns decisions into tasks with owners, budgets, and tracking, and the What-If simulator shows the effect of a decision before you commit a dollar to it, such as adding guard coverage at your 40 highest-exposure stores versus a fleet-wide camera upgrade. Exposure sits store by store, next to the P&L your business already manages store by store, so allocation is an evidenced decision rather than an instinct.
Your team already reports shrink in dollars. This extends that language to everything shrink misses
We start with each store's baseline, the risk it would face with nothing but doors, walls, and locks, then subtract what your current controls already prevent. What remains is that store's exposure today, broken into the losses behind it, such as replacing stolen merchandise, the safety response an incident against an associate requires, and the legal exposure when duty of care is questioned.
It is built on recognized standards and loss data, the same quantitative discipline used in cyber, operational risk, and engineering. It begins as a range rather than a false-precise figure and sharpens as we verify your controls, and every figure traces back to what drove it.
Each quarter, leadership gets an executive risk report that reads like finance: where exposure stands across the fleet, what moved it, and what comes next.
Inherent, losses avoided, and residual risk exposure, split into loss types. Retail sample data.
Your shrink reports and incident data are the input, not wasted work
You share what you already track, in any format: shrink reports, incident logs, guard contracts, camera and alarm inventories, LP audit results. We map it to your risks and stores for you, and most teams are up and running within weeks. Your job is to review and confirm, not to do the heavy lifting.
Questions retail security teams ask
How do you put a dollar figure on security risk across a store fleet?
We model each risk at each store using recognized standards and loss data, the same quantitative discipline used in cyber, operational risk, and engineering. The figure starts as a range, sharpens as your controls are verified, and always traces back to what drove it, so your team can defend it in front of a CFO or a board.
How is this different from the shrink number we already report?
Shrink tells you what already left the building. Holtium prices what is likely to happen next, at every store, including the losses shrink never captures, such as violence against associates, unrest at urban locations, and incidents in your parking lots. The two work together: your shrink data is an input, and the output is a forward-looking exposure figure you can allocate against.
Can Holtium tell us which stores should get security investment first?
Yes. Every store carries its own dollar exposure, built from the crime environment around the address and the controls already in place, and the What-If simulator shows what a proposed investment does to that exposure before you commit. The result is a ranked, evidenced answer to the question your budget process asks every year: which stores, and why these.
Does this cover organized retail crime or just shoplifting?
Both, as separate risks, because they behave differently. Opportunistic shoplifting is a store-level volume problem. Organized retail crime is a network that hits stores, distribution, and online channels, and it responds to different controls. The register carries each one on its own line, so the roadmap can treat them differently too.
We have over a thousand stores. How long until we see the full picture?
Most teams are up and running within weeks. You share what you already track, we structure and map it, and the first quantified picture covers the full fleet rather than a pilot region, because the allocation question only makes sense fleet-wide.
How is this different from loss prevention or ORC case management software?
Those tools manage incidents after they happen: cases, exception reports, and law enforcement collaboration. Holtium is the layer above them, pricing what each store could lose next and deciding where prevention budget goes. Most asset protection teams run both.
See what your exposure is worth, store by store
You stay in charge of the program. We do the analysis, so you get the evidence without building it.