Shelf Life | Vol. 13: Mission Impossible - The Ethical Debate Around Shrink and Cybersecurity Threats
🗓️ June 2025 | ✍️ By Jackie Swanson
Retailers are cracking down on shoplifting, but are they opening the door to bigger risks?
Shrink is back in the headlines. Big names like Target, Dick’s, and Walmart are rolling out next-gen security tools to tackle theft. Think: AI cameras, facial recognition, and locked self-checkouts.
But while stores tighten up the physical space, another threat is flying under the radar. Behind the cameras and checkout sensors lies a much bigger debate: how far is too far when it comes to watching your customers?
And even more quietly, cybercriminals are walking right in through the digital front door.
Let’s break it down.
License to Chill: The Surveillance Tipping Point
In the race to reduce shrink, retailers are ramping up monitoring. 📸 Cameras with real-time AI 🧠 Facial recognition software 🛒 Locked or restricted self-checkouts
These tools work, but they also raise red flags.
A growing number of shoppers are asking: 🧍♀️ Who’s watching me while I shop? 🔄 Where does my data go afterward? ⚖️ What rights do I have to opt out or know what’s collected?
According to Gartner, by 2028, 60% of consumers will actively choose to shop with brands that demonstrate data transparency and privacy stewardship, up from just 20% today.
That’s a massive shift.
Especially with Gen Z. For them, hyper-targeted surveillance doesn’t signal safety. It signals creepiness.
And the stakes are rising. California’s Consumer Privacy Act (CCPA) is just the beginning. AI regulations are coming fast and retailers relying on opaque or invasive tech may find themselves in legal and reputational hot water.
For Your Eyes Only: Meanwhile, in the Digital Aisles…
While stores install more cameras, cyber attackers are busy behind the scenes. And the cost? Far worse than a few stolen items.
🚨 United Natural Foods, supplier to Whole Foods, was hit with a ransomware attack this month that halted deliveries and caused shelf outages across the U.S.
💻 Marks & Spencer and Co-op in the U.K. lost weeks of online ordering due to ransomware. For M&S, that disruption could cost more than £300 million in profit.
🔓 Victoria’s Secret, Adidas, Cartier, and The North Face have all suffered breaches that exposed customer data or shut down websites.
According to Gartner, by 2026, 75% of retail enterprises will experience a cyber incident serious enough to impact operations or customer trust. Yet only 37% have a fully integrated cyber risk strategy that includes both digital and physical assets.
The Retail Ultimatum: What This Is Really Costing
Physical loss prevention costs: 🧠 Advanced surveillance infrastructure 📉 Potential loss of shopper trust ⚖️ Legal exposure under evolving privacy laws
Cybersecurity costs: 💸 Ransom payments and extortion 📉 Stock value hits (UNFI dropped 18% post-breach) 📦 Supply chain disruption and delayed fulfillment 📋 Regulatory penalties and higher insurance premiums
Security can no longer be a reactive expense. It needs to be a strategic pillar.
Tinker, Tailor, Hacker, Thief: A Smarter Approach Considers this a Holistic Risk
Retailers leading the way aren’t just upgrading their cameras. They’re rethinking the whole approach to loss.
🧩 They’re integrating shrink and cybersecurity into a single risk strategy.
💬 They’re talking openly with consumers about how and why their data is used.
⚙️ They’re treating privacy, surveillance, and cybersecurity as interconnected, not siloed.
Tomorrow Never Dies: What To Do Now
📌 Retail leadership must answer one question: Are we protecting against both visible and invisible threats with the same urgency, transparency, and investment?
Here’s how to move forward:
Audit and Assess Holistically
🔍 Map all physical and digital loss vectors 🔐 Review surveillance practices for ethical and legal compliance 🧾 Conduct a cyber maturity assessment across enterprise systems
Build Trust Through Transparency
💬 Communicate clearly to customers what data is collected and why 📄 Align all practices with global privacy standards (CCPA, GDPR, etc.) 📊 Share anonymized insights from security audits to boost brand trust
Let the Experts Help
🔎 Cyber Risk Diagnostic Experts, like Gartner Consulting, can assess your physical and digital risk posture, identify critical gaps, and benchmark against industry leaders.
🛠 Privacy-Aware Surveillance Strategy Evaluate your in-store tech stack, ensuring it supports both theft deterrence and ethical data use.
📈 Board-Level Cyber Strategy Development We work with executives to define cyber risk appetite, align security investments with business outcomes, and ensure readiness for emerging threats.
📊 Integrated Security Dashboard Design Design dashboards that monitor both shrink and cybersecurity KPIs in one unified view.
Spy Hard: The Big Questions
Is your brand earning trust, or just enforcing compliance? Can ethical surveillance and bulletproof cybersecurity really coexist?
Drop your take in the comments.
More to come in the Shelf Life series. Follow me here for sharp takes on the trends shaping retail, fashion, and consumer product companies. Want to talk more about how Gartner Consulting can help your organization? Follow me on LinkedIn or @ShelfLifebyJKS on Instagram or reach out!
📍 Jackie Swanson is a Managing Partner at Gartner Consulting, specializing in retail, consumer products, and utilities. She advises companies on large-scale transformations spanning strategy, operations, and technology. Jackie lives in New York with her husband and their three children.
#ShelfLife #RetailShrink #CyberSecurity #SurveillanceEthics #ConsumerPrivacy #RetailStrategy #AIinRetail #LossPrevention #GartnerConsulting #LinkedInCreators #DataGovernance #RetailLeadership

