The average cost of risk for U.S. retailers is projected to amount to $5.93 per $1,000 of sales in 2016, totaling $23 billion, according to a new study from global consulting and actuarial firm Milliman.
More than half of risk is attributable to injuries of employees and customers: 40% is represented by workers’ compensation costs and 20% is from customer injuries and other risks such as property damage. The remaining 40% of risk is from cyber and other liabilities, according the 2016 Retail Cost of Risk.
The frequency of workers' compensation and general liability claims has declined since 2011, but the cost of risk has remained fairly level over time (as a percentage of sales) because the average cost of injuries has risen and because retailers face new risks, like cyber breaches.
Global consultancy Milliman finds that retailers have improved their health and safety-based risk, thanks to better working conditions and training, but risk remains steady because of the rise of insurance claims and the emergence of new areas of concern.
“The level of cyber activity together with the exposure to costly claims has resulted in higher insurance premiums for retailers,” according to the report, which found that average premiums for retailers increased 30% in 2015. As deductibles rise over time, it puts more of the burden onto retailers, the study found, based on data from cybersecurity company Symantec.
In April, a report by information and communications technology firm NTT Group found that retailers experience the most cyber attacks of any industry sector — three times as many as the previous top target, the financial industry.
KPMG recently found that 19% of consumers would stop shopping at a retailer that had fallen victim to hackers, even if the company took the necessary steps to remediate the issue. Another 33% of the 448 consumers KPMG surveyed said they wouldn't shop at a breached retailer for at least three months out of ongoing fear their personal data could be compromised, particularly if the retailer appeared to lack a solid plan to prevent further attacks.
Despite consumer concerns, about 55% of retail executives surveyed separately by KPMG said haven't invested capital funds in cybersecurity protection in the past 12 months, and 42% state that their company does not have a leader who is responsible for information security.