Retail theft is no longer a problem of opportunistic shoplifters and isolated smash-and-grab incidents. The organizations behind today’s most significant retail losses are sophisticated, coordinated, and increasingly difficult to detect until it’s too late. Yet many retail businesses are still carrying insurance policies written for a simpler threat landscape.
According to the National Retail Federation’s 2025 Impact of Retail Theft & Violence report, retailers experienced a 19% combined increase in shoplifting and merchandise theft incidents from 2023 to 2024. More striking still: 67% of those retailers reported that a transnational organized crime group was involved. These are not amateur operations. They are structured enterprises, and the losses they generate rarely fit neatly into the coverage categories most retailers assume protect them.
The question then is: Is your policy equipped to respond?
What Organized Retail Crime Looks Like Today
The popular image of organized retail crime (ORC) — coordinated groups overwhelming a store and walking out with armloads of merchandise — reflects only a fraction of current activity. The threat has expanded significantly in both scope and method.
A 2026 retail risk analysis found that more than half of retailers surveyed reported increases in phone scams (70%), digital and e-commerce fraud (55%), and cargo or supply chain theft (50%) — all conducted by ORC groups. As noted in CBIZ’s Retail Risk Outlook, these crimes now operate across both physical and digital channels simultaneously, often coordinated across state lines and international borders.
A policy that adequately covered a retail business against physical theft five years ago may leave significant gaps against a modern ORC operation that combines merchandise theft, supply chain interception, employee manipulation, and digital fraud within a single coordinated scheme.
Where Standard Policies Fall Short
This is where the conversation moves from risk awareness to insurance mechanics and where many retail business owners discover that their coverage is thinner than they realized.
Several specific gaps deserve attention:
- Definitional limitations: Commercial crime policies are built around specific definitions of covered acts such as robbery, burglary, employee dishonesty, and the like. Modern ORC incidents frequently blur these categories. A loss that involves employee manipulation, external coordination, and digital access may not map cleanly to any single covered peril.
- Sublimits on social engineering coverage: Many carriers offer social engineering fraud coverage as an endorsement rather than a primary coverage, and cap it with a sublimit, often between $100,000 and $250,000. For a mid-size retailer that processes substantial transaction volume, that ceiling may represent a fraction of actual exposure.
- The cyber-crime gap: When a loss stems from an employee authorizing a fraudulent transaction under deception — rather than a system breach — it may fall outside the scope of a cyber policy and into commercial crime territory. Whether either policy responds, and to what extent, depends on precise policy language that many business owners have never reviewed in detail.
- Business interruption alignment: A significant theft event can disrupt operations well beyond the immediate inventory loss. Business interruption coverage does not automatically extend to crime-related closures. Whether it applies, and how, warrants a specific review.
A policy that was accurately written at inception can drift out of alignment not because anything changed in the business, but because the threat environment it was written against no longer reflects current reality.
The Sublimit Problem in Practice
Sublimits are among the most consequential and least examined elements of a commercial crime policy. As the NAIC’s small business insurance resources make clear, business owners should understand not just what their policy covers, but at what dollar threshold each coverage category is capped. A policy with a $1 million aggregate limit can still produce a devastating shortfall if the specific category of loss — social engineering fraud, for example — carries a $150,000 sublimit.
This is not a theoretical concern. Industry data indicates that social engineering coverage sublimits have not kept pace with the scale of losses ORC groups are generating through digital fraud channels. The gap between the sublimit in a policy and the realistic magnitude of a loss is, in effect, an uninsured exposure and one that the business owner may not discover until a claim is in progress.
Workers’ Compensation and Liability Exposure
There is a dimension of ORC-related risk that receives less attention than it warrants. That is the liability and workers’ compensation exposure created by incidents involving violence or injury on the premises.
As the III’s liability insurance resources outline, general liability and workers’ compensation policies respond to injury-related claims arising from the business premises. In the context of escalating ORC activity, that exposure is material. Retailers should examine whether their GL limits are appropriate given the frequency and nature of incidents in their category and geography, and whether their workers’ comp program reflects the current operational environment.
When a theft incident results in injury to an employee or a customer, the resulting claims can be substantial. Umbrella coverage is worth evaluating in this context as well.
A Policy Review Is Not a Routine Renewal
The distinction is worth stating plainly: renewing a policy is an administrative event. Reviewing a policy is an analytical one. The former ensures continuity of coverage. The latter ensures that the coverage you are maintaining still corresponds to the risks you actually carry.
For retail businesses navigating an increasingly complex threat environment, the SBA’s guidance on business insurance recommends treating insurance as an active component of risk management. That is, something that the retailer revisits as conditions evolve, not maintained on autopilot.
A thorough review of retail business insurance in this environment should address:
- the definitions of covered crime in your commercial crime policy;
- sublimits on social engineering, employee dishonesty, and related endorsements;
- the alignment between your crime policy and any cyber coverage you carry;
- GL and umbrella limits relative to your current operational scale;
- and cargo or inland marine coverage if you ship or receive high-value inventory.
For a broader look at how commercial policies work, read our overview. For more information on coverage for jewelers and high-end retailers, read our article on specie insurance.
Review Your Retail Insurance Coverage with Meslee
The retail risk environment in 2026 looks different from the one most commercial crime policies were designed for. Meslee works with retail businesses to examine their current coverage against current threats. We identify gaps, clarify sublimits, and ensure that the policy you’re paying for actually reflects the protection you need.
Contact our team at meslee.com to schedule a coverage review.
