Merrick, NY—Independent jewelers aren’t the only ones worrying about the future of retail. The 2017 BDO Retail Risk Factor Report, a study examining the 10-K filings of the 100 largest publicly-traded retailers in the United States, found retailers of all kinds are worried about many of the same things jewelers are: digital disruption, economic concerns, and changing consumer tastes, shopping habits, and priorities. But the biggest issue weighing on the minds of large public retailers is cybersecurity, something jewelers don’t seem concerned about yet.
In an exclusive Centurion spot-check survey of better fine jewelers’ attitudes about risk, none of the respondents expressed concerns about cybersecurity. Their biggest worries are centered on issues that have been keeping the industry awake at night for some time; namely, changing consumers. Factors such as declining foot traffic, changing shopping habits, increasingly casual lifestyles, young people with less interest in fine jewelry than previous generations, growth and heavy marketing of low-price fashion jewelry lines, and so forth, tied among respondents (42% each) with digital disruption as the biggest risks facing their businesses.
Retailers in the BDO study are far more worried about economic conditions than luxury jewelers. “General economic conditions” has held a number-one spot as a major risk listed by public retailers for the last three years in BDO’s studies, whereas only 16% of Centurion respondents cited it as a major risk factor. (Three risk factors tied for first place in the 2017 BDO study: economy, cybersecurity, and regulations.)
Increasingly, both major retailers and luxury jewelers are concerned about the impact of geopolitical upheaval and natural disasters on their sales, although again, those concerns weigh less on independent jewelers’ minds than on major retailers’ minds.
Still, as an article in Luxury Daily observes, while global luxury retailers are likely to be more concerned than independents about geopolitical upheaval, terrorist attacks, or other violent conflict, these issues can cause worry for local independent retailers too, as they impact consumers’ moods. Indeed, 16% of Centurion survey respondents cited politics as a potentially big risk to their business. Oddly, however, violent crime (i.e., robbery) was cited only by 5% of jeweler respondents as a major risk to their business.
In The Centurion's survey of the biggest risk facing better jewelers, the number-one issue causing concern is nuts-and-bolts business (grey slice). Tied for second place were changing consumer shopping patterns and digital disruption (orange and blue slices).
BDO’s report also cites climate change as a growing concern, especially for stores in coastal areas that have been hit with more extreme weather in recent years. 10% of respondents to The Centurion survey cited natural disasters as a business risk.
Basic business worries. In The Centurion study, nuts-and-bolts business issues are what keep jewelers up at night. More than half (53%) of respondents named such issues as cash flow, excess inventory, debt, shrinking margins, operating costs, achieving growth, losing key staff, ensuring continuation of the business, and more as the biggest risks to their business’s health. 10% of respondents expressed extreme concern about the impact of undisclosed synthetic diamonds in the marketplace, something that has increased dramatically in the past three years. “It’s gone from nonexistent to 5% to 10% of all melee,” wrote one. “This is the largest single risk factor facing the industry. If we don’t get on and ahead of this, I am afraid of the impact of a highly publicized unrealized or undeclared cloned diamond purchase will do to consumer confidence and our industry overall!” wrote another, pointing out that over time, mass production will erode intrinsic value of the man-made stones. Both respondents are vigilant about testing all the diamonds in their stores. “Education and invest in new equipment to identify the little clones!”
In the BDO Retail Risk Factor Report, compiled from data about the top 100 largest publicly-held retailers in the United States, the economy, consumer spending, and digital disruptions were important concerns. Chart source: 2017 BDO Retail Risk Factor Report
Don’t ignore cyber security! As retail becomes increasingly cashless, every new payment method offers hackers a new way to insert themselves into the process. But for luxury retailers, a security breach costs more than just the lost data, it also can cost customer confidence and loyalty, something Luxury Daily says no luxury retailer can afford to lose. (For tips about minimizing credit card fraud, just one of many security risks, click here.)
Matthew Perosi, chief thinker of The Sapphire Collaborative and Jewelers Web Advisory Group (jWAG), says independent jewelers do need to worry about cybersecurity. While cyber criminals typically focus on places where they can get massive amounts of data (like the breaches at Target, Home Depot, Neiman Marcus), small-time hackers will go after anyone who is an easy target—and more people have the ability to commit those smaller crimes. Small-time hackers can be students or anyone with a little too much time on their hands and an undeveloped sense of morality, says Perosi. And, he warns, dissatisfied employees also fall into the small-time hacker category.
Target and Neiman Marcus were victims of malware attacks, where the software company that installed their point of purchase software was somehow involved with criminal data gathering of payment card information, explains Perosi. He warns this type of attack is happening more often as software vendors are not fully vetting the backgrounds of their employees.
For independent retailers, Perosi warns of back-door cyber theft. “Imagine a hacker gets a job as a software engineer with a point-of-purchase software company. They could reprogram the software to capture payment card details.” While this might sound far-fetched, Perosi points out that there are only a few software companies making POP/POS systems for retail jewelers, leaving jewelers’ safety dependent on the internal security of those companies.
Of more immediate concern to Perosi is that retail jewelers are notorious for having unsecured networks at their stores. Guidelines from all the major credit cards—Visa, MasterCard, American Express, and Discover—advise retailers not to have visible WiFi in their stores. (Visible WiFi’s appear on your smartphone when you are looking for open networks to connect to.) Hidden WiFi is ok, says Perosi. Additionally, small retailers usually don't have business-class firewalls installed in their store; indeed, most don't even have firewalls at all, except for what's provided by their cable or phone company, he says.
“Passwords are notoriously insecure as well, and that’s a serious problem. Many jewelers use passwords like 'diamond,' 'diamond1,' or the name of their favorite gemstone. It only takes one hack into a jeweler's network to install a hidden Trojan on a network computer.” From there, he says, the hacker can monitor the traffic between computers, and grab usernames and passwords that would get into their POS or other in-house software.
“There's no telling what confidential information they'll find on a computer, including scans of private documents, unsecured password files, or older versions of QuickBooks and POS that doesn't have security at all.” Payment terminals, like handheld card swipe machines, are usually not a big worry if they are not connected to POP software, he says.
Here are Perosi’s top five cybersecurity tips for independent retailers:
1. Hide the broadcast ID of your WiFi.
2. Install a good firewall (something more than $900) between your internal network and your outside router.
3. Change your passwords regularly.
4. Use random number/letter/special character passwords.
5. Set up a secure server within your store and save all documents to that instead of your local PC.
Methodology and what matters most to retailers. The BDO study was conducted by examining the 10-K filings of the 100 largest publicly-traded retailers in the United States. The risks were ranked in descending order of frequency they were cited by the retailers in their findings. Likewise, the Centurion study was open-ended, allowing respondents to list all the issues they see as major risks to business, and issues were tallied by the frequency with which they were mentioned.
Among the top 100 largest public retailers in the BDO study, general economic conditions, cyber security and government regulations all tied for the number-one biggest risk factor. It is interesting to note that regulations—federal, state, or local—rose from number four in 2016 to a tie for number one in 2017 in BDO’s research. (Among jewelers, “regulations” weren’t mentioned but 26% of respondents cited taxes or politics as a risk.)
Border taxes are a greater concern for retailers in general than upscale jewelers. 26% of Centurion respondents cited "taxes" as a risk to business (ex-sales tax), but none said border taxes, specifically, are a worry.
In the BDO study, this is the second year in a row that security breaches were ranked first as a risk, rising from fourth place in 2015.
Retailers may be growing used to industry consolidation—or they’re just more worried about other things—because that issue was tied for number one by BDO in 2015, but slipped to third place last year and fourth place this year. Credit, finance, and company indebtedness, meanwhile, rose from 13th place last year to eighth this year for the public retailers, compared to these kinds of issues being the number-one concern for independent luxury jewelers.
How are jewelers dealing with their concerns? Here is a sampling of some of our respondents’ strategies:
Top image: eksperttv.az