Jul 14, 2016

The Hidden Costs of Crimes and Criminals: A Primer on Protecting Your Bottom Line and Your Customers


Unfortunately, criminal activity, both violent and nonviolent, is as pervasive in our society as it has ever been. The cause(s) of this epidemic, while certainly a hearty topic for debate, does not change the facts that crime and criminals do not discriminate and that there is no sanctuary from these despicable acts. All too often, the criminals’ scene of choice is a retail store, restaurant, bar, hotel or other facility that caters to unsuspecting customers who are otherwise simply engaging in leisure activities or carrying on with daily life. When this occurs, these customers are transformed into crime victims and are left with very little, if any, recourse from the criminal offender.

Unfortunately, we all know what can happen next. Although the criminal is culpable of the crime, the customers turn to the business for financial redress, which almost always results in litigation. Aside from the costs of litigation, businesses have a great stake in these types of actions. There is a litany of adverse collateral damage wrought from the criminal acts, including damage to the business’s reputation, image and brand, potential liability for a judgment and the establishment of precedent for future legal actions. Business owners are placed in a precarious position because they have the most to lose. An adverse judgment, even if the majority of fault is apportioned to a judgment-proof criminal, will likely be borne by the business owner. Further complicating the process is the jury’s attempt to compensate the victim from the deep pockets of the business owner, however unfair or inequitable this may seem.

In order to protect the business’s image and brand, its customers and potential liability, it is important that decision makers understand how liability is analyzed vis-à-vis criminal acts and what actions are required to minimize potential exposure to liability.

Liability for Criminal Acts

Unlike many other areas of jurisprudence, nationally, the law regarding liability for criminal acts of third parties is fairly uniform. The basic principle is that a business owner will not be liable for the criminal acts of third parties unless (1) the crime is foreseeable and (2) reasonable efforts could have been made to prevent and/or deter the criminal conduct. This generally universal principle may seem clear; however, because our judicial system is adversarial, it is no surprise that the plaintiffs’ bar has offered up a lively argument regarding what amounts to foreseeability and what reasonable measures are required by business owners to thwart criminals.

To reiterate: a business owner is generally under no duty to protect customers or patrons from the criminal acts of third parties. However, when a criminal act is “reasonably foreseeable,” the business owner will owe a duty of ordinary care to protect the customers from the criminal behavior. Additionally, a business owner may be under a duty to intervene to protect customers during the commission of a criminal act. If you are your company’s decision maker, or even an on-the-ground employee, these general principles are rife with vague terms—i.e., “reasonably foreseeable,” “duty of ordinary care,” “intervene” and “protect”—and are unlikely to offer much practical guidance in day-to-day operations and risk management. Nevertheless, even a cursory understanding of these terms can go a long way toward identifying your responsibilities and best practices to avoid unnecessary litigation and all the costs and uncertainty that it entails.


What is “foreseeability”? Aside from the straightforward dictionary definition, lawyers and judges have tortured this otherwise benign word in the context of civil lawsuits. As a result of the torture, throughout the jurisdictions, four approaches have been developed to determine whether a crime was foreseeable to a business owner.

These four approaches are:

  1. Totality of the circumstances,
  2. Prior similar acts,
  3. Balancing test, and
  4. Imminent harm rule.

A brief review of each approach is in order.

Totality of the circumstances. A majority of the states have adopted the totality of the circumstances approach, including California, Ohio, New Jersey and South Carolina. An expansive approach, a totality of the circumstances considers factors such as prior similar acts occurring at or around the business, the nature of the business, the location of the business, architectural design of the premises, security measures undertaken, etc. Under this approach, a customer injured or harmed as a result of a criminal act on a business owner’s premises is forced to set forth evidence demonstrating that due to these various factors, the business owner should have foreseen that a criminal act was likely to occur. For example, if a customer was injured by a violent crime at a grocery store that has been the object of multiple armed robberies, it may have been foreseeable and the grocery store owner may be under a duty to protect customers from such an act.
Likewise, a criminal act at a gas station in a rough neighborhood with a history of violent crime may be foreseeable. A crime that occurs in a parking lot with insufficient lighting or in a parking lot that could not be observed from a business could arguably be foreseeable. As a result of the totality of the circumstances approach, courts will take a wide view of the attendant circumstances surrounding a crime to determine whether that business had sufficient notice of the need to protect its customers. Because of the widespread use of this approach, it is important that every aspect of a business and its premises be contemplated when undertaking risk management.

Prior similar acts. Running a close second is the prior similar acts approach, which is utilized in states such as Texas, New York, Florida and Georgia. Under this test, courts take a more focused look at substantially similar crimes that have occurred at a particular business. The rationale is: If similar crimes have occurred before, the business should have reason to believe they could occur again, and measures must be undertaken to prevent the reoccurrence. In these cases, plaintiffs must show that not only did the business owner have actual knowledge of the crimes, but that the crimes were similar enough to constitute notice. Accordingly, a history of shoplifting would not be sufficient to constitute notice and, therefore, make an assault foreseeable. When doing business in a state that looks at prior similar acts, it is imperative that decisive and proactive steps be taken to prevent isolated incidents of crime from reoccurring.

The balancing test. The balancing test is a middle-ground approach that considers both a business’s operating and cost concerns while reconciling these costs with the safety of its customers. This approach is somewhat enigmatic and is only utilized in a few states, e.g., Tennessee. Essentially, under this test, if a low-cost measure could be taken to provide for greater customer safety related to crimes, the court would find that this measure should have been taken and, therefore, that the crime would be foreseeable. In the event that measures to protect customers would be onerous and burdensome to the business’s financial interest, those measures would not be required to prevent criminal acts of third parties. When doing business in a jurisdiction that has adopted this approach, cost-effective security measures should be in place to avoid liability and protect customers.

Imminent harm rule. Finally, the imminent harm rule dictates that a business owner can only be liable for situations in which the business owner is aware of and has knowledge of the imminent probability of a specific harm to customers. This approach has been described as “outdated” and is largely inapplicable in most jurisdictions. However, as with some legal principles, the imminent harm rule remains applicable in limited circumstances, in limited jurisdictions.

Steps to Take

Keeping all of these approaches in mind, many businesses, such as national retailers, that operate in many different jurisdictions find it virtually impossible to tailor risk management and security practices to each environment. However, national retailers can, in fact, insulate against liability under any of these approaches, through adopting uniform protocols applicable to all facilities. Access control and security guards are two specific areas that should be immediately addressed. With regard to access control, customers who enter a business’s property and display belligerent, inflammatory and/or volatile behavior should be asked to leave before an incident occurs. Although losing a potential customer is never looked upon favorably, the potential damage to image, branding and customers far outweighs the loss of a solitary customer. In fact, the message conveyed to customers that they are frequenting a safe and secure business will yield substantial dividends in the long term.

Employees should be vigilant for customers exhibiting suspicious behavior, but should always proceed with caution prior to approaching and possibly arousing the individual any further. Preferably, employees should consult with management, if possible, before engaging any individual identified as a possible threat. Often, respectfully asking a customer to maintain a certain level of decorum, or even asking them to leave, defuses any potential situation before it arises. Depending on the locale and propensity for crime in the area, certain locations may require more acute attention to these issues. Risk managers and loss control personnel should identify locations situated in high-crime areas and closely monitor their security practices. Security professionals should be utilized when required.

As to the potential for criminal activity in the exterior premises, businesses are advised to develop policies and procedures that create an active presence in these areas. The exterior premises should be well-lit and observable from the business’s interior. Employees should be on the lookout for suspicious activities and instructed to report them. Light fixtures must be repaired and replaced to ensure uniformly maintained premises in which customers feel and are in fact secure. If past crimes have taken place at a particular business, emphasis on these practices is more important because that business may be even more susceptible to civil liability.

The police are a business’s friends. A business should not feel dissuaded and/or hesitant to request police assistance when necessary. Certainly, a business does not want to create a spectacle or be viewed as a dangerous place in the community, but if police presence is required to maintain the peace and protect customers from time to time, a business should feel comfortable calling them; they are there to serve the community. Employees should be counseled and educated as to when police presence is required and be able to call the appropriate authorities when necessary. Employees should not fear reprisal for a good-faith belief in police intervention.


Be proactive. Consult and coordinate in unison with your risk management, loss prevention and counsel. If and when you are presented with or become involved in litigation concerning civil liability for criminal acts, your business will benefit immensely from establishing these simple principles and greatly increase your chances of avoiding liability altogether. More importantly, your customers, and employees will be safer and will appreciate the heightened sense of security on your premises. A happy customer is also a safe customer, and by securing your business to avoid civil liability from the criminal acts of third parties, you will not only thwart litigation, you will ensure that your happy customer returns to your business.

Back to top.

Shopping Center Law & Strategy