The news that FedEx stored the identifications of thousands of customers on an unsecured “legacy server” is yet another reminder of how data security isn’t as tight as it needs to be in a world full of cyber criminals and hackers – folks all too ready to take malicious advantage of such information.

And consumers are definitely worried about such exposure (although few are taking steps to protect themselves) and that’s beginning to affect who they do business with.

According to the Global State of Information Security Survey compiled by Kirke Management Consulting, some 85% of consumers polled openly admit they won’t do business with a company if they have concerns about its data practices.

Yet only 45% of organizations report to owning a structured plan to ensure data compliance, the firm found. This, coupled with current industry trends, means it could be a tumultuous year ahead for businesses that do not invest, or begin to invest, in a data privacy and security framework. It could expose organizations to risks such as staggering financial fines, regulatory penalties and loss of customers, according to Ale Brown, Kirke’s founder and principal consultant.

“We expect privacy concerns will soar to new heights this year with the renewed focus on data protection,” he explained. “It’s an opportune time for businesses to differentiate by prioritizing the safeguarding of personal information. Businesses have the power to distinguish themselves by leveraging privacy management practices as a foundation for trust to deepen employee engagement and customer loyalty.”

But although most organizations maintain information technology or “IT” governance when it comes to data security, the “privacy gap” has yet to close, Brown stressed. Continued growth in digital devices is driving risk management and with 2017 seeing a 2,502% increase in the sale of ransomware on the “dark web” it is clear privacy will remain a vital business issue.

In a global economy, new regulations such as the General Data Protection Regulation (GDPR) from the European Union will impact companies worldwide starting May 25 if they handle any data from EU citizens. In the event of non-compliance or data breaches, Brown said businesses face monetary fines up to 4% annual global turnover, increasing solvency risks for many organizations.

The data privacy news is just as gloomy in The Global State of Information Security Survey 2018 compiled by global consulting firm PricewaterhouseCoopers (PwC). That poll, which draws on the responses of 9,500 executives in 122 countries and more than 75 industries, finds that though “massive cybersecurity breaches” have become almost commonplace, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society.

Indeed, PwC’s poll found that relatively few respondents (34%) say their organizations plan to assess Internet of things (IoT) security risks across the business ecosystem, while only 34% are developing new data collection, retention, and destruction policies. Only 34% assess device and system interconnectivity and vulnerability across the business ecosystem.

Still, Kirke’s Brown noted that 72% of consumers polled in his firms survey believe businesses, not government, are best equipped to protect their data. That means, at least from my perspective, that if a company can demonstrate solid data privacy and security protocols, it can win more business – especially in the freight world, where data is becoming more and more critical all the time.

But beware if the reverse is true. “Without the correct privacy frameworks, businesses are operating on the sands of time and leaving themselves exposed and vulnerable to breaches,” Brown said. “Despite an awareness of disruptive cyber risks, companies often remain unprepared to deal with them. Achieving greater cyber resilience as a society and within organizations will require a more concerted effort to uncover and manage new risks inherent in emerging technologies. Organizations must have the right leadership and processes in place to drive the security measures required by digital advancements.”

That includes truckers and any business connected to the freight shipping process these days.