A data breach — that chronic, irritating occurrence of mass intrusion we can’t seem to escape and that inflicts massive financial consequences on businesses — cost U.S. companies on average $3.2 million per breach, according to an IBM Report.

The 2019 Cost of a Data Breach Report from IBM Security and Ponemon Institute investigated the financial consequences of a breach and how companies can reduce the impact. The report concluded that the cost of a data breach has risen 12% over the past five years as a result of increased regulation and the complex nature of resolving criminal attacks.

It’s worth noting that a breach costs U.S. companies twice as much as the global average. But the report doesn’t specify why U.S. businesses pay more.

Researchers conducted in-depth interviews with executives from more than 500 companies around the world that suffered a breach over the three years. The analysis took into account hundreds of cost factors including legal, regulatory, and technical activities to loss of brand equity, customers, and employee productivity.

This report comes just days after Equifax reached a $700 million settlement for the 2017 data breach that exposed the personal information of 147 million people.

Companies with less than 500 employees typically lost more than $2.5 million on average, according to the study. This can be “potentially crippling” for small businesses, which typically earn $50 million or less in annual revenue, IBM says.

Perhaps the most alarming discovery to emerge from the study is the amount of time that passes before companies even detect a breach. An average of 206 days pass before a breach is detected, plus another 73 to fix it, causing effects to be felt for years in what the report refers to as “the longtail financial impact.”

On average, 67% of the financial impact is felt within the first year following a breach, 22% rolls into the second year, and 11% lingers for more than two years after a breach. Organizations in highly-regulated environments, such as healthcare, financial services, energy, and pharmaceuticals saw higher longtail costs in the second and third years.

When it comes to data breaches, time is money.

The study shows organizations that were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach.

Data breaches that originated from malicious cyberattacks were the were the most common, and the most expensive, costing companies $4.45 million on average — over $1 million more than those originating from accidental causes such as system glitch and human error.

And with cybercriminals constructing more destructive, complex assaults, data breaches are a growing threat to organizations as the percentage of malicious or criminal attacks as the root cause of data breaches in the report crept up from 42% to 51% over the past six years of the study (a 21% increase).

While the report illuminates the financial consequences of data breaches on organizations, and provides incident response recommendations such as security awareness training, technology investments, and testing services to identify accidental breaches early on.