The average annual cost of cybercrime to companies has nearly doubled in the last five years, a new report from a cybersecurity research firm says.

The Ponemon Institute, based in Traverse City, Mich., places the average cost of cybercrime to large U.S. companies at $12.69 million, highest among the seven developed countries where firms were surveyed. Companies based in the United Kingdom, Germany, Japan, Australia, France, and Russia also participated in the study.

When broken down by industry, financial services companies surveyed spent an average of $20.8 million on the prevention of and reaction to cybertheft or other digital attacks, like denial of service. Of companies participating in the survey, only those in the energy and utilities and defense sectors paid more.

The report also measured the efficacy of seven different cybersecurity methods, and found security intelligence systems, which actively monitor data generated by users and applications in real-time, to be most cost-effective. These systems save about $5.3 million on average among the total international survey universe of 257 companies, the highest return on investment of any of the seven security measures considered.

Ponemon spent 10 months studying cybersecurity methods and incidents at 257 companies, out of which 59 were based in the United States. Only companies with at least 1,000 devices and/or users connected to the central system of a company were included in the study, so comparisons across industries could be as close to apples-to-apples as possible. Of the U.S. companies participating, 19% — the largest representation of any sector — came from the financial services industry.

The survey information was collected over the course of 10 months but used company data from the past five years.