Companies that have lost sensitive data are being shunned by consumers, according to a new study.

The Ponemon Institute, which studies privacy procedures in companies and government organisations, studied 43 US companies that lost sensitive data last year. The research revealed that on average, it cost the companies $202 (£141) for every data record lost in 2008. That's compared with $197 (£138) in 2007, $182 (£127) in 2006 and $138 (£96) in 2005, the first year the study was conducted.

Factored into those figures are how much companies spend on detecting data losses, costs incurred notifying victims and hiring forensic experts and paying for free credit checks for affected consumers, among others.

The most costly factor, however, was loss of business. Of the $202 (£141), $139 (£97) represented the cost of lost business, up 69 percent over 2007.

"The growth in lost business costs demonstrates consumers do not take a breach of their trust and privacy lightly and have not become desensitised to the issue," the study said.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Health-care and financial-services companies that lost data suffered the worst backlash from consumers. The churn rate - or the rate at which people change their provider - was 6.5 percent for health care and 5.5 percent for financial services, the study found. Health-care organisations also face a higher-than-average cost per record lost, at $282 (£197).

Last month, the Identity Theft Resource Center (ITRC) found that more than 35 million data records were breached in 2008 in the US, a record number. The majority of the lost data was neither encrypted nor protected by a password.

ITRC counted 656 breaches in 2008, that's 47 percent more incidents than the 446 breaches in 2007.

Information about the breaches was collected by tracking media reports and the disclosures companies are required to make by law. But the ITRC said it is likely many more than 35 million records were lost since some companies do not reveal how many records were compromised.

See also: NHS Mytob attack was entirely avoidable