The number of corporate security breaches fell last year, but the cost of each incident is on the up, according to a new study by the Ponemon Institute.
The study of attacks in 15 different industries found that the average per-incident cost of a security breach was $6.75m (£4.16m) in 2009, compared to $6.65m (£4.1m) in 2008.
A separate report from the Identity Theft Resource Center said that the number of successful attacks fell from 657 in 2008 to 498 in 2009.
"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses of a data breach," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
"With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."
The fall in the number of attacks can be attributed to improved security practices, the study found, such as better staff training and awareness programmes. Another factor is the regular use of encryption, which was up 14 per cent to 54 per cent this year.
Nevertheless, the cost of a breach rose from $202 (£125) per compromised customer record in 2008 to $204 (£126) in 2009. Companies are also being hit by higher legal costs as a result of data loss.
The most expensive data breach in this year's study cost nearly $31m (£19m), and the least expensive $750,000 (£464,000).
"Customers are increasingly aware of, and expecting a secure level of protection and privacy for, the data they entrust to businesses," said Phillip Dunkelberger, president of PGP Corporation, which sponsored the study.
"Our study with the Ponemon Institute continues to demonstrate that companies whose data is not protected face expensive direct costs from cleaning up a data breach, and a loss in customer confidence that has long-lasting ramifications.
"A bright spot in this year's report illustrated that companies with chief security officer leadership had a lower cost of remediation following a breach. "
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws