On average, the cost of data breach has surged; it may now cost $6.6 million per breach to an organization, while the cost in 2007 was $6.3 million and in 2006 was $4.7 million; that’s what states a study conducted by the Ponemon Institute, released on Monday.

Sponsored by PGP Corp., the study, which analyzed the costs that 43 companies paid for data breaches, articulates that the cost per compromised record in 2008 increased 2.5% over the year before to $202 per record.

According to the study, the data leaks ranged as high as 113,000 records, and on average, the cost of data breach per company ranged from more than $613,000 per breach to nearly $32 million. The cost of lost business, resulting from a data breach, averaged nearly $4.6 million. According to the study, lost business accounts for 69 percent of data breach costs.

The study reveals that 44% of the companies involved in the study reported data breach by a third party, such as a contractor or outsourcer; which is increase from 40% in 2007 and 29% in 2006. According to the study, third party data breaches are also more expensive–$231 per compromised record. The study articulates that over 88% data breach cases in 2008, were result of internal negligence.

Larry Ponemon, head of the research group, said, "For the majority of our companies, it was not their first time; 84% of the cases were repeat offenders, and only 16% were new." The study says that the first timers found the cost of data breach more expensive; its cost for first-timers was $243 per record on average, while $192 per victim record for experienced companies.

The study also reveals that most customers are lost by Healthcare and financial services after a data breach; The healthcare customer churn rate is 6.5 percent followed by financial services’ 5.5 percent.