Data breaches can be expensive. Just take a look at the sixth annual report on the problem from security firm Symantec.

In fact, as has been true for the past five years, the Symantec (NASDAQ: SYMC) financed study found that costs for data breaches just continue to climb.

The study, which was conducted by the Ponemon Institute for Symantec, found that the average data breach in 2010 cost $7.2 million organization-wide.

That's up from 2009, when a data breach cost $6.8 million -- a rise of 7 percent, according to the report, which is entitled "2010 Annual Study: U.S. Cost of a Data Breach."

In 2010, data breaches cost on average, $214 per compromised record, up significantly from $204 per compromised record in 2009, the report said.

The 2010 study was based on benchmark case studies of 51 organizations in 15 industries that experienced data breaches. While that may seem like a small sample, the report counters that they gather information to a depth not provided by larger surveys.

"Our methods capture information about direct expenses such as engaging forensic experts, outsourced hotline support, free credit monitoring subscriptions, and discounts for future products and services," the report said. "We also capture indirect costs such as in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished acquisition rates."

One of the conclusions from the study is that costs for breaches continue to grow, and sometimes surprisingly so.

"Every year [data breaches] cost a little bit more," Larry Ponemon, chairman and founder of Ponemon Institute, told InternetNews.com.

Ironically, part of the increase comes from organizations trying to remedy breaches as soon as possible, the report said.

"Regulators like a quick response," Ponemon said.

Responding more rapidly, though, drives up the cost per breached record.

"For the second straight year, organizations' need to respond rapidly to data breaches drove the associated costs higher," the report said.

"In 2010, these quick responders had a per-record cost of $268, up 22 percent from 2009; companies that took longer paid $174 per record, down 11 percent," it added.

The 2010 study was based on benchmark case studies of 51 organizations in 15 industries that experienced data breaches.

"Our methods capture information about direct expenses such as engaging forensic experts, outsourced hotline support, free credit monitoring subscriptions, and discounts for future products and services," the report said. "We also capture indirect costs such as in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished acquisition rates," it added.

Criminal attacks cost the most and continue to burgeon, although negligence retains the top spot.

"Encryption and other technologies are gaining ground as post-breach remedies, but training and awareness programs remain the most popular," the report said.

Stuart J. Johnston is a contributing writer at InternetNews.com, the news service of Internet.com, the network for technology professionals. Follow him on Twitter @stuartj1000.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.