Speaking at the company's IT security summit in Sydney Tuesday, Litan said a company with at least 100,000 accounts to protect can spend, in the first year, as little as $8 per customer account just on data encryption. Or, the organization may spend as much as $20 per customer account for data encryption, host-based intrusion prevention and strong security audits.

"This compares with an expenditure of at least $120 per customer account when data is compromised or exposed during a breach," she said.

Encrypting stored data can provide the most robust data protection, Litan said, but if that is not feasible due to cost and complexity, organizations should deploy comprehensive, host-based intrusion prevention systems (HIPS).

However, Litan said successful deployment of HIPS requires strong server configuration control and additional administrative cost and complexity.

"Another option is a strong security audit to validate the organization's deployment of satisfactory mitigating controls, reducing the need for data encryption or HIPS," she said.