The data breaches this year cost the affected companies an average of US$182 per customer, compared to $138 per customer in the 2005 study -- an increase of 31 percent, according to the report. About three-quarters of the costs paid for phone calls to notify customers of a breach, the free or discounted services to compensate for data losses and for the losses incurred when customers took their business elsewhere.

The cost of the breaches to the companies ranged from $226,000 to more than $22 million, with an average cost of $4.7 million, according to the report.

The study found that customers don't like it when personal information is passed on to third-party vendors for processing or storage without their knowledge, Ponemon said. "That's what we find. They have a trusted relationship" with the original company, which they chose to do business with, he said. "They will forgive once, but say, 'Don't let it happen again,' compared to [asking] 'Why does this third-party vendor have my information?'"

The latest study also found that companies that have had data breaches are doing a better job learning from the past incidents about how to bolster breach detection systems and head off future breaches, he said. "Last year in the detection category [of the study], a lot of companies weren't doing great forensics on how to prevent breaches in the future. A lot of companies are now doing better because they're analyzing [processes and information] to prevent it from happening again."

The study found that 72 percent of the breaches occurred because the digital information was not protected properly, while 14 percent occurred because of malicious or insider attacks. About 94 percent of the companies took some kind of preventative action in response to the incidents, the study said.