As reported by the Washington Post, the latest survey from the Ponenom Institute pins down the average cost to a company for a security breach at $6.6 million for 2008 (up from $6.3 million in 2007 and nearly $5 million in 2006). The cost per lost record is estimated at $202. When we first started blogging this cost, states were still developing notification laws. At this point, the majority of states have passed some legislation for it. While there are insurance options to aid companies facing a security breach, the survey points out that customers, especially those in the financial and health industries, do lose trust and leave a company after a breach is reported.