Protecting customer records is a magnitude less expensive than paying for cleanup after a data breach or massive records loss, a research company said Tuesday.

Gartner analyst Avivah Litan said in a research note that data protection is cheaper than a data breach. She recently testified on identity theft at a Senate hearing held after the Department of Veterans Affairs lost 26.5 million vet identities.

"A company with at least 10,000 accounts to protect can spend, in the first year, as little as $6 per customer account for just data encryption, or as much as $16 per customer account for data encryption, host-based intrusion prevention, and strong security audits combined," Litan said in an accompanying statement.

"Compare [that] with an expenditure of at least $90 per customer account when data is compromised or exposed during a breach," she added.

Litan recommended encryption as the first step enterprises and government agencies should take to protect customer/citizen data. If that's not feasible, organizations should deploy host-based intrusion prevention systems (HIPS), she said, and/or conduct security audits to validate that the company or agency has satisfactory controls in place.

"None of these options are mutually exclusive, but implementing all three will still be less expensive than having to respond to a large-scale data breach," Litan said.