Storage firm EMC admitted this week that this year's cyber attack on its RSA Security division cost it $66m (£40m).
According to a report in the Washington Post, the money was spent attempting to identify the source of the attack, and tightening security to prevent it happening again.
"We incurred an accrued cost associated with investigating the attack, hardening our systems and working with customers to implement our remediation programmes," said David Goluden, executive vice president, EMC.
In March, RSA executive chairman Art Coviello informed customers that the attack had taken place when an open letter was placed on RSA's site.
"Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA," wrote Coviello.
"We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities."
It is not known whether the hackers managed to obtain information that would enable them to crack RSA's two-factor authentication tools, used to improve their customers' security.
Military hardware specialist Lockheed Martin was attacked in June, and experts have suggested that compromised authentication tokens from RSA may have been to blame.