http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208403240
June 11, 2008 - "... Breaches were attributable to a combination of events more frequently than a single action, including: a significant error (62%), hacking and intrusions (59%), malicious code (31%), an exploited vulnerability (22%), and physical threats (15%). But for 90% of the known vulnerabilities exploited, patches were available for at least six months prior to the attack. This data point alone suggests that installing software patches as soon as they're made available will significantly reduce the chance of a data breach*..."
*
http://www.verizonbusiness.com/resources/security/databreachreport.pdf
2008 Data Breach Report - Verizon. 4 Years of Forensic Research. More than 500 Cases.
http://blog.trendmicro.com/most-abused-infection-vector/
Dec. 7, 2008 - "We gathered malware data from January to November 2008 to give us an idea of just how dangerous surfing the Internet is. We analyzed the arrival methods of the top 100 malware infecting the most number of systems for the said period... a majority of the top 100 malware that was most prevalent during this year arrived by surfing malicious or unknown sites. A sad confirmation that despite all awareness campaigns for safe computing, users still tend to victimize themselves out of curiosity." (Charts available at the URL above.)