Hackers are hitting businesses with malware-based cyber attacks five times a second, and phishing remains the infection strategy of choice, according to Verizon.
The company revealed the statistic in its Data Breach Investigations Report, which collated data from over 70 contributing partners' internal and customer networks.
Bob Rudis, Verizon managing principal and author of the report, told V3 the figure stemmed from data collected from five security providers' customer networks, which included information from over 10,000 businesses.
"We had five partners' customer logs and got to see the incident discovery of over 10,000 organisations. We found that there are five malware events every second," he said.
"This is bad, but what was really interesting was how unique the malware was. We saw that 70 to 90 percent of malware samples are actually unique and have a unique signature."
Rudis added that the unique nature of this malware is not a sign of sophistication but is simply a means to bypass traditional signature-based cyber defences.
Interestingly, Rudis added, and despite widespread reports to the contrary, only a tiny fraction of the malware incidents occurred on smartphones.
"There are lots of vulnerabilities in mobile so we went in [looking for malware]. We got six months of mobile malware capture data for our report. We looked at what mobile operating systems are being targeted and how often," he said.
"We found that 0.3 percent of mobile devices were impacted. Despite what most people are saying, it's not 'mobile, you're all going to die' at the moment."
Rudis said that phishing remains the most prolific and effective infection strategy being used by hackers.
"During our research we got a chance to look at hundreds of thousands of phishing programmes. These included over 150,000 messages. We found that almost a quarter of folks who get [a phishing message] are going to open it. That's a one quarter response rate," he said.
"You may think that opening a message may not be bad, but 11 percent actually click on the link or the attachment containing the malware.
"During our analytics we also found that from the start of a campaign it takes 82 seconds for the first successful breach. If you're a hacker mounting a phishing scam you're guaranteed to get a quarter return."
Hackers' success rates are further aided by most firms' poor patching practices, according to Rudis.
"There's also a lot to do with patch practices. When looking at detailed records regarding incidents in excruciating detail we found that 25 percent could be stopped if people patched," he said.
"Interestingly, within the top 10 vulnerabilities we saw, some were fairly recent, one was found in 2014, however many aren't. One of the worst and most commonly used dates back to 1999. We have a joke now that hackers are partying like it's 1999."
Rudis cited the notorious Heartbleed flaw as further proof of the need for more robust patching practices.
"Attackers don't have to do sophisticated top-end attacks. They can use old known practices," he said.
"However, while attackers are going after the old stuff, when something like a Heartbleed breaks, organisations need to drop everything and deal with it, as attacks appear almost immediately."
Heartbleed is a flaw in the OpenSSL implementation of the Transport Layer Security protocol used by open source web servers such as Apache and Nginx, which host around 66 percent of all sites.
The report said that failing to improve security processes could cost companies hundreds of thousands of dollars in the wake of a data breach.
The report estimated that, at the bottom end, a 100-record data breach could cost $18,000 to $35,000. At the top end, a 100 million-record data breach could cost $5m to $15.6m.
The estimates are based on data provided by NetDiligence, which partners with cyber insurance carriers to aggregate data on cyber liability insurance claims.
Cyber insurance is a growing industry in the UK. Lloyd's of London reported a 50 percent year-on-year increase in submissions for cyber insurance during the first quarter of this year.
The UK government announced plans in November 2014 to collaborate with the insurance industry to bolster company defence strategies and establish the country as a leader in the cyber security insurance market.
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account