Malicious software otherwise known as malcode or malware contributed to about on third of data breaches according to a study by the Verizon Business Risk Management Group 

Malware was found on systems in many more of their 500+ cases that contributed to the study, but only in 1/3 of cases did it play a part in the breach under investigation.  In the rest of the cases, they found it to be a measure of the overall health of the system from a security perspective.   

See Chart 

Worms and viruses have been used heavily in the past but according to Verizon only accounded for 27% of the way in which systems became compromised.  58% was specifically planted by the attacker…a strong rising trend.  In 13% of cases, the users essentially compromised their own systems by downloading malware off the Internet.  Only a very small number of incidents (2%) had the malcode physically installed. 

Some of the malware was customized (about 25%) to avoid detection by anti-virus and other host based detection methods that rely on signature matching.

The programs were primarily designed to do one of the following:

- Capture and then send information to a remote entity

- Enable the attacker to access and control the system

- Capture information to be harvested later 

Among the malware observed here, the ration between these three were roughly the same and often used in combination. 

More: continued here