Skip to content

Malware Metrics by Industry Sector

by Trend Micro Employee ‎09-01-2009 06:16 PM - edited ‎09-01-2009 06:32 PM


 Measuring Security


 By non-invasively monitoring the

 activity in an organization's network,

 much can be learned about the

 residual malware that escapes the

 attention of the organization's security



 Which industry sectors are most infected? 



Malware Metrics by Industry Sector


83 enterprises from North America, Latin America, Europe and Asia Pacific participated in a risk-free, 2-week security assessment that allowed Trend Micro to monitor an enterprise’s security environment and help them discover how, why and where security threats happen. Of these, 16 were from the education and health care sectors, the two sectors showing the highest rates of malware infection.




industry sector  % of organizations with “very high” malware infection rate*
Health Care             75%   (n = 4)
Education                33%   (n = 12)
Public Sector           22%   (n = 23)
Financial Services    14%   (n = 7)
Manufacturing          11%   (n = 27)
all industries            20%   (n = 83)


* “very high” are those in the top quintile (>80 percentile) observed across all industry sectors.


Although the sample size is small, the health care sectpr exhibits significantly higher rates of malware infection than the other sectors.  Trend Micro security assessors discovered that 75% of the health care organizations monitored had “very high” levels of malware infections in their networks.  This contrasts with 20% "very high" for all sectors. 


A possible factor in the health care sector's higher infection rate may be the relatively high number of uncontrolled internet-communicating devices used by visitors to hospitals and clinics compared to other industry sectors. 


But not compared to universities, where uncontrolled student computers are the norm.  Which brings us to the sector with the second highest infection rate:  the education sector.


In the education sector, 33% of the monitored institutions exhibited "very high" malware infections rates.  Possible causes here may be related to colleges having to contend with students bringing infected laptops into their networks, heavy usage of social-networking sites, pirated media and software programs that redirect to malware; and infected USB drives that students use to store files and homework assignments.  


The Trend Micro security threat assessments used in this study utilize a non-invasive, listen-only appliance that doesn’t interfere with an organization's ongoing network operations.  Trend Micro engineers quickly install the assessment appliance at the network layer on the core switch where it monitors network traffic to detect resident malware activities, such as botnets. The appliance also monitors inbound email and Web traffic to detect potentially infected messages and suspicious Web sites.


Key threats and indicators measured during assessments include:

 - IRC bots
 - network worms
 - information stealing malware
 - malware downloads
 - accesses to malicious URLs


If you are interested in participating in a security threat assessment, contact Trend Micro Threat Management Services go to


By using this community you agree to the Participation Guidelines and Terms of Use.

Updated OfficeScan 11.0 Product Support

New Worry-Free Business Security 9.0 Support

Deep Security On Demand: Comprehensive protection for Servers Running on AWS

Trend Micro SafeSync for Business: Securely manage, access and share your files online

Join the 'Bring Your Own Device' Research Project

Join the 'Data Protection' Research Project

Read Message from Trend Micro's CEO - Eva Chen.

About the Author
  • Anthony Arrott is product manager for security analytics at Trend Micro. Among other duties, he coordinates Trend Micro’s participation in external benchmark testing programs that measure the protection commercial security software products provide to their customers. Arrott was Director of Threat Research at anti-spyware vendor InterMute, prior to its acquisition by Trend Micro in 2005. In 2007 Dr. Arrott led the project team for Trend Micro HijackThis v2.0 – enhancing the popular malware diagnostic tool originally developed by Merijn Bellekom. Dr. Arrott earned his degrees at McGill University and M.I.T.
What are other Premium Support Customers talking about?  Learn more

Already a TouchPoint member? Just Sign In