Every company surveyed by Cisco was found to be hosting some kind of malware, according to its 2014 Annual Security Report.
This, it said, indicates "penetrations may be undetected over long periods".
Most attacks come via "trusted applications", with Java comprising 91% of web exploits detected by the company.
"Of all the web-based threats that undermine security, vulnerabilities in the Java programming language continue to be the most frequently exploited target by online criminals," the report said.
"[They] far outstrip those detected in Flash or Adobe PDF documents, which are also popular vectors for criminal activity."
Indeed, only 3% of attacks examined by Cisco appeared to come via Adobe Reader, while in by the third quarter of 2013 Flash had virtually dropped off the grid.
"97% of enterprise desktops run Java, as do 89% of desktop computers overall in the United States," explained the report. "Java provides an attack surface that is too big for criminals to ignore [so it] is the exploit that criminals choose first, since it delivers the best return on investment."
Mobile security
Mobile security is also a growing concern, with Cisco reporting a 14% year-on-year growth in new threat alerts - the vast majority of it targeted at Android.
The company also said that the security problems faced by businesses could be made worse by a shortage of people with the necessary skills to remedy them.
"The sophistication of the technology and tactics used by online criminals have outstripped the ability of IT and security professionals to address threats," the report added.
"Most organisations do not have the people or the systems to monitor their networks consistently [and] CISOs struggle to hire people with up-to-date security skills," it added.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
