The report states that a whopping 57% of all publicly disclosed breaches are caused by lost or stolen systems. At least for the second half of 2007. Only 13% were caused by active hacking, such as the Hannaford or TJ Maxx fiascos.
And if you're worried about viruses or worms, you should be focusing on Trojan avoidance -- the number of Trojan downloader's detected rose an astonishing 300%. That means it's more important than ever to look before you click on that URL. The most likely way this type of spyware is transferred is through drive-by downloads.
The full report is available from Microsoft.