The vendor's latest State of Internet Security report that found one in four respondents globally suffered an attack that caused a server outage, compromised sensitive information or threatened online transactions.
The internet was also identified as a greater source of threats than the email channel, harbouring more viruses, worms and spyware, and leading to more security breaches and loss of customer information.
"If you look at the levels of protection, 70 to 99 per cent of companies have already deployed security for email because they've learned, but only a small [number] have deployed the technology to scan their pages for malware," said Webroot chief executive Peter Watkins.
"Around 85 per cent of malware comes in via the web, and businesses have been slow to react to this."
The scale of web-based malware was further highlighted by figures from web security-as-a-service firm ScanSafe, which reported in its monthly Global Threat Report that more web-based malware was detected in October than in any other month this year.
The research found that 65 per cent of malware blocks last month resulted from visits to compromised websites, while 13 per cent came from encounters with backdoors and password stealers.
More alarming still, web-based malware coming from search engine results pages was higher than in previous months, at 9.3 per cent of all encounters, said ScanSafe.