As others have said I'm surprised that the quoted figure is only 43%, but then their data collection only accounts for an unrepresentative sample of the problem.
Anyone who administers internet facing servers of any kind, be they web, email or whatever, knows that a high proportion of each day's logs will be taken up with automated login attempts of one sort or another.