I do not have any specific numbers on attacks. Perhaps you could check with the Computer Emergency Response Team (CERT).
Your observation about workstation versus server security is an interesting one. I think most outside attacks tend to go after servers primarily because that is what tends to be accessible via public addressing on the Internet. Most corporations now have firewalls that provide Network Address Translation, thus hiding the workstations from public view. Also, a good number of attacks are simply aimed at IP addresses, regardless of whether they are servers or workstations. Again, it is mostly servers that have public IP addresses.
On the other hand, the insider attacks are just as likely to go after workstations as they are servers. This is because they will be looking for sensitive files that others keep on their local hard drives. Therefore, security of the workstation is important too.
For more information on this topic, visit these other searchSecurity resources:
Tech Tip: Protecting workstations
Best Web Links: Securing the Desktop
Best Web Links: Infrastructure and Network Security
This was first published in February 2002