The company made the claim in its quarterly threat trends report for the first six months of 2016 which was issued overnight.
Despite the drop in malware instances, Webroot said that the attacks which were taking place were more sophisticated and lasted for less time.
However, on one front, there was an upsurge with the number of malicious Android apps expected to grow by a factor of five in 2016, compared to the previous year.
The report said that Google and Wells Fargo were the most heavily targeted technology and banking companies respectively for phishing attacks, with the latter targeted more than 10 times as often in June than in January.
Webroot said that as far as malicious URLs were concerned, the US now hosted more than 40%. Germany's share was increasing while China's share was falling.
As far as the origin of malicious IPs went, nearly 50% were associated with China, India or Vietnam.
Webroot is based in Colorado and has offices in Dublin and Sydney.