Malicious software, commonly termed Òmalware,Ó continuously presents one of the top security concerns, and causes tremendous worldwide financial losses for organizations. In this paper, we propose a structural risk model to analyze malware propagation dynamics measured by a four-parameter (asymptote, point of inflection, rate, and infection proportion at inflection) growth curve. Using both social network data and technological network infrastructure from a large organization, we estimate the proposed structural risk model based on incident-specific nonlinear growth curves. This paper provides empirical evidence for the explanatory power of the structural characteristics of the underlying networks on malware propagation dynamics. This research provides useful findings for security managers in designing their malware defense strategies. We also simulate three common malware defense strategies (preselected immunization strategies, countermeasure dissemination strategies, and security awareness programs) based on the proposed structural risk model and show that they outperform existing strategies in terms of reducing the size of malware infection. > >