The report specifically fingers “repackaged copies of legitimate apps distributed via non-official marketplaces” as a main source of malware on Android. Meaning that you can relax a bit if you only buy your apps from Google Play and Amazon. Apple has no such non-official marketplaces for phones that aren't jailbroken (i.e. running unofficial versions of iOS), which helps explain the statistical findings.
An estimated 32.8 million Android phones were infected with malware in 2012. Cisco's report doesn't estimate the number of infected devices in the current year. It does, however, note that the measured number of overall vulnerabilities and threats is at its highest yearly level ever.
That means, regardless of whether your smartphone is an Android or iPhone, it’s good procedure to make sure all your devices are protected from malware threats. If you’re not sure where to get started, I suggest trying Techlicious's need-to-know guide on mobile security.
Editor's note 1/22/14: According to the Cisco study stats, 98% of the Android malware was Android/SMSSend. This types of malware is almost exclusively targeted to Eastern European countries (primarily ex-Soviet Bloc) and installed by downloading apps from off-market sources.
If you stay with Google Play or the Amazon app store, the likelihood you would download this malware is pretty much nil (we know of no case where that's happened, but would be interested if someone has additional info). Nor are we familiar with a variant that would work with US phone carriers.
[Troubles with smartphone via Shutterstock]