Perhaps such a huge focus on preventing or removing infections is worth backing it with such a large portion of funds, though spending half of what you have just on anti-virus seems odd to me. On the other hand, anti-virus makes a presence at many stages of a network. You'll have anti-virus running on a mail server, scanning all inbound and outbound mail. You'll have it on each individual workstation, scanning as people work. You'll have it on fileservers and perhaps even on middleman devices, sniffing traffic for malicious content.
What would be more interesting than seeing where money goes, however, is seeing where the infections are coming from. Are most of them coming via e-mail, or is it more likely a workstation is infected by someone plugging in a thumbdrive from home or installing rogue software on their own?