Recently performed research shows that attacks come after about five per cent of portscans.
It's more than I through (taking the amount of scans every machine online gets a day). It would be interesting to see how it looks for a 'desktop' machines (the research was made for honeypots, which were, probably, configured as servers), then compare the results and see if there's a pattern.