Consumer risk from internet services continues to be an urgent and pressing policy issue for governments, especially in the rapidly growing Asia-Pacific region. Numerous incidents of ransomware and DDoS attacks continue to fill the pages of newspapers. COVID-19 lockdowns have further accelerated a move to online learning and entertainment, increasing the opportunities for cybercriminals to exploit families and children who use the internet. Yet real data about consumer awareness of malware as well as an understanding of its’ sources, have rarely been systematically examined. Previous studies examining the prevalence of malicious code on piracy websites have provided some clues, but the link between actual experience and beliefs has never been tested.In this study, consumer attitudes and experiences about malware and piracy websites was undertaken by international research data and analytics group YouGov, using a random sample of the adult population across five countries within South East Asia, Singapore, Hong Kong, Vietnam, Philippines and Thailand. Participants were asked about their experiences of and knowledge about malware, access to piracy sites, and – crucially – where they believe malware attacks are most likely to come from.Participants ranked piracy websites as the #2 source of malware infection risk (22.27% average) for themselves and their household abode, ahead of social media, gambling ads, branded ads, or e-game websites. Adult industry ads were ranked #1 at 23.40% average. In recognition of the piracy-malware nexus link, it was observed that the two countries which had the highest awareness of the piracy-malware nexus Hong Kong 26% and Singapore 27%, also reported fewer experiences of malware infections with Singapore (61%) and Hong Kong (61%) reporting no experience of malware.The focus of this analysis is to bring us closer to developing a more sophisticated understanding of user behaviour, malware, and piracy. For countries where malware attacks remain high, but awareness of the piracy-malware nexus remains low, it is recommended that governments consider increased awareness, education and training in how to avoid piracy sites and malware infections, and more focused national protection measures, such as regulatory site blocking of egregious piracy websites.Moving beyond the descriptive statistics presented in this study, we can begin to build a predictive model that can be used to identify strategies that can be used to reduce malware infections. This analysis suggests that – for our sample - 31% of variance in malware infections could be explained by actual experience of and knowledge about piracy, risk awareness of piracy, and sample demographics, especially age and gender. In other words, reducing access to piracy sites, and/or educating consumers about piracy risk, would see a very significant reduction in malware infections, potentially in the order of 31%
