A third of mobile users do not install security software on their phones, with most saying that they simply do not see a need for it, or are concerned that it would take up too much storage.
These findings are from an inaugural survey by the Cyber Security Agency (CSA) of Singapore, which was released yesterday.
The agency polled 2,000 online users aged 15 and above between July and August last year.
"Many of us have begun to use our phones as computers to check e-mails and bank online," said CSA National Cyber Incident Response Centre director Dan Yock Hau.
And new malware is being developed constantly, he said, making security software on the phone a necessity. "We cannot afford to be complacent," he said.
One in three respondents in the survey also subscribed to at least one of what CSA describes as "unsafe" password practices. They are:
• Storing passwords in computers or writing them down on paper;
• Using the same password for work and personal accounts;
• Storing credentials such as login details on Web browsers;
• Telling other people their passwords;
• Storing passwords in a password manager; and
• Not enabling two-factor authentication (2FA), which requires users to enter a randomly-generated one-time password (OTP), in addition to a usual password, even when that option is available.
Moscow-based security systems specialist Kaspersky Lab's South-east Asia general manager, Ms Sylvia Ng, said a phone without security software is an easy target for cyber criminals. "Malware can go undetected until the user runs an anti-malware scanner on the device," she added.
People can download malware on cellphones when they click on bogus links in instant messages or suspicious looking pop-up ads; download dodgy apps; or indiscriminately open e-mail attachments.
Once malware takes over a phone, it is easy to carry out fraudulent transactions and allow hackers to steal personal data such as passwords. Even OTPs, which offer extra protection, can be intercepted as they are usually sent via SMS.
Mr Charles Fan, chief executive of Singapore-based security systems provider Assurity Trusted Solutions, said the issue with a password manager is not its use.
Instead, people tend to use an easy-to-hack password to secure their password manager, which stores the passwords of all their online accounts. "That's why it is important to secure your password manager with 2FA and a complex password," he said, adding that even complex passwords must be changed regularly.