Software piracy and cybersecurity: from an economic problem to systemic risk

For a long time, software piracy was described as an economic or compliance problem: unpaid licenses, unfair competition, occasional lawsuits. However, the empirical evidence of recent years shows that this view is incomplete. The use of unauthorized software has become a direct risk factor for global cybersecurity and for the protection of sensitive data of the population.

Studies by The Software Alliance (BSA) together with IDC show that, globally, around 37% of software installed on personal computers is unlicensed and that organizations face a one-in-three probability of encountering malware when obtaining or installing unauthorized software. The same report estimates that incidents associated with unlicensed software entail an aggregate cost close to USD 359 billion per year for companies worldwide.

Cracks, installers and malware: what the evidence shows. The central question is why an actor would go to the trouble of developing and distributing a crack to bypass a high-cost technological protection system without obtaining a direct economic benefit. Forensic experience and academic studies point to a consistent answer: cracks and 'free' installers are predominantly used as vehicles to spread malware.

A joint study by the National University of Singapore (NUS) and Microsoft, which analyzed pirated software copies downloaded across Asia Pacific, found that 34% of the pirated software packages downloaded contained embedded malware that activated upon completing the download or opening the folder containing the program. 2024 research on Southeast Asia gathered 750 samples of pirated software and confirmed that a significant proportion contained hidden malware.

In applied cybersecurity, several reports describe how criminal groups use mass distribution platforms —search results and videos that redirect to cloud repositories— to offer tampered installers and cracks. The goal is not to enable free use of a program, but to steal browser data, financial credentials and gain persistent access to the compromised device.

From individual incident to systemic risk. From a risk-management perspective, the problem does not end with the specific machine where the pirated program is installed. That device is part of corporate networks, connects to servers, exchanges files with third parties, accesses VPNs and cloud systems. A single entry point can become the gateway to the entire infrastructure.

Europol's IOCTA reports consistently describe how ransomware and data exfiltration incidents rely on attack chains that exploit basic weaknesses: unpatched systems, weak passwords and, recurrently, unauthorized or tampered software. The FBI's Internet Crime Report 2023 recorded 2,825 ransomware complaints (+18% vs. 2022) and reported losses that grew 74%, from USD 34.3 to 59.6 million.

Critical sectors and sensitive data. The connection between piracy and cybersecurity becomes particularly sensitive in sectors that handle high-impact social data. In healthcare, in 2023 there were 725 reported breaches of health data of 500 or more records, exposing more than 133 million medical records. A study in JAMA Network Open documents that affected patient records went from 6 million in 2010 to 170 million in 2024.

The judicial system and law enforcement also face a sustained increase. In 2023, the BlackCat/ALPHV group claimed responsibility for an attack against the court system in northwest Florida; in 2025, a large-scale intrusion against the federal case management system (CM/ECF and PACER) was made public, with indications of access to sealed documents. The presence of unlicensed software —without support, security updates and potentially altered— constitutes an additional threat that facilitates attackers' work.

Public interest and state obligation. The combination of these elements leads to a clear conclusion: the interest in ensuring that critical systems do not run on pirated software is not just a business interest; it is a public interest and, in many cases, a matter of national security. States have at least three reasons to get involved: mitigating risks to critical infrastructure, protecting the formal economy and fair competition, and safeguarding citizen trust in institutions.

Legal software as a digital resilience component. Talking about legal software can no longer be reduced to the contractual dimension of licensing. From a technical and public policy perspective, the use of legitimate and properly managed software fulfills several essential functions: tracing the origin of the software and verifying its integrity, guaranteeing access to updates and patches, facilitating forensic investigation after an incident, and building cybersecurity postures based on accurate asset inventories.

Conclusions. The available evidence converges on several points. First, the use of pirated software and cracks substantially increases the probability of malware exposure. Second, infections fit into a global cybercrime ecosystem characterized by ransomware, data theft and exploitation of critical infrastructure. Third, sectors that handle sensitive information —health, justice, banking, public administration— suffer a sustained increase in attacks. Piracy and cybersecurity are not two independent issues, but dimensions of the same problem.

Source: Software Legal Argentina — softwarelegal.org.ar/ciberseguridad.html