Cyber crime is a relatively new but quickly evolving crime type, and there is particular concern about the number of young people becoming involved in cyber crime, who may be at the start of a pathway into more serious and persistent cyber offending. The current study aimed to examine Computer Misuse Act (CMA) experiences and knowledge amongst secondary school pupils. Six-hundred-and-fifty-one pupils in secondary school years 10–13 (ages 14 to 18) took part in one of 29 outreach engagement sessions delivered by police officers. The sessions aimed to deter and divert young people from engaging or persisting in cyber offending and included information about the CMA and the potential consequences of committing CMA offences. Almost a third (30.6%) of pupils who took part reported that they had accessed another person's account without permission, two-thirds (62.5%) reported that they had been booted off a game previously, and 37.6% had experienced a data breech. As predicted, previous experience of online victimisation was associated with a greater likelihood of an individual going onto engage in unauthorised access themselves. Contrary to predictions, there was no association between pupils' online presence (as determined by their use of more than five online services) and engaging in authorised access. Surprisingly, better knowledge of the CMA was associated with an increased likelihood of engagement in unauthorised access. It may be that perceived risk, rather than awareness of illegality, is key, although further research is needed to confirm this. Empirical and policy implications of findings are discussed.