The survey of 10,000 consumers (5,000 from each country) found that 87 percent said that they didn't feel comfortable visiting new domains, presumably an issue connected to unfamiliarity.
Roughly half claimed that their insecurity would be helped by companies being clearer about the steps being taken to protect their data.
NCC Group has yet to release the full findings of the report entitled New Internet Study so it's hard to make any complex judgements about what is causing public mistrust or even how deep it runs, but the fact that it appears to be a real phenomenon should give enterprises looking to use new domains pause for thought.
It is possible that after two decades of using a tiny number of well-known of domains, the increasingly mobile-oriented population either doesn't understand the need for the domain expansion or is in the dark about its potential benefits.
The confusion hasn't stopped domain registration firms pushing new-fangled domains at high prices with many bigger brands forced to buy them as a precaution.
A striking example of this phenomenon was last month's purchase by singer Taylor Swift of the TaylorSwift.porn and TaylorSwift.adult domains ahead of their public launch in June, in both cases to stop others from using them.
Even more controversial has been the .sucks domain, reportedly bought by a clutch of large firms such as Microsoft, Facebook and Apple simply to scotch the possibility of troll websites.
All of these domains will have cost four-figure sums each year and it seems unlikely that any of them will ever be used by their new owners to host a working site.
"The Internet is undergoing the biggest change in its history, causing uncertainty for consumers. We've also shown that the new domains are already being used for nefarious purposes, with users expressing security concerns too," commented NCC Group CEO, Rob Cotton, referring to the parallel issue of security.
Do consumers trust websites wearing names they've never encountered before or do they instinctively believe them to be more risky
"Businesses cannot afford to do nothing here. The new gTLDs offer a wealth of possibilities for cyber criminals to attack an organisation's online presence. Brand reputation, customer trust and ultimately revenue are all at risk," added Cotton. "Organisations need to make a decision and quickly. Doing nothing is not a solution."
Fifty gTLDs had been co-opted to launch phishing campaigns in the last 10 months, he said, although one could argue that the domains from which phishing is sent are probably irrelevant from the end user's point of view.
Last year, NCC Group launched its own premium domain, .Trust domain, designed to guarantee basic security standards by every firm using it.