Is it possible to get spyware or malware on an iPad?

Due to the system architecture of iOS/iPadOS, unless jailbroken (don’t go there!), your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable. 

Be wary of the myth that Apple devices are immune to malware; those that perpetuate this untruth do not fully comprehend the broader threat landscape. Consider that if the myth (and over-generalisation) were true, Apple would not need to expend considerable resources in developing and issuing regular security updates and patches for their products.

While your iPad is unlikely to be directly infected by malware, it is still possible to easily download an “infected” file to the iPad - which if transferred elsewhere still has the capacity to infect other computer systems with malware.

Perhaps the majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email. These browser-based attacks can largely be mitigated by installing a good Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024

1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently. 

Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.

1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps.

A further measure to improve protection is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I strongly recommend using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:

Quad9 (recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9

OpenDNS

208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2

Cloudflare+APNIC

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other Content Blocker provides defense in depth.

There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC), but these are perhaps beyond the immediate skills of novice users.