Indonesia’s Cyber Resilience: At the Epicenter of ASEAN Digital Economy Growth

Dr. Kartina Sury, Senior Fellow at the Center for Indonesian Policy Studies (CIPS), examines the gaps and challenges that Indonesia faces in tackling cybersecurity threats and shares her recommendations. This article builds on Tech For Good Institute's (TFGI) latest research on cyber resilience.

This copy is also available in Bahasa Indonesia, click here to read

By Dr. Kartina Sury, Senior Fellow at the Center for Indonesian Policy Studies

With the country’s digital transaction value amounting to $77 billion (or 40% of the region’s total) in 2022, Indonesia continues to be a key player in Southeast Asia’s digital economy. The total digital transaction value is expected to double to $130 billion by 2025, further establishing Indonesia as a significant contributor to the region’s dynamic digital economy. In addition, Indonesia fosters a healthy startup ecosystem and is ranked 6th globally in terms of the number of startups, with over 2,400 businesses. Over the next few years, the country continues to prioritise digital transformation as one of its national priorities.  

However, Indonesia’s rapid digitalisation also increases its exposure to challenges such as cyber threats. This includes risks in data breaches in government departments, state-owned enterprises, and financial services sectors which could potentially affect millions of customers. For example, data leaks and identity theft are major concerns, accounting for 88% of cyber attacks in the past three years. A 2021 report by the Ministry of Communications and Informatics (MoCI) revealed that 93% of data leak cases were due to underlying cyber security issues. This highlights the need for Indonesia to pursue efforts that would promote cyber resilience. 

Challenges to Indonesia’s Cyber Resilience

Indonesia’s cyber resilience is a concern due to uncertainties in its preparedness for digital transformation across industries. In 2022, National Cyber and Crypto Agency (BSSN) recorded almost a billion cyber attack cases, with over half being malware-related, data leaks accounting for 15%, and trojan activity making up around 10%. In the first half of 2023 alone, Indonesia is recorded to have experienced more than 347 million cyber attack cases, with the highest number of cases being due to ransomware incidents.

In addition to the threats of cyber attacks, there is room for improvement in Indonesia’s regulatory landscape.  Currently, laws related to cyber resilience are fragmented.  For instance: 

  • Government Regulation No. 71/2019 focuses on cybercrimes related to electronic transactions, neglecting critical infrastructure attacks 
  • Ministry of Defence (MOD) Regulation No. 82/2014 addresses military cyber defence but not public cybersecurity 
  • The Strategic Plans 2020–2024 of MoCI divides responsibilities between MoCI and BSSN for cyber defence and private data protection. The plan includes frameworks for emerging technologies like AI and machine learning, as well as the importance of electronic-based government services and implementing technologies such as big data, machine learning, and blockchain. However, specific action steps to support e-government are not specified, except for the need to collaborate at different governance levels.
  • The latest Presidential Decree No. 47/2023 emphasises the National Cyber Security Strategy and Cyber Crisis Management, and part of the key objectives are to protect the national digital economy ecosystem, enhance the strengths and capabilities of Cyber Security resilience, and prioritise national interests while supporting the creation of the global cyberspace. However, there is a need for further governance in the implementation of Cyber Risk and Mitigation. The Cyber Crisis Management of the stakeholders involved, particularly the Electronic System Providers (PSE), demands more comprehensive instructions and audited plans to protect consumers.

A CIPS study revealed shortcomings, including the need for skilled human resources within MoCI, standardised response mechanisms, co-regulation with non-governmental representatives, and clarifying mandates between ministerial bodies.

In terms of personal data protection, the regulation lacks clarity on how the public receives information in case of cyber crimes or data breaches. Communication mechanisms other than Otoritas Jasa Keuangan (OJK), which is the Financial Services Authority of Indonesia’s annual and tri-monthly financial reporting, are unclear. Furthermore, there is no consistent understanding of practical steps for businesses, consumers, and organisations to implement and enhance cybersecurity.

Towards Improved Cyber Resilience in Indonesia

As such, there are key considerations for Indonesia to strengthen its cybersecurity posture.  These policy recommendations aim to increase the country’s capability to adapt to the constantly evolving cyber threats. 

In conclusion, building cyber resilience is a necessary pillar for Indonesia to maintain its position as a key digital economy hub in Southeast Asia. To enhance resilience, harmonising cybersecurity regulations, establishing the National Cyber Agency, and implementing a standardised blueprint for data protection are essential. International partnerships will strengthen Indonesia’s capability to address cyber threats and vulnerabilities. It is important to encourage a whole-of-society approach through creating platforms where governments, businesses, and the civil society can work together. Finally, promoting digital literacy can help address shortages in cybersecurity professionals and also raise the awareness of the public on corresponding cyber risks.  

 

The views and recommendations expressed in this article are solely of the author/s and do not necessarily reflect the views and position of the Tech for Good Institute.

Share this focus areas

Discover

How is Tech for Good Institute enabling digital economy and society in Southeast Asia?

Cite this article

Sury, K. (2023, August 30). Indonesia’s Cyber Resilience: At the Epicenter of ASEAN Digital Economy Growth. Tech For Good Institute. Retrieved from https://techforgoodinstitute.org/insights/country-spotlights/indonesias-cyber-resilience-at-the-epicenter-of-asean-digital-economy-growth/

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Senior Fellow & Founding Executive Director

Dr Ming Tan is Senior Fellow at the Tech for Good Institute; where she served as founding Executive Director of the non-profit focused on research and policy at the intersection of technology, society and the economy in Southeast Asia. She is concurrently a Senior Fellow at and the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide. Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore. Prior to joining the public sector, she was Head of Stewardship of the COMO Group.


Ming also serves on the boards of several private companies, Singapore’s National Volunteer and Philanthropy Centre, Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre. Her current portfolio spans philanthropy, social impact, sustainability and innovation.