A Cybersecurity Perfect Storm in Indonesia

Indonesia is facing what experts might call a “cybersecurity perfect storm”—a convergence of global, regional, and local factors that heighten the country's vulnerability to cyber threats. As Southeast Asia’s largest digital economy, Indonesia must address key cybersecurity challenges swiftly to protect its digital transformation and economic ambitions. Below are some of the most pressing issues:

1. Cybersecurity Workforce Gap

ISC2’s  (http://isc2.org/) Global Cybersecurity Workforce Survey reports a global talent shortage nearing 4 million professionals, with the Asia Pacific region facing a deficit of 2.67 million. In Indonesia, the shortage is particularly acute. Hiring a capable cybersecurity expert can take 6 to 8 months, with retention proving just as difficult. As a result, many internal teams across sectors remain understaffed—leaving organizations exposed to risks due to insufficient capacity to proactively detect and respond to cyber threats.

2. Booming Digital Economy

With a young, tech-savvy population and over 200 million Internet users, Indonesia's digital ecosystem is rapidly growing. According to the e-Conomy SEA 2023 report by Google, Temasek, and Bain & Company, Indonesia has the largest digital economy in Southeast Asia, projected to reach USD 110 billion by 2025, and expected to double by 2030.

As businesses digitize services to meet consumer expectations, they also expand their attack surfaces. This shift increases the potential for cyberattacks, especially among organizations that have not yet matured their cybersecurity governance and controls.

3. Low Public Awareness and Education

The 2024 survey by APJII (Indonesia’s Internet Service Providers Association) reveals a worrying trend: when asked about perceived cybersecurity risks, 42.5% of respondents answered “I don’t know.” This lack of awareness is troubling in light of the growing sophistication of phishing schemes, social engineering, and other types of attacks that exploit human vulnerabilities. Without basic cybersecurity literacy, the general public remains a soft target.

Is There Hope on the Horizon?

Despite these mounting challenges, Indonesian organizations—especially Chief Information Security Officers (CISOs)—are working to build resilient cybersecurity postures. One approach gaining traction is the use of cybersecurity maturity models to guide strategic development.

The Cybermaturity Platform by the CMMI Institute is one such tool. It categorizes organizations into levels from Initial (Level 1) to Optimized (Level 5), helping them identify their current capabilities, gaps, and areas for improvement. Maturity assessments involve self-evaluations, gap analyses, and improvement roadmaps that cover technology, processes, and people.

To address talent shortages, many Indonesian organizations are shifting toward internal capacity building. Instead of relying solely on new hires, companies are investing in professional development to upskill existing employees, ensuring sustainable growth of cybersecurity expertise.

To ensure accountability, organizations are encouraged to undergo independent audits to track their cybersecurity progress over time. Regular reassessments and updated maturity scores help reflect real improvements and inform future investments. A higher maturity level ultimately indicates stronger protection of digital assets and data.

Where Does Indonesia Stand Today?

While comprehensive maturity benchmarking across industries remains limited, some public data offers insight:

• In 2023, the National Cyber and Crypto Agency (BSSN) assessed 65 government institutions and found 45 had a maturity score of 2.59 or better, with the highest at 4.85.
• A 2013 regulation from the Ministry of State-Owned Enterprises (SOEs) required all SOEs to reach Level 3 maturity within five years. Follow-up regulations have focused on enhancing Governance, Risk, and Compliance (GRC) functions, demonstrating sustained momentum toward cyber resilience.

Closing the Cybersecurity Gap

Indonesia stands at a critical juncture in its digital journey. Although the average cybersecurity maturity still hovers around the “Defined” level, significant progress is being made. Organizations are enhancing their capacity to detect, respond to, and recover from increasingly complex cyber incidents.

To remain competitive and safeguard its economic potential, Indonesia must prioritize cybersecurity readiness as a national imperative. This includes investing in people, strengthening regulatory frameworks, encouraging collaboration between public and private sectors, and promoting cybersecurity awareness at all levels of society.

By doing so, Indonesia can weather the perfect storm and emerge as a cyber-resilient leader in Southeast Asia’s digital economy.

 ***

This article was first published in the July 2024 edition of GGI Insider - General Articles, a publication by Geneva Group International (GGI) featuring insights from professionals across the globe.

Protemus Capital is pleased to contribute to this global platform by highlighting the growing importance of cybersecurity in cross-border legal and financial transactions. As threats evolve, our perspective emphasizes the need for secure data infrastructure, regulatory compliance, and risk mitigation strategies in today’s increasingly digital deal-making environment.