I. Executive Insight: The Cybersecurity Wake-Up Call in Indonesia
The digital landscape in Indonesia is under siege, facing a relentless barrage of cyber threats that demand immediate and comprehensive attention. One stark example of this escalating crisis occurred in June 2024, when Indonesia’s National Data Center fell victim to a sophisticated ransomware attack. This single incident brought critical government services to a standstill, including airport immigration processes, demonstrating the profound real-world impact that cyberattacks can have on a national scale . The disruption of essential services, such as immigration, not only caused significant inconvenience to citizens and travelers but also highlighted the vulnerability of even national-level infrastructure to determined cyber adversaries. This event serves as a potent reminder that no organization, regardless of its size or perceived security, is immune to the pervasive threat of cyberattacks. The tangible impact on daily life, exemplified by the airport disruptions, makes the threat more concrete and underscores the potential for even larger consequences for businesses and individuals if their data and systems are compromised.
While the attack on the National Data Center provides a dramatic illustration of the risks, the broader cybersecurity landscape in Southeast Asia paints an equally concerning picture. In 2024, a significant 84.5% of organizations in the Philippines, a neighboring country with similar economic growth and increasing digital adoption, reported experiencing cybersecurity breaches . This staggering statistic, while specific to the Philippines, strongly suggests a similar or even higher level of risk for organizations operating in Indonesia. Cyber threats often target entire regions, exploiting shared vulnerabilities and infrastructure. The sheer prevalence of breaches in a nearby country underscores that cybersecurity is not a localized issue but a pervasive challenge demanding immediate and widespread attention from nearly all organizations. Experiencing a breach is becoming an increasingly common occurrence, highlighting the urgent need for proactive and robust security measures.
Further evidence of the intense cyber threat facing Indonesia can be seen in the sheer volume of compromised credentials. In the first half of 2024 alone, over 315,000 Indonesian credentials were compromised, averaging more than 60 every hour . These compromised usernames and passwords act as keys that can unlock access to sensitive personal data, financial information, and critical organizational systems. Such breaches can lead to a cascade of cybercrime, including account takeovers, data theft, and even the deployment of ransomware. The relentless pace of these compromises, occurring every hour, emphasizes the continuous and evolving nature of cyberattacks, requiring constant vigilance and proactive defense strategies.
This report aims to provide a concise yet comprehensive overview of the current cybersecurity landscape in Indonesia, drawing upon recent data and significant incidents to highlight the key trends and challenges that organizations face in this increasingly perilous digital environment.
II. Indonesia’s Cybersecurity Pulse (2024-2025): A Region Under Digital Siege
Indonesia, as Southeast Asia’s largest economy and a rapidly growing digital hub, has become an increasingly attractive target for sophisticated cyber threats . Its expanding digital economy, coupled with its strategic importance in international trade and logistics, positions it as a focal point for cybercriminals and even state-sponsored actors. The nation’s large and growing internet user base, increasing reliance on digital services, and geopolitical positioning all contribute to its heightened risk profile, suggesting that the sophistication and volume of attacks are likely to continue their upward trend.
Several key threat vectors have been identified as particularly prevalent in Indonesia’s cybersecurity landscape. Ransomware attacks have emerged as a significant concern, with the Brain Cipher variant, a sophisticated form of LockBit 3.0 ransomware, gaining notoriety after crippling the National Data Center . The impact of ransomware extends far beyond mere data encryption, leading to significant operational disruptions, potential data loss, and severe reputational damage. The attack on the National Data Center vividly illustrates the potential for such attacks to paralyze essential government functions and erode public trust in digital infrastructure.
Phishing attacks also remain a persistent threat, with a notable emphasis on targeting the Information Services industry . This sector, which handles vast amounts of sensitive data including personal information and intellectual property, represents a high-value target for cybercriminals seeking financial gain or engaging in espionage. The focus on this industry underscores the attackers’ strategic understanding of where valuable data resides within the Indonesian digital ecosystem.
Data breaches continue to plague various sectors across Indonesia, including government, education, and retail . The recurring nature of these breaches suggests systemic vulnerabilities within organizations and highlights the critical need for stronger data protection measures and a more proactive approach to security. The fact that these incidents span diverse sectors indicates a widespread challenge rather than isolated occurrences.
Distributed Denial-of-Service (DDoS) attacks have also been recorded, with one notable incident reaching an unprecedented bandwidth of 693.00 Gbps . Such large-scale attacks can effectively cripple online services, causing significant disruption to businesses and individuals who rely on these platforms for essential services such as e-commerce and online banking. The sheer scale of this attack demonstrates the potential for severe service outages and the increasing sophistication of threat actors.
The interconnected nature of modern digital environments has also led to a rise in supply chain attacks . As Indonesian organizations increasingly rely on third-party services and technologies, the attack surface expands, creating new vulnerabilities that cybercriminals can exploit. Organizations must recognize the importance of assessing and managing the security posture of their vendors and partners to mitigate the risks associated with these interconnected ecosystems.
Social engineering tactics, including sophisticated social media impersonations and smishing (phishing via SMS), remain highly effective attack vectors in Indonesia . These methods exploit human psychology, often tricking individuals into revealing sensitive information or granting unauthorized access. The increasing sophistication of these attacks, sometimes leveraging AI to create more convincing scams, underscores the importance of user education and awareness training as a critical layer of defense.
Finally, malware infections, particularly InfoStealers, continue to pose a significant threat . The rise of “Stealer-as-a-service” platforms has made these malicious tools more readily available, leading to an increase in their use to harvest sensitive data such as login credentials and personal files. This type of malware can pave the way for further attacks, including account takeovers, financial fraud, and identity theft.
Adding to the complexity of the threat landscape is the active presence of threat actors targeting Indonesian enterprises on the dark web . These clandestine online marketplaces serve as hubs for trading stolen databases, malicious tools, and illicit services, highlighting the monetization of cyberattacks and the ongoing availability of compromised information that can be used for further malicious activities.
III. Key Statistical Highlights: Quantifying the Cyber Threat in Indonesia
The sheer volume and impact of cyber threats in Indonesia are underscored by several key statistical highlights from the past year. Data indicates a relentless barrage of attacks, with over 3,300 cyberattacks reported per week in the first half of 2023 . This consistently high frequency demonstrates the persistent and pervasive nature of cyber threats targeting the nation, requiring robust and continuous defense mechanisms.
Indonesia’s vulnerability on the global stage is further highlighted by its ranking as 8th globally in the number of data breaches in 2023 . This international comparison underscores the significant scale of data theft targeting the country, suggesting potential weaknesses in national cybersecurity infrastructure or practices. The upward trend in cyberattacks is also evident in the over 11 million incidents reported in the first quarter of 2023, representing a substantial 22% increase compared to the previous year . This escalating volume necessitates urgent and effective countermeasures, including increased investment in cybersecurity and the implementation of stronger preventative measures.
The impact of these attacks is further quantified by the staggering volume of data compromised. In the first half of 2024, over 660 million records and more than 1 terabyte of data were breached . This massive scale of compromised information has significant implications for the privacy and security of individuals and organizations alike. Additionally, over 315,000 credentials were compromised during the same period . Each of these compromised credentials represents a potential entry point for attackers to gain unauthorized access to sensitive systems and data.
Specific attack vectors also reveal concerning trends. The Information Services sector, a critical component of the digital economy, faced a significant 4,046 phishing attacks . This targeted approach indicates the strategic focus of attackers on obtaining valuable information from this sector. Moreover, a single DDoS attack reached an extraordinary peak bandwidth of 693.00 Gbps , demonstrating the potential for highly disruptive attacks on Indonesia’s online infrastructure.
Analyzing the industry focus of cyber threats reveals that the Information industry was the primary target of dark web activities, accounting for 12.74% of observed incidents . This reinforces the trend of attackers prioritizing sectors rich in valuable data. Conversely, the Manufacturing sector was the most affected by ransomware attacks, representing 17.97% of such incidents . This suggests that the potential for operational disruption and significant financial losses makes this sector a prime target for ransomware.
Examining the ransomware landscape further, LockBit 3.0 emerged as the most prevalent ransomware group targeting Indonesia, responsible for 23.44% of all reported attacks . Identifying the dominant ransomware strains allows organizations to better understand the specific threats they face and tailor their defenses accordingly.
IV. Noteworthy Cybersecurity Incidents: Real-World Impact of Cyber Threats
The statistical data on cyber threats in Indonesia is brought into sharp focus by several noteworthy incidents that have occurred in the past year, illustrating the real-world impact of these attacks.
One of the most significant events was the ransomware attack that crippled Indonesia’s National Data Center in June 2024 . This attack, utilizing the Brain Cipher variant of LockBit 3.0 ransomware, disrupted critical government services for several days, including immigration processes at airports and online student registration. The attackers demanded an $8 million ransom, which the Indonesian government refused to pay. Alarmingly, it was revealed that a significant portion of the data stored in the center had not been backed up, leading to potential data loss and prolonged recovery efforts. This incident exposed significant vulnerabilities in Indonesia’s critical infrastructure and highlighted a critical failure in basic cybersecurity practices.
In August 2024, the National Civil Service Agency (BKN) suffered a data breach that compromised over 4.7 million records of civil servants . The exposed information included sensitive personal details such as names, phone numbers, and email addresses, raising serious concerns about potential identity theft and other malicious activities targeting this large segment of the population. This breach underscored the vulnerability of government databases and the need for enhanced security measures to protect the personal data of citizens.
Another concerning incident occurred in September 2024, with a suspected data breach at Indonesia’s tax agency . This breach reportedly compromised the taxpayer identification numbers of high-profile individuals, raising concerns about the security of sensitive financial data and the potential for targeted attacks or fraud.
Beyond these high-profile incidents, various industries in Indonesia have also been targeted by ransomware attacks. The finance, manufacturing, and transportation sectors have all experienced such attacks , demonstrating the broad reach of this type of cyber threat across critical infrastructure and economic sectors. These attacks can disrupt operations, put sensitive data at risk, and lead to significant financial losses for the affected organizations.
Furthermore, in September 2024, a Jakarta-based cryptocurrency exchange, Indodax, reported a data breach that resulted in the theft of $22 million in digital coins . This incident highlights the increasing targeting of the financial sector, including the burgeoning cryptocurrency market, and underscores the need for robust security measures to protect digital assets.
To provide a clearer picture of the scale and nature of these threats, the following table summarizes some of the major cybersecurity incidents that occurred in Indonesia in 2024:
Table 1: Timeline of Major Cybersecurity Incidents in Indonesia (2024)
| Date | Incident Description | Impact | Ransom Demand (if applicable) | Source(s) |
|---|---|---|---|---|
| June 2024 | Ransomware Attack on National Data Center | Disruption of government services, potential data loss | $8 million | |
| August 2024 | Data Breach at National Civil Service Agency (BKN) | Compromise of over 4.7 million civil servant records | N/A | |
| Sept 2024 | Suspected Data Breach at Indonesia’s Tax Agency | Compromise of taxpayer identification numbers of high-profile individuals | N/A | |
| Sept 2024 | Data breach at Jakarta-based crypto exchange Indodax | Theft of $22 million in coins | N/A | |
| Ongoing | Ransomware attacks on Finance, Manufacturing, Transport | Operational disruption, data at risk | Varies |
This timeline illustrates the diverse range of cyber threats targeting Indonesia, from national infrastructure to personal data and financial assets, emphasizing the urgent need for comprehensive and proactive cybersecurity strategies.
V. The Human Factor: Awareness and Preparedness – A Mixed Bag
Despite the clear and present danger posed by cyber threats, the level of cybersecurity readiness among Indonesian organizations presents a mixed picture. A 2024 survey indicated that only a concerning 12% of Indonesian organizations have achieved a mature level of cybersecurity readiness, while a significant 47% remain in the nascent stages of development . This substantial gap in preparedness leaves a large majority of organizations significantly vulnerable to sophisticated cyberattacks. The high percentage of organizations in the early stages of readiness suggests a lack of foundational security practices and a potential underestimation of the risks involved.
Furthermore, challenges in supply chain security contribute to the overall vulnerability. Data from the Philippines, likely indicative of the broader Southeast Asian region, reveals that 32% of organizations have no way of detecting cybersecurity incidents within their supply chains . This lack of visibility into the security posture of third-party vendors and partners creates a significant blind spot, as attackers can exploit vulnerabilities in the supply chain to gain access to an organization’s systems and data. Compounding this issue is the finding that 65% of Filipino organizations either do not or only somewhat prioritize third-party cybersecurity risk management . This low prioritization, despite the evident risks, highlights a potential area for significant improvement in organizational security practices.
On a more positive note, there appears to be a growing awareness of the need for increased investment in cybersecurity. A substantial 90% of Filipino organizations reported budget increases for third-party cybersecurity risk management . This trend suggests that organizations are beginning to recognize the financial and operational risks associated with inadequate cybersecurity and are allocating more resources to address these challenges.
However, a potential obstacle to effective cybersecurity is the discrepancy between perceived confidence and actual readiness. Despite the low levels of maturity in cybersecurity readiness, 31% of companies report feeling very confident in their ability to stay resilient amidst the evolving threat landscape . This misplaced confidence could lead to underinvestment in necessary security measures or a lack of urgency in addressing existing vulnerabilities. An accurate and realistic assessment of an organization’s security posture is crucial for effective planning and resource allocation.
Another significant challenge facing Indonesia’s cybersecurity landscape is the growing shortage of skilled cybersecurity professionals . This lack of talent hinders organizations’ ability to effectively defend against increasingly sophisticated cyber threats. Addressing this skills gap through investments in training and development programs, as well as attracting and retaining cybersecurity talent, is essential for strengthening the nation’s overall cyber defense capabilities.
Recognizing the importance of the human factor in cybersecurity, the Indonesian government has initiated public awareness campaigns to educate citizens about fundamental cybersecurity practices . These initiatives aim to improve public understanding of online threats such as phishing and to promote safer online behaviors. Raising public awareness is a critical component of building a stronger overall cybersecurity posture in the nation, as educated users are less likely to fall victim to social engineering attacks and are better equipped to protect themselves online.
VI. Government Response and Policy Shifts: Fortifying Digital Defenses
The Indonesian government has recognized the escalating cyber threat and has taken significant steps to strengthen the nation’s digital defenses through various policy initiatives and regulatory changes.
A key development is the approval of the National Cybersecurity Plan (NCSP) 2023-2028 by the President in February 2024 . This comprehensive roadmap aims to protect Indonesian institutions, resources, and citizens from the increasing volume and sophistication of cyberattacks. The NCSP reflects a high-level commitment to bolstering the country’s digital resilience and provides clear policy directions and actionable steps to enhance the security of critical systems, safeguard valuable digital assets, and empower citizens to navigate the digital landscape safely. Its objectives are multi-faceted, including strengthening digital defenses, securing assets, empowering citizens with knowledge, establishing clear response protocols, enhancing threat detection and assessment, fostering international partnerships, building workforce capacity in cybersecurity and related fields, redirecting local hackers towards ethical cybersecurity roles, strengthening national security within the armed forces and police, integrating cybersecurity into national development plans, protecting citizens’ rights and digital transactions, modernizing government services through digital security, promoting collaboration between government and private sectors, educating the public about online scams and risks, and ultimately improving Indonesia’s global cybersecurity standing .
In January 2024, the National Cyber and Crypto Agency (BSSN) issued two new regulations: Regulation No. 1/2024 on Cyber Incident Management and Regulation No. 2/2024 on Cyber Crisis Management . These regulations establish crucial frameworks for handling cyber incidents and crises, aiming to improve the nation’s overall response capabilities. Regulation No. 1/2024 defines Cyber Incident Response Teams (CIRTs) at national, sectoral, and organizational levels for both Essential Service Providers (ESPs) and non-ESPs, mandating the reporting of cyber incidents. Regulation No. 2/2024 focuses on the preparation and implementation of cyber crisis management, requiring the development of Cyber Crisis Contingency Plans by January 2025. These structured approaches aim to create a more resilient cybersecurity ecosystem by defining roles, responsibilities, and procedures for responding to and recovering from cyber threats.
The government has also emphasized the importance of strengthening coordination between key agencies involved in cybersecurity. The Ministry of Communication and Digital Affairs and BSSN are collaborating to address emerging threats and regulatory challenges, aiming for a more unified and effective approach to national cybersecurity . This improved coordination is crucial for resolving regulatory overlaps and ensuring a cohesive national strategy.
Furthermore, initiatives such as the development of a National Digital Firewall and the establishment of Computer Security Incident Response Teams (CSIRTs) in every government institution are underway . These efforts demonstrate a proactive approach to safeguarding digital assets and ensuring real-time incident response capabilities within the government sector.
A significant policy shift occurred with the full implementation of the Personal Data Protection (PDP) Law in October 2024 . This law aims to strengthen data privacy and security for Indonesian citizens by imposing strict requirements on the collection, processing, and storage of personal data. The PDP Law has extraterritorial effect, meaning it applies to organizations processing the personal data of Indonesian citizens regardless of their location. Key aspects of the law include layered requirements for cross-border data transfer, mandatory data breach notification within 72 hours of discovery, and the potential for administrative and criminal sanctions for non-compliance. This legislation marks a significant step towards establishing a comprehensive legal framework for data protection in Indonesia, aligning it with international standards and increasing accountability for organizations handling personal data.
