As Indonesia's digital economy continues to expand, the nation faces mounting challenges in securing its digital infrastructure against evolving cyber threats. The rapid adoption of technologies such as generative artificial intelligence (GenAI) offers significant opportunities for innovation and growth, yet simultaneously introduces complex vulnerabilities that require urgent attention. 

The World Economic Forum's Global Cybersecurity Outlook 2025 highlights the growing complexity of the cyber threat landscape, driven by factors such as geopolitical tensions, rapid technological advancements, and the proliferation of interconnected supply chains. The report notes that 66 percent of organizations expect AI to have a significant impact on cybersecurity in the coming year, yet only 37 percent have processes in place to assess the security of AI tools before deployment. This gap indicates a pressing need for organizations to implement comprehensive security assessments for emerging technologies. 

Source: World Economic Forum, 2025 

In Indonesia, recent cyber incidents have brought to light vulnerabilities in both public and private sectors. In June 2024, a ransomware attack on the Temporary National Data Center (PDNS) in Surabaya disrupted services across over 200 government agencies, including immigration systems and online student registration platforms. The attackers deployed a variant of the LockBit 3.0 ransomware, demanding a ransom of approximately USD 8 million. Although the government refused to pay, the incident highlighted significant gaps in data backup and security protocols. 

Similarly, in September 2024, a major Indonesian cryptocurrency trading platform suffered a cyberattack resulting in losses of approximately USD 22 million. This breach exposed the vulnerabilities within the financial technology sector and the need for enhanced security measures to protect sensitive digital assets. 

The Indonesian government has recognized the urgency of strengthening cybersecurity frameworks. Efforts are underway to draft a comprehensive Cybersecurity and Cyber Resilience Bill aimed at protecting critical infrastructure and regulating the roles and obligations of entities in ensuring cybersecurity. Additionally, the government has issued AI Ethical Guidelines to promote responsible AI development and is actively participating in regional cybersecurity cooperation through ASEAN initiatives. 

Despite these measures, challenges persist. The same World Economic Forum report previously mentioned indicates that 35 percent of small organizations globally believe their cyber resilience is inadequate, a figure that has increased sevenfold since 2022. In contrast, larger organizations have made more significant strides in enhancing their cybersecurity posture. This disparity highlights the need for targeted support to bolster the cyber resilience of small and medium-sized enterprises (SMEs) in Indonesia. 

Source: World Economic Forum, 2025

Furthermore, the report emphasizes the importance of addressing supply chain vulnerabilities, with 54 percent of large organizations identifying supply chain challenges as the biggest barrier to achieving cyber resilience. In an increasingly interconnected digital ecosystem, the security of third-party vendors and partners becomes critical to the overall cybersecurity strategy. 

Building Resilience 

The rapid digital transformation of Indonesia's economy presents both opportunities and challenges. A study by the Center of Economic and Law Studies (CELIOS) projects that the digital economy could contribute an additional USD 150 billion to Indonesia's GDP by 2025. However, this growth is contingent upon addressing critical issues such as uneven digital infrastructure, a shortage of skilled cybersecurity professionals, and disparities in digital literacy across regions. 

In 2025, Indonesia's cybersecurity market is projected to generate approximately USD 2.71 billion in revenue, with security services accounting for USD 1.65 billion, according to Statista. The market is expected to grow at a compound annual growth rate (CAGR) of 9.63 percent, reaching USD 3.92 billion by 2029. Despite this growth, the average cybersecurity spending per employee in Indonesia remains relatively low at USD 18.89, compared to higher expenditures in more developed markets. 

The data security segment, while smaller, is anticipated to reach USD 10.67 million in 2025, with a CAGR of 13.54 percent leading to USD 17.74 million by 2029. These figures underscore the increasing demand for robust cybersecurity solutions as Indonesia's digital landscape evolves. 

The importance of cybersecurity in Indonesia cannot be overstated. The country’s digital economy is the largest in Southeast Asia and its large, young, and digital-savvy population carries significant potential in expanding that digital economy. 

As cyber threats continue to evolve in sophistication and scale, Indonesia must prioritize the development of a robust cybersecurity infrastructure. This includes investing in human capital to address the cybersecurity skills gap, implementing comprehensive security assessments for emerging technologies like AI, and fostering collaboration between public and private sectors to share threat intelligence and best practices. 

The path forward requires a concerted effort to balance the opportunities presented by digital innovation with the imperative of securing the nation's digital assets. By proactively addressing these challenges, Indonesia can build a resilient digital economy that safeguards its citizens, businesses, and critical infrastructure against the ever-changing landscape of cyber threats.