AI’s penetrating influence and Indonesia’s cybersecurity status
AI’s penetrating influence and Indonesia’s cybersecurity status
Publish Date: 2026-05-06 00:56:00
Source Domain: indonesiabusinesspost.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
By Alex Cheung
As artificial intelligence (AI) becomes more embedded across Indonesia’s economy, questions arise about whether the systems around it are keeping pace.
The National Cybersecurity Index, published by the European based e-Governance Academy, measures how prepared countries are to prevent and respond to cyber threats. Its latest reading places Indonesia 84th globally, down from 48th in 2023, and behind regional peers such as Singapore, Malaysia, and the Philippines. While the index has its limitations, relying on disclosed data and not fully capturing unreported improvement efforts, a shift of this scale is difficult to overlook.
This comes at a time when Indonesia’s reliance on digital systems is deepening. The country’s digital economy is projected to reach US$130 billion, accounting for nearly 44 percent of Southeast Asia’s total. Across public services, financial institutions, and the private sector, AI is reshaping how decisions are made and how services are delivered. As that integration accelerates, cyber incidents are no longer confined to IT systems, with effects playing out across economies and in everyday life.
A growing issue
Indonesia has already seen how this can play out. In June 2024, a ransomware attack on the Temporary National Data Center disrupted services across 44 state agencies and nearly 300 government offices, including immigration systems and major airports. Beyond the immediate operational disruption, the attack also highlighted gaps in existing backup systems and crisis response protocols.
Subsequent incidents suggest this was not an isolated case. According to Kaspersky’s 2025 Security report, nearly 40 million on-device threat attempts targeted Indonesian users in a single year. In October 2025, a hacker using the “Bjorka” name claimed access to data on 341,000 police personnel, releasing names and contact details online, alongside separate claims of large-scale SIM card and student data breaches. While not all these threats have been verified, they point to the scale and persistence of the cyber threat landscape Indonesia is facing.
Changed rules and unreadiness
What has fundamentally changed is the nature of the systems now at risk. AI has altered how cyber threats are generated and deployed, but much of the response still reflects an earlier model of cyber risk. AI-generated phishing campaigns, deepfake-enabled deception, automated denial-of-service attacks, and machine-learning-driven threats are no longer emerging risks but operational realities. Deloitte’s Global Future of Cyber Survey found that 40 percent of organizations disclosed six to 10 cybersecurity breaches within a single year, with cyber criminals and terrorists identified as the leading threat actors.
The challenge is not a lack of cybersecurity frameworks. It is that many were designed for a different era. Earlier approaches assumed threats were episodic, human-led and containable. Today’s risks are persistent, automated and able to scale quickly.
In that context, strengthening existing controls will not be enough. The shift required is from treating cybersecurity as a compliance checkbox to cyber-resilience as a core design principle through ‘security by design’.
Resilience in practice
Cyber resilience is often discussed in abstract terms. It needs to be built into systems from the start through “security by design”, across three dimensions of people, process and technology that Indonesia needs to address seriously and simultaneously.
The first dimension of people is centered around talent. Every layer of this problem, securing AI systems, responding to incidents, auditing data governance, ultimately depends on people with the right skills. As we usually say in Cybersecurity, people are the weakest link. Demand for professionals who span cybersecurity, data, and machine learning continues to outpace supply, not just in Indonesia but globally. The country needs to treat digital talent development with the same urgency it brings to infrastructure investment.
The second dimension of process is related to governance. Indonesia has taken important steps in establishing ethical and sector-specific AI frameworks, providing clarity around transparency and accountability. As AI becomes more deeply embedded in sensitive domains, governance frameworks need to extend beyond principles and address how systems perform during disruption. Global benchmarks increasingly emphasise this approach. As an example, Deloitte’s latest Trustworthy AI framework outlines seven interconnected dimensions (safety, accountability, reliability, transparency, privacy, fairness, and social responsibility) that organizations can use as a practical guide for responsible deployment.
The final dimension of technology is infrastructure. As AI systems automate decisions and process sensitive data at scale, continuous monitoring, automated threat detection, and rapid response capabilities need to be built in, not added on after deployment. The ransomware incident made clear that it is no longer about whether incidents occur, but how quickly and well systems can recover.
Whole-of-society effort
What makes this challenge genuinely difficult is that cyber resilience cannot be resolved by any single actor. It requires coordination across government, industry, academia, and civil society; and it requires those actors to occasionally make uncomfortable decisions. Indonesia is not alone in this. But as AI becomes more deeply embedded, the implications are becoming harder to ignore.
Indonesia has laid strong foundations for AI-driven growth. But foundations crack when the ground shifts and the ground is shifting fast. The choices being made right now, in people (talent), process (governance) and technology (infrastructure), will not just determine how rapidly AI is adopted in Indonesia, but more importantly, how confidently it can be relied upon.
The writer is Management Consulting Director, Digital Trust & Privacy, Deloitte Indonesia.
