top of page
Image by KOBU Agency

Indonesia  Scorecard

Indonesia is a high-exposure, high-activity cyber environment anchored by one of the largest digital economies in ASEAN. NSOC and BSSN, along with financial regulators, are making serious efforts to improve national cyber resilience, but the combination of fragmented law, rapid digitalization, and massive scam volumes means risk remains elevated.

​

From a defender’s standpoint, Indonesia is too big and too digitized to ignore: any SEA-focused threat model must treat it as a priority monitoring zone for ransomware, fraud, and large-scale data breaches, even if it is not as geopolitically “hot” as the Philippines or Vietnam.

Overall Position : Huge digital economy, high and rising threat activity, moderate but improving maturity with fragmented governance and very serious fraud problems.​

​

Cyber Maturity                                             6/10                                           National structures and strategies exist, but laws and roles remain fragmented.

 â€‹â€‹â€‹â€‹

Threat Activity                                             8/10                                Very high attack volume across sectors, including ransomware, phishing, and data theft.

​​​​​​

Digital Exposure                                          9/10                 One of ASEAN’s largest digital economies, with huge online banking, e-commerce, and superapps.

​​

Law Enforcement Capability                         5/10                                                    Growing capability and regulatory activity, but overloaded by scam volume.

​​

Geopolitical Risk                                           5/10                                                          Regionally important power with moderate geopolitical cyber exposure.

​​​

Scam/Fraud/Trafficking                               7/10                       Massive online loan and investment scams; not a scam-compound hub, but a huge victim & conduit.

 CYBER MATURITY ASSESSMENT

Indonesia has a national cyber agency (BSSN), a National Cyber Security Strategy, and new regulations around crisis management and critical infrastructure, but its legal framework is still fragmented and evolving.

​

  • BSSN coordinates national cybersecurity and runs NSOC for threat monitoring.

  • Presidential Decree 47/2023 defines national cyber strategy & crisis management.

  • New sectoral regs require contingency plans and incident handling, especially in critical infrastructure.

  • Governance remains complex; laws scattered across multiple acts and agencies.

6/10

DIGITAL EXPOSURE

Indonesia is one of ASEAN’s largest digital markets with massive e-commerce, ride-hailing, fintech, and online banking usage. This translates into a huge, fast-growing attack surface.

​

  • Rapidly expanding digital banking and online transactions.

  • Major platforms (Tokopedia, Gojek, etc.) and millions of SMEs online.

  • High smartphone and internet penetration across urban centers.

  • Digital exposure growing faster than many organizations’ security maturity.

9/10

GEOPOLITICAL & ECONOMIC DRIVERS

Indonesia is a regional heavyweight with a central role in ASEAN and a large digital economy, but it is not a frontline player in the South China Sea disputes. That gives it moderate geopolitical cyber risk rather than extreme exposure.

​

  • Important in ASEAN politics and regional economic architecture.

  • Less intense direct military/geopolitical pressure than PH/VN in South China Sea.

  • Still an attractive target for regional espionage and economic intel-gathering.

5/10

CURRENT THREAT ACTIVITY

Threat activity is high and growing, with huge numbers of anomalies, frequent ransomware incidents, and constant phishing and fraud campaigns across public and private sectors.

​

  • NSOC recorded 3.8 billion “traffic anomalies” over 5 years.

  • Ransomware, phishing, and data breaches are expected to intensify, according to national cyber exercises and research.

  • Large digital economy makes Indonesia an attractive target for both cybercrime and potential espionage.

8/10

LAW ENFORCEMENT & CYBERCRIME CONTROL

Indonesia is actively building cybercrime enforcement capacity and financial oversight, but the volume of scams and fraud reports shows substantial enforcement gaps and strain.

​

  • OJK and Satgas PASTI report tens of thousands of complaints about illegal online loans and investments.

  • New POJK 12/2024 sets stricter fraud reporting & control requirements in finance.​

  • Joint exercises and capacity-building on ransomware & cyber threats with law enforcement and regulators.

  • Enforcement is active but struggling to keep pace with scam scale and sophistication.

5/10

SCAM / HUMAN TRAFFICKING / FRAUD INTERSECTION

Indonesia has a huge problem with digital scams, especially illegal online loans, investment fraud, and account takeovers. It is more a massive victim & conduit than a core scam-compound host like Cambodia or Myanmar.

​

  • OJK reports over 15k complaints in 2024 alone about illegal entities, mostly online loans.

  • Financial sector heavily targeted; new rules demand faster scam reporting (e.g., report within 10 minutes).

  • Indonesian victims also show up in regional scam-compound investigations.

  • ​Not as infamous as Cambodia/Myanmar for physical compounds, but deeply entangled in the scam/fraud ecosystem.

7/10

bottom of page