In 2019, the Indonesian National Cyber and Crypto Agency (BSSN) reported 290 million cases of cyberattacks. That was 25% more than the previous year, when cybercrimes had caused losses of USD 34.2 billion for Indonesia. The Covid-19 pandemic in 2020 triggered a significant increase in phishing attacks, malspams and ransomware attacks, adding to the urgency of establishing a well-functioning infrastructure for cybersecurity in Indonesia.
Indonesian cybersecurity laws and regulations created fragmented responsibilities across different ministries and they remain ineffective in preventing cyberthreats and cybercrime. A comprehensive regulation on cybersecurity is urgently needed in Indonesia.
The Indonesian parliament has been discussing an overarching Cybersecurity Bill but the process did not involve the private sector. As a result, the Bill contained provisions that were overly cumbersome and costly for businesses, requiring certifications, accreditations, and approval from BSSN for developing services and products. Local content requirements added further risks to Indonesia’s cybersecurity. The Bill was heavily criticized and later withdrawn from the parliamentary agenda in 2020 and 2021.
A revised Cybersecurity Bill should clearly define and delineate the roles, responsibilities, and authorities of relevant institutions in addressing cybersecurity threats.
The Indonesian parliament and BSSN should engage in a Public-Private Dialogue (PPD) when deliberating the bill. Engaging in PPD has proven to help sharing relevant information and experiences and producing sensible and workable policies supported by a broad base of stakeholders.