Bridging the Gap Between Policy and Practice: Evaluating Indonesia’s Cybersecurity Regulatory Framework (2020–2023)
DOI:
https://doi.org/10.61978/data.v2i1.695Keywords:
Cybersecurity, Policy Evaluation, Digital Governance, Indonesia, Cyber Threats, Regulatory Effectiveness, ASEANAbstract
Indonesia's rapid digital transformation has heightened its exposure to cybersecurity threats, prompting the introduction of several national policies aimed at enhancing cyber resilience. This study evaluates the effectiveness of three key regulations—Peraturan BSSN No.8/2020, Perpres 82/2022, and Perpres 47/2023—through a qualitative policy analysis framework. Data were drawn from national cyber incident statistics, regulatory documents, and secondary literature. Methodologically, the study applies qualitative frameworks and correlates policy timelines with cyber incident volumes between 2020 and 2023. Statistical tools, including time-series and regression analyses, are used to determine regulatory impacts on threat reduction. Findings reveal that while the regulations establish a strong structural foundation, implementation remains weak. Cyber incidents continued to rise post-regulation, and key challenges such as agency fragmentation, underinvestment (0.02% of GDP), and limited stakeholder collaboration persist. Case studies, including breaches at Dukcapil and Imigrasi, underscore the urgent need for better enforcement and inter-agency coordination. Comparative analysis with regional peers like Singapore highlights further room for improvement in governance and public-private synergy. The study concludes that Indonesia’s cybersecurity policies are directionally sound but require systemic reforms, centralized coordination, and investment scaling to achieve tangible outcomes. These insights contribute to the literature on regulatory effectiveness and cyber governance in emerging economies
References
Abrahams, T., Ewuga, S., Kaggwa, S., Uwaoma, P., Hassan, A., & Dawodu, S. (2024). Mastering compliance: a comprehensive review of regulatory frameworks in accounting and cybersecurity. Computer Science & IT Research Journal, 5(1), 120-140. https://doi.org/10.51594/csitrj.v5i1.709 DOI: https://doi.org/10.51594/csitrj.v5i1.709
Alexandri, M., Usman, I., Narimawati, U., & Taryana, A. (2023). Unraveling the fintech landscape: a systematic mapping study on the impact of financial technology innovation on investment decision-making in ASEAN banking. Khazanah Sosial, 5(1), 113-124. https://doi.org/10.15575/ks.v5i1.24555 DOI: https://doi.org/10.15575/ks.v5i1.24555
Arafa, A., Sheerah, H., & Alsalamah, S. (2023). Emerging digital technologies in healthcare with a spotlight on cybersecurity: A narrative review. Information, 14(12), 640. https://doi.org/10.3390/info14120640 DOI: https://doi.org/10.3390/info14120640
Atkins, S., & Lawson, C. (2021). An improvised patchwork: Success and failure in cybersecurity policy for critical infrastructure. Public Administration Review, 81(5), 847–861. https://doi.org/10.1111/puar.13322 DOI: https://doi.org/10.1111/puar.13322
Bagui, L., Lusinga, S., Pule, N., Tuyeni, T., Mtegha, C., Calandro, E., … & Solms, B. (2023). The impact of COVID‐19 on cybersecurity awareness‐raising and mindset in the Southern African Development Community (SADC). The Electronic Journal of Information Systems in Developing Countries, 89(4). https://doi.org/10.1002/isd2.12264 DOI: https://doi.org/10.1002/isd2.12264
Benjamin, L., Adegbola, A., Amajuoyi, P., Adegbola, M., & Adeusi, K. (2024). Digital transformation in SMEs: Identifying cybersecurity risks and developing effective mitigation strategies. Global Journal of Engineering and Technology Advances, 19(2), 134–153. https://doi.org/10.30574/gjeta.2024.19.2.0084 DOI: https://doi.org/10.30574/gjeta.2024.19.2.0084
Blamire, J., & Rees, J. (2025). Robust local governance responses in the context of turbulence: The case of collaborative and co‐created COVID‐19 pandemic responses in two local authority areas in England. Social Policy and Administration, 59(2), 350–359. https://doi.org/10.1111/spol.13126 DOI: https://doi.org/10.1111/spol.13126
Darmawan, A., Yuliawan, D., Aida, N., & Husain, F. (2024). Identifying the influence of foreign direct investment toward the ASEAN Economic Community 2025. KNE Social Sciences. https://doi.org/10.18502/kss.v9i14.16090 DOI: https://doi.org/10.18502/kss.v9i14.16090
Elendu, C., Omeludike, E., Oloyede, P., Obidigbo, B., & Omeludike, J. (2024). Legal implications for clinicians in cybersecurity incidents: A review. Medicine, 103(39), e39887. https://doi.org/10.1097/md.0000000000039887 DOI: https://doi.org/10.1097/MD.0000000000039887
Estiyovionita, K., & Sitamala, A. (2022). ASEAN's role in cybersecurity maintenance and security strategy through an international security approach. Lampung Journal of International Law, 4(2), 77–86. https://doi.org/10.25041/lajil.v4i2.2556 DOI: https://doi.org/10.25041/lajil.v4i2.2556
Familoni, B., & Shoetan, P. (2024). Cybersecurity in the financial sector: A comparative analysis of the USA and Nigeria. Computer Science & IT Research Journal, 5(4), 850–877. https://doi.org/10.51594/csitrj.v5i4.1046 DOI: https://doi.org/10.51594/csitrj.v5i4.1046
Folorunsho, S., Adenekan, O., Ezeigweneme, C., Somadina, I., & Okeleke, P. (2024). Ensuring cybersecurity in telecommunications: Strategies to protect digital infrastructure and sensitive data. Computer Science & IT Research Journal, 5(8), 1855–1883. https://doi.org/10.51594/csitrj.v5i8.1448 DOI: https://doi.org/10.51594/csitrj.v5i8.1448
Fortin, A., & Héroux, S. (2022). Limited usefulness of firm-provided cybersecurity information in institutional investors’ investment analysis. Information and Computer Security, 31(1), 108–123. https://doi.org/10.1108/ics-07-2022-0122 DOI: https://doi.org/10.1108/ICS-07-2022-0122
Freyer, O., Jahed, F., Ostermann, M., Rosenzweig, C., Werner, P., & Gilbert, S. (2024). Consideration of cybersecurity risks in the benefit-risk analysis of medical devices: Scoping review. Journal of Medical Internet Research, 26, e65528. https://doi.org/10.2196/65528 DOI: https://doi.org/10.2196/65528
Hersugondo, H., Widyarti, E., Maruddani, D., & Trimono, T. (2022). ASEAN-5 stock price index valuation after COVID-19 outbreak through GBM-MCS and VAR-SDPP methods. International Journal of Financial Studies, 10(4), 112. https://doi.org/10.3390/ijfs10040112 DOI: https://doi.org/10.3390/ijfs10040112
Huang, K., Madnick, S., Choucri, N., & Fang, Z. (2021). A systematic framework to understand transnational governance for cybersecurity risks from digital trade. Global Policy, 12(5), 625–638. https://doi.org/10.1111/1758-5899.13014 DOI: https://doi.org/10.1111/1758-5899.13014
Juanatey, A., Jordana, J., & Sancho, D. (2024). Multi‐level governance in higher education quality assurance: Agencification and policy coordination in Spain. Review of Policy Research, 42(3), 530–551. https://doi.org/10.1111/ropr.12624 DOI: https://doi.org/10.1111/ropr.12624
Kalderemidis, I., Farao, A., Bountakas, P., Panda, S., & Xenakis, C. (2022). GTM: Game theoretic methodology for optimal cybersecurity defending strategies and investments, 1–9. https://doi.org/10.1145/3538969.3544431 DOI: https://doi.org/10.1145/3538969.3544431
Kamariotou, M., & Kitsios, F. (2023). Information systems strategy and security policy: A conceptual framework. Electronics, 12(2), 382. https://doi.org/10.3390/electronics12020382 DOI: https://doi.org/10.3390/electronics12020382
Khan, N., Ikram, N., & Saleem, S. (2023). Effects of socioeconomic and digital inequalities on cybersecurity in a developing country. Security Journal, 37(2), 214–244. https://doi.org/10.1057/s41284-023-00375-4 DOI: https://doi.org/10.1057/s41284-023-00375-4
Khaw, T., Amran, A., & Teoh, A. (2024). Building a thematic framework of cybersecurity: A systematic literature review approach. Journal of Systems and Information Technology, 26(2), 234–256. https://doi.org/10.1108/jsit-07-2023-0132 DOI: https://doi.org/10.1108/JSIT-07-2023-0132
Kim, Y., Go, M., Kim, S., Lee, J., & Lee, K. (2023). Evaluating cybersecurity capacity building of ASEAN Plus Three through social network analysis. 網際網路技術學刊, 24(2), 495–505. https://doi.org/10.53106/160792642023032402031 DOI: https://doi.org/10.53106/160792642023032402031
Kuzior, A., Yarovenko, H., Brożek, P., Sidelnyk, N., Boyko, A., & Vasilyeva, T. (2023). Company cybersecurity system: Assessment, risks and expectations. Production Engineering Archives, 29(4), 379–392. https://doi.org/10.30657/pea.2023.29.43 DOI: https://doi.org/10.30657/pea.2023.29.43
Layode, O., Naiho, H., Adeleke, G., Udeh, E., & Labake, T. (2024). The role of cybersecurity in facilitating sustainable healthcare solutions: Overcoming challenges to protect sensitive data. International Medical Science Research Journal, 4(6), 668–693. https://doi.org/10.51594/imsrj.v4i6.1228 DOI: https://doi.org/10.51594/imsrj.v4i6.1228
Mahmood, S., Chadhar, M., & Firmin, S. (2024). Countermeasure strategies to address cybersecurity challenges amidst major crises in the higher education and research sector: An organisational learning perspective. Information, 15(2), 106. https://doi.org/10.3390/info15020106 DOI: https://doi.org/10.3390/info15020106
Melaku, H. (2023). A dynamic and adaptive cybersecurity governance framework. Journal of Cybersecurity and Privacy, 3(3), 327–350. https://doi.org/10.3390/jcp3030017 DOI: https://doi.org/10.3390/jcp3030017
Mishra, A., Alzoubi, Y., Anwar, M., & Gill, A. (2022). Attributes impacting cybersecurity policy development: An evidence from seven nations. Computers & Security, 120, 102820. https://doi.org/10.1016/j.cose.2022.102820 DOI: https://doi.org/10.1016/j.cose.2022.102820
Nagyfejeo, E., & Solms, B. (2020). Why do national cybersecurity awareness programmes often fail?. International Journal of Information Security and Cybercrime, 9(2), 18–27. https://doi.org/10.19107/ijisc.2020.02.03 DOI: https://doi.org/10.19107/IJISC.2020.02.03
Okoye, C., Nwankwo, E., Usman, F., Mhlongo, N., Odeyemi, O., & Ike, C. (2024). Securing financial data storage: A review of cybersecurity challenges and solutions. International Journal of Science and Research Archive, 11(1), 1968–1983. https://doi.org/10.30574/ijsra.2024.11.1.0267 DOI: https://doi.org/10.30574/ijsra.2024.11.1.0267
Oliha, J., Biu, P., & Chimezie, O. (2024). Securing the smart city: A review of cybersecurity challenges and strategies. Open Access Research Journal of Multidisciplinary Studies, 7(1), 094–101. https://doi.org/10.53022/oarjms.2024.7.1.0013 DOI: https://doi.org/10.53022/oarjms.2024.7.1.0013
Oyeniyi, L., Ugochukwu, C., & Mhlongo, N. (2024). Developing cybersecurity frameworks for financial institutions: A comprehensive review and best practices. Computer Science & IT Research Journal, 5(4), 903–925. https://doi.org/10.51594/csitrj.v5i4.1049 DOI: https://doi.org/10.51594/csitrj.v5i4.1049
Pramoda, M., Pramoda, S., & Correa, Z. (2022). Luster regained: A novel cyber incident risk prediction model using machine learning. International Journal of Scientific Research in Computer Science Engineering and Information Technology, 01–19. https://doi.org/10.32628/cseit2283125 DOI: https://doi.org/10.32628/CSEIT2283125
Ramadhan, I. (2022). ASEAN consensus and forming cybersecurity regulation in Southeast Asia. https://doi.org/10.4108/eai.31-3-2022.2320684 DOI: https://doi.org/10.4108/eai.31-3-2022.2320684
Rattanapong, P., & Ayuthaya, S. (2025). Influential factors of cybersecurity investment: A quantitative SEM analysis. Management Science Letters, 15(1), 31–44. https://doi.org/10.5267/j.msl.2024.3.005 DOI: https://doi.org/10.5267/j.msl.2024.3.005
Slater, S., Lawrence, M., Wood, B., Sêrodio, P., Akker, A., & Baker, P. (2024). The rise of multi-stakeholderism, the power of ultra-processed food corporations, and the implications for global food governance: A network analysis. Agriculture and Human Values, 42(1), 177–192. https://doi.org/10.1007/s10460-024-10593-0 DOI: https://doi.org/10.1007/s10460-024-10593-0
Trim, P., & Lee, Y. (2022). Combining sociocultural intelligence with artificial intelligence to increase organizational cyber security provision through enhanced resilience. Big Data and Cognitive Computing, 6(4), 110. https://doi.org/10.3390/bdcc6040110 DOI: https://doi.org/10.3390/bdcc6040110
Weiß, M., & Jankauskas, V. (2018). Securing cyberspace: How states design governance arrangements. Governance, 32(2), 259–275. https://doi.org/10.1111/gove.12368 DOI: https://doi.org/10.1111/gove.12368
Yamada, R. (2024). Impact of cybersecurity regulations on corporate compliance practices in Japan. International Journal of Law and Policy, 9(2), 28–38. https://doi.org/10.47604/ijlp.2705 DOI: https://doi.org/10.47604/ijlp.2705
