Dear readers, welcome to Liga Asuransi dedicated to risk management and insurance insights in Indonesia. In this edition, we delve into the important topic of cybersecurity and the role of insurance in protecting businesses from digital threats. As cyber incidents become more common, understanding protective measures is essential.
If you found this article informative, please share it with your network. Explore our extensive collection of articles covering various aspects of risk management and insurance to stay informed and prepared in today’s digital landscape.
Indonesia’s digital economy continues to grow rapidly—221 million strong internet users by 2024—but this growth brings cyber threats that continue to grow. In the first half of 2024 alone, Indonesian organizations experienced more than 43,800 DDoS incidents, including a record 693 Gbps attack, underscoring how threat actors are testing—and overwhelming—essential online services
Meanwhile, Indonesia ranks eighth globally in data breaches during 2023, illustrating that no sector—from unicorn e-commerce to state institutions—which is immune to data theft and system compromise
As businesses accelerate digital transformation—adopting cloud platforms, remote work, and IoT deployments—the attack surface is expanding. Yet despite the increasing threat, only 12 percent of companies surveyed have achieved cyber security readiness that “KIND”, leaving most vulnerable
Against this backdrop, cyber insurance emerges not only as a financial backstop but as a catalyst for stronger security practices. By transferring residual risk and providing access to incident response expertise, tailored cyber policies can help Indonesian companies address breaches, contain losses, and protect their reputations in an increasingly hostile cyber landscape.
Threat Landscape for Indonesian Business
Indonesian businesses face a diverse and rapidly evolving cyber threat environment. Phishing remains a key vector, with SOC Radar reporting 4,046 distinct phishing attacks in 2023, heavily targeting the Information Services sector—a key pillar of Indonesia’s digital economy.
Further LinkedIn analysis revealed nearly 20,000 phishing attempts from 2021-2023, a 38 percent spike, often disguised as communications from Bank Indonesia or BPJS Kesehatan to trick employees into divulging credentials.
Ransomware incidents are also on the rise. CYFIRMA documented 4,723 verified ransomware victims in Indonesia in 2023, which grew to 5,123 in 2024—an 8.5 percent year-on-year increase.—which shows that threat actors are increasingly deploying encryption-based extortion campaigns against large enterprises and SMBs.
High profile cases include attacksLockBit3.0 in June 2024 against government data centers, which disrupted immigration services at major airports and prompted a national audit ordered by President Joko Widodo.
Outside of this, supply chain attacks have emerged as a serious concern. In late 2024, Kaspersky discovered a PyPI compromise in which package “JarkaStealer” dangerous infiltrating software dependencies, showing how attackers exploit trusted development channels to infiltrate Indonesian organizations that rely on open source tools
Finally, DDoS attacks continue to increase in scale and sophistication: Indonesia experienced a record 693 Gbps DDoS incident amid nearly 43,900 total attacks in the first half of 2024, underscoring the threat toe-commerce, financial services, and government portals
Collectively, these threats underscore the urgent need for robust cyber risk management and insurance solutions tailored to Indonesia’s unique threat profile. By understanding the local threat landscape, businesses can better prepare, respond, and transfer residual risk through comprehensive cyber insurance.
Consequences of Cyber Incidents
A successful cyberattack can cause significant financial losses for Indonesian businesses. According to the Hiscox Cyber Readiness Report 2024, the average cost of a data breach in Southeast Asia is US$2.38 million, with Indonesian companies bearing the same burden in legal fees, forensic investigations, and system recovery.
Ransomware alone is set to cost local organizations an estimated IDR 1.2 trillion in 2023 through ransom payments and operational downtime, highlighting the direct monetary impact of encryption-based extortion.
Apart from direct expenses from pockets, cyber incidents can trigger reputational damage that damages customer trust and brand equity. A 2024 survey by Deloitte Indonesia found that 68 percent of consumers would switch to a competitor after their data was breached, while 54 percent would be hesitant to share sensitive information in the future
In sectors such as fintech ande-commerce—where trust is paramount—This loss of trust can translate into long-term revenue declines and higher customer acquisition costs.
In addition, under the Indonesian Personal Data Protection (PDP) Law, failure toNotification of non-compliance and violations carries fines and regulatory sanctions. Organizations can face administrative fines of up to 2 percent of annual revenue, suspension of data processing activities, or forced deletion of data.
Criminal penalties include imprisonment of four to six years and fines ranging from IDR 4 billion to IDR 6 billion (USD 246,000).–369,000) for serious violations such as unauthorized disclosure or misuse of personal data.
These combined consequences underscore the critical need for comprehensive cyber risk management and insurance solutions.
Cyber Insurance Market Overview in Indonesia
Indonesia’s cyber insurance segment is rapidly emerging in the broader non-life market, driven by increased awareness of digital risks and regulatory mandates. The overall Indonesian non-life insurance market is projected to grow from USD 37.22 billion in direct written premiums in 2024 to USD 46.72 billion in 2029, at a CAGR of 4.65 percent—cyber lanes are outpacing this average, growing by around 20-25 percent per year
Major local and multinational insurers have launched dedicated cyber products: Allianz Indonesia offers “Cyber Protect”, which covers first-party data recovery and business interruption;”Cyber Secure”AXA Mandiri covers forensic response and crisis management;”Cyber ShieldTokyo Marine emphasizing liability defense and regulatory fine reimbursement. Specialized players such as Chubb and Sompo also tailor solutions for SMEs, combining cybersecurity assessments with policy placement.
Premium volume reflects this momentum. According to industry estimates, Indonesia’s cyber insurance gross written premiums will grow from around USD 45 million in 2022 to USD 68 million in 2024.—increased 51 percent over two years—and is expected to exceed USD 85 million by 2025, marking a year-on-year growth of around 25 percent.
Underwriting appetite has expanded, although interest rate adequacy remains under pressure as loss experience increases.
As more organizations seek to transfer residual cyber risk, the market is expected to mature, with product innovation (parametric triggers, bundled risk engineering services) and improved data analytics driving underwriting precision and competitiveness.
Break down core policy components and popular add-ons.
Types of Cyber Insurance Coverage
A cyber insurance policy typically consists of first party and third party coverage, with a range of optional add-ons designed to address specific risks. Below is a breakdown of core components and popular enhancements relevant to Indonesian businesses:
First Party Coverage
Data Breach Response Costs:
Covers costs for forensic investigations, legal counsel, public relations, and customer notification following unauthorized data access. In Indonesia, this service is critical for compliance with PDP Act violation notification requirements.
Business Interruption (BI):
Replacing lost revenue and additional expenses when operations are interrupted due to a covered cyber event. Given Indonesia’s reliance on one-commerce and digital services, BI cover is often at the center of policy.
System Recovery and Extortion:
Paying to restore or replace damaged IT systems and covering ransom payments (subject to local legal restrictions).
Coverage: Third Party Liability
Network Security Obligations:
Protects against claims from clients or partners alleging negligence in securing the network, such as the spread of malware or the impact of denial of service to third parties.
Privacy Responsibility:
Covers legal defense and settlement if personal data is hacked, including fines and regulatory penalties based on the PDP Act (up to the legal limit).
Media Responsibilities:
Addressing the risks of website content, social media posts, or online advertising that infringes intellectual property or defames third parties.
Optional Add-ons
Ransomware Specific Extensions:
Some insurance companies offer sub-limiter separate coverage for ransomware, reflecting the high frequency and severity of these attacks in Indonesia. This may include response services that have been previously negotiated with a dedicated negotiator.
Cryptocurrency Theft Coverage:
As Indonesian businesses explore crypto payments,add-onThis includes the loss of digital assets due to hacking or unauthorized transfer.
Fines & Penalties Regulations:
While the basic policy covers legal defense costs, this enhancement reimburses the actual fines imposed by the regulator under the PDP Act, up to a selected limit.
Supply Chain Disruptions:
Responding to losses resulting from cyber events at critical vendors or service providers, reflecting the interconnected nature of the modern IT environment.
Cyber Crime & Social Engineering:
Covers financial losses from fraudulent instructions, such as business email compromise (BEC), where employees are tricked into transferring funds to an account.which is controlled by the attacker.
By combining these core and optional coverages, Indonesian businesses can tailor cyber insurance to their specific risk profile—balancing cost, scope, and regulatory compliance.
Claims Process & Best Practices
Incident Notification
Upon detecting a suspected cyber incident—whether a data breach, ransomware request, or service disruption—policyholders must immediately notify their insurer, typically within 24–72 hours as defined by the policy. Early notification triggers the insurer’s response team and helps preserve critical evidence.
Appointment of Response Team
Insurance companies will appoint or recommend an incident response team, often consisting of digital forensics experts, legal counsel, and public relations specialists. These professionals work together to contain the breach, assess the scope, and advise on communication strategies to regulators, customers, and stakeholders.
Forensic Investigation
Detailed forensic analysis identifies attack vectors, affected systems, and compromised data. Investigators collect logs, system images, and other artifacts under strict chain-of-custody protocols to support remediation and potential legal proceedings.
Damage Assessment & Documentation
Simultaneously, the response team measures business interruption costs, system recovery costs, and ransom or extortion costs. All costs must be documented with invoices, time records, and vendor reports to support claims.
Regulatory Reporting
If personal data is involved, policyholders must comply with the notification requirements of the PDP Act—usually reporting to the Financial Services Authority (OJK) and the national data protection authority within mandated timeframes. Insurance companies often assist in drafting these notifications to ensure legal compliance.
Claim Submission & Review
The insured assembles a claim package—incident report, forensic findings, cost details, and regulatory filings—and submits it to the insurer’s claims department. The insurer reviews the documentation, may conduct additional interviews or audits, and evaluates the applicability of the coverage.
Resolution & Remediation
Once validated, the insurer issues a payment for the covered loss and the fund approves remediation efforts. Beyond financial reimbursement, many insurers provide ongoing risk management support, such as cybersecurity training or vulnerability assessments, to reduce future exposure.
By following a structured claims process and partnering closely with insurers’ response teams, Indonesian businesses can accelerate recovery, control costs, and emerge more resilient to future cyber threats.
Challenge
Low awareness, scarcity of underwriting data, premium affordability
Challenges in Adoption: Gaps and Barriers
Despite growing interest, several challenges are hampering widespread uptake of cyber insurance among Indonesian businesses:
Low Awareness and Understanding
Many SMEs lack a clear understanding of cyber risks and the benefits of insurance. A 2023 survey by the Indonesian Life Insurance Association found that only 28 percent of small businesses recognized cyber insurance as a viable risk transfer tool, often considering it too complex or unnecessary for their scale. This knowledge gap slows market penetration and leaves companies exposed.
Scarcity of Underwriting Data
Accurate risk assessment relies on historical loss data and threat intelligence. In Indonesia, limited public reporting of cyber incidents and inconsistent incident classifications hamper insurers’ ability to model risk effectively. Without robust data, insurers may apply conservative assumptions, leading to stringent coverage requirements or outright declinations for clients with uncertain risk profiles.
Premium Affordability and Perceived Value
Premiums for comprehensive cyber policies can be prohibitively expensive, especially for SMBs operating on thin margins. Many insurers set rates based on global benchmarks, which may not reflect local loss frequency or severity, resulting in premiums that appear inflated relative to perceived risk. Additionally, businesses often struggle to quantify the potential for cyber losses, making it difficult to justify insurance expenditures against other budget priorities.
Regulatory and Technical Complexity
Navigating Indonesia’s PDP Law, OJK guidelines, and emerging cybersecurity standards adds complexity for insurers and insureds. SMEs may not have internal legal or technical expertise to ensure compliance, further hampering policy adoption.
Overcoming these barriers requires targeted educational initiatives, improved incident reporting frameworks, and collaborative efforts between insurers, brokers, and government agencies to develop customized, affordable cyber insurance solutions.
Case study
Ransomware Attacks on SMEsE-Commerce Indonesia
PT MitraBelanja, retailer e-commerce secondary which Surabaya-based with annual revenue of IDR 50 billion, experienced a LockBit ransomware intrusion in February 2024. The attackers exploited an unpatched VPN gateway, encrypted critical order processing servers and demanded a ransom of 15 BTC (approximately USD 375,000).
Incident Response and Coverage Activation
The PartnerShopping IT team detected unusual file encryption behavior and notified their insurer within 24 hours, as per policy requirements. The insurer immediately engaged forensics partners and ransomware negotiators. Forensics confirmed the attack vector and scope, isolating the affected systems to prevent lateral spread.
Financial Impact and Insurance Payments
Under their first party coverage, policyMitraBelanja replace:
- Ransom Payment: USD 375,000 (paid via insurance company’s captive wallet service)
- Forensic & Legal Fees: USD 45,000 for investigation and notification of regulatory violations under the PDP Act
- Business Interruption: USD 60,000 to cover lost sales and accelerated IT contractor costs for system recovery
- The total claim payment was USD 480,000, well below the potential daily revenue loss of IDR 3 billion (USD 200,000) if the downtime continued beyond 48 hours.
Lesson
After the incident,MitraBelanja utilized risk engineering services provided by insurance companies to implement multi-factor authentication, automated patch management, and employee phishing training. This not only reduced their residual cyber risk but also made them eligible for a 15 percent premium discount on renewal. This case underscores how cyber insurance—when paired with proactive security measures—can effectively reduce the financial and operational impacts for Indonesian SMEs.
Recommendations for Securing Cyber Insurance and Reducing Premiums
Perform a Comprehensive Risk Assessment
Start by mapping your digital assets—networks, applications, and data repositories—and identify potential vulnerabilities. Use a framework such as ISO 27001 or the NIST Cybersecurity Framework to benchmark your controls. A documented risk assessment not only clarifies coverage needs (e.g., business interruption vs. ransomware) but also strengthens your position during underwriting, potentially resulting in more favorable terms.
Engage Experienced Cyber Insurance Brokers
Cyber insurance is a niche market. Partnering with a knowledgeable broker like L&G Insurance Broker ensures you access to a broad panel of carriers and tailored policy wording. L&G’s deep expertise in Indonesian regulatory requirements (PDP Law, OJK guidelines) and the local threat landscape means you’ll receive:
- Comparative premium and coverage analysis across top insurance companies
- Guide about sub-limitand optimal retention rates
- Support during claims to speed up incident response and resolution
- Investing in Basic Cybersecurity Controls
Insurance companies value proactive security. Implement authentication multi factor (MFA) on all remote access points and critical systems. Create automated patch management programs to quickly remediate known vulnerabilities. Implement endpoint detection and response (EDR) tools to identify anomalous behavior in real time. Demonstrable control maturity can translate into lower premium credits or deductibles.
Developing an Incident Response Plan
A formal, tested incident response (IR) plan signals preparedness. Conduct tabletop exercises with your IT, legal, and communications teams to practice breach scenarios. Insurance companies often offer IR plan templates or workshops—take advantage of these services to refine your protocols. A robust IR plan not only reduces downtime but can also lower your business interruption sublimits, cutting overall policy costs.
Take Advantage of Continuous Monitoring and Training
Ongoing vulnerability scanning and penetration testing provide visibility latest about emerging risks. Complement technical measures with regular employee cybersecurity awareness training.—phishing simulations, secure coding workshops, and best practices for data handling. Demonstrating a culture of security reduces perceived risk and can improve underwriting outcomes.
By combining rigorous risk assessment, strategic broker engagement with L&G Insurance Broker, and a commitment to cybersecurity excellence, Indonesian businesses can secure comprehensive cyber insurance coverage at competitive premiums—transforming insurance from a safety net to a driver of resilience and growth.
Conclusion: Prioritize Cyber Risk Management Today
In Indonesia’s rapidly digitizing economy, cyber threats pose significant risks to businesses of all sizes. Cyber insurance has become a critical tool to mitigate financial losses, ensure regulatory compliance, and maintain operational resilience. As the threat landscape evolves, proactive risk management and tailored insurance solutions are essential.
From L&G Insurance Broker, we specialize in guiding Indonesian businesses through the complexities of cyber risk. Our team offers comprehensive cyber risk assessments to identify vulnerabilities and recommend appropriate insurance coverage. By partnering with us, you can improve your cybersecurity posture and secure financial protection against potential cyber incidents.
Contact us today to schedule a personalized cyber risk assessment and take the first step toward protecting your business in the digital age.
Looking for insurance products? Don’t waste your time and contact us now
HOTLINE L&G 24 JAM: 0811-8507-773 (CALL – WHATSAPP – SMS)
Website: lngrisk.co.id
Email: oktoyar.meli@lngrisk.co.id
—
