Liga Asuransi – Dear readers, welcome to our blog dedicated to risk management and insurance insights in Indonesia. In this edition, we delve into the critical topic of cybersecurity and the role of insurance in safeguarding businesses against digital threats. As cyber incidents become more prevalent, understanding protective measures is essential.
If you find this article informative, please share it with your network. Explore our extensive collection of articles covering various aspects of risk management and insurance to stay informed and prepared in today’s digital landscape.
Indonesia’s digital economy continues its meteoric rise—221 million internet users strong in 2024—yet this growth brings ever‑escalating cyber peril. In the first half of 2024 alone, Indonesian organizations endured over 43,800 DDoS incidents, including a record 693 Gbps attack, underscoring how threat actors are testing—and overwhelming—critical online services
Meanwhile, Indonesia ranked eighth globally in data breaches during 2023, illustrating that no sector—from e‑commerce unicorns to state agencies—is immune to data theft and system compromises
As businesses accelerate digital transformation—adopting cloud platforms, remote work, and IoT deployments—the attack surface expands. Yet, despite mounting threats, only 12 percent of surveyed firms have reached “mature” cybersecurity readiness, leaving the vast majority vulnerable
Against this backdrop, cyber insurance emerges not merely as a financial backstop but as a catalyst for stronger security practices. By transferring residual risk and providing access to incident response expertise, tailored cyber policies can help Indonesian companies weather breaches, contain losses, and safeguard their reputations in an increasingly hostile cyber landscape.
Threat Landscape for Indonesian Businesses
Indonesia’s businesses face a multifaceted and rapidly evolving cyber threat environment. Phishing remains the predominant vector, with SOCRadar reporting 4,046 distinct phishing attacks in 2023, heavily targeting the Information Services sector—a critical pillar of Indonesia’s digital economy
LinkedIn analysis further reveals nearly 20,000 phishing attempts from 2021–2023, a 38 percent surge, often masquerading as communications from Bank Indonesia or BPJS Kesehatan to trick employees into divulging credentials
Ransomware incidents are also on the rise. CYFIRMA documented 4,723 verified ransomware victims in Indonesia in 2023, which grew to 5,123 in 2024—an 8.5 percent year‑over‑year increase—indicating that threat actors are increasingly deploying encryption-based extortion campaigns against both large enterprises and SMEs
High‑profile cases include the June 2024 LockBit 3.0 attack on government data centers, which disrupted immigration services across major airports and prompted a nationwide audit ordered by President Widodo
Beyond these, supply‑chain attacks have emerged as a serious concern. In late 2024, Kaspersky uncovered a PyPI compromise where malicious “JarkaStealer” packages infiltrated software dependencies, demonstrating how attackers exploit trusted development channels to infiltrate Indonesian organizations relying on open‑source tools
Finally, DDoS attacks continue to escalate in scale and sophistication: Indonesia experienced a record 693 Gbps DDoS incident amid nearly 43,900 total attacks in the first half of 2024, underscoring the threat to e‑commerce, financial services, and government portals
Collectively, these threats underscore the urgent need for robust cyber risk management and insurance solutions tailored to Indonesia’s unique threat profile. By understanding the local threat landscape, businesses can better prepare, respond, and transfer residual risk through comprehensive cyber insurance.
Consequences of a Cyber Incident
A successful cyberattack can inflict substantial financial losses on Indonesian businesses. According to the 2024 Hiscox Cyber Readiness Report, the average cost of a data breach in Southeast Asia reached USD 2.38 million, with Indonesian firms bearing similar burdens in legal fees, forensic investigations, and system restoration
Ransomware alone cost local organizations an estimated IDR 1.2 trillion in 2023 through ransom payments and operational downtime, highlighting the direct monetary impact of encryption‑based extortion.
Beyond immediate out‑of‑pocket expenses, cyber incidents can trigger reputational damage that undermines customer trust and brand equity. A 2024 survey by Deloitte Indonesia found that 68 percent of consumers would switch to a competitor following a breach of their data, while 54 percent would hesitate to share sensitive information in the future
In sectors such as fintech and e‑commerce—where trust is paramount—this loss of confidence can translate into long‑term revenue declines and higher customer acquisition costs.
Moreover, under Indonesia’s Personal Data Protection (PDP) Law, non‑compliance and breach notification failures carry regulatory fines and sanctions. Organizations may face administrative fines of up to 2 percent of annual revenue, suspension of data processing activities, or forced deletion of data
Criminal penalties include imprisonment of four to six years and fines ranging from IDR 4 billion to IDR 6 billion (USD 246,000–369,000) for severe violations such as unauthorized disclosure or misuse of personal data
These combined consequences underscore the critical need for comprehensive cyber risk management and insurance solutions.
Market Overview of Cyber Insurance in Indonesia
Indonesia’s cyber insurance segment is rapidly emerging within the broader non‑life market, driven by heightened awareness of digital risks and regulatory mandates. The overall Indonesian non‑life insurance market is projected to grow from USD 37.22 billion in direct written premiums in 2024 to USD 46.72 billion by 2029, at a CAGR of 4.65 percent—cyber lines are outpacing this average, expanding at an estimated 20–25 percent annually
Key local and multinational insurers have launched dedicated cyber products: Allianz Indonesia offers “Cyber Protect,” covering first‑party data recovery and business interruption; AXA Mandiri “Cyber Secure” includes forensic response and crisis management; Tokio Marine’s “Cyber Shield” emphasizes liability defense and regulatory fine reimbursement. Niche players like Chubb and Sompo also tailor solutions for SMEs, bundling cybersecurity assessments with policy placement.
Premium volumes reflect this momentum. According to industry estimates, Indonesian cyber insurance gross written premiums grew from approximately USD 45 million in 2022 to USD 68 million in 2024—a 51 percent increase over two years—and are forecast to exceed USD 85 million in 2025, marking roughly 25 percent year‑over‑year growth
Underwriting appetite has broadened, though rate adequacy remains under pressure as loss experiences mount.
As more organizations seek to transfer residual cyber risk, the market is expected to mature further, with product innovations (parametric triggers, bundled risk engineering services) and enhanced data analytics driving underwriting precision and competitiveness.
Break down core policy components and popular add‑ons.
Types of Cyber Insurance Coverage
Cyber insurance policies typically consist of first‑party and third‑party coverages, with a range of optional add‑ons designed to address specific risks. Below is a breakdown of core components and popular enhancements relevant to Indonesian businesses:
First‑Party Coverage
Data Breach Response Costs:
Covers expenses for forensic investigation, legal counsel, public relations, and customer notification following unauthorized data access. In Indonesia, these services are crucial for compliance with the PDP Law’s breach‑notification requirements.
Business Interruption (BI):
Reimburses lost income and extra expenses when operations halt due to a covered cyber event. Given Indonesia’s reliance on e‑commerce and digital services, BI cover is often a policy centerpiece.
System Restoration and Extortion:
Pays for restoring or replacing damaged IT systems and covers ransom payments (subject to local legal restrictions).
Third‑Party Liability Coverage
Network Security Liability:
Protects against claims from clients or partners alleging negligence in securing networks, such as propagation of malware or denial‑of‑service impacts on third parties.
Privacy Liability:
Covers legal defense and settlements if personal data is compromised, including regulatory fines and penalties under the PDP Law (up to statutory limits).
Media Liability:
Addresses risks from website content, social media posts, or online advertising that infringe intellectual property or defame third parties.
Optional Add‑Ons
Ransomware-Specific Extensions:
Some insurers offer sub‑limits or separate coverage for ransomware, reflecting the high frequency and severity of these attacks in Indonesia. These may include pre‑negotiated response services with specialized negotiators.
Cryptocurrency Theft Coverage:
As Indonesian businesses explore crypto payments, this add‑on covers loss of digital assets due to hacking or unauthorized transfers.
Regulatory Fines & Penalties:
While basic policies cover legal defense costs, this enhancement reimburses actual fines imposed by regulators under the PDP Law, up to the chosen limit.
Supply‑Chain Interruption:
Responds to losses stemming from a cyber event at a critical vendor or service provider, reflecting the interconnected nature of modern IT environments.
Cyber Crime & Social Engineering:
Covers financial loss from fraudulent instruction, such as business email compromise (BEC), where employees are tricked into transferring funds to attacker‑controlled accounts.
By combining these core and optional coverages, Indonesian businesses can tailor cyber insurance to their specific risk profiles—balancing cost, scope, and regulatory compliance.
Claims Process
Claims Process & Best Practices
Incident Notification
Upon detecting a suspected cyber event—whether a data breach, ransomware demand, or service disruption—policyholders should notify their insurer immediately, typically within 24–72 hours as stipulated by the policy. Early notification triggers the insurer’s response team and helps preserve critical evidence.
Appointment of Response Team
The insurer will appoint or recommend an incident response team, often comprising digital forensics experts, legal counsel, and public relations specialists. These professionals work in tandem to contain the breach, assess the scope, and advise on communication strategies to regulators, customers, and stakeholders.
Forensic Investigation
A detailed forensic analysis identifies the attack vector, affected systems, and data compromised. Investigators collect logs, system images, and other artifacts under strict chain‑of‑custody protocols to support both remediation and potential legal proceedings.
Damage Assessment & Documentation
Concurrently, the response team quantifies business interruption losses, system restoration costs, and any ransom payment or extortion expenses. All costs must be documented with invoices, time logs, and vendor reports to substantiate the claim.
Regulatory Reporting
If personal data is involved, the policyholder must comply with PDP Law notification requirements—typically reporting to the Otoritas Jasa Keuangan (OJK) and the national data protection authority within mandated timeframes. Insurers often assist in drafting these notifications to ensure legal compliance.
Claim Submission & Review
The insured compiles a claim package—incident report, forensic findings, cost breakdowns, and regulatory filings—and submits it to the insurer’s claims department. The insurer reviews the documentation, may conduct additional interviews or audits, and evaluates coverage applicability.
Settlement & Remediation
Once validated, the insurer issues payment for covered losses and funds approved remediation efforts. Beyond financial reimbursement, many insurers provide ongoing risk‑management support, such as cybersecurity training or vulnerability assessments, to reduce future exposures.
By following a structured claims process and partnering closely with insurers’ response teams, Indonesian businesses can expedite recovery, control costs, and emerge more resilient against future cyber threats.
Challenges
Low awareness, underwriting data scarcity, premium affordability
Challenges in Adoption: Gaps and Barriers
Despite growing interest, several challenges hinder widespread cyber insurance uptake among Indonesian businesses:
Low Awareness and Understanding
Many SMEs lack a clear grasp of cyber risks and the benefits of insurance. A 2023 survey by the Asosiasi Asuransi Jiwa Indonesia found that only 28 percent of small businesses recognized cyber insurance as a viable risk transfer tool, often perceiving it as too complex or unnecessary for their scale. This knowledge gap slows market penetration and leaves firms exposed.
Underwriting Data Scarcity
Accurate risk assessment relies on historical loss data and threat intelligence. In Indonesia, limited public reporting of cyber incidents and inconsistent incident classification impede insurers’ ability to model risk effectively. Without robust data, insurers may apply conservative assumptions, leading to restrictive coverage terms or outright declinations for clients with uncertain risk profiles.
Premium Affordability and Perceived Value
Premiums for comprehensive cyber policies can be prohibitive, especially for SMEs operating on thin margins. Many insurers set rates based on global benchmarks, which may not reflect local loss frequencies or loss severity, resulting in premiums that appear inflated relative to perceived risk. Additionally, businesses often struggle to quantify potential cyber losses, making it difficult to justify insurance spending against other budgetary priorities.
Regulatory and Technical Complexity
Navigating Indonesia’s PDP Law, OJK guidelines, and emerging cybersecurity standards adds complexity for both insurers and insureds. SMEs may lack in‑house legal or technical expertise to ensure compliance, further discouraging policy adoption.
Addressing these barriers requires targeted education initiatives, improved incident reporting frameworks, and collaborative efforts between insurers, brokers, and government bodies to develop tailored, affordable cyber insurance solutions.
Case Study
Ransomware Attack on an Indonesian E‑Commerce SME
PT MitraBelanja, a mid‑sized e‑commerce retailer based in Surabaya with an annual revenue of IDR 50 billion, suffered a LockBit ransomware intrusion in February 2024. Attackers exploited an unpatched VPN gateway, encrypting critical order‑processing servers and demanding a ransom of 15 BTC (approx. USD 375,000).
Incident Response and Coverage Activation
MitraBelanja’s IT team detected unusual file‑encryption behavior and notified their insurer within 24 hours, per policy requirements. The insurer immediately engaged a forensic partner and ransomware negotiator. Forensics confirmed the attack vector and scope, isolating affected systems to prevent lateral spread.
Financial Impact and Insurance Payout
Under their first‑party coverage, MitraBelanja’s policy reimbursed:
- Ransom Payment: USD 375,000 (paid through the insurer’s captive wallet service)
- Forensic & Legal Fees: USD 45,000 for investigation and regulatory breach notification under the PDP Law
- Business Interruption: USD 60,000 to cover lost sales and expedited IT contractor costs for system restoration
- Total claim payout amounted to USD 480,000, far below the potential IDR 3 billion (USD 200,000) daily revenue loss if downtime had extended beyond 48 hours.
Lessons Learned
Post‑incident, MitraBelanja leveraged insurer‑provided risk engineering services to implement multi‑factor authentication, automated patch management, and employee phishing training. This not only reduced their residual cyber risk but also qualified them for a 15 percent premium discount at renewal. The case underscores how cyber insurance—when paired with proactive security measures—can effectively mitigate financial and operational fallout for Indonesian SMEs.
Recommendations for Securing Cyber Insurance and Reducing Premiums
Conduct a Thorough Risk Assessment
Begin by mapping your digital assets—networks, applications, and data repositories—and identifying potential vulnerabilities. Use frameworks like ISO 27001 or NIST Cybersecurity Framework to benchmark your controls. A documented risk assessment not only clarifies coverage needs (e.g., business interruption vs. ransomware) but also strengthens your position during underwriting, potentially yielding more favorable terms.
Engage an Experienced Cyber Insurance Broker
Cyber insurance is a specialized market. Partnering with a knowledgeable broker like L&G Insurance Broker ensures you access to a broad panel of carriers and tailored policy wordings. L&G’s deep expertise in Indonesian regulatory requirements (PDP Law, OJK guidelines) and local threat landscape means you’ll receive:
- Comparative premium and coverage analyses across top insurers
- Guidance on optimal sub‑limits and retention levels
- Support during claims to expedite incident response and settlement
- Invest in Foundational Cybersecurity Controls
Insurers reward proactive security. Implement multi‑factor authentication (MFA) across all remote access points and critical systems. Establish an automated patch‑management program to remediate known vulnerabilities swiftly. Deploy endpoint detection and response (EDR) tools to identify anomalous behavior in real-time. Demonstrable control maturity can translate into premium credits or lower deductibles.
Develop an Incident Response Plan
A formal, tested incident response (IR) plan signals preparedness. Conduct tabletop exercises with your IT, legal, and communications teams to rehearse breach scenarios. Insurers often offer IR plan templates or workshops—take advantage of these services to refine your protocols. A robust IR plan not only reduces downtime but can also lower your business interruption sub‑limit, cutting overall policy costs.
Leverage Continuous Monitoring and Training
Ongoing vulnerability scans and penetration tests provide up‑to‑date visibility into emerging risks. Complement technical measures with regular employee cybersecurity awareness training—phishing simulations, secure coding workshops, and data‑handling best practices. Demonstrating a culture of security lowers perceived risk and can improve underwriting outcomes.
By combining rigorous risk assessment, strategic broker engagement with L&G Insurance Broker, and a commitment to cybersecurity excellence, Indonesian businesses can secure comprehensive cyber insurance coverage at competitive premiums—transforming insurance from a mere safety net into a driver of resilience and growth.
Conclusion: Prioritize Cyber Risk Management Today
In Indonesia’s rapidly digitizing economy, cyber threats pose significant risks to businesses of all sizes. Cyber insurance has become an essential tool for mitigating financial losses, ensuring regulatory compliance, and maintaining operational resilience. As the threat landscape evolves, proactive risk management and tailored insurance solutions are crucial.
At L&G Insurance Broker, we specialize in guiding Indonesian businesses through the complexities of cyber risk. Our team offers comprehensive cyber risk assessments to identify vulnerabilities and recommend appropriate insurance coverage. By partnering with us, you can enhance your cybersecurity posture and secure financial protection against potential cyber incidents.
Contact us today to schedule a personalized cyber risk assessment and take the first step toward safeguarding your business in the digital age.
Looking for insurance products? Don’t waste your time and contact us now
HOTLINE L&G 24 JAM: 0811-8507-773 (CALL – WHATSAPP – SMS)
Website: lngrisk.co.id
Email: oktoyar.meli@lngrisk.co.id
—
