Divya Karyza, Jakarta – Experts have called for a change in thinking among business leaders and regulators after Indonesia dropped sharply in a global cybersecurity ranking, warning that the country's digital economy is at risk.

Indonesia's score in the National Cybersecurity Index (NCSI) published by the Estonia-based e-Governance Academy (eGA), experienced a significant decline. In 2023, Southeast Asia's largest economy scored 63.64 points, ranking 48th globally.

In 2025, however, its position plummeted to 84th out of 136 countries assessed, with a score of just 47.50 points. The nation now trails regional peers Singapore, Malaysia and the Philippines in the index, which measures a country's preparedness to prevent cyber threats and manage incidents.

According to its website, the methodology of the NCSI ranking relies on data that is either collected by or provided to the assessors, which suggests it does not take into account concealed cybersecurity efforts.

Firlie Ganinduto, chairman of the Indonesian Digitalization and Cybersecurity Association (ADIGSIi), said security awareness at the top management level remained low in Indonesia.

"Cybersecurity is often viewed merely as a cost and a technical issue, even though investment decisions and priorities rest with executives," he said, as quoted by Bisnis on Thursday.

This mindset, he argued, led to patchy implementation of basic security controls, inconsistent incident response readiness and fragmented cross-sector collaboration, adding that the consequence was an increasingly vulnerable national digital infrastructure.

"What needs to be improved immediately is making cybersecurity a business risk management agenda," Firlie said, as reported by Bisnis.

"There should be ownership at the board level, measurable minimum targets and adequate funding."

In Southeast Asia, the average cost of data breaches has risen to over US$3.3 million, representing a 7 percent increase from 2023, according to United States-based research organization Ponemon Institute.

Companies needed nearly nine months on average to identify and contain incidents. The cost is only expected to increase, putting pressure on businesses to adopt more collaborative approaches to cybersecurity.

The stakes are high for Indonesia's economic ambitions as the country pursues its Golden Indonesia 2045 vision, a future in which a robust digital economy is a central driver of growth, according to Firlie.

He called for a dual-track policy approach from the government: accelerating improvement through mandatory baselines, including incident reporting, regular assessments and response exercises, while also providing incentives for critical industries and local cybersecurity firms to upgrade their capabilities.

Firlie noted that proactive security improvements were rare in Indonesia, with action typically spurred only by two factors: a major prior incident or regulatory pressure.

"Ideally, we should strengthen regulations and governance before the next incident forces us to do so," he cautioned, as Bisnis reported.

Expanding cloud adoption, the proliferation of Internet of Things (IoT) devices and rising cyberthreats, including ransomware and phishing attacks, intensify the need for advanced cybersecurity measures.

Market research provider Global Information estimates Indonesia's cybersecurity market at $1.15 billion for 2023, with projections to reach $3.39 billion by 2028, assuming a compound annual growth rate (CAGR) of 24.19 percent over the forecast period.

This robust growth is fueled by increased demand for IT services and software solutions, in line with Indonesia's initiatives to strengthen its cybersecurity framework amid rapid digital transformation.

Source: https://asianews.network/indonesia-tumbles-in-cybersecurity-ranking