Academics and DPR Highlight Urgency of Enacting the Cyber Security and Resilience Bill

Lecturer in Terrorism Studies at the University of Indonesia (UI), Sri Yunanto, has outlined the reasons for the urgency of enacting the Cyber Security and Resilience Bill (RUU KKS). He stated that amid the surge in cyber threats in Indonesia, the RUU KKS is crucial to be passed. Yunanto mentioned that global cyber threats that could cripple domestic systems could become a ‘ticking bomb’ in Indonesia. According to Yunanto, vital targets for cyber attacks or cyber terrorism include banking or fintech, e-commerce, and healthcare facilities. On the other hand, he highlighted findings from the National Cyber and Crypto Agency (BSSN) regarding billions of cyber attacks with annual losses of Rp500 trillion. Meanwhile, 60 percent of attacks utilise Artificial Intelligence (AI) technology. “Not to mention ransomware attacks and data theft that cause losses of Rp8.2 trillion per year,” he said in his presentation at the Seminar From Digital Attacks to Real Threats: The Urgency of a Cyber Security Legal Umbrella at UI’s Salemba Campus, Jakarta, on Monday (11/5). Yunanto also quoted findings from the Cisco Cybersecurity Readiness Index 2024, which revealed that only 12 percent of organisations in Indonesia are ready to face cyber threats at a mature level. Yunanto hopes that Indonesia must quickly improve from a series of cases that have caused a stir in the country, such as the ransomware attack on the 2019 Elections, Bank Syariah Indonesia (BSI) (2023), data theft at Tokopedia, and hacking of BAIS TNI and Inafis Polri data. “The RUU KKS must be able to address this. Because it can provide a stronger legal foundation for personal data security, digital transactions, and creating a safe digital investment climate,” he said. On the other hand, Executive Director of Catalyst Policy-Works, Wahyudi Djafar, noted that there were 50 million cyber attacks against Indonesia during 2026. He explained that Kaspersky data throughout 2026 recorded 14,909,665 web-based attacks as well as 39,718,903 device-based attacks. In addition, Wahyudi also used BSSN data which detailed at least 5.5 billion attacks in 2025. “This surged 714 percent compared to the annual average during the 2020-2024 period,” said Wahyudi. On the other hand, Wahyudi also affirmed the importance of the RUU KKS being enacted. He highlighted the fact that the increasing intensive use of digital technology in Indonesia is not matched by the development of protective instruments and mechanisms. He also pointed out the low awareness and capacity of stakeholders and the public regarding cyber security. Not only that, Wahyudi then touched on one of the challenges in enacting the RUU KKS concerning sectoral egos of related institutions or agencies. “Sectoral egos are still high. So, for example, there is already BSSN, there is Komdigi, then the State Intelligence Agency, Police, and then other sectoral institutions. They already feel strong with their respective laws and are already working,” explained Wahyudi. “Well, this might become a challenge in the discussion process to ensure synchronisation not only at the law level but also among the actors,” he added. The same sentiment was also expressed by Member of Commission I of the DPR from the PDI-Perjuangan Faction, Junico Siahaan, regarding the urgency of enacting the RUU KKS. “There is no national coordination framework. There is no clear division of authority, and there is no national standard for cyber crisis management,” said Nico. Then, he stated that there is still an absence of national obligations for cyber resilience. “There is no harmonisation between national security and citizens’ digital rights,” he said. At the same time, he mentioned that Indonesia does have several related regulations. Nico outlined several of those regulations, including the ITE Law, PDP Law, PSTE Government Regulation, and various sectoral regulations. However, the problem is that all these instruments stand partially and have not yet formed a complete national cyber security architecture. At the same time, Junico stated that the DPR targets the bill to be completed within two session periods. However, he also acknowledged the complexity in the bill’s discussion process. “This has already started running, the team has started to be formed. We are starting to come to campuses, forums to discuss these issues. We are absorbing all inputs,” he said.