Many CEOs Do Not View Cybersecurity as an Investment - Lestari Kompas

JAKARTA, KOMPAS.com - The cost of maintaining cybersecurity may seem extremely expensive, yet it is truly commensurate with preventing its risks. When a cybersecurity breach occurs in a company, the impact can dismantle the long-built foundations, with reputation at stake. Nevertheless, many companies in Indonesia still lack a cybersecurity culture to protect the data they manage from potential leaks. The Secretary General of the Ministry of Communication and Digitalisation (Komdigi), Ismail, stated that companies in Indonesia need to change their paradigm in viewing cybersecurity, from merely a cost to an investment. “But many CEOs in Indonesia consider security issues as a matter of cost. Reputation is no joke when we talk about security. Shifting the paradigm from cost to investment is not an easy matter,” he said on Thursday (23/4/2026). Strengthening cybersecurity governance will benefit companies in avoiding fines and loss of reputation due to violations of Law No. 27/2022 on Personal Data Protection (UU PDP). It is known that the UU PDP compels companies to strengthen cybersecurity governance standards, by requiring the appointment of a Data Protection Officer (DPO) and transparent processing. Thus, strengthening cybersecurity governance means companies are carrying out legal and financial mitigation. He warned that companies violating the UU PDP face quite severe penalties. “The fine is 2 percent of gross (total annual gross revenue), that’s no small number. For companies with trillions in revenue, banking and so on, this is not a small amount for one incident. What if the incidents happen repeatedly?” he said. He considers this fine as an instrument for mitigation from the impact of cyber attacks on companies managing personal data. According to him, the fine is not the goal, but a tool so that companies, business actors, and industries prepare for future cyber threats.