Jakarta. TrendMicro, an international cyber security software company, reports that Indonesia has entered the CRI zone of ‘elevated risk', pushing the country to the highest risk level of cyber threat that it has ever been in.  

This data, which covers the first semester of 2021, was published as part of TrendMicro’s biannual Cyber Risk Index report in collaboration with the Ponemon Institute. 

It reveals shocking statistics tied with Indonesian cybersecurity. Most crucially, Indonesia has dipped to a CRI of -0.12 in 2021, compared to 2020’s CRI of 0.26.

CRI, which is an indicator measuring cyber risk, has two key areas to determine its ratings. The first is a given party’s level of preparedness against cyber-attacks, and the second is the level of cyber threat the organizations are exposed to. The numbers are rated on a scale of -10 to 10,  with -10 being the highest cyber risk and 10 being the lowest. 

Indonesia has dropped down to negatives and has entered the elevated risk zone from the previous ‘moderate risk’. 

On top of this, the data also reveals that in a survey of 3,600 global businesses, 81 percent of Indonesian companies believe there is a possibility of data leakage in the next 12 months. 

About 61 percent had at least one data breach involving leakage of customer records.  

“With more than half of respondents reporting customer data leaks in the past 12 months, companies must better prepare themselves by identifying high-risk datasets, focusing on major impact threats, and deploying more layered protection”, said Bernad Satriani (@bernadsatriani), a cyber security consultant. 

This data is unsurprising, as multiple major data breaches have occurred throughout this year and the last. The most recent was just announced a few days ago, with the alleged 1.3 million user’s data leaked from the Ministry of Health’s Covid-19 tracking application, eHAC. 

Despite the Ministry of Health’s insistence that the data leak did not originate from their servers, the issue brings up a conversation of cybersecurity and cybersecurity regulation in Indonesia.

“The cyberattacks in Indonesia have gotten more vicious and have become targeted. This makes them more dangerous as a whole,” Bernad said. 

Teguh Wilidarma, a consultant at TrendMicro, believes that three sides may be proactive in ensuring cybersecurity. The first, of course, is the role of the organization to establish security protocols.

The second is the role that consumers play in choosing when and where to relinquish data, and the third is the role of the government to assign appropriate consequences when such crimes do occur. 

For instance, the General Data Protection Regulation ensures that organizations susceptible to data breaches are held responsible for their lack of cyber security within the European Union. In October of 2020, British Airways was fined 20 million euros for the leakage of over 400,000 user’s patrons. 

Such government intervention encourages companies to take accountability and tighten their cyber security, TrendMicro said.