Cybersecurity Policies Differences in Indonesia: A Systematic Literature Review of Public and Private Sector
DOI:
https://doi.org/10.22373/Keywords:
Cybersecurity , Public Policy, Public Sector, Private Sector, Digital Risks, Mitigation StrategiesAbstract
Abstract: Rapid digital transformation has increased the reliance of various sectors on information technology, while simultaneously giving rise to increasingly complex cybersecurity risks. Threats such as malware, ransomware, and attacks on critical infrastructure not only result in economic losses but can also disrupt national stability and undermine public trust. In this context, both the public and private sectors play crucial roles through their implemented cybersecurity policies. The public sector, represented by institutions such as the National Cyber and Crypto Agency (BSSN), has a primary mandate to safeguard public interests and national resilience through a top-down approach based on formal regulations. Meanwhile, the private sector is more driven by market demands, the need for innovation, and efforts to maintain customer trust. Therefore, its cybersecurity policies tend to be adaptive, adopting international standards such as ISO/IEC 27001 or the NIST Cybersecurity Framework. This study uses a descriptive-qualitative method with a Systematic Literature Review (SLR) approach to identify, evaluate, and synthesize findings from scientific journals, national policy documents, and recent cybersecurity reports. The results reveal fundamental differences in motivation, governance, and risk mitigation strategies between the public and private sectors in Indonesia. The public sector places greater emphasis on legal compliance and protecting vital infrastructure, while the private sector focuses more on speed of response and protecting business reputation. However, both sectors face similar challenges, such as limited cybersecurity expertise, technology adoption gaps, and weak cross-institutional coordination. This study recommends strengthening public-private collaboration through strategic partnerships to comprehensively and sustainably enhance national cybersecurity resilience.
Abstrak: Percepatan transformasi digital meningkatkan ketergantungan berbagai sektor pada teknologi informasi sekaligus memperluas kompleksitas risiko siber. Ancaman seperti malware, ransomware, dan serangan terhadap infrastruktur kritis tidak hanya menimbulkan kerugian ekonomi, tetapi juga mengancam stabilitas negara serta kepercayaan publik. Dalam situasi ini, sektor publik dan swasta berperan penting melalui kebijakan keamanan siber. Sektor publik, melalui lembaga seperti Badan Siber dan Sandi Negara, bertugas melindungi kepentingan masyarakat dan ketahanan nasional dengan pendekatan top-down berbasis regulasi. Sebaliknya, sektor swasta didorong oleh kebutuhan pasar, inovasi, dan kepercayaan pelanggan sehingga kebijakannya lebih adaptif dengan standar internasional seperti ISO/IEC 27001 dan NIST Framework. Penelitian ini menggunakan metode deskriptif kualitatif dengan pendekatan SLR untuk menelaah dan mensintesis temuan dari jurnal, dokumen kebijakan, dan laporan terbaru. Hasil menunjukkan perbedaan mendasar pada motivasi, tata kelola, dan mitigasi risiko di Indonesia: sektor publik menitikberatkan kepatuhan hukum serta perlindungan infrastruktur vital, sedangkan sektor swasta pada respons cepat dan reputasi bisnis. Meski demikian, keduanya menghadapi kendala serupa berupa keterbatasan ahli, kesenjangan teknologi, dan lemahnya koordinasi. Studi ini merekomendasikan penguatan kemitraan publik-swasta guna memperkuat ketahanan siber nasional secara berkelanjutan.
References
Afrilia, U. A., Mumpuni, A. P., Asy’ary, H., Muhdiarta, U., Mayasari, Y., & Anangkota, M. (2024). Transforming Public Services: The Role Of Digital Innovation In Indonesian Municipal Governance (Vol. 16, Issue 1).
Ajzen, I. (1991). The Theory Of Planned Behavior. Organizational Behavior And Human Decision Processes, 50(2), 179–211. Https://Doi.Org/10.1016/0749-5978(91)90020-T
Alfikri, M., Ahmad, I., & Pertahanan, U. (2022). The Implementation Of Policy For The Establishment Of A Cyber Incident Response Team To Support Information Security In The Government Sector. 6(1), 1–13. Https://Doi.Org/10.21787/Mp.6.1.2022.1-13
Arianto, A. R., & Anggraini, G. (2019). Building Indonesia’s National Cyber Defense And Security To Face The Global Cyber Threats Through Indonesia Security Incident Response Team On Internet Infrastructure (Id-Sirtii). Http://M.News.Viva.Co.Id/News/Read/507480-
Culot, G., Nassimbeni, G., Podrecca, M., & Sartor, M. (2021). The Iso/Iec 27001 Information Security Management Standard: Literature Review And Theory-Based Research Agenda. In Tqm Journal (Vol. 33, Issue 7, Pp. 76–105). Emerald Group Holdings Ltd. Https://Doi.Org/10.1108/Tqm-09-2020-0202
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2018). Empirical Evidence On The Determinants Of Cybersecurity Investments In Private Sector Firms. Journal Of Information Security, 09(02), 133–153. Https://Doi.Org/10.4236/Jis.2018.92010
Ikhsanni, A., & Et Al. (2024). Cybersecurity Dan Tata Kelola Intelijen. Jurnal Kajian Stratejik Ketahanan Nasional, 7(1). Https://Doi.Org/10.7454/Jkskn.V7i1.10086
International Organization For Standardization. (2022). Iso/Iec 27001:2022 – Information Security, Cybersecurity And Privacy Protection — Information Security Management Systems — Requirements ((3rd Ed.)). Iso.
Loviana, K. (2022). Cybersecurity And Cyber Resilience In Indonesia: Challenges And Opportunities. Center For Digital Society.
Mulyani, S., & Rulandari, N. (2024). Comparison Of Human Resource Management Characteristics Between Public Sector And Private Sector In Indonesia In The Era Of Digital Transformation. Journal Of Public Administration And Political Science And International Relations, 2 (2). Https://Doi.Org/10.61978/Politeia.V2i2
Opeyemi Babatunde, G., Damilola Mustapha, S., Ike, C. C., Alabi, A. A., & Babatunde, G. O. (2025). A Holistic Cyber Risk Assessment Model To Identify And Mitigate Threats In Us And Canadian Enterprises. Article In International Journal Of Multidisciplinary Research And Growth Evaluation. Https://Doi.Org/10.54660/.Ijmrge.2025.6.1.773-787
Parikh, V., & Nimbekar, M. (2023). Socializing The Impact: An Analysis Of The Theory Of Planned Behavior’s Influence On Increasing University Students’ Cybersecurity Awareness. Journal Of Community Development, 4(2), 139–156. Https://Doi.Org/10.47134/Comdev.V4i2.162
Rahakbauw, I. (2024). Analisis Potensi Ancaman Siber Pada Bidang Ekonomi Di Indonesia. Jurnal Kajian Stratejik Ketahanan Nasional, 7(2). Https://Doi.Org/10.7454/Jkskn.V7i2.10097
Ramadhianto, R., Toruan, T. S. L., Kertopati, S. N. H., & Almubaroq, H. Z. (2023). Analysis Of Presidential Regulations Concerning Cyber Security To Bolster Defense Policy Management. Defense And Security Studies, 4, 84–93. Https://Doi.Org/10.37868/Dss.V4.Id244
Romadhon, F. W., & Salman, M. (2025). Pengembangan Skenario Serangan Siber Untuk Pelatihan Tim Tanggap Insiden Siber Pemerintah Daerah Menggunakan Framework Mitre Att&Ck Dan Cyber Kill Chain. Jurnal Pendidikan Dan Teknologi Indonesia, 5(5), 1265–1279. Https://Doi.Org/10.52436/1.Jpti.715
Romanosky, S., Schwindt, K., & Johnson, R. (2022). Comparison Of Public And Private Sector Cybersecurity And It Workforces.
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. Https://Doi.Org/10.6028/Nist.Sp.800-207
Seeba, M., Valgre, M., & Matulevičius, R. (2025). Evaluating Organization Security: User Stories Of European Union Nis2 Directive. Http://Arxiv.Org/Abs/2504.19222
Soesanto, & Et Al. (2023). Analisis Sistem Manajemen Keamanan Di Perusahaan Tokopedia Dalam Menigkatkan Proteksi Data Dan Privasi Pengguna. Jurnal Kewirausahaan Dan Manajemen Bisnis, 1(1).
Sutra, S., & Haryanti, A. (2023). Upaya Peningkatan Keamanan Siber Indonesia Oleh Badan Siber Dan Sandi Negara (Bssn) Tahun 2017-2020. Global Political Studies Journal, 7 (1), 56.
Triwahyuni, D., Putri, S. O., & Nurjati, F. S. (2024). The Role Of Indonesia’s National Cyber And Crypton Agency In Dealing With The Increase In Cybercrime At The Beginning Of The Covid-19 Pandemic (Pp. 13–22). Https://Doi.Org/10.2991/978-2-38476-269-9_3
Trocoso-Pastoriza, J. R., Mermoud, A., Bouyé, R., Marino, F., Bossuat, J.-P., Lenders, V., & Hubaux, J.-P. (2022). Orchestrating Collaborative Cybersecurity: A Secure Framework For Distributed Privacy-Preserving Threat Intelligence Sharing. Http://Arxiv.Org/Abs/2209.02676
Wibowo, B., Luqman Hafiz, & Hidayat, T. (2025). Unveiling The Cybercrime Ecosystem: Impact Of Ransomware-As-A-Service (Raas) In Indonesia. International Journal Of Science Education And Cultural Studies, 4(1), 11–21. Https://Doi.Org/10.58291/Ijsecs.V4i1.320
Published
Issue
Section
License
Copyright (c) 2026 Rahmat Rambe, Mochamad Teguh Kurniawan
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Proposed Policy for Journals That Offer Open Access Authors who publish with the Elkawnie journal agree to the following terms:
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (see The Effect of Open Access).
Register
