The benefit of public-private partnership: Financial sector cybersecurity – Academia
ybersecurity has become a major concern for the global financial sector, especially for the banking and payment system industries. Based on data from Checkpoint Research in 2022, there were 1,131 cyberattacks targeting the banking and financial sector globally, with estimated losses amounting to around US$100 billion.
According to the National Cyber and Crypto Agency (BSSN), in 2023 there were 361 million cyberattacks in Indonesia, with Rp 14.5 trillion ($906 million) recorded as financial losses from such activities. Financial loss is not the only consequence of those cyberattacks; data leaks and disruption of key business services also have a major impact.
Indonesia is currently laying the groundwork for the digital economy transformation and needs to foster collaboration between the government and the private sector to support the acceleration in building cybersecurity infrastructure capability.
The government, through the issuance of Presidential Regulation No. 38/2015, has introduced the public-private partnership (PPP) legal framework, to provide high quality, effective and efficient infrastructure and also create a better investment environment that will be a win-win solution for the government, private sector and people.
Based on the regulation, information technology (IT) infrastructure is one of the types of infrastructure that could be part of a PPP scheme.
The Financial Services Authority (OJK) has also issued two regulations regarding cybersecurity in the financial sector. The first is OJK Circular Letter No. 29/2022, and the second is OJK Regulation No. 22/2023, which regulates that all banks and non-bank institutions should maintain and enhance their cybersecurity capabilities to ensure the implementation of cybersecurity principles.
Every Thursday
Bank Indonesia (BI) as the regulator for payment systems and the macroprudential industry also stipulates the same obligations in BI Regulation No. 22/2020, which requires all providers of payment service systems and the operators of the infrastructure of payment services to maintain and enhance their cybersecurity capabilities.
