Cyber Breaches are the Silent Killer of Business Trust and Growth

Cyber Breaches are the Silent Killer of Business Trust and Growth

By Adithya Nugraputra, Head of Consulting, Ensign InfoSecurity Indonesia

 

As cyber threats become more sophisticated, businesses, big and small, are now more exposed than ever. The question is no longer if you will be targeted, but when. Cyberattacks have become a critical concern for businesses of all sizes, from multinational corporations to small and medium-sized enterprises (SMEs).

 

While previously confined to highly regulated sectors such as banking, utilities, and government, cyber threats now cut across every industry. As Indonesia’s digital transformation accelerates, with increased cloud adoption, e-commerce penetration, and digital payment systems, the attack surface has expanded significantly. A single data breach is all it takes to erode hard-earned customer trust built over years.

The Growing Risk of Cyber Threats

 

Indonesia is not immune to major breaches. In recent years, the public has witnessed alarming incidents—such as the leak of personal data from state-run insurance provider BPJS Kesehatan, which affected over 200 million records. In June 2024, a ransomware attack on Indonesia’s National Data Centre disrupted services across 282 government institutions, with attackers demanding an $8 million ransom. More recently, the personal information of mobile subscribers, e-commerce customers, and even government agency users has reportedly been exposed in suspected cyberattacks.

 

Beyond these high-profile cases, many cyber breaches affecting Indonesian organisations, particularly small and medium-sized enterprises (SMEs) go unreported or undetected. A study by Cisco revealed that one in three Indonesian SMEs experienced a cyberattack within a 12-month period, resulting in significant revenue and reputational losses. With limited cybersecurity resources and technical know-how, SMEs often struggle to mount adequate defences, making them easy targets. The fallout from such incidents can be long-lasting and financially crippling.

 

Globally, the consequences of cyber incidents are clear. In 2024, Singapore’s privacy watchdog fined Carousell for a breach that compromised over two million users. British Airways was hit with a US$230 million penalty after hackers accessed the personal data of half a million customers. These cases highlight a sobering truth: regulatory fines are only the beginning. The long-term damage to brand credibility, customer confidence, and business relationships is often far greater.

 

In Indonesia, cyber risk is also becoming a key factor in commercial decisions. As local businesses integrate more deeply into regional and global supply chains, partners are placing greater emphasis on cybersecurity maturity and incident history. Public concern around data protection is also rising, with cybersecurity now ranked among the top issues facing Indonesians in the digital era. A data breach can now cost more than just customers, it can cost future opportunities.

 

The Cost of Inaction for Indonesian Businesses

 

While financial losses from data breaches are well documented, reputational damage can be even more devastating. According to Forbes, 80% of consumers in developed markets are likely to abandon a brand if their personal data is compromised. This loss of confidence can be particularly damaging for SMEs, which often lack the resources to mount a strong recovery. Unlike large corporations that can invest in crisis management and legal defence, SMEs risk prolonged setbacks, lost business opportunities, and long-term financial instability if they fail to prioritise cybersecurity.

 

Cybersecurity as a Business Imperative

 

Cyber threats are no longer just an IT function, they are a fundamental business risk that demands executive-level attention. Businesses must transition from merely strengthening defences to building cyber trust, which is essential for long-term resilience. Cyber trust refers to the confidence customers, partners, and stakeholders have in an organisation’s ability to safeguard sensitive data, maintain operational continuity, and respond effectively to emerging threats. In today’s digital economy, cyber trust is a competitive differentiator and businesses that fail to establish this trust risk losing customers, investors, and market standing.

 

Key Strategies to Strengthen Cybersecurity

 

  • Strengthen visibility and protect critical data: Businesses need full visibility across their systems and data environments to detect vulnerabilities before they are exploited. This includes understanding what data they hold, where it resides, and who has access to it. Without clear oversight, companies risk not only operational disruption but also permanent reputational damage.
  • Make cybersecurity part of corporate culture: Cybersecurity is no longer just a technical responsibility. CEOs and senior leaders must make it a visible corporate priority. Employees, partners, and customers take their cues from leadership, so clear policies, regular awareness training, and accountability at all levels are essential to building a culture of cyber resilience.
  • Harness technology to stay ahead: As cybercriminals increasingly use AI to automate and scale their attacks, businesses need to leverage the same technology to enhance their defences. Humans leveraging AI-powered threat detection can uncover suspicious activity faster than human teams alone, helping companies contain threats before they escalate into major breaches.
  • Aligning cybersecurity with business strategy and innovation: Embracing new technologies like cloud platforms, AI tools, and IoT solutions opens new business opportunities but also new risks. Security should be embedded from the start, ensuring innovation does not outpace the company’s ability to protect customer data and maintain regulatory compliance.
  • Prioritise governance and transparency: Strong governance frameworks not only improve cyber resilience but also build trust with customers, regulators, and investors. Indonesian business leaders should align with local regulations such as the UU PDP (Personal Data Protection Law) and BI’s Cybersecurity Guidelines, while also considering international standards like ISO/IEC 27001. With the government drafting a national Cybersecurity and Resilience Bill, businesses must stay ahead of compliance. Transparent data practices signal accountability and position companies as trustworthy partners in an increasingly regulated digital economy.
  • Prepare for incidents and communicate transparently: No organisation can prevent every attack, but how companies respond defines whether they retain trust. A clear incident response plan, combined with timely and transparent communication, can make all the difference. Companies that handle incidents competently and avoid cover-ups often emerge with stronger reputations than those that stay silent.

 

The Future of Business Stability and Growth

 

By embedding cybersecurity into core business strategy and not treating it simply as a compliance task, organisations can build resilience that protects operations, customers, and their reputation. The cost of inaction is too high. As threats grow in sophistication, only businesses that treat cybersecurity as a foundation for trust and growth will thrive.

 

In a digital economy where one breach can erase decades of credibility, leaders who neglect cybersecurity today may have no business left to lead tomorrow.

 

-End-

 

This article has been published on BISNIS Tekno and Bisnis Koran. Read more here.