Table of Contents
Indonesia cyberattacks reached 5.5 billion in 2025 — a staggering 714% explosion compared to the annual average for 2020-2024. BSSN data shows the crisis is intensifying, with 1.52 billion attacks already tracked in the first 3.5 months of 2026 alone. Indonesia is tightening its national cybersecurity system in response.
Key Takeaway
- 🎯 Indonesia hit by 5.5 billion cyberattacks in 2025, a 714% explosion vs 2020-2024 average: BSSN data confirms attacks targeting government infrastructure, economy, and national security.
- 📊 1.52 billion attacks in just 3.5 months of 2026 (Jan 1 to Apr 15): The crisis is accelerating, not slowing down. At this rate, 2026 could exceed 5 billion attacks again.
- 💼 Attack methods range from sophisticated system hacking to online fraud, radical propaganda, and coordinated hoaxes: Presidential Chief of Staff Dudung Abdurachman confirmed the multi-vector assault.
- 🔧 Indonesia’s BSSN is strengthening cross-sector coordination for integrated cyber threat management: The government called for unified mobilization of state resources and public awareness.
- ⏱️ The Indonesia PDN ransomware attack (June 2024) exposed governance failures: no backups, no incident response playbooks: Only 86 of 282 services restored weeks after the attack.
The Indonesia cyberattacks data is staggering. 5.5 billion cyberattacks in a single year — a 714% explosion compared to the annual average for 2020-2024. According to BSSN (National Cyber and Crypto Agency), the archipelago was bombarded by attacks targeting government infrastructure, economy, and national security throughout 2025.
Presidential Chief of Staff Dudung Abdurachman confirmed the Indonesia cyberattacks data in a statement on June 2, 2026, calling for stronger cross-sector coordination. The digital onslaught has shown no signs of slowing: in the first 3.5 months of 2026 alone (January 1 to April 15), BSSN tracked another 1.52 billion attacks.
For ASEAN neighbors including the Philippines and the broader region, Indonesia’s experience is a warning — not an outlier.
The Indonesia Cyberattacks Numbers
| Metric | Figure | Source | Significance |
|---|---|---|---|
| 2025 total attacks | 5.5 billion | BSSN | 714% above 2020-2024 average |
| 2026 (Jan 1 – Apr 15) | 1.52 billion | BSSN | Crisis accelerating |
| Growth rate | 714% | BSSN | vs annual average 2020-2024 |
| PDN attack ransom | $8 million | IndoSec | Indonesia refused to pay |
| PDN services restored | 86 of 282 | IndoSec | Weeks after attack |
| PDN data not backed up | 98% | BSSN | Of affected government data |
Attack Methods in Indonesia Cyberattacks
| Attack Type | How It Works | Target |
|---|---|---|
| System hacking | Sophisticated intrusion into government and corporate systems | Government infrastructure |
| Personal data theft | Exfiltration of citizen personal data from government databases | Citizen databases |
| Online fraud | Digital fraud schemes targeting individuals and businesses | Economy, individuals |
| Radical propaganda | Coordinated spread of extremist content online | National security |
| Coordinated hoaxes | Organized disinformation campaigns to undermine public trust | Public trust |
| Ransomware | LockBit 3.0 / Brain Cipher encrypting government systems | Government data centers |
The PDN Attack: Indonesia’s Defining Cybersecurity Failure
The June 2024 attack on Indonesia’s Pusat Data Nasional (PDN) is the most consequential cybersecurity incident in Southeast Asian government history. The Indonesia cyberattacks crisis was crystallized by this single event:
| Aspect | Details |
|---|---|
| Attack date | June 2024 |
| Ransomware strain | Brain Cipher (LockBit 3.0 variant) |
| Affected services | 282 government services |
| Services restored (weeks later) | Only 86 of 282 |
| Data not backed up | 98% of affected data |
| Ransom demanded | $8 million (refused) |
| Government response | President ordered emergency audit; minister resigned |
Indonesia Cyberattacks in the ASEAN Context
| Country | 2025 Attack Data | Key Incident |
|---|---|---|
| Indonesia | 5.5 billion attacks | PDN ransomware (June 2024) |
| Philippines | Ransomware doubling | PhilHealth, government attacks |
| Singapore | Targeted by state-sponsored APTs | Chinese-linked espionage campaigns |
| Malaysia | Public transport operator breach | Multiple high-profile breaches |
| ASEAN total | 6.5 billion threats (INTERPOL) | Region-wide governance failures |
Indonesia’s Response: BSSN Strengthening
In response to the Indonesia cyberattacks crisis, the government is taking several steps:
| Response Measure | What It Does |
|---|---|
| Cross-sector coordination | Presidential Staff Office pushing for integrated cyber threat management across agencies |
| BSSN strengthening | National Cyber and Crypto Agency expanding capabilities and threat detection |
| Public awareness | Government urging citizens to protect personal data and improve digital literacy |
| Data centre audits | President ordered emergency audit of government data centres post-PDN |
| PDP Law enforcement | Personal Data Protection Law (2022) being enforced with clearer DPO requirements |
| National AI Roadmap | Ministry of Communications developing AI roadmap including security dimensions |
FAQ: Indonesia Cyberattacks 2025-2026
How many cyberattacks did Indonesia face in 2025?
Indonesia was hit by 5.5 billion cyberattacks in 2025, a 714% explosion compared to the annual average for 2020-2024, according to BSSN (National Cyber and Crypto Agency) data.
What is BSSN?
BSSN (Badan Siber dan Sandi Negara) is Indonesia’s National Cyber and Crypto Agency, responsible for cybersecurity, cryptology, and cyber defense. It tracks cyberattacks and coordinates national cybersecurity response.
How many attacks occurred in 2026 so far?
From January 1 to April 15, 2026 — just 3.5 months — BSSN tracked 1.52 billion cyberattacks, signaling that the crisis is accelerating rather than slowing down.
What was the Indonesia PDN attack?
The June 2024 ransomware attack on Indonesia’s Pusat Data Nasional (PDN) used the Brain Cipher variant of LockBit 3.0 to encrypt critical government systems. It disrupted immigration, student registration, and 282 government services. 98% of affected data was not backed up. Only 86 of 282 services were restored weeks after the attack.
What types of attacks are hitting Indonesia?
Attack methods range from sophisticated system hacking and personal data theft to online fraud, radical propaganda, coordinated hoaxes, and ransomware. Attacks specifically target government infrastructure, economy, and national security.
How is Indonesia responding to the cyberattacks?
Indonesia is strengthening BSSN, pushing for cross-sector coordination, conducting data centre audits, enforcing the Personal Data Protection Law (2022), developing a National AI Roadmap, and raising public awareness about digital literacy and personal data protection.
How do Indonesia cyberattacks affect the Philippines?
Indonesia’s experience is a warning for the Philippines and all ASEAN nations. Both countries face similar threats — ransomware, data theft, AI-powered fraud. The INTERPOL cyber threat report shows 6.5 billion threats across the region, with no country immune.
What is the Indonesia Personal Data Protection Law?
Indonesia’s PDP Law (Law No. 27 of 2022) regulates personal data protection. In July 2025, Indonesia’s Constitutional Court clarified conditions for appointing Data Protection Officers, strengthening enforcement of the law.
How does Indonesia’s cyber crisis compare to the Philippines?
Both countries face escalating cyberattacks. Indonesia’s 5.5 billion attacks in 2025 dwarf the Philippines’ numbers, but the Philippine ransomware doubling shows the same trend. Both countries lack dedicated national cybersecurity agencies — a structural gap attackers exploit.
What can ASEAN learn from Indonesia cyberattacks?
The key lessons are: (1) back up all government data, (2) create and test incident response playbooks, (3) establish dedicated national cybersecurity agencies, (4) strengthen cross-sector coordination, and (5) invest in AI-powered threat detection to match AI-powered attacks.
This article is based on ANTARA News reporting (June 2, 2026), BSSN cyberattack data, Presidential Chief of Staff Dudung Abdurachman’s statements, IndoSec PDN attack analysis, Reuters PDN coverage, HBT Law PDP Law updates, and INTERPOL regional cyber threat data. Attack figures are as reported by BSSN.







