Developing Indonesian cybersecurity regulation for the banking sector – Better protecting citizens’ sensitive banking data

Summary

This project is part of the United Kingdom Foreign, Commonwealth & Development Office (FCDO) commitment to build national cyber security capacity and resilience to cybersecurity threats in five middle-income countries. The UK Government’s Digital Access Programme provides support through: Government-to-Government technical assistance; cyber hygiene training; public awareness-raising; and research. It aims to reduce the impact of cyber harms on their governments, economies and citizens – particularly amongst groups vulnerable to online exploitation.

Details

Aim

Working with Indonesia’s Financial Services Authority (OJK) and eight Indonesian banks to increase Indonesian bank’s knowledge of the stringent data protection and cybersecurity standards they must adhere to and the specific controls they needed to have in place as established by OJK.

Outcomes

• Improved financial industry resilience to cyber-attacks
• Growing public trust and confidence in the financial sector
• Protection of 180 million citizens banking data to date

Outputs

• A framework to help financial institutions assess their current levels of IT risk
• A cyber maturity framework, including detailed control requirements for financial institutions wanting to assess their current cyber maturity level
• Pilot testing of the newly developed cyber maturity assessment for 8 banks covering 180 million citizens banking data.
• Recommendations for refining the framework, based on feedback from the pilot activity.
• A training needs analysis, leading to recommendations for further OJK staff training.

Activities

To better understand the impact of the proposed legislation, a test exercise was initiated with eight banks. Banks were selected as a representative cross-section of the Indonesian banking sector, spanning different customer demographics, geographical coverage and levels of cyber maturity. Each bank was assessed against the cyber regulations outlined within the proposed legislation. This presented a handy test of the new regulations, the banks’ current levels of preparedness and the ability of OJK staff to undertake these security reviews. Recommendations from pilot activity were used to help refine the new regulatory framework. Assessment of further training needs of OJK staff in order to perform bank assessments annually, across all the country’s banks.