Skip to main content

Threat data

Indonesia cyber attack statistics: verified numbers, updated quarterly

In short

Verified cyber attack statistics for Indonesia: BSSN attack counts, fraud losses, ransomware and ICS data, each figure linked to its source. Reviewed quarterly.

Threat detection solutions

Reliable Indonesian cyber attack numbers are scattered across BSSN annual reports, vendor telemetry, OJK briefings, and one-off ministry statements. This page collects the figures that hold up, links each one to the source it came from, and adds a short note on what each number means for an organisation operating in Indonesia.

Every statistic below was checked against the source named next to it before publication. Where a widely quoted number could not be traced to a primary source, it was left out. This page is reviewed quarterly and was last reviewed on 5 July 2026. You are welcome to cite it; we ask that you credit the original source listed alongside each figure.

5.5 billion

Attacks recorded by BSSN in 2025

15 per second

Average attack rate, H2 2025 (AwanPintar.id)

Rp2.6 trillion

Fraud losses reported to IASC by May 2025

Attack volume

BSSN recorded 5.5 billion cyber attacks against Indonesia in 2025. That is a 714 percent increase, roughly seven times the annual average for 2020 to 2024, and it exceeds the cumulative total of the previous five years. The pace has not eased: between 1 January and 15 April 2026, BSSN counted another 1.52 billion attacks, according to figures presented by its Deputy for Cyber and Crypto Security Operations, reported by Kompas.

The 2024 baseline comes from BSSN's annual report, Lanskap Keamanan Siber Indonesia 2024. It recorded 330,527,636 traffic anomalies for the year. Mirai botnet activity was the largest single category at 81,286,596 events, followed by phishing at 26,771,610 and advanced persistent threat activity at 2,487,041.

Private-sector telemetry points the same way. AwanPintar.id, which runs a sensor network across Indonesian infrastructure, recorded 234,528,187 attacks in the second half of 2025, an average of 15 attacks per second and a 75.76 percent jump over the first half. December 2025 alone contributed 90,590,833 attacks, which the report links to DDoS activity and the year-end spike in digital transactions, as reported by Kompas Tekno.

IndicatorFigurePeriodSource
Cyber attacks recorded nationally5.5 billion2025BSSN
Increase vs 2020-2024 annual average+714%2025BSSN
Attacks, 1 January to 15 April1.52 billion2026BSSN
Traffic anomalies330,527,6362024BSSN
Attacks on private sensor network234,528,187H2 2025AwanPintar.id
Average attack rate15 per secondH2 2025AwanPintar.id

These are detected attempts and anomalies, not successful breaches. The practical reading for an enterprise: attack volume now grows faster than any manually staffed review process can absorb, which is why around-the-clock detection through a Security Operations Center has moved from a large-bank luxury to a baseline control.

Indonesia as an attack source

In the second half of 2025, Indonesia was the largest single source of spam worldwide at 56.29 percent of observed traffic, up sharply from 21.45 percent in the first half. In the malware category, Indonesia was also the largest distribution source at 61.32 percent, according to AwanPintar.id data reported by IndoTelko.

Both readings say less about Indonesian attackers than about Indonesian infrastructure. Servers, public IPs, and IoT devices inside the country have been compromised at scale and are being used as launch platforms. For an enterprise, the exposure is direct: a compromised server that sends spam gets your IP ranges blacklisted, breaks email deliverability, and signals that an attacker already has a foothold for something worse.

Data breaches and exposed data

BSSN's 2024 annual report counted 241 suspected data breach incidents, with the highest monthly count in December 2024. Its darknet monitoring went further: 56,128,160 exposed-data findings affecting 461 Indonesian organisations in a single year.

Globally, Surfshark's breach monitoring counted 425.7 million accounts leaked in 2025. Within Asia, India accounted for 49 percent of compromised accounts and Indonesia for around 5 percent of the region's 59.3 million.

Each confirmed breach involving personal data starts a legal clock. UU PDP requires notification to the authority and affected data subjects, and the penalties for non-compliance include administrative fines tied to annual revenue. The BSSN darknet numbers suggest many Indonesian organisations have exposed data circulating without knowing it.

Online fraud and social engineering

The Indonesia Anti-Scam Centre (IASC), run by OJK with the PASTI task force, received 135,397 fraud reports between its launch on 22 November 2024 and 31 May 2025. Reported victim losses reached Rp2.6 trillion. Only Rp163.3 billion, about 6.28 percent, was blocked in time, from 219,168 reported accounts of which 49,316 were frozen, per Kontan's coverage of OJK figures. OJK advises reporting within three hours of an incident, because recovery odds collapse after the money moves.

The full national picture is larger. In July 2026, Deputy Minister of Communication and Digital Nezar Patria cited a Global Anti-Scam Alliance figure of around Rp7.5 trillion in total losses to online fraud, reported by Kompas.

The tooling behind fraud is changing fast. At a Komdigi cybersecurity workshop in 2026, industry figures presented data showing deepfake attacks rose 1,400 percent year-on-year from 2024 to 2025, with AI-assisted phishing reaching success rates of 54 to 60 percent, published by BPSDM Komdigi. For companies, the most exposed process is payment approval: voice and video impersonation of executives is exactly the pattern behind business email compromise.

Ransomware

BSSN's monitoring recorded 514,508 ransomware-related activities in 2024, within the 330 million total anomalies above. That is detection traffic, not incident count, but it shows ransomware operations probing Indonesian networks continuously rather than occasionally.

For confirmed-breach data, the global reference is Verizon's 2025 Data Breach Investigations Report: ransomware appeared in 44 percent of analysed breaches, up from 32 percent the year before. The number to sit with is the small-business figure below. If ransomware lands, the first 72 hours decide most of the outcome, and what to do in those hours is worth reading before you need it.

OT and industrial control systems

Kaspersky ICS CERT data for the first quarter of 2026 shows malicious objects were detected and blocked on 21.81 percent of ICS computers in Indonesia, above the global figure of 19.6 percent. Oil and gas was the most-targeted sector, and Kaspersky blocked 10,052 malware families in industrial environments during the quarter, as reported by IndoTelko.

Share of ICS computers in Indonesia with malicious objects blocked, by sector, Q1 2026. Source: Kaspersky ICS CERT via IndoTelko.

More than one in five industrial systems in the country saw an attack attempt in a single quarter. Plants that assume their OT network is isolated should test that assumption; the gap between assumed and actual segmentation is what OT and ICS security assessments usually find first.

Small and mid-sized businesses

The most recent Indonesia-specific figure is old but official: in December 2019, BSSN's director for critical information infrastructure protection said 43 percent of cyber attacks targeted UMKM, small and mid-sized enterprises, because availability is built before security. No newer national breakdown has been published, so treat the percentage as historical.

The global data says the pressure on smaller companies has grown since. Verizon's 2025 DBIR found ransomware in 88 percent of breaches at small and mid-sized organisations, against 39 percent at large ones. Attackers automate target selection, so being small is not a defence; it mostly means a thinner security team absorbing the same attack stream, which is the trade examined in MSSP vs in-house SOC.

How to read these numbers

The sources here measure different things and must not be added together. BSSN counts traffic anomalies and detected attacks at national scale, most of which fail or are blocked. AwanPintar.id counts detections on its own private sensor network, so its totals are a sample, not a census. IASC counts victim-reported fraud losses, which understate true losses because many victims never report. Kaspersky's ICS figures cover only machines running its software. Used carefully, each is a sound trend indicator; quoted as one merged "attacks on Indonesia" number, they mislead.

Sources

SourcePublisherPeriod coveredUsed for
Lanskap Keamanan Siber Indonesia 2024BSSN (government)2024Anomalies, ransomware, phishing, breach incidents
BSSN statements, April 2026BSSN via Kompas2025 to early 20265.5 billion attacks, 714% increase
Ancaman Digital di Indonesia Semester 2 2025AwanPintar.id (private telemetry)H2 2025Attack rate, spam and malware source shares
IASC statistics, May 2025OJK via KontanNov 2024 to May 2025Fraud reports and losses
Komdigi statement, July 2026Komdigi via Kompas2026Rp7.5 trillion fraud loss estimate
Komdigi cybersecurity workshopBPSDM Komdigi2024 to 2025Deepfake and AI phishing growth
Data breach recap 2025Surfshark (vendor)2025Breached account volumes
Data Breach Investigations Report 2025Verizon (vendor)2024 to 2025Ransomware share of breaches
Kaspersky ICS CERT, Q1 2026Kaspersky via IndoTelkoQ1 2026ICS threat rates by sector
BSSN statement, December 2019BSSN via Media Indonesia2019UMKM targeting share

References

  1. 1.BSSN. "Lanskap Keamanan Siber Indonesia 2024." Annual report, February 2025.
  2. 2.Kompas. "BSSN: Serangan Siber Naik 7 Kali Lipat pada 2025 dan Berlanjut di Awal 2026." 23 April 2026.
  3. 3.AwanPintar.id. "Laporan Ancaman Digital di Indonesia" publication page.
  4. 4.Kompas Tekno. "Indonesia Disebut Jadi Sumber Spam dan Malware Terbesar pada 2025." 14 February 2026.
  5. 5.IndoTelko. "Indonesia jadi sumber spam dan malware terbesar 2025." February 2026.
  6. 6.Kontan. "IASC Catat Kerugian Korban Penipuan Keuangan Capai Rp 2,6 Triliun hingga Mei 2025."
  7. 7.Kompas. "Komdigi: Nilai Kerugian akibat Penipuan Online Capai Rp 7,5 Triliun." 2 July 2026.
  8. 8.BPSDM Komdigi Yogyakarta. "AI Jadi Senjata Siber, Deepfake Naik 1.400 Persen." 2026.
  9. 9.Surfshark. "Wrapping up 2025: global data breach statistics."
  10. 10.Verizon. "2025 Data Breach Investigations Report."
  11. 11.IndoTelko. "Sektor migas jadi target utama serangan siber ICS di Indonesia." June 2026.
  12. 12.Media Indonesia. "BSSN: 43% Serangan Siber Menyasar UMKM." 23 December 2019.

Reviewed by Mohit Bhansali, Head of Technology

Frequently asked questions

BSSN, Indonesia's national cyber agency, recorded 5.5 billion cyber attacks in 2025, a 714 percent increase over the annual average for 2020 to 2024. These are detected attacks and traffic anomalies, not confirmed breaches, but the growth rate is the point: attack volume roughly matched the previous five years combined.

Related

Ready to strengthen your security posture?

Talk to our Jakarta-based team about your requirements.

Jakarta-based team. We reply within one business day.