Threat data
Indonesia cyber attack statistics: verified numbers, updated quarterly
In short
Verified cyber attack statistics for Indonesia: BSSN attack counts, fraud losses, ransomware and ICS data, each figure linked to its source. Reviewed quarterly.
Reliable Indonesian cyber attack numbers are scattered across BSSN annual reports, vendor telemetry, OJK briefings, and one-off ministry statements. This page collects the figures that hold up, links each one to the source it came from, and adds a short note on what each number means for an organisation operating in Indonesia.
Every statistic below was checked against the source named next to it before publication. Where a widely quoted number could not be traced to a primary source, it was left out. This page is reviewed quarterly and was last reviewed on 5 July 2026. You are welcome to cite it; we ask that you credit the original source listed alongside each figure.
5.5 billion
Attacks recorded by BSSN in 2025
15 per second
Average attack rate, H2 2025 (AwanPintar.id)
Rp2.6 trillion
Fraud losses reported to IASC by May 2025
Attack volume
BSSN recorded 5.5 billion cyber attacks against Indonesia in 2025. That is a 714 percent increase, roughly seven times the annual average for 2020 to 2024, and it exceeds the cumulative total of the previous five years. The pace has not eased: between 1 January and 15 April 2026, BSSN counted another 1.52 billion attacks, according to figures presented by its Deputy for Cyber and Crypto Security Operations, reported by Kompas.
The 2024 baseline comes from BSSN's annual report, Lanskap Keamanan Siber Indonesia 2024. It recorded 330,527,636 traffic anomalies for the year. Mirai botnet activity was the largest single category at 81,286,596 events, followed by phishing at 26,771,610 and advanced persistent threat activity at 2,487,041.
Private-sector telemetry points the same way. AwanPintar.id, which runs a sensor network across Indonesian infrastructure, recorded 234,528,187 attacks in the second half of 2025, an average of 15 attacks per second and a 75.76 percent jump over the first half. December 2025 alone contributed 90,590,833 attacks, which the report links to DDoS activity and the year-end spike in digital transactions, as reported by Kompas Tekno.
| Indicator | Figure | Period | Source |
|---|---|---|---|
| Cyber attacks recorded nationally | 5.5 billion | 2025 | BSSN |
| Increase vs 2020-2024 annual average | +714% | 2025 | BSSN |
| Attacks, 1 January to 15 April | 1.52 billion | 2026 | BSSN |
| Traffic anomalies | 330,527,636 | 2024 | BSSN |
| Attacks on private sensor network | 234,528,187 | H2 2025 | AwanPintar.id |
| Average attack rate | 15 per second | H2 2025 | AwanPintar.id |
These are detected attempts and anomalies, not successful breaches. The practical reading for an enterprise: attack volume now grows faster than any manually staffed review process can absorb, which is why around-the-clock detection through a Security Operations Center has moved from a large-bank luxury to a baseline control.
Indonesia as an attack source
In the second half of 2025, Indonesia was the largest single source of spam worldwide at 56.29 percent of observed traffic, up sharply from 21.45 percent in the first half. In the malware category, Indonesia was also the largest distribution source at 61.32 percent, according to AwanPintar.id data reported by IndoTelko.
Both readings say less about Indonesian attackers than about Indonesian infrastructure. Servers, public IPs, and IoT devices inside the country have been compromised at scale and are being used as launch platforms. For an enterprise, the exposure is direct: a compromised server that sends spam gets your IP ranges blacklisted, breaks email deliverability, and signals that an attacker already has a foothold for something worse.
Data breaches and exposed data
BSSN's 2024 annual report counted 241 suspected data breach incidents, with the highest monthly count in December 2024. Its darknet monitoring went further: 56,128,160 exposed-data findings affecting 461 Indonesian organisations in a single year.
Globally, Surfshark's breach monitoring counted 425.7 million accounts leaked in 2025. Within Asia, India accounted for 49 percent of compromised accounts and Indonesia for around 5 percent of the region's 59.3 million.
Each confirmed breach involving personal data starts a legal clock. UU PDP requires notification to the authority and affected data subjects, and the penalties for non-compliance include administrative fines tied to annual revenue. The BSSN darknet numbers suggest many Indonesian organisations have exposed data circulating without knowing it.
Online fraud and social engineering
The Indonesia Anti-Scam Centre (IASC), run by OJK with the PASTI task force, received 135,397 fraud reports between its launch on 22 November 2024 and 31 May 2025. Reported victim losses reached Rp2.6 trillion. Only Rp163.3 billion, about 6.28 percent, was blocked in time, from 219,168 reported accounts of which 49,316 were frozen, per Kontan's coverage of OJK figures. OJK advises reporting within three hours of an incident, because recovery odds collapse after the money moves.
The full national picture is larger. In July 2026, Deputy Minister of Communication and Digital Nezar Patria cited a Global Anti-Scam Alliance figure of around Rp7.5 trillion in total losses to online fraud, reported by Kompas.
The tooling behind fraud is changing fast. At a Komdigi cybersecurity workshop in 2026, industry figures presented data showing deepfake attacks rose 1,400 percent year-on-year from 2024 to 2025, with AI-assisted phishing reaching success rates of 54 to 60 percent, published by BPSDM Komdigi. For companies, the most exposed process is payment approval: voice and video impersonation of executives is exactly the pattern behind business email compromise.
Ransomware
BSSN's monitoring recorded 514,508 ransomware-related activities in 2024, within the 330 million total anomalies above. That is detection traffic, not incident count, but it shows ransomware operations probing Indonesian networks continuously rather than occasionally.
For confirmed-breach data, the global reference is Verizon's 2025 Data Breach Investigations Report: ransomware appeared in 44 percent of analysed breaches, up from 32 percent the year before. The number to sit with is the small-business figure below. If ransomware lands, the first 72 hours decide most of the outcome, and what to do in those hours is worth reading before you need it.
OT and industrial control systems
Kaspersky ICS CERT data for the first quarter of 2026 shows malicious objects were detected and blocked on 21.81 percent of ICS computers in Indonesia, above the global figure of 19.6 percent. Oil and gas was the most-targeted sector, and Kaspersky blocked 10,052 malware families in industrial environments during the quarter, as reported by IndoTelko.
Share of ICS computers in Indonesia with malicious objects blocked, by sector, Q1 2026. Source: Kaspersky ICS CERT via IndoTelko.
More than one in five industrial systems in the country saw an attack attempt in a single quarter. Plants that assume their OT network is isolated should test that assumption; the gap between assumed and actual segmentation is what OT and ICS security assessments usually find first.
Small and mid-sized businesses
The most recent Indonesia-specific figure is old but official: in December 2019, BSSN's director for critical information infrastructure protection said 43 percent of cyber attacks targeted UMKM, small and mid-sized enterprises, because availability is built before security. No newer national breakdown has been published, so treat the percentage as historical.
The global data says the pressure on smaller companies has grown since. Verizon's 2025 DBIR found ransomware in 88 percent of breaches at small and mid-sized organisations, against 39 percent at large ones. Attackers automate target selection, so being small is not a defence; it mostly means a thinner security team absorbing the same attack stream, which is the trade examined in MSSP vs in-house SOC.
How to read these numbers
The sources here measure different things and must not be added together. BSSN counts traffic anomalies and detected attacks at national scale, most of which fail or are blocked. AwanPintar.id counts detections on its own private sensor network, so its totals are a sample, not a census. IASC counts victim-reported fraud losses, which understate true losses because many victims never report. Kaspersky's ICS figures cover only machines running its software. Used carefully, each is a sound trend indicator; quoted as one merged "attacks on Indonesia" number, they mislead.
Sources
| Source | Publisher | Period covered | Used for |
|---|---|---|---|
| Lanskap Keamanan Siber Indonesia 2024 | BSSN (government) | 2024 | Anomalies, ransomware, phishing, breach incidents |
| BSSN statements, April 2026 | BSSN via Kompas | 2025 to early 2026 | 5.5 billion attacks, 714% increase |
| Ancaman Digital di Indonesia Semester 2 2025 | AwanPintar.id (private telemetry) | H2 2025 | Attack rate, spam and malware source shares |
| IASC statistics, May 2025 | OJK via Kontan | Nov 2024 to May 2025 | Fraud reports and losses |
| Komdigi statement, July 2026 | Komdigi via Kompas | 2026 | Rp7.5 trillion fraud loss estimate |
| Komdigi cybersecurity workshop | BPSDM Komdigi | 2024 to 2025 | Deepfake and AI phishing growth |
| Data breach recap 2025 | Surfshark (vendor) | 2025 | Breached account volumes |
| Data Breach Investigations Report 2025 | Verizon (vendor) | 2024 to 2025 | Ransomware share of breaches |
| Kaspersky ICS CERT, Q1 2026 | Kaspersky via IndoTelko | Q1 2026 | ICS threat rates by sector |
| BSSN statement, December 2019 | BSSN via Media Indonesia | 2019 | UMKM targeting share |
References
- 1.BSSN. "Lanskap Keamanan Siber Indonesia 2024." Annual report, February 2025.
- 2.Kompas. "BSSN: Serangan Siber Naik 7 Kali Lipat pada 2025 dan Berlanjut di Awal 2026." 23 April 2026.
- 3.AwanPintar.id. "Laporan Ancaman Digital di Indonesia" publication page.
- 4.Kompas Tekno. "Indonesia Disebut Jadi Sumber Spam dan Malware Terbesar pada 2025." 14 February 2026.
- 5.IndoTelko. "Indonesia jadi sumber spam dan malware terbesar 2025." February 2026.
- 6.Kontan. "IASC Catat Kerugian Korban Penipuan Keuangan Capai Rp 2,6 Triliun hingga Mei 2025."
- 7.Kompas. "Komdigi: Nilai Kerugian akibat Penipuan Online Capai Rp 7,5 Triliun." 2 July 2026.
- 8.BPSDM Komdigi Yogyakarta. "AI Jadi Senjata Siber, Deepfake Naik 1.400 Persen." 2026.
- 9.Surfshark. "Wrapping up 2025: global data breach statistics."
- 10.Verizon. "2025 Data Breach Investigations Report."
- 11.IndoTelko. "Sektor migas jadi target utama serangan siber ICS di Indonesia." June 2026.
- 12.Media Indonesia. "BSSN: 43% Serangan Siber Menyasar UMKM." 23 December 2019.
Reviewed by Mohit Bhansali, Head of Technology
Frequently asked questions
BSSN, Indonesia's national cyber agency, recorded 5.5 billion cyber attacks in 2025, a 714 percent increase over the annual average for 2020 to 2024. These are detected attacks and traffic anomalies, not confirmed breaches, but the growth rate is the point: attack volume roughly matched the previous five years combined.
Related
Solutions
From the blog
Our services
Ready to strengthen your security posture?
Talk to our Jakarta-based team about your requirements.
Jakarta-based team. We reply within one business day.