Indonesia’s vast, diverse population and scattered islands create a unique landscape for AI adoption. Across sectors – from healthcare to logistics and banking to public services – leaders view AI not just as a tool for efficiency but as a means to expand reach, build resilience, and elevate citizen experience. With AI expected to add up to 12% of Indonesia’s GDP by 2030, it’s poised to be a core engine of growth.
Yet, ambition isn’t enough. While AI interest is high, execution is patchy. Many organisations remain stuck in isolated pilots or siloed experiments. Those scaling quickly face familiar hurdles: fragmented infrastructure, talent gaps, integration issues, and a lack of unified strategy and governance.
Ecosystm gathered insights and identified key challenges from senior tech leaders during a series of roundtables we moderated in Jakarta. The conversations revealed a clear picture of where momentum is building – and where obstacles continue to slow progress. From these discussions, several key themes emerged that highlight both opportunities and ongoing barriers in the country’s digital journey.
Theme 1. Digital Natives are Accelerating Innovation; But Need Scalable Guardrails
Indonesia’s digital-first companies – especially in fintech, logistics tech, and media streaming – are rapidly building on AI and cloud-native foundations. Players like GoTo, Dana, Jenius, and Vidio are raising the bar not only in customer experience but also in scaling technology across a mobile-first nation. Their use of AI for customer support, real-time fraud detection, biometric eKYC, and smart content delivery highlights the agility of digital-native models. This innovation is particularly concentrated in Jakarta and Bandung, where vibrant startup ecosystems and rich talent pools drive fast iteration.
Yet this momentum brings new risks. Deepfake attacks during onboarding, unsecured APIs, and content piracy pose real threats. Without the layered controls and regulatory frameworks typical of banks or telecom providers, many startups are navigating high-stakes digital terrain without a safety net.
As these companies become pillars of Indonesia’s digital economy, a new kind of guardrail is essential; flexible enough to support rapid growth, yet robust enough to mitigate systemic risk.
A sector-wide governance playbook, grounded in local realities and aligned with global standards, could provide the balance needed to scale both quickly and securely.
Theme 2. Scaling AI in Indonesia: Why Infrastructure Investment Matters
Indonesia’s ambition for AI is high, and while digital infrastructure still faces challenges, significant opportunities lie ahead. Although telecom investment has slowed and state funding tightened, growing momentum from global cloud players is beginning to reshape the landscape. AWS’s commitment to building cloud zones and edge locations beyond Java is a major step forward.
For AI to scale effectively across Indonesia’s diverse archipelago, the next wave of progress will depend on stronger investment incentives for data centres, cloud interconnects, and edge computing.
A proactive government role – through updated telecom regulations, streamlined permitting, and public-private partnerships – can unlock this potential.
Infrastructure isn’t just the backbone of digital growth; it’s a powerful lever for inclusion, enabling remote health services, quality education, and SME empowerment across even the most distant regions.
Theme 3. Cyber Resilience Gains Momentum; But Needs to Be More Holistic
Indonesian organisations are facing an evolving wave of cyber threats – from sophisticated ransomware to DDoS attacks targeting critical services. This expanding threat landscape has elevated cyber resilience from a technical concern to a strategic imperative embraced by CISOs, boards, and risk committees alike. While many organisations invest heavily in security tools, the challenge remains in moving beyond fragmented solutions toward a truly resilient operating model that emphasises integration, simulation, and rapid response.
The shift from simply being “secure” to becoming genuinely “resilient” is gaining momentum. Resilience – captured by the Bahasa Indonesia term “ulet” – is now recognised as the ability not just to defend, but to endure disruption and bounce back stronger. Regulatory steps like OJK’s cyber stress testing and continuity planning requirements are encouraging organisations to go beyond mere compliance.
Organisations will now need to operationalise resilience by embedding it into culture through cross-functional drills, transparent crisis playbooks, and agile response practices – so when attacks strike, business impact is minimised and trust remains intact.
For many firms, especially in finance and logistics, this mindset and operational shift will be crucial to sustaining growth and confidence in a rapidly evolving digital landscape.
Theme 4. Organisations Need a Roadmap for Legacy System Transformation
Legacy systems continue to slow modernisation efforts in traditional sectors such as banking, insurance, and logistics by creating both technical and organisational hurdles that limit innovation and scalability. These outdated IT environments are deeply woven into daily operations, making integration complex, increasing downtime risks, and frustrating cross-functional teams striving to deliver digital value swiftly. The challenge goes beyond technology – there’s often a disconnect between new digital initiatives and existing workflows, which leads to bottlenecks and slows progress.
Recognising these challenges, many organisations are now investing in middleware solutions, automation, and phased modernisation plans that focus on upgrading key components gradually. This approach helps bridge the gap between legacy infrastructure and new digital capabilities, reducing the risk of enterprise-wide disruption while enabling continuous innovation.
The crucial next step is to develop and commit to a clear, incremental roadmap that balances risk with progress – ensuring legacy systems evolve in step with digital ambitions and unlock the full potential of transformation.
Theme 5. AI Journey Must Be Rooted in Local Talent and Use Cases
Ecosystm research reveals that only 13% of Indonesian organisations have experimented with AI, with most yet to integrate it into their core strategies.
While Indonesia’s AI maturity remains uneven, there is a broad recognition of AI’s potential as a powerful equaliser – enhancing public service delivery across 17,000 islands, democratising diagnostics in rural healthcare, and improving disaster prediction for flood-prone Jakarta.
The government’s 2045 vision emphasises inclusive growth and differentiated human capital, but achieving these goals requires more than just infrastructure investment. Building local talent pipelines is critical. Initiatives like IBM’s AI Academy in Batam, which has trained over 2,000 AI practitioners, are promising early steps. However, scaling this impact means embedding AI education into national curricula, funding interdisciplinary research, and supporting SMEs with practical adoption toolkits.
The opportunity is clear: GenAI can act as an multiplier, empowering even resource-constrained sectors to enhance reach, personalisation, and citizen engagement.
To truly unlock AI’s potential, Indonesia must move beyond imported templates and focus on developing grounded, context-aware AI solutions tailored to its unique landscape.
From Innovation to Impact
Indonesia’s tech journey is at a pivotal inflection point – where ambition must transform into alignment, and isolated pilots must scale into robust platforms. Success will depend not only on technology itself but on purpose-driven strategy, resilient infrastructure, cultural readiness, and shared accountability across industries. The future won’t be shaped by standalone innovations, but by coordinated efforts that convert experimentation into lasting, systemic impact.
Cybersecurity is essential to every organisation’s resilience, yet it often fails to resonate with business leaders focused on growth, innovation, and customer satisfaction. The challenge lies in connecting cybersecurity with these strategic goals. To bridge this gap, it is important to shift from a purely technical view of cybersecurity to one that aligns directly with business objectives.
Here are 5 impactful strategies to make cybersecurity relevant and valuable at the executive level.
1. Elevate Cybersecurity as a Pillar of Business Continuity
Cybersecurity is not just a defensive strategy; it is a proactive investment in business continuity and success. Leaders who see cybersecurity as foundational to business continuity protect more than just digital assets – they safeguard brand reputation, customer trust, and operational resilience. By framing cybersecurity as essential to keeping the business running smoothly, leaders can shift the focus from reactive problem-solving to proactive resilience planning.
For example, rather than viewing cybersecurity incidents as isolated IT issues, organisations should see them as risks that could disrupt critical business functions, halt operations, and destroy customer loyalty. By integrating cybersecurity into continuity planning, executives can ensure that security aligns with growth and operational stability, reinforcing the organisation’s ability to adapt and thrive in a constantly evolving threat landscape.
2. Translate Cyber Risks into Business-Relevant Insights
To make cybersecurity resonate with business leaders, technical risks need to be expressed in terms that directly impact the organisation’s strategic goals. Executives are more likely to respond to cybersecurity concerns when they understand the financial, reputational, or operational impacts of cyber threats. Reframing cybersecurity risks into clear, business-oriented language that highlights potential disruptions, regulatory implications, and costs helps leadership see cybersecurity as part of broader risk management.
For instance, rather than discussing a “data breach vulnerability”, frame it as a “threat to customer trust and a potential multi-million-dollar regulatory liability”. This approach contextualises cyber risks in terms of real-world consequences, helping leadership to recognise that cybersecurity investments are risk mitigations that protect revenue, brand equity, and shareholder value.
3. Build Cybersecurity into the DNA of Innovation and Product Development
Cybersecurity must be a foundational element in the innovation process, not an afterthought. When security is integrated from the early stages of product development – known as “shifting left” – organisations can reduce vulnerabilities, build customer trust, and avoid costly fixes post-launch. This approach helps businesses to innovate with confidence, knowing that new products and services meet both customer expectations and regulatory requirements.
By embedding security in every phase of the development lifecycle, leaders demonstrate that cybersecurity is essential to sustainable innovation. This shift also empowers product teams to create solutions that are both user-friendly and secure, balancing customer experience with risk management. When security is seen as an enabler rather than an obstacle to innovation, it becomes a powerful differentiator that supports growth.
4. Foster a Culture of Shared Responsibility and Continuous Learning
The most robust cybersecurity strategies extend beyond the IT department, involving everyone in the organisation. Creating a culture where cybersecurity is everyone’s responsibility ensures that each employee – from the front lines to the boardroom – understands their role in protecting the organisation. This culture is built through continuous education, regular simulations, and immersive training that makes cybersecurity practical and engaging.
Awareness initiatives, such as cyber escape rooms and live demonstrations of common attacks, can be powerful tools to engage employees. Instead of passive training, these methods make cybersecurity tangible, showing employees how their actions impact the organisation’s security posture. By treating cybersecurity as an organisation-wide effort, leaders build a proactive culture that treats security not as an obligation but as an integral part of the business mission.
5. Leverage Industry Partnerships and Regulatory Compliance for a Competitive Edge
As regulations around cybersecurity tighten, especially for critical sectors like finance and infrastructure, compliance is becoming a competitive advantage. By proactively meeting and exceeding regulatory standards, organisations can position themselves as trusted, compliant partners for clients and customers. Additionally, building partnerships across the public and private sectors offers access to shared knowledge, best practices, and support systems that strengthen organisational security.
Leaders who engage with regulatory requirements and industry partnerships not only stay ahead of compliance but also benefit from a network of resources that can enhance their cybersecurity strategies. Proactive compliance, combined with strategic partnerships, strengthens organisational resilience and builds market trust. In doing so, cybersecurity becomes more than a safeguard; it’s an asset that supports brand credibility, customer loyalty, and competitive differentiation.
Conclusion
For cybersecurity to be truly effective, it must be woven into the fabric of an organisation’s mission and strategy. By reframing cybersecurity as a foundational aspect of business continuity, expressing cyber risks in business language, embedding security in innovation, building a culture of shared responsibility, and leveraging compliance as an advantage, leaders can transform cybersecurity from a technical concern to a strategic asset. In an age where digital threats are increasingly complex, aligning cybersecurity with business priorities is essential for sustainable growth, customer trust, and long-term resilience.
