Indonesia’s vast, diverse population and scattered islands create a unique landscape for AI adoption. Across sectors – from healthcare to logistics and banking to public services – leaders view AI not just as a tool for efficiency but as a means to expand reach, build resilience, and elevate citizen experience. With AI expected to add up to 12% of Indonesia’s GDP by 2030, it’s poised to be a core engine of growth.
Yet, ambition isn’t enough. While AI interest is high, execution is patchy. Many organisations remain stuck in isolated pilots or siloed experiments. Those scaling quickly face familiar hurdles: fragmented infrastructure, talent gaps, integration issues, and a lack of unified strategy and governance.
Ecosystm gathered insights and identified key challenges from senior tech leaders during a series of roundtables we moderated in Jakarta. The conversations revealed a clear picture of where momentum is building – and where obstacles continue to slow progress. From these discussions, several key themes emerged that highlight both opportunities and ongoing barriers in the country’s digital journey.
Theme 1. Digital Natives are Accelerating Innovation; But Need Scalable Guardrails
Indonesia’s digital-first companies – especially in fintech, logistics tech, and media streaming – are rapidly building on AI and cloud-native foundations. Players like GoTo, Dana, Jenius, and Vidio are raising the bar not only in customer experience but also in scaling technology across a mobile-first nation. Their use of AI for customer support, real-time fraud detection, biometric eKYC, and smart content delivery highlights the agility of digital-native models. This innovation is particularly concentrated in Jakarta and Bandung, where vibrant startup ecosystems and rich talent pools drive fast iteration.
Yet this momentum brings new risks. Deepfake attacks during onboarding, unsecured APIs, and content piracy pose real threats. Without the layered controls and regulatory frameworks typical of banks or telecom providers, many startups are navigating high-stakes digital terrain without a safety net.
As these companies become pillars of Indonesia’s digital economy, a new kind of guardrail is essential; flexible enough to support rapid growth, yet robust enough to mitigate systemic risk.
A sector-wide governance playbook, grounded in local realities and aligned with global standards, could provide the balance needed to scale both quickly and securely.
Theme 2. Scaling AI in Indonesia: Why Infrastructure Investment Matters
Indonesia’s ambition for AI is high, and while digital infrastructure still faces challenges, significant opportunities lie ahead. Although telecom investment has slowed and state funding tightened, growing momentum from global cloud players is beginning to reshape the landscape. AWS’s commitment to building cloud zones and edge locations beyond Java is a major step forward.
For AI to scale effectively across Indonesia’s diverse archipelago, the next wave of progress will depend on stronger investment incentives for data centres, cloud interconnects, and edge computing.
A proactive government role – through updated telecom regulations, streamlined permitting, and public-private partnerships – can unlock this potential.
Infrastructure isn’t just the backbone of digital growth; it’s a powerful lever for inclusion, enabling remote health services, quality education, and SME empowerment across even the most distant regions.
Theme 3. Cyber Resilience Gains Momentum; But Needs to Be More Holistic
Indonesian organisations are facing an evolving wave of cyber threats – from sophisticated ransomware to DDoS attacks targeting critical services. This expanding threat landscape has elevated cyber resilience from a technical concern to a strategic imperative embraced by CISOs, boards, and risk committees alike. While many organisations invest heavily in security tools, the challenge remains in moving beyond fragmented solutions toward a truly resilient operating model that emphasises integration, simulation, and rapid response.
The shift from simply being “secure” to becoming genuinely “resilient” is gaining momentum. Resilience – captured by the Bahasa Indonesia term “ulet” – is now recognised as the ability not just to defend, but to endure disruption and bounce back stronger. Regulatory steps like OJK’s cyber stress testing and continuity planning requirements are encouraging organisations to go beyond mere compliance.
Organisations will now need to operationalise resilience by embedding it into culture through cross-functional drills, transparent crisis playbooks, and agile response practices – so when attacks strike, business impact is minimised and trust remains intact.
For many firms, especially in finance and logistics, this mindset and operational shift will be crucial to sustaining growth and confidence in a rapidly evolving digital landscape.
Theme 4. Organisations Need a Roadmap for Legacy System Transformation
Legacy systems continue to slow modernisation efforts in traditional sectors such as banking, insurance, and logistics by creating both technical and organisational hurdles that limit innovation and scalability. These outdated IT environments are deeply woven into daily operations, making integration complex, increasing downtime risks, and frustrating cross-functional teams striving to deliver digital value swiftly. The challenge goes beyond technology – there’s often a disconnect between new digital initiatives and existing workflows, which leads to bottlenecks and slows progress.
Recognising these challenges, many organisations are now investing in middleware solutions, automation, and phased modernisation plans that focus on upgrading key components gradually. This approach helps bridge the gap between legacy infrastructure and new digital capabilities, reducing the risk of enterprise-wide disruption while enabling continuous innovation.
The crucial next step is to develop and commit to a clear, incremental roadmap that balances risk with progress – ensuring legacy systems evolve in step with digital ambitions and unlock the full potential of transformation.
Theme 5. AI Journey Must Be Rooted in Local Talent and Use Cases
Ecosystm research reveals that only 13% of Indonesian organisations have experimented with AI, with most yet to integrate it into their core strategies.
While Indonesia’s AI maturity remains uneven, there is a broad recognition of AI’s potential as a powerful equaliser – enhancing public service delivery across 17,000 islands, democratising diagnostics in rural healthcare, and improving disaster prediction for flood-prone Jakarta.
The government’s 2045 vision emphasises inclusive growth and differentiated human capital, but achieving these goals requires more than just infrastructure investment. Building local talent pipelines is critical. Initiatives like IBM’s AI Academy in Batam, which has trained over 2,000 AI practitioners, are promising early steps. However, scaling this impact means embedding AI education into national curricula, funding interdisciplinary research, and supporting SMEs with practical adoption toolkits.
The opportunity is clear: GenAI can act as an multiplier, empowering even resource-constrained sectors to enhance reach, personalisation, and citizen engagement.
To truly unlock AI’s potential, Indonesia must move beyond imported templates and focus on developing grounded, context-aware AI solutions tailored to its unique landscape.
From Innovation to Impact
Indonesia’s tech journey is at a pivotal inflection point – where ambition must transform into alignment, and isolated pilots must scale into robust platforms. Success will depend not only on technology itself but on purpose-driven strategy, resilient infrastructure, cultural readiness, and shared accountability across industries. The future won’t be shaped by standalone innovations, but by coordinated efforts that convert experimentation into lasting, systemic impact.
Cyber threats are growing in volume, intensity, and complexity and are here to stay. Basic endpoint attacks are becoming intricate, multi-stage operations. Cybercriminals are launching highly coordinated and advanced attacks. This evolving threat landscape affects businesses of all sizes, jeopardising data, operations, and finances.
In the face of massive data leaks, costly ransomware payments, and an ever-expanding and complex threat landscape, the need to strengthen digital defences has driven significant advancements in cybersecurity.
Read on to find out how organisations, governments, industry associations and technology providers are evolving ways to combat cybercrime.
Download ‘Securing the Future: Cyber Resiliency in the Digital World’ as a PDF
Ecosystm recently partnered with Asavie to conduct a study into the opportunity and outlook for the “Branch of One”. One of the challenges was actually defining what the Branch of One is. Here’s what we came up with:
Branch of One enables Office Anywhere by delivering secure, frictionless access to all business resources, with full mobility – meeting the security and manageability requirements of CIOs and CISOs.
Basically it is all the data and systems you need to get your job done, in your pocket. Secure. Easy to manage.
What I really like about the idea is that it describes what business is trying to achieve and it gives a common language and outcome for IT and business leaders. Consider all the things that IT and security teams need to do to enable access to applications and data in remote branches – from connectivity to security to data and system access. Often it takes days, weeks or months to open a new office or branch, or to provision a new retail store. Now, imagine having the ability to roll out all of these systems and services in seconds. To a single user or to thousands. Without consideration for location. Business leaders will understand this benefits and will support it.
It also has the opportunity to help nearly every business today. Of the 1005 businesses we interviewed across the globe in our Global CxO Study 2020, 44% admitted to suffering cyber-attack incidents during COVID-19 due to employees working from home – and over half of these attacks were on mobile devices. Compromised devices were the number one target for cyber-attacks in 2020.
Businesses need a new way to manage the devices and applications of their remote employees. They need to be able to extend the benefits of the WAN to them without the downsides of VPNs. Every business we interviewed saw benefits of bringing devices, locations and offices inside the WAN. Turning every device and office into a Branch of One.
A few security and network technologies have promised this capability – SDNs can offer a similar service, but they require client software to be installed. 78% of businesses we interviewed are using VPNs to bring devices inside the WAN – but again, they require client software, and can be inconsistent (and insecure!) on mobile devices.
Companies that embrace the Branch of One can provision new users in a few clicks. No software to install, no cables to connect, no hardware to provision – it makes life easier for technology and security professionals. The Branch of One gives your employees the systems and data they need to get their job done – delivered securely across the mobile network.
Download the report based on ‘The Global CxO Study 2020: The Future of the Secure Office Anywhere’, conducted by Ecosystm on behalf of Asavie. The report presents the key findings of the study and analyses the market perceptions of Office Anywhere and the need for a ‘Branch of One’, which will be the foundation of enterprise mobile security in the future.
Last week, trading on the New Zealand Exchange (NZX) was disrupted on four consecutive days as a result of a sustained cyber-attack on to push market updates to the public as their website crashed and as a precautionary measure, NZX halted the trading sessions. Ecosystm Principal Advisor, Andrew Milroy says, “The recent NZX attack overwhelmed its public-facing NZX.com website and its Market Announcement Platform (MAP). This meant that investors could not see company announcements in real-time, preventing NZX from complying with regulatory requirements for continuous disclosure.”
The attacks which began on Tuesday came from overseas and made NZX struggle in recovering connectivity, over a five-day period. The cyber-attackers targeted NZX through distributed denial-of-service (DDoS) attacks which is a common way to overwhelm the network with sheer amount of traffic until it disrupts the services.
Milroy says, “It is not clear yet clear who launched the attack, but it is likely to be either an extortion attempt by a large cyber gang or a nation state attack. The attack was a very large, persistent, and sophisticated volumetric DDoS attack. A typical response to such an attack is to increase network bandwidth. However, additional bandwidth is becoming less effective at preventing DDoS attacks. DDoS attacks are getting larger and no amount of bandwidth can address the largest attacks, some of which exceed 1Tbps. DDoS attackers are increasingly focusing on the harder to protect application layer, rather than the network layers.”
The Government Communications Security Bureau (GCSB), network provider Spark, and international bodies provided assistance to NZX to mitigate the attack. Milroy adds, “NZX has also turned to Akamai for additional DDoS protection. Akamai’s Kona Site Defender is understood to be the solution being used. The product is designed to deflect network-layer DDoS traffic and absorb application-layer DDoS traffic at the edge. Mitigation capabilities aim to protect against attacks in the cloud.”
Growing Importance of Government Advisories and Investments
In November 2019, CERT NZ warned financial organisations of several global attacks including ransomware. The attacks were reportedly from Russia-based hacking groups. In an advisory, CERT NZ suggested businesses should implement DDoS protection services, and check network ports connected to avoid vulnerabilities and not pay any ransom to cybercriminals.
Following the CERT NZ warning last year, and considering the recent cyberattacks, GCSB has issued a security advisory to all businesses in New Zealand to be cautious on cyber incidents such as DDoS and ransomware attacks. The advisory comes from the GCSB’s National Cyber Security Centre. This is particularly aimed at small businesses that might have limited cybersecurity resources. The agency has asked them to report such incidents to Cert NZ. Advice includes:
- Approaching cybersecurity services providers to immediately implement any responsive actions (warning that organisations might incur additional fees)
- Temporarily transferring online services to a cloud-based hosting service
- Avoiding the disclosure of the IP address of the origin web server, and using a firewall, if using a content delivery network
- Using a DDOS mitigation service for the duration of attacks, in case they face attacks
- Disabling functionality or removing content from vulnerable online services
As a part of the New Zealand government’s cybersecurity strategy, last year the Government announced the allocation of USD 5.38 million to focus on security over the next four years, on top of USD 6.26 million funding for CERT NZ. The attack landscape and frequency has since increased in the aftermath of COVID-19.
Milroy says, “It will become increasingly important for governments the world over to make a concerted effort to protect their critical infrastructure, data assets and especially empower their SME communities with the right cybersecurity measures and timely guidance.”
