In 2026, Indonesia stands at a pivotal moment. The country's chief information security officers (CISOs) are no longer just technology managers; they are frontline commanders in a battle where the adversary never sleeps, the tools are increasingly powered by artificial intelligence, and the stakes include national sovereignty.
The question, as Patrick Dannacher, CEO of ITSEC Asia, frames it, is no longer if you will be breached, but how quickly you can recover.
The new face of cyber threats is AI-enabled
The threat landscape confronting Indonesian organisations has undergone a fundamental shift. It is no longer about sporadic attacks by lone actors. "I think the attacks are getting more targeted. Number one. I think they are getting more persistent because it's not only humans these days who run these attacks," warns Dannacher.
He highlights the critical role of AI in this evolution: "It's quite frequent that we see AI-enabled attacks which are very persistent, very targeted, and round the clock. A human needs a little bit of sleep... The machines only need electricity."
This AI-enablement significantly lowers the barrier to entry for malicious actors. The tools required are becoming more accessible and affordable, and the safety measures around AI models remain weak.
"With a little bit of prompt engineering, you will be surprised at how you can easily motivate certain AI models to support cyber-attacks," Dannacher states, adding that the emergence of Agentic AI—which can learn and act autonomously—creates a formidable, relentless adversary.
The scale of this challenge is reflected in Indonesia's recent history. The devastating Brain Cipher ransomware attack on the (Indonesian) national data centre in 2024, which disrupted over 200 government agencies and held data hostage for a US$8 million ransom, served as a brutal wake-up call.
It demonstrated the severe impact of an attack on critical national infrastructure and exposed systemic vulnerabilities.
People and visibility are the greatest vulnerabilities
While technology and AI are changing the game, Dannacher is unequivocal about where Indonesian organisations remain most vulnerable.
"The biggest single most vulnerability for organisations here and elsewhere in the world is the people. within the organisation." Patrick Dannacher
He uses a stark analogy: "If they forget to lock a cell in the prison with a key, people can get out. In cyber, it is a little bit more complicated, but if they forget to close a port on the firewall, that is like forgetting to lock the entry gates."
A critical lack of visibility compounds this human vulnerability. Organisations are drowning in data from millions of devices and tools, making it difficult to see the true threat landscape and prioritise efforts.
"You create visibility above the people, and that is like an ecosystem," Dannacher explains. "Because providing security for a large organisation, whether it's a bank, whether it's a telco, is complex enough. Imagine how many tools and devices are running in a telco environment. This is in the millions."
Industry observers corroborate this point. The CEO of Indonesian cybersecurity firm Zentara noted that the country faces a significant shortage of digital talent, particularly security analysts and engineers, leaving organisations exposed.
Similarly, Kaspersky's country manager for Indonesia highlighted that the country is not ready for a cyber war, largely due to a lack of human resources, with only a handful of universities offering specialised cybersecurity degrees.
How to shift from reactive to proactive
The traditional reactive approach—waiting for a breach to happen before taking action—is no longer viable. Dannacher argues that the industry often changes "once something happens" and becomes complacent if an incident doesn't recur. To break this cycle, he champions a radical shift towards proactive readiness, drawing a parallel to physical safety.
"We run fire drills four times a year. Yet we can ask ourselves, how many cyber drills have we done this year?" He asserts that "cyber drills show you the weaknesses in your organisation. Are you ready? What is missing? Do we have enough people if something happens to defend, isolate, and analyse?"
This echoes the findings of cybersecurity experts who, following the 2024 data centre attack, noted that a ransomware attack would be less devastating if the government had a robust backup and failover system. The lesson is clear: preparedness, continuous testing, and a focus on recovery are paramount.
Foundations for building national resilience
Recognising these challenges, Indonesia is building a framework for national cyber resilience. A key element is BSSN Regulation No. 1/2024, which mandates the establishment of Cyber Incident Response Teams (CIRTs) at national, sectoral, and organisational levels.
Furthermore, a Cybersecurity and Resilience Bill is advancing through parliament, intended to create a stronger legal foundation for data protection and national cyber sovereignty.
However, Dannacher advises CISOs not to view regulations as the finish line. "You should never wait for the regulation to come out before you take action... The regulation defines your basic needs and requirements. It gives you a foundation; it doesn't give you the holy grail of where you have to be."
He stresses that the risk landscape moves much faster than the lawmaking process, and therefore, organisations must aim to exceed the baseline.
A powerful example of this proactive, collaborative spirit is the Gerakan Nasional Ketahanan Siber (National Cyber Resilience Movement) launched by ITSEC Asia, ADIGSI, and BSSN.
This initiative aims to train over 1,000 leaders and practitioners across government, state-owned enterprises, and the private sector, building a structured pathway from operational readiness to executive decision-making.
For Dannacher, such cross-sector collaboration is "the single most important initiative you can have." He argues: "It does not help you if you yourself are doing the best job, but your suppliers don't do a good job, you inherit the risk."
Harnessing AI for defence and closing the talent gap
The immense challenge of defending against AI-driven attacks with a limited workforce means that CISOs must embrace AI for defence. "The good side needs to be using AI more smartly and efficiently, rather than the bad guys," Dannacher states.
However, he warns of the risks of adopting AI without a security-first mindset.
"Implementing AI with no cyber approach increases your vulnerability manyfold. You might become more productive, but you might also become more vulnerable." Patrick Dannacher
This is where platforms like IntelliBroń become critical, enabling organisations to proactively identify, isolate, and resolve threats in real-time. For Dannacher, the answer to the talent shortage lies in optimisation, not just hiring.
"The best approach is to optimise the usage of the tools you have, to optimise the people you have is the solution as of today, because there are not enough cyber professionals available." This involves automating labour-intensive tasks, creating better visibility, and "elevating your employees to one level up to do more sophisticated work."
A call to action for Indonesia's CISOs
The message for Indonesia's CISOs is one of urgency and agency. The threat from AI-enabled adversaries is real, persistent, and escalating. The talent pipeline is not expanding fast enough. However, the tools and frameworks for a more resilient future exist.
Lead from the front: Embrace cybersecurity not just as a technical problem, but as a leadership and governance issue. "Strengthening national cyber resilience requires strong cross-sector collaboration and leadership commitment," stated Slamet Aji Pamungkas, Deputy IV of BSSN.
Move beyond compliance: Use regulations as a baseline but set your aspirations higher. Anticipate the next threat rather than simply reacting to the last one.
Drill to thrill: Implement regular, rigorous cyber drills across your organisation to test people, processes, and technology. Identify gaps proactively and fix them before an attacker does.
Share and collaborate: Break down silos. Actively participate in information-sharing initiatives and cross-sector collaborations, such as the Gerakan Nasional Ketahanan Siber. "Sharing of information and learning from others' mistakes is much cheaper and more effective than you making the mistake and you learning for yourself," Dannacher concludes.
The window of opportunity for proactive resilience is now. The CISO's job in 2026 is no longer about building impenetrable walls but about creating a culture of vigilance, a strategy for rapid recovery, and an ecosystem of collaboration.
The question is not if you will be breached, but how quickly your organisation—and the nation—can recover and continue to thrive.
