
Situation Summary
Indonesia faces a sustained and intensifying cyber-security crisis overlaid on persistent conventional terrorism threats, creating a dual-layer risk environment for corporate operations and personnel. The 2025 ransomware attack on national data infrastructure and subsequent breaches of police and military systems have exposed critical vulnerabilities in government digital security, while attack volume remains elevated into 2026 (1.52 billion recorded intrusions in the first 4.5 months of the year). Political pressure and ongoing service disruptions compound instability, particularly in Jakarta and transport hubs. Conventional terrorism remains an active threat nationwide despite counter-terrorism operations.
Key Developments
- Jakarta / National – Indonesia's National Cyber and Crypto Agency (BSSN) reported 5.5 billion cyberattacks in 2025, a 714% increase over the 2020–2024 baseline, targeting government infrastructure, economy, and national security. Attack volume remains acute: 1.52 billion intrusions logged in the first 3.5 months of 2026 alone.
- Jakarta / Air & Port Access – The June 2025 Brain Cipher/LockBit 3.0 ransomware attack on the Temporary National Data Centre (PDN) crippled digital services for 210–300 central and local agencies; immigration autogates at four major airports (Soekarno-Hatta, Juanda, Kualanamu, Hang Nadim) and Batam/Nongsa ports were disrupted. Government refused ~US$8–11 million ransom; recovery and cyber-hardening efforts ongoing.
- Jakarta / Law Enforcement & Defence Data – National Police Indonesia Automatic Fingerprint Identification System (INAFIS) and Strategic Intelligence Agency (TNI-SI) were breached (June–July 2025), with fingerprint images, emails, and military data stolen. Exposes outdated security practices in sensitive law-enforcement and defence databases.
- National / Information Operations – Cyber campaigns increasingly combine system intrusions, data theft, online fraud, radical propaganda, and coordinated hoaxes. Officials frame disinformation and extremist content distribution as strategic national-security concerns amplified by cyber vectors.
- National / Policy Response – Government faces public and political pressure including calls for the communications and information minister to resign. Authorities are benchmarking national data-centre practices against Canada and India and undertaking cyber-defence institutional reviews.
- National / Terrorism Threat – UK foreign-travel advisory reiterates high likelihood of terrorist attacks in Indonesia, citing sustained Islamist extremism despite active counter-terrorism operations by Indonesian security forces.
- Events Signal – Recent event streams show government-sector disapprovals, military alerts, arrests/detentions, and public statements from institutional actors (Cabinet, schools, lecturers, religious figures) on 31 May–2 June, signalling institutional stress or policy contestation.
Highest-Risk Areas
Jakarta (55.5) dominates sub-national risk due to concentration of national government, financial systems, international transport, and cyber-attack targeting. South Sulawesi (37.3) follows, reflecting regional instability and extremist activity. Central Java, West Kalimantan, and West Nusa Tenggara (31.1–29) carry elevated scores linked to terrorism, organised crime, and resource-driven conflict. West Java and Banten (26.8–26.3) reflect proximity to Jakarta and transport corridors that concentrate both conventional and digital threats.
How GeoBit Would Assist
Security teams should employ Intel Sweep and multi-language OSINT (X/Twitter, Telegram, YouTube) to monitor government and extremist messaging for emerging policy changes or attack planning. Cyber threat intelligence and network-actor analysis paired with persistent AOI monitoring and alerting on Jakarta's critical infrastructure and airports provide early warning of digital or physical attack preparation. Routing & network analysis enables alternative journey and supply-chain planning in case of port or airport disruption linked to cyber or security incidents.
7-Day Outlook
No major policy shifts or acute incidents are signalled in the immediate 7-day window, but cyber-attack volume and disinformation campaigns will likely persist at elevated levels. Terrorism risk remains constant. Personnel and asset security should assume degraded government digital services, heightened airport screening delays, and information-environment volatility as baseline conditions.
Highest-Risk Areas — Ranked
| # | State / Region | Risk |
|---|---|---|
| 1 | Special capital Region of Jakarta | 55.5 |
| 2 | South Sulawesi | 37.3 |
| 3 | Central Java | 31.1 |
| 4 | West Kalimantan | 29.2 |
| 5 | West Nusa Tenggara | 29 |
| 6 | Special Region of Yogyakarta | 28.7 |
| 7 | East Java | 28.4 |
| 8 | Riau | 27.1 |
| 9 | West Java | 26.8 |
| 10 | Banten | 26.3 |
| 11 | South Sumatra | 26 |
| 12 | Central Sulawesi | 25.7 |
Previous Daily Briefs
A new Indonesia brief is written every day — each with its own risk map and downloadable CSV. Here's the last week; use the calendar to go further back.
📅 Browse every day by calendar →
Highlighted days have a brief. Tap a day for that day's map & analysis, or “csv” for that day's dataset ($5).