Skip to main navigation menu Skip to main content Skip to site footer
https://unramlawreview.unram.ac.id/index.php/ulrev

Articles

Vol. 8 No. 2 (2024): Unram Law Review(ULREV)

Cyber Insurance as a Risk Mitigation Tool and Company Compliance Instrument with Indonesia's Personal Data Protection Law

DOI
https://doi.org/10.29303/ulrev.v8i2.380
Submitted
October 21, 2024
Published
2024-10-30

Abstract

The rapid advancement of Information and Communication Technology (ICT) has revolutionized how individuals and businesses interact, but it has also increased the risk of data breaches, leading to serious financial and reputational consequences. In Indonesia, several high-profile data breach incidents, such as those involving Bank Syariah Indonesia (2023), BPJS Kesehatan (2021), and Tokopedia (2020), have exposed sensitive personal information, highlighting the need for stronger data protection mechanisms. The Indonesian government has responded by enacting the Law Number 27 of 2022 on Personal Data Protection (UU PDP) to safeguard citizens' data and ensure accountability for violations. However, many companies struggle to comply with these regulations due to inadequate data security measures. This paper aims to examine the role of cyber insurance as an effective risk mitigation tool to help businesses manage financial losses from data breaches and comply with the UU PDP. The research uses a normative legal approach, analyzing primary and secondary legal materials. It also adopts a comparative approach by exploring how California’s AB 2320 mandates cyber insurance and assesses its applicability in Indonesia. The findings suggest that cyber insurance provides a safety net for businesses, covering costs related to legal liabilities, data recovery, and regulatory fines. Introducing mandatory cyber insurance in Indonesia similar to California's model could enhance corporate compliance with data protection laws while simultaneously reducing the financial burden of cyberattacks.

References

  1. Books
  2. Achmad Ali. (2012). Menguak Teori Hukum (Legal Theory) dan Teori Peradilan (Judicialprudence) Termasuk Interpretasi Undang-Undang (Legisprudence). Jakarta: Kencana.
  3. Coburn, A., Leverett, E., & Woo, G. (2018). Solving cyber risk: protecting your company and society. John Wiley & Sons, hlm. 47.
  4. Irwansyah. (2013). “Jejak Demokrasi Lingkungan dalam Undang-Undang Nomor 32 Tahun 2009” Jurnal Ilmu Hukum Amanna Gappa, 21(2): 121-131.
  5. Muhammad D. (2023). Pertanggungjawaban Hukum PT Tokopedia Terhadap Kebocoran Data Pribadi. Doctoral dissertation, Institut Agama Islam Negeri (IAIN) Polopo, Sulawesi Selatan, hlm. 58.
  6. Radiansyah, A., Baroroh, N., Fatmah, F., Hulu, D., Syamil, A., Siswanto, A., & Nugroho, F. (2023). Manajemen Risiko Perusahaan: Teori & Studi Kasus. PT. Sonpedia Publishing Indonesia.
  7. Sulianta, F. (2020). Literasi digital, riset dan perkembangannya dalam perspektif social studies. Feri Sulianta. Jakarta: Feri Sulianta, hlm. 20.
  8. Silalahi, F. D. (2022). Keamanan Cyber (Cyber Security). Jakarta: Yayasan Prima Agus Teknik.
  9. Articles
  10. Furnell, S., Heyburn, H., Whitehead, A., & Shah, J. N. (2020). Understanding the full cost of cyber security breaches. Computer fraud & security, 2020(12), 6-12. https://doi.org/10.1016/S1361-3723(20)30127-5
  11. Husna, A. H. (2024). Corporate Communication Literacy in Protecting Consumer’s Privacy Data. JURNAL SIMBOLIKA Research and Learning in Communication Study, 10(1). https://doi.org/10.31289/simbolika.v10i1.10763
  12. Kelsen, H. (2005). General Theory of Law and State (1st ed.). Routledge. https://doi.org/10.4324/9780203790960
  13. Prasetyo, T., & Sinambela, J. S. (2023). Penerapan Sanksi Administrasi Dan Sanksi Pidana Terhadap Pencurian Data Pribadi Perspektif Teori Keadilan Bermartabat. Spektrum Hukum, 20(1), 58-69. http://dx.doi.org/10.56444/sh.v20i1.3663
  14. Priliasari, E. (2023). Perlindungan Data Pribadi Konsumen Dalam Transaksi E-Commerce. Jurnal Rechts Vinding: Media Pembinaan Hukum Nasional, 12(2), 20. http://dx.doi.org/10.33331/rechtsvinding.v12i2.1285
  15. Ramadhani, F. (2023). Dinamika UU ITE Sebagai Hukum Positif Di Indonesia Guna Meminimalisir Kejahatan Siber. Kultura: Jurnal Ilmu Hukum, Sosial, Dan Humaniora, 1(1), 89-97. https://doi.org/10.572349/kultura.v1i1.98
  16. Shu, X., Tian, K., Ciambrone, A., & Yao, D. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv preprint arXiv:1701.04940. https://doi.org/10.48550/arXiv.1701.04940
  17. Talesh, S. A. (2018). Data breach, privacy, and cyber insurance: How insurance companies act as “compliance managers” for businesses. Law & Social Inquiry, 43(2), 417-440. https://doi.org/10.1111/lsi.12303
  18. Tanjung, F., Dania, A. P., Saputri, A. D., Sumbayak, D., Ramadhani, N., Bangun, S. K. B., & Nainggolan, L. B. (2024). Pengaruh Keberadaan Amerika Di Akhir Abad Ke-20 Sampai Awal Abad Ke-21, Holistik Analisis Nexus, 1(6). https://doi.org/10.62504/zt1wra81
  19. Teichmann, F. M. J., & Wittmann, C. (2023). When is a law firm liable for a data breach? An exploration into the legal liability of ransomware and cybersecurity. Journal of Financial Crime, 30(6), 1491-1498. https://doi.org/10.1108/JFC-04-2022-009
  20. van Asselt, M. B. A., & Vos, E. (2006). The precautionary principle and the uncertainty paradox. Journal of Risk Research, 9(4), 313-336. https://doi.org/10.1080/13669870500175063
  21. Yudistira, M., & Ramadani, R. (2023). Tinjauan Yuridis Terhadap Efektivitas Penanganan Kejahatan Siber Terkait Pencurian Data Pribadi Menurut Undang-Undang No. 27 Tahun 2022 oleh KOMINFO. UNES Law Review, 5(4), 3917-3929. https://doi.org/10.31933/unesrev.v5i4.698
  22. Law
  23. The Constitution of the Republic of Indonesia 1945.
  24. Law Number 27 of 2022 on Personal Data Protection (Lembaran Negara Tahun 2022 Nomor 196, Tambahan Lembaran Negara Negara Nomor 6820).
  25. Law Number 40 of 2014 on Insurance (Lembaran Negara Republik Indonesia Tahun 2014 Nomor 337, Tambahan Lembaran Negara Republik Indonesia Nomor 5618).
  26. Law Number 4 of 2023 on Development and Strengthening of the Financial Sector.
  27. Websites
  28. Yudistira, M., & Ramadani, R. (2023). Tinjauan Yuridis Terhadap Efektivitas Penanganan Kejahatan Siber Terkait Pencurian Data Pribadi Menurut Undang-Undang No. 27 Tahun 2022 oleh KOMINFO. UNES Law Review, 5(4), 3917-3929. https://doi.org/10.31933/unesrev.v5i4.698
  29. APA ITU Perlindungan Data?: Microsoft Security. Apa itu Perlindungan Data? | Microsoft Security. (n.d.). https://www.microsoft.com/id-id/security/business/security-101/what-is-data-protection accessed on 3 September 2024.
  30. Asmaaysi, A. (2023, May 14). Kronologi Nasabah BSI Kehilangan Tabungan RP378,25 Juta Hingga konfirmasi bris. Bisnis.com. https://finansial.bisnis.com/read/20230514/90/1655744/kronologi-nasabah-bsi-kehilangan-tabungan-rp37825-juta-hingga-konfirmasi-bris accessed on 3 September 2024.
  31. British Broadcasting Corporation. (2012). Noken Papua Mendapat Pengakuan UNESCO. Available from: http://www.bbc.co.uk/indonesia/berita_indonesia/2012/12/121205_noken_unesco. [Accessed May 16, 2015].
  32. Dancor. (2023, June 24). Dampak Besar kebocoran data TERHADAP Reputasi Perusahaan. Hypernet. https://www.hypernet.co.id/id/2023/06/24/dampak-besar-kebocoran-data-terhadap-reputasi-perusahaan/ accessed on September 26, 2024.
  33. Ginanjar, R. P. A. (2024, August 30). Jejak Persaingan Shopee Dengan Tokopedia, Siapa Penguasa Pasar e-commerce Ri Saat Ini?. Tempo. https://bisnis.tempo.co/read/1910326/jejak-persaingan-shopee-dengan-tokopedia-siapa-penguasa-pasar-e-commerce-ri-saat-ini accessed on September 21, 2024.
  34. Indonesia masuk 10 Negara dengan kebocoran data terbesar: Databoks. Pusat Data Ekonomi dan Bisnis Indonesia. (2024, June 28). https://databoks.katadata.co.id/teknologi-telekomunikasi/statistik/cc5473708a4f8dc/indonesia-masuk-10-negara-dengan-kebocoran-data-terbesar accessed on 3 September 2024.
  35. Kronologi Lengkap 91 Juta Akun Tokopedia Bocor Dan Dijual. Teknologi. (2020, May 3). https://www.cnnindonesia.com/teknologi/20200503153210-185-499553/kronologi-lengkap-91-juta-akun-tokopedia-bocor-dan-dijual accessed on 3 September 2024.
  36. PricewaterhouseCoopers. (n.d.). One in four companies globally have suffered a data breach that cost them US$1 - 20 million or more in the past three years. PwC. https://www.pwc.com/id/en/media-centre/press-release/2022/english/one-in-four-companies-globally-have-suffered-a-data-breach-that-cost-them-usd-1-20-million-or-more-in-the-past-three-years.html accessed on October 25, 2024.
  37. Sari, N. P. (n.d.). Data BPJS Kesehatan Diduga Bocor, Menteri Tjahjo Dukung Kemkominfo Usut Tuntas. Kementerian Pendayagunaan Aparatur Negara dan Reformasi Birokrasi. https://www.menpan.go.id/site/berita-terkini/data-bpjs-kesehatan-diduga-bocor-menteri-tjahjo-dukung-kemkominfo-usut-tuntas accessed on 3 September 2024.
  38. Telkomsel, operator Seluler Terbesar Dengan Layanan Digital Terdepan. Ekonomi. (2024, July 9). https://www.cnnindonesia.com/ekonomi/20240708153421-97-1118865/telkomsel-operator-seluler-terbesar-dengan-layanan-digital-terdepan accessed on September 21, 2024.