The rapid advancement of Information and Communication Technology (ICT) has revolutionized how individuals and businesses interact, but it has also increased the risk of data breaches, leading to serious financial and reputational consequences. In Indonesia, several high-profile data breach incidents, such as those involving Bank Syariah Indonesia (2023), BPJS Kesehatan (2021), and Tokopedia (2020), have exposed sensitive personal information, highlighting the need for stronger data protection mechanisms. The Indonesian government has responded by enacting the Law Number 27 of 2022 on Personal Data Protection (UU PDP) to safeguard citizens' data and ensure accountability for violations. However, many companies struggle to comply with these regulations due to inadequate data security measures. This paper aims to examine the role of cyber insurance as an effective risk mitigation tool to help businesses manage financial losses from data breaches and comply with the UU PDP. The research uses a normative legal approach, analyzing primary and secondary legal materials. It also adopts a comparative approach by exploring how California’s AB 2320 mandates cyber insurance and assesses its applicability in Indonesia. The findings suggest that cyber insurance provides a safety net for businesses, covering costs related to legal liabilities, data recovery, and regulatory fines. Introducing mandatory cyber insurance in Indonesia similar to California's model could enhance corporate compliance with data protection laws while simultaneously reducing the financial burden of cyberattacks.