Cyber Insurance as a Risk Mitigation Tool and Company Compliance Instrument with Indonesia's Personal Data Protection Law

Authors

  • Farras Achmad Joenaedi University of Pembangunan Nasional Veteran Jakarta
  • Dwi Desi Yayi Tarina University of Pembangunan Nasional Veteran Jakarta

DOI:

https://doi.org/10.29303/ulrev.v8i2.380

Keywords:

Cyber Insurance, Personal Data Protections, Risk Mitigation.

Abstract

The rapid advancement of Information and Communication Technology (ICT) has revolutionized how individuals and businesses interact, but it has also increased the risk of data breaches, leading to serious financial and reputational consequences. In Indonesia, several high-profile data breach incidents, such as those involving Bank Syariah Indonesia (2023), BPJS Kesehatan (2021), and Tokopedia (2020), have exposed sensitive personal information, highlighting the need for stronger data protection mechanisms. The Indonesian government has responded by enacting the Law Number 27 of 2022 on Personal Data Protection (UU PDP) to safeguard citizens' data and ensure accountability for violations. However, many companies struggle to comply with these regulations due to inadequate data security measures. This paper aims to examine the role of cyber insurance as an effective risk mitigation tool to help businesses manage financial losses from data breaches and comply with the UU PDP. The research uses a normative legal approach, analyzing primary and secondary legal materials. It also adopts a comparative approach by exploring how California AB 2320 mandates cyber insurance and assesses its applicability in Indonesia. The findings suggest that cyber insurance provides a safety net for businesses, covering costs related to legal liabilities, data recovery, and regulatory fines. Introducing mandatory cyber insurance in Indonesia similar to California's model could enhance corporate compliance with data protection laws while simultaneously reducing the financial burden of cyberattacks.

References

Books

Achmad Ali. (2012). Menguak Teori Hukum (Legal Theory) dan Teori Peradilan (Judicialprudence) Termasuk Interpretasi Undang-Undang (Legisprudence). Jakarta: Kencana.

Coburn, A., Leverett, E., & Woo, G. (2018). Solving cyber risk: protecting your company and society. John Wiley & Sons, hlm. 47.

Irwansyah. (2013). Jejak Demokrasi Lingkungan dalam Undang-Undang Nomor 32 Tahun 2009 Jurnal Ilmu Hukum Amanna Gappa, 21(2): 121-131.

Muhammad D. (2023). Pertanggungjawaban Hukum PT Tokopedia Terhadap Kebocoran Data Pribadi. Doctoral dissertation, Institut Agama Islam Negeri (IAIN) Polopo, Sulawesi Selatan, hlm. 58.

Radiansyah, A., Baroroh, N., Fatmah, F., Hulu, D., Syamil, A., Siswanto, A., & Nugroho, F. (2023). Manajemen Risiko Perusahaan: Teori & Studi Kasus. PT. Sonpedia Publishing Indonesia.

Sulianta, F. (2020). Literasi digital, riset dan perkembangannya dalam perspektif social studies. Feri Sulianta. Jakarta: Feri Sulianta, hlm. 20.

Silalahi, F. D. (2022). Keamanan Cyber (Cyber Security). Jakarta: Yayasan Prima Agus Teknik.

Articles

Furnell, S., Heyburn, H., Whitehead, A., & Shah, J. N. (2020). Understanding the full cost of cyber security breaches. Computer fraud & security, 2020(12), 6-12. https://doi.org/10.1016/S1361-3723(20)30127-5

Husna, A. H. (2024). Corporate Communication Literacy in Protecting Consumer Privacy Data. JURNAL SIMBOLIKA Research and Learning in Communication Study, 10(1). https://doi.org/10.31289/simbolika.v10i1.10763

Kelsen, H. (2005). General Theory of Law and State (1st ed.). Routledge. https://doi.org/10.4324/9780203790960

Prasetyo, T., & Sinambela, J. S. (2023). Penerapan Sanksi Administrasi Dan Sanksi Pidana Terhadap Pencurian Data Pribadi Perspektif Teori Keadilan Bermartabat. Spektrum Hukum, 20(1), 58-69. http://dx.doi.org/10.56444/sh.v20i1.3663

Priliasari, E. (2023). Perlindungan Data Pribadi Konsumen Dalam Transaksi E-Commerce. Jurnal Rechts Vinding: Media Pembinaan Hukum Nasional, 12(2), 20. http://dx.doi.org/10.33331/rechtsvinding.v12i2.1285

Ramadhani, F. (2023). Dinamika UU ITE Sebagai Hukum Positif Di Indonesia Guna Meminimalisir Kejahatan Siber. Kultura: Jurnal Ilmu Hukum, Sosial, Dan Humaniora, 1(1), 89-97. https://doi.org/10.572349/kultura.v1i1.98

Shu, X., Tian, K., Ciambrone, A., & Yao, D. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv preprint arXiv:1701.04940. https://doi.org/10.48550/arXiv.1701.04940

Talesh, S. A. (2018). Data breach, privacy, and cyber insurance: How insurance companies act as compliance managers for businesses. Law & Social Inquiry, 43(2), 417-440. https://doi.org/10.1111/lsi.12303

Tanjung, F., Dania, A. P., Saputri, A. D., Sumbayak, D., Ramadhani, N., Bangun, S. K. B., & Nainggolan, L. B. (2024). Pengaruh Keberadaan Amerika Di Akhir Abad Ke-20 Sampai Awal Abad Ke-21, Holistik Analisis Nexus, 1(6). https://doi.org/10.62504/zt1wra81

Teichmann, F. M. J., & Wittmann, C. (2023). When is a law firm liable for a data breach? An exploration into the legal liability of ransomware and cybersecurity. Journal of Financial Crime, 30(6), 1491-1498. https://doi.org/10.1108/JFC-04-2022-009

van Asselt, M. B. A., & Vos, E. (2006). The precautionary principle and the uncertainty paradox. Journal of Risk Research, 9(4), 313-336. https://doi.org/10.1080/13669870500175063

Yudistira, M., & Ramadani, R. (2023). Tinjauan Yuridis Terhadap Efektivitas Penanganan Kejahatan Siber Terkait Pencurian Data Pribadi Menurut Undang-Undang No. 27 Tahun 2022 oleh KOMINFO. UNES Law Review, 5(4), 3917-3929. https://doi.org/10.31933/unesrev.v5i4.698

Law

The Constitution of the Republic of Indonesia 1945.

Law Number 27 of 2022 on Personal Data Protection (Lembaran Negara Tahun 2022 Nomor 196, Tambahan Lembaran Negara Negara Nomor 6820).

Law Number 40 of 2014 on Insurance (Lembaran Negara Republik Indonesia Tahun 2014 Nomor 337, Tambahan Lembaran Negara Republik Indonesia Nomor 5618).

Law Number 4 of 2023 on Development and Strengthening of the Financial Sector.

Websites

Yudistira, M., & Ramadani, R. (2023). Tinjauan Yuridis Terhadap Efektivitas Penanganan Kejahatan Siber Terkait Pencurian Data Pribadi Menurut Undang-Undang No. 27 Tahun 2022 oleh KOMINFO. UNES Law Review, 5(4), 3917-3929. https://doi.org/10.31933/unesrev.v5i4.698

APA ITU Perlindungan Data?: Microsoft Security. Apa itu Perlindungan Data? | Microsoft Security. (n.d.). https://www.microsoft.com/id-id/security/business/security-101/what-is-data-protection accessed on 3 September 2024.

Asmaaysi, A. (2023, May 14). Kronologi Nasabah BSI Kehilangan Tabungan RP378,25 Juta Hingga konfirmasi bris. Bisnis.com. https://finansial.bisnis.com/read/20230514/90/1655744/kronologi-nasabah-bsi-kehilangan-tabungan-rp37825-juta-hingga-konfirmasi-bris accessed on 3 September 2024.

British Broadcasting Corporation. (2012). Noken Papua Mendapat Pengakuan UNESCO. Available from: http://www.bbc.co.uk/indonesia/berita_indonesia/2012/12/121205_noken_unesco. [Accessed May 16, 2015].

Dancor. (2023, June 24). Dampak Besar kebocoran data TERHADAP Reputasi Perusahaan. Hypernet. https://www.hypernet.co.id/id/2023/06/24/dampak-besar-kebocoran-data-terhadap-reputasi-perusahaan/ accessed on September 26, 2024.

Ginanjar, R. P. A. (2024, August 30). Jejak Persaingan Shopee Dengan Tokopedia, Siapa Penguasa Pasar e-commerce Ri Saat Ini?. Tempo. https://bisnis.tempo.co/read/1910326/jejak-persaingan-shopee-dengan-tokopedia-siapa-penguasa-pasar-e-commerce-ri-saat-ini accessed on September 21, 2024.

Indonesia masuk 10 Negara dengan kebocoran data terbesar: Databoks. Pusat Data Ekonomi dan Bisnis Indonesia. (2024, June 28). https://databoks.katadata.co.id/teknologi-telekomunikasi/statistik/cc5473708a4f8dc/indonesia-masuk-10-negara-dengan-kebocoran-data-terbesar accessed on 3 September 2024.

Kronologi Lengkap 91 Juta Akun Tokopedia Bocor Dan Dijual. Teknologi. (2020, May 3). https://www.cnnindonesia.com/teknologi/20200503153210-185-499553/kronologi-lengkap-91-juta-akun-tokopedia-bocor-dan-dijual accessed on 3 September 2024.

PricewaterhouseCoopers. (n.d.). One in four companies globally have suffered a data breach that cost them US$1 - 20 million or more in the past three years. PwC. https://www.pwc.com/id/en/media-centre/press-release/2022/english/one-in-four-companies-globally-have-suffered-a-data-breach-that-cost-them-usd-1-20-million-or-more-in-the-past-three-years.html accessed on October 25, 2024.

Sari, N. P. (n.d.). Data BPJS Kesehatan Diduga Bocor, Menteri Tjahjo Dukung Kemkominfo Usut Tuntas. Kementerian Pendayagunaan Aparatur Negara dan Reformasi Birokrasi. https://www.menpan.go.id/site/berita-terkini/data-bpjs-kesehatan-diduga-bocor-menteri-tjahjo-dukung-kemkominfo-usut-tuntas accessed on 3 September 2024.

Telkomsel, operator Seluler Terbesar Dengan Layanan Digital Terdepan. Ekonomi. (2024, July 9). https://www.cnnindonesia.com/ekonomi/20240708153421-97-1118865/telkomsel-operator-seluler-terbesar-dengan-layanan-digital-terdepan accessed on September 21, 2024.

Downloads

Published

2024-10-30

How to Cite

Joenaedi, F. A., & Tarina, D. D. Y. . (2024). Cyber Insurance as a Risk Mitigation Tool and Company Compliance Instrument with Indonesia’s Personal Data Protection Law. Unram Law Review, 8(2). https://doi.org/10.29303/ulrev.v8i2.380

Issue

Vol. 8 No. 2 (2024): Unram Law Review(ULREV)

Section

Articles

License

Copyright (c) 2024 Farras Achmad Joenaedi, Dwi Desi Yayi Tarina

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Copyright holder by Author