Cybercrime has become a major transnational threat, with ransomware and malware posing serious risks to individuals, governments, and critical infrastructure. The urgency of addressing these threats is reflected in initiatives by countries such as the United States and the European Union through regulations such as the Strengthening American Cybersecurity Act and the EU Cyber Resilience Act, which adopt proactive, risk-based approaches. Indonesia, to date, still lacks a comprehensive legal framework in this field. The inclusion of the Cybersecurity and Cyber Resilience Bill (RUU KKS) in the 2025 National Legislation Program represents a highly crucial step. This study employs a normative juridical method with a descriptive-analytical approach to examine the urgency of cybersecurity regulation, particularly in addressing complex threats such as Cybercrime-as-a-Service (CaaS) and the increasing sophistication of cyberattacks, including those enhanced by artificial intelligence. The main recommendations include the need for a national law that ensures institutional coordination, establishes digital infrastructure security standards, mandates incident reporting, and enhances human resource capacity. Such legislation should also promote collaboration among government, the private sector, academia, and civil society. By adopting a forward-looking legal framework, Indonesia can better protect critical infrastructure, strengthen cyber resilience, and reduce vulnerabilities within the digital ecosystem.
Ramli et al. (Tue,) studied this question.