Bridging the Gap Between Policy and Practice: Evaluating Indonesia’s Cybersecurity Regulatory Framework (2020–2023)

Indonesia's rapid digital transformation has heightened its exposure to cybersecurity threats, prompting the introduction of several national policies aimed at enhancing cyber resilience. This study evaluates the effectiveness of three key regulations—Peraturan BSSN No.8/2020, Perpres 82/2022, and Perpres 47/2023—through a qualitative policy analysis framework. Data were drawn from national cyber incident statistics, regulatory documents, and secondary literature. Methodologically, the study applies qualitative frameworks and correlates policy timelines with cyber incident volumes between 2020 and 2023. Statistical tools, including time-series and regression analyses, are used to determine regulatory impacts on threat reduction. Findings reveal that while the regulations establish a strong structural foundation, implementation remains weak. Cyber incidents continued to rise post-regulation, and key challenges such as agency fragmentation, underinvestment (0.02% of GDP), and limited stakeholder collaboration persist. Case studies, including breaches at Dukcapil and Imigrasi, underscore the urgent need for better enforcement and inter-agency coordination. Comparative analysis with regional peers like Singapore highlights further room for improvement in governance and public-private synergy. The study concludes that Indonesia’s cybersecurity policies are directionally sound but require systemic reforms, centralized coordination, and investment scaling to achieve tangible outcomes. These insights contribute to the literature on regulatory effectiveness and cyber governance in emerging economies