Growth in Southeast Asian insurance markets has been outpacing GDP growth in recent years[1], but the region’s insurance penetration rate remains stubbornly low, at less than half the global average.[2] Across the risk landscape, protection gaps in natural-catastrophe losses loom large, and low penetration in Indonesia – the focus of this article – also endangers a fast-growing digital economy in which the extent and maturity of cyber protection and cyber cover is not keeping pace with the country’s rapid digitalisation.
Measured as the ratio of gross written premiums (GWP) to GDP, penetration sits at around 3% across Southeast Asia, with many member states of the Association of Southeast Asian Nations (ASEAN) showing even lower rates.[3] Whilst Singapore is a notable exception in the region, with rates close to 10%, Indonesia’s penetration rate is much lower than the ASEAN-six average[4][5], and ranks sixth among all ASEAN nations.[6]
Although persistently low insurance-penetration rates have failed to keep up with economic growth, high premium growth in low-penetration nations such as Vietnam, Indonesia and the Philippines suggests plenty of potential for growth, especially in cyber cover. However, as management consultancy firm Bain & Company notes, successful re-insurers in Southeast Asia are likely to be the ones that invest only in markets that play to their core strengths, whilst simultaneously understanding which markets to avoid.
The JENOA view: why is Southeast Asia becoming more vulnerable?
Before we zero in on the growing cyber risks in Indonesia, it is helpful to view its risk landscape in the context of the wider Southeast Asian region. To a certain extent, Southeast Asia’s protection gap is a function of its rapid economic growth and rising asset value, but there are fast-growing vulnerabilities in the region as losses rise.
Economic losses from natural catastrophes in Asia in 2024 amounted to approximately USD 80 billion, but only around USD 13 billion of those losses were covered by insurance[7]. Indeed, the protection gap in some Asian countries exceeds 80%, compared to a global average of just below 45%[8]. Despite accounting for more than one-third of global growth over the past few years, the insurance penetration rate has not kept pace with economic growth.
Southeast Asian businesses are also becoming increasingly vulnerable to targeted attacks from organised cybercriminal enterprises because the region hosts many digitally advanced economies that rely heavily on cloud services to support large, often complex, supply chains. The fast pace of digital adoption has led to widespread reliance on cloud, IoT and automation, and this has dramatically outpaced any corresponding investment in cybersecurity. Vulnerabilities are often exacerbated by the use of global third-party providers, and indeed, global consulting firm PWC reports that over 50% of Asia-Pacific organisations list cloud-related vulnerabilities among their three biggest cybersecurity anxieties.[9]
Cybercrime in Southeast Asia is thought to have incurred losses in the region of around US$ 40 billion in 2023[10], and globally, the cost of cybercrime in 2025 is estimated to be in the region of over US$ 10 trillion, according to cybersecurity experts, Cybersecurity Ventures[11], with around 60% of SMEs suffering ransomware attacks[12].
Cyber-insurance country focus: can Indonesia overcome its systemic risk?
From a corporate and SME perspective, under-penetration and under-insurance can lead to existential vulnerabilities, and yet in Indonesia, fewer than 3% of SMEs have cover in place[13]. That vulnerability is significant, because the sector accounts for over 60% of the country’s GDP and employs more than 90% of its workforce.[14] Organisations without cover face considerable challenges in disaster recovery because they depend on their own resources to overcome cyber incidents, which can often lead to revenue loss or failure. Perhaps even more concerning is that over half of SMEs in the country have no disaster-recovery plan at all.[15]
A lack of awareness of cyber-cover among the country’s SMEs persists, and recent surveys suggest that just 15% of SMEs appreciate the overriding need for such cover. As the digital attack surface continues to grow, with digitalisation dramatically outpacing penetration rates, there is a growing need for enhanced education from the re-insurance industry and government to help close the country’s protection gap Organisations with a clearer understanding of data-breach reporting rules, reporting thresholds and the correct reporting gateways have a better chance of mitigating data breaches whilst maintaining compliance.[16]
Despite the fact that the SME sector is the country’s primary economic force, many SMEs lack access to easily scalable cybersecurity protection, which perhaps helps explain why just 11% of SMEs surveyed in the country report achieving mature levels of cybersecurity readiness[17]. Without adequate insurance cover, this makes them vulnerable to attack.
Those attacks are on the rise. As reported by the United Nations Office on Drugs & Crime (UNODC), “organized crime groups are converging and exploiting vulnerabilities, and the evolving situation is rapidly outpacing governments’ capacity to contain it”. Ransomware incidents are growing by between 8% and 9% per annum, with over 5,000 victims in 2024 alone[18]. According to local risk-management experts, cyber-criminals are turning to encryption-based extortion to attack both corporate entities and SMEs[19]. In Q1 of 2024 alone, Indonesia’s businesses faced more than 40,000 so-called Distributed Denial of Service (DDoS) attacks[20], in which cybercriminals use botnets to inundate internet traffic, networks, and servers to disrupt critical online services[21].
Indonesian businesses face the risk of significant financial losses in the event of a successful attack. According to IBM’s Cost of a Data Breach report from 2024, average losses from data breaches in ASEAN member nations grew to more than US$ 3 million, a 7% increase from 2023. Losses incurred by the financial services sector, technology and industry – by far the three biggest targets by sector – were significantly higher[22].
How can JENOA help?
Re-insurers’ local knowledge can better facilitate Indonesian SMEs access scalable and affordable cyber cover.. J to help mitigate the risks faced by the country’s SME sector, the backbone of its economy. JENOA is well placed to provide market intelligence, local expertise, and support in structuring suitable cyber-cover solutions through partnerships in the region, and with ourexperience and coverage across multiple re-insurance hubs, the combination of global reach with local knowledge and expertise those partnerships can often prove effective and productive. .
Can Indonesia close the widening gap between digitalisation and security?
Although growth in the adoption of cyber cover among Indonesia’s SMEs looks impressive on the surface – demand is expected to drive premium growth of around 20% per annum to 2033[23] – rapid digital growth has not been accompanied by any meaningful corresponding growth in cybersecurity uptake or maturity. Where it exists, an over-reliance on global rather than local solutions means that breaches suffer delays in detection and response. According to market-intelligence firm, Ken Research, “the gap between digital innovation and cybersecurity readiness is growing fast. And it’s showing up in costly ways.”
Whilst increasing digitalisation will continue to contribute to demand for cyber cover in Indonesia, driving up penetration rates is key to closing the protection gap and to making the SME sector more robust and resilient. In that respect, the market looks like a promising prospect, especially where re-insurers can innovate to provide tailored or customisable products in local settings, but growth in adoption will likely depend on vastly improved regulatory and reporting standards, as well as more comprehensive and resilient cybersecurity defences.
Disclaimer: This article is for informational purposes only, and does not constitute insurance, reinsurance or financial advice. Readers should seek professional guidance according to their specific circumstances.
[1] https://vietnamnews.vn/economy/1729304/report-talks-up-insurance-sector-s-contribution-to-southeast-asia-https://www.theactuarymagazine.org/the-insurance-market-in-indonesia/#:~:text=The%20insurance%20penetration%20ratio%2C%20which%20is%20the,yet%20*%20Low%20awareness%20of%20the%20marketeconomy.html#:~:text=Speaking%20at%20a%20session%20at,pillar%20of%20long%2Dterm%2`0resilience.
[2] https://vietnamnews.vn/economy/1729304/report-talks-up-insurance-sector-s-contribution-to-southeast-asia-economy.html#:~:text=Speaking%20at%20a%20session%20at,pillar%20of%20long%2Dterm%20resilien
[3] www.prudentialplc.com/content/dam/prudential-plc/newsroom/though-leadership/beyond-coverage-the-social-and-economic-impact-of-insurance-in-asean/beyond-coverage-report.pdf
[4] https://insuranceasia.com/insurance/exclusive/indonesian-insurers-old-school-thinking-holds-back-sectorhttps://www.pwc.com/gx/en/issues/cybersecurity/global-digital-trust-insights/asia-pacific.html#:~:text=That%20said%2C%20even%20as%20organisations,also%20depend%20on%20cloud%20computing.
[5] https://www.theactuarymagazine.org/the-insurance-market-in-indonesia/#:~:text=The%20insurance%20penetration%20ratio%2C%20which%20is%20the,yet%20*%20Low%20awareness%20of%20the%20market
[6] https://insuranceasia.com/insurance/news/regulator-pushes-mergers-in-indonesia-amidst-premium-stagnation
[7] https://axaxl.com/fast-fast-forward/articles/rising-resilience-in-a-rapidly-growing-region
[8] https://axaxl.com/fast-fast-forward/articles/rising-resilience-in-a-rapidly-growing-region
[9] https://www.pwc.com/gx/en/issues/cybersecurity/global-digital-trust-insights/asia-pacific.html#:~:text=That%20said%2C%20even%20as%20organisations,also%20depend%20on%20cloud%20computing.
[10] https://www.forbes.com/councils/forbestechcouncil/2026/02/19/cyberattacks-in-asia-cybersecurity-lessons-to-be-learned-from-the-region/
[11] https://cybersecurityventures.com/official-cybercrime-report-2025/
[12] https://www.forbes.com/councils/forbestechcouncil/2026/02/19/cyberattacks-in-asia-cybersecurity-lessons-to-be-learned-from-the-region/
[13] https://en.antaranews.com/news/386805/indonesias-msmes-urged-to-adopt-insurance-for-business-resilience#:~:text=25th%20November%202025-,Jayapura%20Hospital%20reopens%20JKN%20services%20after%20new%20BPJS%20agreement,9th%20January%202026
[14] https://en.antaranews.com/news/386805/indonesias-msmes-urged-to-adopt-insurance-for-business-resilience#:~:text=25th%20November%202025-,Jayapura%20Hospital%20reopens%20JKN%20services%20after%20new%20BPJS%20agreement,9th%20January%202026
[15] https://en.antaranews.com/news/386805/indonesias-msmes-urged-to-adopt-insurance-for-business-resilience#:~:text=25th%20November%202025-,Jayapura%20Hospital%20reopens%20JKN%20services%20after%20new%20BPJS%20agreement,9th%20January%202026
[16] https://en.antaranews.com/news/386805/indonesias-msmes-urged-to-adopt-insurance-for-business-resilience#:~:text=25th%20November%202025-,Jayapura%20Hospital%20reopens%20JKN%20services%20after%20new%20BPJS%20agreement,9th%20January%202026
[17] https://cisometric.com/articles/cisco-9-out-of-10-companies-in-indonesia-cant-handle-modern-cyberattacks
[18] https://ligaasuransi.com/en/menavigasi-keamanan-siber-dan-asuransi-di-indonesia/#:~:text=CYFIRMA%20documented%204%2C723%20verified%20ransomware,emerged%20as%20a%20serious%20concern
[19] https://ligaasuransi.com/en/menavigasi-keamanan-siber-dan-asuransi-di-indonesia/#:~:text=CYFIRMA%20documented%204%2C723%20verified%20ransomware,emerged%20as%20a%20serious%20concern
[20] https://ligaasuransi.com/en/menavigasi-keamanan-siber-dan-asuransi-di-indonesia/#:~:text=CYFIRMA%20documented%204%2C723%20verified%20ransomware,emerged%20as%20a%20serious%20concern
[21] https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/
[22] https://www.computerweekly.com/news/366612788/IBM-Data-breach-cost-in-ASEAN-hits-new-high#:~:text=Published:%2007%20Oct%202024%207,than%20those%20that%20did%20not
[23] https://www.imarcgroup.com/indonesia-cyber-insurance-market
