Evaluating Bank DJX's Cybersecurity Maturity Level from Indonesia's Regulatory Perspective
DOI:
https://doi.org/10.56873/jitu.8.1.6019Keywords:
Digital bank; POJK PTI; SEOJK; maturity level; risk assessment.Abstract
In the digitalization era of banking, cybersecurity has become a critical priority as the frequency and sophistication of cyber-attacks rise. This study evaluates Bank DJX's cybersecurity maturity (a pseudonym), focusing on compliance with POJK PTI and SEOJK regulations on cyber resilience in commercial banks. Using a qualitative approach, it assesses inherent cybersecurity risks and the effectiveness of risk management. Findings show a maturity score of 2.1, indicating effective and satisfactory practices, alongside an inherent risk score of 1.9 with a narrow gap (+0.20), suggesting that while current controls address existing threats, the capacity to manage emerging risks remains limited without further enhancements. Given the rapidly evolving threat landscape, continuous improvement is essential. Aligned with recommendations, Bank DJX is well-positioned to strengthen its cybersecurity resilience to meet regulatory demands and proactively address future threats. This study offers empirical insights into cybersecurity practices in Indonesia's digital banking sector, underscoring the importance of regulatory compliance and proactive risk management.
References
[1] Accenture, The Future of Banking: It’s Time for a Change of Perspective, Dublin, Ireland, 2021.
[2] Deloitte, Digital Banking Maturity 2022, London, UK, 2022. [Online]. Available: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/financial-services/us-digital-banking-maturity-report-sep-22.pdf
[3] IBM, AI in Banking: Transforming Financial Services, Armonk, NY, USA, 2021. [Online]. Available: https://www.ibm.com/think/topics/ai-in-banking
[4] PwC- Cloud for Financial Services, Cloud is the Engine Required to Drive the Next Wave of Innovation within Financial Services, London, UK, 2023.
[5] Olivér Gulyás, Gábor Kiss, Impact of cyber-attacks on the financial institutions, Procedia Computer Science, Volume 219, 2023, Pages 84-90, ISSN 1877-0509.
[6] Verizon, 2025 Data Breach Investigations Report, Verizon Enterprise Solutions, 2025.
[7] Oyewole, Adedoyin & Okoye, Chinwe & Ugochukwu, Chinonye. (2024). Cybersecurity risks in online banking: A detailed review and preventive strategies applicatio. World Journal of Advanced Research and Reviews. 21. 625-643.
[8] Birindelli, G., Iannuzzi, A.P. (2025). The Systemic Importance of Cyber Risk in Banks. In: Pacelli, V. (eds) Systemic Risk and Complex Networks in Modern Financial Systems. New Economic Windows. Springer.
[9] Lasini Liyanage, Nalin Arachchilage, Giovanni Russello, A Novel Framework to Assess Cybersecurity Capability Maturity, arXiv:2504.01305, 2025, doi: https://doi.org/10.48550/arXiv.2504.01305. [Online]. Available: https://arxiv.org/abs/2504.01305
[10] The World Bank, Financial Sector's Cybersecurity: A Regulatory Digest, Washington, DC, USA, 2020.
[11] World Economic Forum, Global Cybersecurity Outlook 2023, Geneva, Switzerland, 2023. [Online]. Available: https://www.weforum.org/reports/global-cybersecurity-outlook-2023/
[12] World Economic Forum, Safeguarding central bank digital currency systems in the post-quantum computing age, Geneva, Switzerland, 2024.
[13] Otoritas Jasa Keuangan (OJK), Peraturan OJK No.11/POJK.03/2022 tentang Penyelenggaraan Teknologi Informasi oleh Bank Umum, Jakarta, Indonesia, 2022.
[14] Otoritas Jasa Keuangan (OJK), Surat Edaran OJK No.29/SEOJK.03/2022 tentang Ketahanan dan Keamanan Siber Bagi Bank Umum, Jakarta, Indonesia, 2022.
[15] Gülçin Büyüközkan, Merve Güler, Cybersecurity maturity model: Systematic literature review and a proposed model, Elsivier Technological Forecasting and Social Change, Volume 213, 2025, 123996, ISSN 0040-1625.
[16] National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, Gaithersburg, MD, USA, 2018.
[17] J. G. Alayo, P. N. Mendoza, J. Armas-Aguirre and J. M. Molina, "Cybersecurity maturity model for providing services in the financial sector in Peru," 2021 Congreso Internacional de Innovación y Tendencias en Ingeniería (CONIITI), Bogotá, Colombia, 2021, pp. 1-4
[18] Yigit Ozkan, B., van Lingen, S., & Spruit, M. (2021). The Cybersecurity Focus Area Maturity (CYSFAM) Model. Journal of Cybersecurity and Privacy, 1(1), 119-139. https://doi.org/10.3390/jcp1010007
[19] Watkins, Lanier, and John S. Hurley. "The Next Generation of Scientific-Based Risk Metrics: Measuring Cyber Maturity," International Journal of Cyber Warfare and Terrorism (IJCWT) 6, no.3: 43-52.
[20] M. Perdana Karim, Archandra Viryasatya Sugama, 2023, Cyber Security Landscape of Indonesia's Banking and Financial Sector 2022, Center for Digital Society, Yogyakarta, Indonesia.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Journal of Information Technology and Its Utilization
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The proposed policy for journals that offer open access
Authors who publish with this journal agree to the following terms:
- Copyright on any article is retained by the author(s).
- Author grant the journal, right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
- The article and any associated published material is distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
