Fast Data Center Growth in Indonesia: The Rising Digital Risk

Indonesia’s cloud infrastructure is surging — but so are its digital vulnerabilities. As data center capacity skyrockets, the country faces increasingly serious risks to personal data security.

Skyrocketing Data Center Growth

• According to the Minister of Communication and Digital Affairs, Indonesia's data center capacity jumped from 190 MW in October 2024 to 290 MW by mid-2025 — a 52% increase in under a year. ANTARA News+1
• The Indonesian Digital Infrastructure Directorate reports there are now around 185 data centers with a total capacity of 274 MW, and its target is to exceed 2,000 MW by 2029. Infradigital
• PT DCI Indonesia (DCII) expanded its capacity from 83 MW (end of 2023) to 119 MW in 2024, including a new 36 MW data center in Cibitung (JK6). Teknologi Bisnis+1
• Meanwhile, Telkom Group aims to reach 400–500 MW of data center capacity by 2030, especially to support AI workloads. detikinet
• On the AI front, Indonesia’s “AI-ready” data center capacity is projected to reach 202 MW in 2024, and may increase by 268% in the coming years. Tekno Kompas

But with Growth Comes Risk

That growth is vital for the digital economy — but it's also exposing glaring security weaknesses.

Major Cyber Incident: Ransomware Hits National Data Center

• In June 2024, more than 40 government agencies were hit by a ransomware attack involving Lockbit 3.0, affecting immigration and airport services. Reuters
• The government later acknowledged that 98% of the data in one compromised data center was not backed up. Reuters+1
• President Joko Widodo ordered a full audit of data center governance and financial practices afterward. Reuters

High Stakes Data Exposure

• Public discussion (e.g., Reddit threads) suggests ongoing leaks: ~272 million records allegedly containing NIK (ID number), names, addresses, and other sensitive personal data have been shared on hacker forums. Reddit+1
• Reports on data leaks are not isolated: Redditors claim 79 separate data breach incidents between 2019 and 2023. Reddit

High Financial Cost

• According to users on Reddit, the national data center budget was reported to have a Rp 700 billion (~$45–50 million) allocation purely for operational and maintenance costs — raising concerns when paired with weak data backup practices. Reddit

Why These Vulnerabilities Exist

1. Rapid Scaling > Security Maturity: Capacity is increasing rapidly, but security practices seem to be lagging behind. Many public agencies and data centers may not yet have mature governance, backup, or incident response mechanisms.
2. Regulatory & Governance Gaps: There is growing pressure to strengthen enforcement of data protection laws. After the ransomware incident, the government promised stricter backup requirements — but consistent policies haven’t been fully implemented. Reuters
3. Talent Shortage: Skilled cybersecurity professionals (e.g., SOC analysts, cloud security engineers) are in limited supply in Indonesia, making it harder to maintain robust security in a rapidly scaling infrastructure.
4. Centralized Risk: Many data centers are still concentrated in Java or a few locations. A single successful cyberattack could disrupt services across many agencies simultaneously.

What Needs to Change — Now

To turn this vulnerable digital infrastructure into a secure engine for Indonesia’s future, several critical steps are needed:

• Mandatory Backups & Redundancy: Every government agency using data centers should be required to maintain off-site backups and disaster recovery plans.
• Independent Security Audits: External penetration testing and security assessments should be a regulatory requirement, not an option.
• Stronger Enforcement of Data Protection Laws: PDPA (Indonesia’s data protection law) enforcement must be meaningful — with real penalties and oversight.
• Invest in Cyber Talents: Universities, government, and the private sector must collaborate to train and deploy more security experts.
• Distributed Data Infrastructure: Build data centers away from Java (e.g., in eastern Indonesia) to reduce risk concentration.

Conclusion: Growth Without Guardrails Is Dangerous.

Indonesia is on an impressive digital trajectory. Data center capacity is increasing, and major players are placing bets on its digital transformation. However, if security maturity does not keep pace, short-term gains from scaling digital infrastructure might risk something.

\ The 2024 ransomware incident should warn of the need to commit seriously to governance, to backing up data, and to finding talent because the personal data of millions of Indonesians remains exposed. Indonesia needs to prioritize building not just more data centres but safe data centres too for Indonesia to become Southeast Asia's trusted digital hub.