BDO in Indonesia’s Yudhi Prasetyo: Build holistic culture of trust through continuous supply chain risk assessment
Organisations win customer confidence by consistently proving integrity and authenticity of every digital interaction.
As Indonesia's technology industry continues to advance in 2026, organisations are placing greater emphasis on cybersecurity, data governance, and sustainable innovation. Against this backdrop, leaders with deep expertise in digital transformation and cyber resilience play an increasingly critical role in shaping the industry and the country's digital future.
These capabilities are exemplified by BDO in Indonesia, Head of Digital Services Yudhi Prasetyo. With a distinguished career spanning more than 25 years in the consulting industry, he has established himself as a seasoned leader in digital transformation and cybersecurity. His extensive client portfolio covers banking, financial services, telecommunications, manufacturing, mining, oil and gas, property, and government institutions.
Prasetyo has driven large-scale digital transformation initiatives, built robust information governance frameworks, and implemented advanced cybersecurity strategies. His strategic acumen in cybersecurity and risk management has been instrumental in helping organisations design and implement data security architectures that comply with regulatory standards, including collaborative efforts with Indonesia’s major regulatory and cybersecurity authorities.
As one of the esteemed judges at the Indonesia Technology Excellence Awards 2026, Prasetyo analyses the current state, best practices, and future outlook of cybersecurity, artificial intelligence (AI) governance, data privacy, and digital transformation in Indonesia, with a focus on helping enterprises build resilience, trust, and long-term digital success.
From your perspective, what stage of cybersecurity maturity are most Indonesian enterprises at today, and what practical steps should they prioritise to advance further?
Cybersecurity maturity in Indonesia is currently a tale of two extremes. On one hand, we have heavily regulated sectors like the financial services industry operating at a high level, driven by OJK mandates that mirror strict global standards like the NIST framework or the EU's NIS2. On the other hand, less regulated sectors like manufacturing often operate with minimal oversight, leaving them dangerously exposed. But regardless of your industry, the very first step for any leader is accepting a hard truth: breaches are happening right now, and no company is immune. Instead of rushing to buy the latest technical solutions, like a security operations centre, leaders need to take a step back and honestly assess their current maturity baseline. Once you know exactly where you stand, you can build a targeted roadmap that aligns with local mandates like the Personal Data Protection (PDP) Law and truly protects your long-term operational resilience.
How are Indonesian organisations balancing innovation with responsibility in AI adoption, and what governance practices do you see emerging as most effective?
Indonesian companies are incredibly eager to adopt AI to boost productivity, but navigating the ethical side of this boom is tricky because our national regulations are still based largely on voluntary guidance. We don't yet have a strict, enforceable mandate like the EU AI Act; instead, we rely on 'soft regulations' whilst waiting for the overarching 2026 Presidential Regulation. Because of this gap, forward-thinking leaders are taking matters into their own hands by voluntarily benchmarking their internal policies against regional standards, like the ASEAN Guide on AI Governance and Ethics. The most effective step I am seeing right now is the creation of cross-functional AI committees that rigorously assess algorithmic impacts before anything goes live. Additionally, keeping a 'human-in-the-loop' is becoming a non-negotiable practice to ensure automated decisions stay fair, transparent, and socially responsible. Ultimately, the companies that proactively blend these local guidelines with tough global standards are the ones that will safely unlock AI's real commercial value.
In building digital trust, which data governance and privacy practices have the greatest impact on customer confidence, and how can organisations embed them sustainably?
When it comes to building digital trust today, simply asking customers to rely on your brand's good reputation is no longer enough; you have to anchor interactions in legally binding identity verification. In our fast-paced e-commerce ecosystem, for example, strict compliance with the PDP Law must be paired with CA Providers (PSrE) to definitively authenticate users and secure transactions. From my experience across borders, it is crucial that we benchmark these local setups against proven implementations, such as the EU’s eIDAS or India’s Aadhaar. Doing so ensures our digital economy runs on verifiable accountability rather than blind faith, which genuinely protects consumers from systemic fraud. To make this sustainable, organisations need to move past a basic 'checklist' mentality and build a holistic culture of trust that demands continuous risk assessment across their entire supply chain. At the end of the day, you win customer confidence not just by promising to protect their data, but by consistently proving the integrity and authenticity of every digital interaction.
Based on your cross-industry experience, what differentiates successful digital transformation programmes from those that struggle, and what lessons should Indonesian enterprises take to heart?
The biggest difference I see between digital transformation programmes that succeed and those that fail is whether they view technology as an enabler of the business or just an isolated IT project. Programmes usually struggle when leaders ignore the macro-environment, like economic volatility or the readiness of their own workforce, and treat a complex transformation like a simple software update. On the flip side, successful initiatives adapt to these variables gracefully, ensuring that digital adoption meets market demands whilst also supporting long-term Environmental, Social, and Governance goals. For Indonesian enterprises, the most vital lesson is that the 'social' aspect of change, specifically change management and constantly upskilling your talent, is just as important as the tech itself. You have to build the agility to pivot with Indonesia's dynamic economic shifts without losing sight of your core commercial objectives. Real, sustainable transformation happens when leaders look past the shiny new tools and focus on building an adaptable, human-centric ecosystem that creates lasting value for everyone.
Looking to the next five years, how do you expect digital transformation and cybersecurity to evolve in Indonesia, and what new challenges or opportunities should enterprises prepare for?
Looking at the next five years, Indonesia’s digital landscape is going to be shaped heavily by our national ambition to grow the digital economy. We are going to see a rapid convergence of advanced technologies, like applied generative AI, 5G, and edge computing, which will finally push companies out of their siloed IT setups and into fully integrated digital ecosystems. However, this hyper-connected future brings some serious challenges, including a projected shortage of millions of digital workers, shifting data sovereignty rules, and highly automated cyber threats. To survive these hurdles, organisations have to stop relying on quick technical fixes and instead build deep, systemic operational resilience so they can absorb market shocks and tech disruptions. We have an incredible opportunity to lead ASEAN's digital competitiveness right now, but it requires anchoring our rapid growth in robust governance, proactive risk management, and a serious investment in our people.
As a judge for the Indonesia Technology Excellence Awards 2026, what qualities or innovations will distinguish outstanding nominees from the rest, and why do they matter for Indonesia’s tech future?
As a judge, I am looking for nominees who go far beyond just using tech for the sake of novelty; I want to see innovations rooted in strong governance, operational resilience, and genuine sustainability. The standout candidates will be those who tackle complex, real-world problems holistically, without ever compromising on a seamless and frictionless experience for the end-user. True excellence today means elegantly balancing all aspects, like anticipating AI regulation or meeting strict PDP Law compliance, with intuitive interfaces that empower people rather than frustrate them. Furthermore, with sustainability becoming a core business imperative, I want to see technology that delivers real social impact, helping to bridge Indonesia's digital divide and uplift our local communities. Ultimately, the winners will prove that responsible, human-centric innovation is the absolute best engine for securing Indonesia’s competitive tech future across the ASEAN region.