Deloitte Indonesia’s Alex Cheung emphasises security by design as a key driver of digital resilience

He explores how Indonesian tech firms can embed resilience and innovation amidst evolving cyber threats.

In today’s digital-first world, cybersecurity has become a fundamental pillar of sustainable business growth, particularly within the fast-evolving technology landscape of Indonesia. As local tech companies navigate complex operational demands, the need for digital resilience and robust security strategies continues to grow in importance.

Offering his valuable insights is Alex Cheung, Management Consulting Director - Cyber Risk at Deloitte Indonesia. With a focus on cybersecurity, he brings over 20 years of extensive experience across the Asia-Pacific region, the USA, and Canada. His leadership has been instrumental in delivering Cybersecurity and IT advisory-related engagements in Indonesia across key sectors, including financial services, telecommunications, technology, and healthcare.

As a judge at the Indonesia Technology Excellence Awards 2025, Alex discussed the current state of digital resilience amongst Indonesian tech firms, the cybersecurity challenges they face, the impact of emerging technologies such as AI, and how organisations can strategically align security initiatives with broader business goals.

With your extensive experience, how do you assess the current state of digital resilience amongst technology companies in Indonesia?

For mature tech companies in Indonesia, generally speaking, I would say that their current state of digital resilience would be on par with their regional peers. Indonesian tech companies have come a long way in improving their digital resilience based on advances made internally in their tech stack, applying best practices such as using international security standards, and consistently testing and improving their resiliency posture. In addition, the majority of tech companies have adopted the concept of “security by design,” which enables them to build in security features and capabilities right from the onset of development.

What are the cybersecurity challenges and IT risks that emerging Indonesian tech companies would likely face as they scale their operations?

For emerging Indonesian tech companies, I would say that cybersecurity usually takes a back seat as other priorities, such as speed to market, market capture, and profitability, take precedence.

However, the common cybersecurity challenges that most emerging Indonesian tech companies are likely to face would be related to (a) people – lack of skilled professionals leading to human error, (b) process - compliance to prevailing cyber-related laws and regulations (e.g., UU PDP), and (c) technology - cyber incidents related to weaknesses with the technology platform or applications (e.g., zero-day vulnerabilities, unpatched or outdated software, insecure APIs, etc.)

How can companies align their cybersecurity strategy with overall business objectives to deliver long-term value?

Based on the Deloitte’s Global Future of Cyber Survey (4th Edition), published in March 2025, in which one of the topics was Cybersecurity’s role in strategic business value, it was found that the majority of organisations are embracing a number of strategic cyber actions, including benchmarking and measurement, collaborating with trusted providers, participating in consortia for information sharing, and establishing governing bodies that comprise senior business and IT leaders to oversee cybersecurity capabilities and investments. Overall, 83% of respondents surveyed agree that such measures are an integral part of their overall cybersecurity strategy. This level of agreement suggests a continued integration of cybersecurity strategy into overall business objectives.

What role does leadership play in shaping a culture that supports long-term cybersecurity resilience and strategic innovation within Indonesian tech firms?

When talking about leadership, I would like to highlight the role of the Chief Information Security Officer (CISO), who shapes the culture and supports cyber resilience and strategic innovation within Indonesian tech firms. One of the key findings from Deloitte’s Global Future of Cyber Survey (4th Edition), published in March 2025, was that CISOs are essential partners in advising and educating the board of directors and the C-suite on security vulnerabilities, risk scenarios, and actions needed for greater resilience. The CISO is expected not only to lead the organisation’s overall cybersecurity strategy but also to provide strategic guidance, collaborating closely with other C-suite executives to align security initiatives with business goals.

Looking ahead, which emerging technologies do you believe will have the most significant impact on Indonesia’s technology landscape, and how should companies prepare to adopt them?

Given the importance of AI today, some of the top ways organisations are using AI to enhance cybersecurity capabilities are digital infrastructure monitoring, advanced simulations, and automated security. However, with every opportunity comes its innate risks. For cyber, this would involve artificially generated content, which enables attackers to create customised content with a much lower time investment (e.g. phishing emails). A wave of artificially generated content is now targeting enterprises, exploiting vulnerabilities by impersonating trusted sources. Although this problem is accelerating rapidly, based on Deloitte’s Global Future of Cyber Survey (4th Edition), published in March 2025, 39% of respondents, on average, are using AI capabilities in their cybersecurity programs to leverage novel AI solutions to ease the cybersecurity threats.

As a judge at the Indonesia Technology Excellence Awards 2025, what specific qualities will you be looking for when evaluating the nominees’ technological achievements?

I will be looking for technological achievements that demonstrate a clear impact on society or the industry and that effectively solve specific problems. The technology must be cost-effective, easy to adopt, and it must be scalable and accessible to the masses. Lastly, it must be reliable and secure!