An Evaluation of Cybersecurity Risk Management Implementation at Bank Pembangunan XYZ

Authors

  • Ratna Ditha Apsari Universitas Indonesia, Jakarta, Indonesia
  • Tubagus Muhamad Yusuf Khudri Universitas Indonesia, Jakarta, Indonesia

DOI:

https://doi.org/10.38035/gijea.v3i1.366

Keywords:

Bank, Cybersecurity Risk Management, NIST, Cybersecurity Framework.

Abstract

Cybersecurity risk management in the financial sector is crucial for mitigating cybersecurity threats. The main objective of this study is to evaluate the implementation of cybersecurity risk management at Bank Pembangunan Daerah XYZ. This research employs a qualitative method with a case study strategy, using primary and secondary data sources through semi structured interviews and surveys conducted with employees and managers of Bank Pembangunan Daerah XYZ. The data is processed using narrative analysis techniques. The findings of this study reveal gaps in the implementation of cybersecurity risk management at Bank Pembangunan Daerah XYZ in accordance with the NIST Cybersecurity Framework, across six components: Govern, Identify, Protect, Detection, Response, and Recovery.

References

Badan Siber dan Sandi Negara (BSSN). (2021). Laporan Tahunan Keamanan Siber Indonesia 2021. https://bssn.go.id/laporan-tahunan-keamanan-siber-indonesia-2021/

Badan Siber dan Sandi Negara (BSSN). (2023). Industri Keuangan Rentan Terhadap Serangan Siber. Diakses dari https://finansial.bisnis.com/read/20240729/90/1786201/bank-digital-dan-industri-keuangan-indonesia-yang-rentan-terhadap-serangan-siber

Bougie, R., & Sekaran, U. (2020). Research Methods for Business: A Skill Building Approach. Wiley.

CNBC Indonesia. (2023, 15 November). BPD Bali kebobolan Rp21,59 M, dana nasabah raib. Diakses dari https://www.cnbcindonesia.com/market/20231115063713-17-489065/bpd-bali-kebobolan-rp2159-m-dana-nasabah-raib

CNBC Indonesia. (2023, 15 November). BPD Bali kebobolan, Rp21,59 M dana nasabah raib. Diakses dari https://www.cnbcindonesia.com/market/20231115063713-17-489065/bpd-bali-kebobolan-rp2159-m-dana-nasabah-raib

Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2017). Enterprise Risk Management—Integrating with Strategy and Performance. https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf

Halim, A., & Mais, E. (2020). Evaluasi Penerapan Manajemen Risiko dalam Audit Kepabeanan. Jurnal Akuntansi dan Keuangan, 15(2), 123-135.

IBM Security X-Force. (2023). Threat Intelligence Index 2023. https://www.ibm.com/downloads/cas/ADLMYLAZ

IBM Security. (2023). Jenis Ancaman Siber dan Strategi Mengatasinya. Diakses dari https://www.ibm.com/id-id/think/topics/cyberthreats-types

Illahi, A. S., Rahman, F., & Putra, A. (2023). Strategi Manajemen Risiko Operasional Selama Pandemi COVID-19. Jurnal Manajemen Risiko, 10(1), 45-58.

Kenyon, B. (2019). ISO 27001 controls: A guide to implementing and auditing. IT Governance Publishing.

Liputan6.com. (2023, 15 Mei). Phishing hingga ransomware jadi ancaman nyata buat keamanan perbankan. Diakses dari https://www.liputan6.com/tekno/read/5583386/phishing-hingga-ransomware-jadi-ancaman-nyata-buat-keamanan-perbankan

National Institute of Standards and Technology. (2024). Framework for Improving Critical Infrastructure Cybersecurity, Version 2.0. National Institute of Standards and Technology (NIST).

National Institute of Standards and Technology. (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://doi.org/10.6028/NIST.CSWP.29

Otoritas Jasa Keuangan (OJK). (2016). Peraturan Otoritas Jasa Keuangan Nomor 18/POJK.03/2016 tentang Penerapan Manajemen Risiko bagi Bank Umum. https://www.ojk.go.id/id/kanal/perbankan/regulasi/peraturan-ojk/Pages/POJK-Nomor-18.POJK.03.2016.aspx

Otoritas Jasa Keuangan (OJK). (2021). Consultative Paper - Manajemen Risiko Keamanan Siber Bank Umum. Otoritas Jasa Keuangan. Diakses dari https://www.ojk.go.id/id/kanal/perbankan/implementasi-basel/Documents/Pages/Consultative-Papers/Consultative%20Paper%20Manajemen%20Risiko%20Keamanan%20Siber%20Bank%20Umum.pdf

Otoritas Jasa Keuangan (OJK). (2022). Peraturan Otoritas Jasa Keuangan Nomor 11/POJK.03/2022 tentang Penyelenggaraan Teknologi Informasi oleh Bank Umum. https://www.ojk.go.id/id/regulasi/Pages/Penyelenggaraan-Teknologi-Informasi-Oleh-Bank-Umum.aspx

Otoritas Jasa Keuangan (OJK). (2022). Surat Edaran Otoritas Jasa Keuangan Nomor 29/SEOJK.03/2022 tentang Ketahanan dan Keamanan Siber bagi Bank Umum. https://www.ojk.go.id/id/regulasi/Pages/Ketahanan-dan-Keamanan-Siber-Bagi-Bank-Umum.aspx

Radar Bali. (2023, 12 Januari). Bobol Rp 21 miliar, tabungan nasabah BPD Bali tiba-tiba lenyap berpindah rekening, Polda Bali selidiki. Diakses dari https://radarbali.jawapos.com/perbankan/703269543/bobol-rp-21-miliar-tabungan-nasabah-bpd-bali-tetiba-lenyap-berpindah-rekening-polda-bali-selidiki

Solihin, I., & Kurniawan, A. (2022). Penguatan Manajemen Risiko dalam Menghadapi Ancaman Siber pada Lembaga Keuangan Syariah. Jurnal Keuangan Islam, 8(3), 210-225.

Sudarmanto, E., Astuti, K., Kato, I., Basmar, E., Simarmata, H. M. P., Yuniningsih, I., Wisnujati, N. S., & Siagian, V. (2021). Manajemen risiko perbankan. Yayasan Kita Menulis. ISBN 978-623-342-051-8.

Sugiyono. (2018). Metode Penelitian Kuantitatif, Kualitatif, dan R&D. Bandung: Alfabeta.

Suryanto. (2019). Manajemen Risiko dan Asuransi.

The NIST Cybersecurity Framework (CSF) 2.0. (2024). https://doi.org/10.6028/NIST.CSWP.29

Tirto.id. (2023, 15 Mei). Serangan ransomware & upaya perbankan minimalisasi ancaman siber. Diakses dari https://tirto.id/serangan-ransomware-upaya-perbankan-minimalisasi-ancaman-siber-gSg3

Valkenburg, B., & Bongiovanni, I. (2024). Unravelling the three lines model in cybersecurity: a systematic literature review. Computers and Security, 139. https://doi.org/10.1016/j.cose.2024.103708

World Economic Forum. (2023). The Global Risks Report 2023 (18th ed.). World Economic Forum. Retrieved from https://www.weforum.org/reports/the-global-risks-report-2023

Yin, R. (2014). Case Study Research: Design and Methods (5th ed.). Sage.

Downloads

Published

2025-05-22

How to Cite

Apsari, R. D., & Khudri, T. M. Y. (2025). An Evaluation of Cybersecurity Risk Management Implementation at Bank Pembangunan XYZ. Greenation International Journal of Economics and Accounting, 3(1), 111–124. https://doi.org/10.38035/gijea.v3i1.366

Issue

Vol. 3 No. 1 (2025): Greenation International Journal of Economics and Accounting (March - May 2025)

Section

Articles

License

Copyright (c) 2025 Ratna Ditha Apsari, Tubagus Muhamad Yusuf Khudri

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright :

Authors who publish their manuscripts in this journal agree to the following conditions:

  1. Copyright in each article belongs to the author.
  2. The author acknowledges that the GIJEA has the right to be the first to publish under a Creative Commons Attribution 4.0 International license (Attribution 4.0 International CC BY 4.0).
  3. Authors can submit articles separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal to other versions (for example, sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time at GIJEA.