Evaluating Cyber Risk Management in Indonesian SOEs: A Case Study of PT Kereta Api Indonesia Using IT Governance Framework

  • Christin Angelia Politeknik STIA LAN Bandung
  • Caesar Octoviandy Purba Politeknik STIA LAN Bandung
  • Nur Imam Taufik Politeknik STIA LAN Bandung
  • Hafid Aditya Pradesa Politeknik STIA LAN Bandung
DOI: https://doi.org/10.31967/abm.v8i1.1828
Keywords: Cyber Risk Management, IT Governance, ISMS, State-Owned Enterprises, PT KAI

Abstract

Amid the rapid advancement of technology that enhances operational effectiveness and efficiency, cybersecurity risks have simultaneously increased, threatening data security. PT Kereta Api Indonesia (Persero), a state-owned enterprise, experienced a significant data leak incident in 2024, underscoring the urgent need for robust IT governance. This study evaluates the company’s cyber risk management using the IT Governance Theory framework. A qualitative descriptive approach was employed, incorporating observation, in-depth interviews, and document analysis. Findings show that although PT KAI has implemented an Information Security Management System (ISMS) and provided employee training, key challenges persist, including low employee awareness (IT Principles), limited system integration (IT Architecture), and insufficient adoption of emerging technologies (IT Infrastructure). This study proposes a cyber risk management development model based on the five IT Governance domains: IT Principles, IT Architecture, IT Infrastructure, Business Application Needs, and IT Investment and Prioritization. The proposed model aims to strengthen the organization’s ability to identify, detect, respond to, recover from, and adapt to cyber incidents, thereby enhancing IT governance, particularly in the context of Indonesian state-owned enterprises.

References

Budiaraharjo, R. (2017). Penerapan Weill-Ross Model dalam Tata Kelola Teknologi Informasi di Perguruan Tinggi. Jurnal Nasional Teknologi Dan Sistem Informasi, 3(1), 109–116. https://doi.org/10.25077/TEKNOSI.v3i1.2017.109-116
Cahyaningrum, M., & Widoatmodjo, S. (2022). Analisis Keefektifan Dan Kemudahan Implementasi IT Governance Di Instansi X. E-Journal Untar.
IBM Security. (2024). Cost of a Data Breach Report 2024. IBM Security, 1–73. https://www.ibm.com/security/data-breach
Rabii, A., Touhami, S., & Roudies, O. (2020). Information and cyber security maturity models: a systematic literature review. Information and Computer Security, 28(4), 627–644. https://doi.org/10.1108/ICS-03-2019-0039
Savira, M., & Anis, I. (2024). Penerapan Strategic It-Governance Competence 2.0 Pada Bank First-Movers on Sustainable Finance Di Indonesia. Jurnal Ekonomi Trisakti, 4(2), 531–540. https://doi.org/10.25105/v4i2.20845
Sugiyono. (2022). Metode Penelitian Kualitatif (Untuk penelitian yang bersifat: eksploratif, enterpretif, interaktif dan konstruktif). Alfabeta, 1–274. http://belajarpsikologi.com/metode-penelitian-kualitatif/
Sutigar, M. B. B., Bhisma, V. A., Firmansyah, A. N., & Wulansari, A. (2024). Studi Literature Review It Risk Management Di Instansi Pemerintahan. JATI (Jurnal Mahasiswa Teknik Informatika), 8(1), 75–79. https://doi.org/10.36040/jati.v8i1.8734
Weill, P., & Ross, J. (2004). IT governance: How top performers manage IT decision rights for superior results. Harvard Business School Press.
Published
2025-11-30
How to Cite
Angelia, C., Purba, C. O., Taufik, N. I., & Pradesa, H. A. (2025). Evaluating Cyber Risk Management in Indonesian SOEs: A Case Study of PT Kereta Api Indonesia Using IT Governance Framework. ABM: International Journal of Administration, Business and Management, 8(1), 104-112. https://doi.org/10.31967/abm.v8i1.1828
Issue
Vol 8 No 1 (2025): June 2025 - November 2025
Section
Articles

Copyright (c) 2026 Christin Angelia, Caesar Octoviandy Purba, Nur Imam Taufik, Hafid Aditya Pradesa

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.