Enterprise Saas
Cyber resilience must evolve alongside digital transformation — Interview with Alex Cheung, Deloitte Indonesia expert
With the rapid development of Indonesia's digital economy, enterprises face cybersecurity and compliance challenges. Alex Cheung, Managing Director of Management Consulting at Deloitte Indonesia, emphasized that cyber resilience must evolve in tandem with digital transformation, and offered recommendations from the perspectives of governance, risk, and talent.
Event Background
With the widespread adoption of cloud computing, artificial intelligence, data platforms, and interconnected business ecosystems, Indonesia's digital economy is expanding at an unprecedented pace. The wave of digital transformation is sweeping across industries, but the challenge facing enterprises is no longer simply adopting new technologies—it is how to effectively integrate governance, security, and trust. Alex Cheung, Managing Director of Deloitte Indonesia Management Consulting, recently shared professional insights on cyber resilience, threat landscapes, and the security maturity of Indonesian enterprises in an exclusive interview with *Asian Business Review*. As one of the judges for the 2026 Indonesia Technology Excellence Awards, Cheung emphasized that cyber resilience must evolve alongside digital transformation.
Technical Analysis: Cyber Resilience and Zero Trust Architecture
- Cyber resilience refers to an organization's ability to maintain continuous business operations and quickly recover after a cyber attack. It goes beyond traditional cybersecurity—focusing not only on defense but also on detection, response, and adaptation. Cheung recommends that enterprises adopt the NIST incident response principles and a risk-based decision-making approach, leveraging past experience in cyber resilience and business continuity. Key steps include:
- Assess business impact: Identify affected systems, data, customers, and critical services, and determine potential operational and regulatory consequences.
- Balance containment speed with business continuity: Avoid systemic disruption caused by rapid isolation.
- Executive involvement: Cybersecurity incidents have become enterprise risk events, not just IT issues.
In addition, many organizations are shifting from perimeter-based security models to zero trust architecture and cyber resilience models. The core tenet of zero trust is "never trust, always verify," requiring authentication and authorization for all access requests regardless of origin. This architecture is better suited for multi-cloud and hybrid work environments.
Enterprise Impact Analysis
Cost Impact - CAPEX: Deploying zero trust, security operations centers, and response tools requires upfront investment, but can reduce huge losses from incidents in the long term. - OPEX: Continuous security monitoring, training, and compliance audits increase operational expenditure, but are more economical than the direct and indirect costs of security incidents (e.g., ransoms, fines, reputational damage).
Deployment and Operations Impact - Security must be embedded as a "design-time" element in digital transformation, not an afterthought. This means the widespread adoption of DevSecOps, with security scanning integrated into CI/CD pipelines. - Data governance and AI governance require dedicated teams to ensure model transparency, fairness, and accountability.
Security and Compliance - Financial services, telecommunications, government services, and rapidly digitizing consumer platforms hold large amounts of sensitive data, facing risks such as fraud, ransomware, third-party ecosystem risks, and AI-driven attacks. - The security maturity of Indonesian enterprises is uneven. Regulators should promote a risk-based approach rather than a purely compliance-driven one. - Cheung pointed out that trust has become a strategic economic enabler, not just a regulatory obligation.
Market Competition Analysis### Cloud Vendor Competition - AWS, Azure, and Google Cloud are all increasing investments in Southeast Asia, offering compliance certifications and security services. For example, AWS provides a regional dashboard, Azure offers security benchmark scanning, and GCP has Security Command Center. - Local Indonesian cloud providers such as TelkomSigma are also strengthening their security capabilities to compete for customers in regulated industries.
Security Service Competition - Big Four consulting firms like Deloitte dominate high-end cybersecurity advisory services; vendors like Palo Alto Networks and CrowdStrike provide technology products. - Security vendors from Malaysia and Singapore are also starting to enter the Indonesian market, but local compliance requirements pose barriers.
Who May Benefit - Cloud providers and consulting firms with mature governance frameworks and compliance experience. - Vendors offering zero-trust and AI security solutions.
Who Faces Pressure - Local SMEs with low security maturity and weak governance. - Digital transformation projects that prioritize speed over security.
Industry Trend Observations
The digital economy in Southeast Asia is developing rapidly, but cyber threats are escalating in tandem. Cheung believes that the sustainability of large-scale transformation depends on whether companies can integrate security, governance, and trust into transformation plans rather than treating them as secondary considerations. At the regulatory level, the Indonesian government has enacted the Personal Data Protection Act (PDP), but implementation details are still being refined. In the future, sovereign cloud and trusted AI architecture will become compliance priorities. Meanwhile, talent shortages are a common challenge—companies need cybersecurity experts who understand business, technology, and governance.
CloudTechDaily Insight
The key takeaway from this interview is that cyber resilience is not a "brake" but a "seatbelt" for digital transformation. With the rapid adoption of AI and cloud-native architectures, companies must change the habitual mindset of "launch first, patch security later." As the largest economy in Southeast Asia, Indonesia's digitalization process serves as a benchmark for global supply chains and cloud vendor strategies. We believe regulators should accelerate the release of risk-based resilience guidelines, while companies should elevate the CISO to a strategic role equivalent to the CFO. In the long run, only by embedding security into innovation processes can true digital sustainability be achieved.
*This article is based on an interview with Alex Cheung, Managing Director of Deloitte Indonesia, for *Asian Business Review*. The original article is titled "Deloitte Indonesia’s Alex Cheung: Cyber resilience must evolve alongside digital transformation."*
Reference trail · cloudtechdaily
cloudtechdaily frames this note through Cloud Platforms / Data Centers / Enterprise SaaS: dates, names and status changes still need checking. Cloud Platforms / Data Centers / Enterprise SaaS explains the local editorial angle; Source links should be opened before the summary is reused.