State-owned lender PT Bank Tabungan Negara Tbk (BTN) will increase its Capital expenditure (Capex) in 2023 by 18% to strengthen its information technology (IT) security system and the development of digital banking services.
BTN is one of the oldest banks in Indonesia, which was established in 1950 under the name Bank Tabungan Pos. The bank is famous as a mortgage bank. In 2005, the bank started its shariah banking by operating its first shariah bank in Jakarta. Currently, it has 61 shariah offices, 210 cash offices, 7 shariah cash offices, and 2,989 systems online payment point).
Focusing on IT security systems
BTN will develop its security system-based IT and the digital banking sector to anticipate the ever-growing threat of cyber attacks and implement 3 pillars of the people, process and technology. It will increase its 2023 Capex allocation by 18% compared to 2022 of IDR 400 billion (US$ 25,711,080), of which the bank managed to absorb by 95%. About 10% of the Capex will be distributed to increase cyber defense and security.
“The majority [of the Capex] is used to increase the capability and capacity of e-channels, support systems to strengthen transactions in the corporate segment related to the housing ecosystem, increase capabilities for data analysis and utilization, and to strengthen capabilities in the security area to deal with cyber attacks,” Andi Nirwoto, BTN Director of Operations, Information Technology and Digital Banking said as quoted by Kontan.co.id on January 6, 2023.
BTN implements 3 (three) layers of cyber security: IT security, IT management risk, and compliance and IT audit. These 3 layers will give supervising effort on information security regularly with e-channel initiative and IT capability development. Meanwhile, the IT security testing will pass the industrial standard for banking.
“From a technology standpoint, we use the latest technology-based information security solutions, such as endpoint anti-malware protection, IDS/IPS, security incident and event management, and others. Then secure customer data through encryption and protect transactions with multifactor authentication, ” said Nirwoto.
Risk in digital banking
A survey by the Cyber Security Research Institute (CISSReC) on the information security problem that involves cyber and banks in Indonesia revealed that several banks in the country have a medium to low score on cyber security, based on a 1-100 score scale.
In its survey, BTN received 64 out of 100 which is above Bank Mandiri, which received only 54 out of 100.
The survey was conducted based on several categories such as endpoint security, application security, and network security.
In Indonesia, cyber security is still considered weak. For instance, the central bank (BI) received only 68 from 100. In 2022, BI also became a victim of cyber attacks with a leak reaching 3.8 terabytes.
“For comparison, the National Cyber and Encryption Agency (BSSN), which was hacked yesterday, had 82 points. So if the points are below 82, I’m sure it will be hackable, it’s very easy to hack,” said CISSReC Chairman Pratama Persadha.
