FRAMING PENGUNGKAPAN RISIKO SIBER: ANALISIS KONTEN LAPORAN TAHUNAN TELKOM INDONESIA
Keywords:
Cyber Risk; Disclosure; Governance; Content Analysis; Corporate ReportingAbstract
Cyber risks have become a material issue in the governance of digital-based corporations, particularly within the telecommunications sector that manages nationally critical infrastructure. However, the maturity of cyber risk disclosure in Indonesian annual reports remains inconsistent, raising questions about how cyber risks are identified, mitigated, and framed within corporate reporting practices. This study focuses on Telkom Indonesia to examine how cyber risks are articulated in annual reports, how governance structures and mitigation mechanisms are presented, and how risk narratives are linked to regulatory compliance and business strategy. Using a case study design and qualitative content analysis, the study analyzes Telkom’s 2020–2024 annual reports at the paragraph level through a deductive–inductive category framework encompassing risk identification, mitigation, governance, impacts, and strategic responses. The findings reveal a shift in disclosure from compliance-oriented narratives toward strategic framing aligned with strengthened governance and digital transformation. Network infrastructure and operational risks emerge as stable core risks, whereas privacy and data breach risks evolve from regulatory obligations into strategic risks with reputational implications. Recurring cyberattacks since 2022 indicate increasing maturity in risk identification. Mitigation is carried out through technical, operational, and organizational controls integrated with internal control systems. Telkom’s cyber risk disclosure is governance-driven and framed as part of the company’s digital strategy as well as a mechanism for legitimizing corporate accounting disclosures. These findings contribute to the accounting and risk disclosure literature by demonstrating how a national digital corporation constructs cyber risk as an integral component of governance and corporate strategy.
References
Amalina, N., & Sari, V. F. (2025). Karakteristik Dewan Dan Cybersecurity Disclosure (CSD) Pada Perusahaan Perbankan Indonesia. E-Jurnal Akuntansi, 35(10), 2063–2077. https://doi.org/10.24843/EJA.2025.v35.i10.p03
Amani, F., Magnan, M., & Moldovan, R. (2025). Cybersecurity Risks and Incidents Disclosure: A Literature Review*. Accounting Perspectives, 24(3), 605–667. https://doi.org/10.1111/1911-3838.12411
Amin Elnagar, S. M., Said, A., Ahmed, A. A., Mohamed, M., & Basiouny, M. (2024). Citation: Marwa Mohamed Maher Basiouny et al. (2024) The Impact Of Cybersecurity Risk Disclosure On The Quality Of Financial Reporting And Market Value. Evidence From Egyptian Stock Market. Theory and Practice, 2024(5), 2504–2516. https://doi.org/10.53555/kuey.v30i5.3310
COSO. (2017). Committee of Sponsoring Organizations of the Treadway Commission Board Members PwC-Author Principal Contributors. https://www.coso.org/enterprise-risk-management
Elsayed, D. H., Ismail, T. H., & Ahmed, E. A. (2024). The impact of cybersecurity disclosure on banks’ performance: the moderating role of corporate governance in the MENA region. Future Business Journal, 10(1). https://doi.org/10.1186/s43093-024-00402-9
Gao, L., Calderon, T. G., & Tang, F. (2020). Public companies’ cybersecurity risk disclosures. International Journal of Accounting Information Systems, 38. https://doi.org/10.1016/j.accinf.2020.100468
Georg-Schaffner, L., Strasbourg, E. M., School, B., Behnam, E., & Pallud, J. (2021). Cyber risk disclosure: How transparent are CAC40 Companies in their Annual Reports? submitted to Association of Information Management Conference 2021.
Gong, C., & Ribiere, V. (2021). Developing a unified definition of digital transformation. Technovation, 102. https://doi.org/10.1016/j.technovation.2020.102217
ISO 31000. (2018). Risk management-Guidelines INTERNATIONAL STANDARD ISO 31000 ISO 31000:2018(E). www.iso.org
Jameel, A. H., Khalaf, A. J., Saleh, A. F., Sadaa, A. M., Hindi, W. K., Abdulateef, D. A., & Mahdi, A. S. (2025). Corporate Value at Risk: Why We Should Care About Climate (IFRS S2) and Cybersecurity Risks? International Journal of Sustainable Development and Planning, 20(7), 3073–3083. https://doi.org/10.18280/ijsdp.200732
Jubaedah, S., Musta’in, A., Nurlisti, I., & Adam Ma
ulana, B. (2025). Cyber risk management disclosure: A stakeholder theory perspective. Diponegoro International Journal of Business, 7(2), 133–146. https://doi.org/10.14710/dijb.7.2.2024.133-146
Krippendorff, K. (2022). Content Analysis: An Introduction to Its Methodology. Dalam Content Analysis: An Introduction to Its Methodology. SAGE Publications, Inc. https://doi.org/10.4135/9781071878781
Kuckartz, U., & Rädiker, S. (2023). QUALITATIVE CONTENT ANALYSIS.
NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. https://doi.org/10.6028/NIST.CSWP.04162018
OECD. (2014). Risk Management and Corporate Governance (Corporate Governance). OECD Publishing. https://doi.org/10.1787/9789264208636-en
Ramírez, M., Ariza, L. R., Miranda, M. E. G., & Vartika. (2022). The Disclosures of Information on Cybersecurity in Listed Companies in Latin America—Proposal for a Cybersecurity Disclosure Index. Sustainability (Switzerland), 14(3). https://doi.org/10.3390/su14031390
Sari, L., Adam, M., Fuadah, L. L., & Yusnaini, . (2024). Determinant Factors of Cyber Security Disclosure: A Systematic Literature Review. KnE Social Sciences, 387–398. https://doi.org/10.18502/kss.v9i14.16113
Sari, L., Adam, M., Fuadah, L., & Yusnaini. (2025). SEC’s cybersecurity disclosure guidance and disclosed cybersecurity risk factors. TPM – Testing, Psychometrics, Methodology in Applied Psychology, 221–240. https://tpmap.org/submission/index.php/tpm/article/view/469
Sari, Y. P., Suhardjanto, D., Probohudono, A. N., & Honggowati, S. (2023). Cyber Risk Management Disclosure of State-Owned Enterprises. Jurnal Dinamika Akuntansi, 15(2), 180–190. https://doi.org/10.15294/jda.v15i2.44817
Simanjuntak, H. E., Purba, H. C., Br Ginting, J. T., Aruan, P. A., Panjaitan, R. J. N., & Darma, J. (2025). Keamanan Sistem Informasi Akuntansi dalam Era Digital: Konsep dan Implementasi. Indo-MathEdu Intellectuals Journal, 6(2), 2695–2705. https://doi.org/10.54373/imeij.v6i2.2950
Singh, H. (2025). Voluntary cybersecurity risk disclosures and firms’ characteristics: the moderating role of the knowledge-intensive industry. Asian Journal of Accounting Research, 10(2), 168–185. https://doi.org/10.1108/AJAR-12-2023-0413
Sofiani, M., Ramadhanty, D. P., & Jubaedah, S. (2024). Cyber Risk Management Disclosure: IJEBD (International Journal of Entrepreneurship and Business Development), 7(5), 929–937. https://doi.org/10.29138/ijebd.v7i5.2844
Susanto, & Soepriyanto, G. (2024). Cybersecurity disclosure and audit fees: An empirical study of listed companies on the Indonesia stock exchange. Edelweiss Applied Science and Technology, 8(6), 6090–6104. https://doi.org/10.55214/25768484.v8i6.3328
Telkom Indonesia (2020). Laporan Tahunan 2020. PT Telkom Indonesia (Persero) Tbk. https://www.telkom.co.id/sites/hubungan-investor/id_ID/page/laporan-1025
Telkom Indonesia (2021). Laporan Tahunan 2021. PT Telkom Indonesia (Persero) Tbk. https://www.telkom.co.id/sites/hubungan-investor/id_ID/page/laporan-1025
Telkom Indonesia (2022). Laporan Tahunan 2022. PT Telkom Indonesia (Persero) Tbk. https://www.telkom.co.id/sites/hubungan-investor/id_ID/page/laporan-1025
Telkom Indonesia (2023). Laporan Tahunan 2023. PT Telkom Indonesia (Persero) Tbk. https://www.telkom.co.id/sites/hubungan-investor/id_ID/page/laporan-1025
Telkom Indonesia (2024). Laporan Tahunan 2024. PT Telkom Indonesia (Persero) Tbk. https://www.telkom.co.id/sites/hubungan-investor/id_ID/page/laporan-1025
Yin, R. K. (2018). Case Study Research and Applications: Design and Methods.
