OJK Urges Multifinance Companies to Enhance Cybersecurity Measures

Recent Cyberattack Highlights Industry Vulnerability

The Financial Services Authority (OJK) has called on multifinance companies to strengthen their cybersecurity defenses following a recent cyberattack on PT Clipan Finance Indonesia Tbk (CFIN) on November 26, 2025. The incident, disclosed through the Indonesia Stock Exchange (BEI) information disclosure, has raised concerns about the vulnerability of financial services companies to cyber threats.

Regulatory Framework and Recommendations

OJK referenced the existing regulatory framework under Peraturan OJK (POJK) Number 4/POJK.05/2021 concerning Risk Management in the Use of Information Technology by Non-Bank Financial Institutions. According to Agusman, Head of Executive Supervisor of Finance Companies, Venture Capital Companies, Microfinance Institutions, and Other Financial Services Institutions at OJK, companies are not only required to comply with this regulation but are also encouraged to adopt additional national and international standards for information system security.

Industry Implications and Future Protections

The OJK's directive emphasizes the need for multifinance companies to proactively enhance their cybersecurity measures. By implementing robust security protocols and staying compliant with both national regulations and international best practices, these companies can better protect themselves against increasingly sophisticated cyber threats. This move is part of a broader effort to safeguard the financial services sector from digital vulnerabilities.