Sector
Trading
Indonesia, a developing country rich in natural resources and boasting the 4th largest population in the world, maintains an extensive trade presence. In 2023, the national trade balance reached US$480.7 billion, having grown significantly compared to the pre-pandemic period in 2019, when it stood at US$338.96 billion. Moreover, as of March 2024, the country has officially recorded a trade balance surplus for its 47th consecutive month.
View moreOther Sectors
Trading
Indonesia, a developing country rich in natural resources and boasting the 4th largest population in the world, maintains an extensive trade presence. In 2023, the national trade balance reached US$480.7 billion, having grown significantly compared to the pre-pandemic period in 2019, when it stood at US$338.96 billion. Moreover, as of March 2024, the country has officially recorded a trade balance surplus for its 47th consecutive month.
In terms of exports, Indonesia’s top export commodity has historically been mineral-based fuels, especially coal. However, in the global market, Indonesia is a superpower in the exports of vegetable oils, particularly palm oil, having captured roughly 20 percent of the market with a total export value of US$35.2 billion in 2022. Behind that, Indonesia also leads in nickel exports, with a total export value reaching US$5.8 trillion or 14 percent of global exports.
In 2023, China emerged as Indonesia’s top partner for both exports and imports, with a total annual value of US$62.3 billion and US$62.2 billion, respectively. Meanwhile, the nation’s next top export destination is the US, with a total annual value of US$ 23.2 billion, while the next top import country of origin is Japan, with a total annual value of US$ 16.4 billion.
For trades on the level of individual consumers, the main driver of growth has been the rise in e-commerce throughout the past few years. E-commerce gross market value (GMV) grew by 20 percent from US$48 billion in 2021 to US$58 billion in 2022. This growth persisted to 2023, as e-commerce GMV grew by 7 percent to US$62 billion. E-commerce grew rapidly as it provided a means for Indonesian consumers to maintain access to goods and services during the pandemic period of 2020-2022. However, by the time the pandemic ended, e-commerce had grown ubiquitous and became a staple in the day-to-day lives of the average Indonesian.
Meanwhile, the domestic retail sector in Indonesia is driven by the sale of automotives. The retail of automotives alone in the country reached a gross domestic product (GDP) of US$174.35 billion in 2023, contributing to roughly 13.53 percent of Indonesia’s total GDP of US$1.3 trillion for that year at current market prices. Moreover, the country also achieved a per capita GDP of US$ 4,919.
Strong trade growth followed by increasing access to goods has bolstered local consumer confidence in Indonesia despite the period of uncertainty throughout 2023. According to Bank Indonesia’s monthly consumer confidence survey, Indonesians entered 2024 with high confidence, with the confidence index rising from 123.8 in December 2023 to 125.0 in January 2024. Moreover, this increase is even higher compared to same period the previous year, as a consumer confidence index of 123.0 was recorded for January 2023.
Latest News
Two major Indonesian securities firms, NH Korindo Sekuritas and Trimegah Sekuritas, fell victim to cyberattacks in May. NH Korindo managed to fend off the attack before any funds were withdrawn, limiting the damage to operational disruptions. Trimegah, however, wasn’t as fortunate. Losing an estimate of Rp 200 billion (US$12.3 million) from the breach.
The proximity of these two cybersecurity breaches, taking place so close together in time, raised alarms across the industry. In response, the Indonesian Securities Companies Association (APEI), in collaboration with the Indonesia Stock Exchange (IDX), sent formal letters to securities companies operating in Indonesia. These letters strongly urged the companies to immediately enhance and upgrade their cybersecurity systems to better guard against future cyberattacks of a similar nature.
Trimegah’s breach occurred on May 31, during the extended market holiday for Ascension Day that began on May 29. The timing proved critical as Trimegah’s response was delayed, giving the hackers a head start. Sources say the attackers gained access through the app’s application programming interface (API), which they manipulated to send fraudulent fund transfer instructions to the custodian bank. These instructions directed the bank to move money from customer fund accounts (RDN) to third-party bank accounts. Because these instructions appeared to come from legitimate customers, they were approved without suspicion.
Despite the scale of the breach, Trimegah's top brass acted quickly behind the scenes. Insiders revealed that the company’s owners personally covered the missing funds before markets reopened. By Monday morning, June 2, the shortfall had been resolved as if nothing had happened.
Initially, Trimegah appeared to want to keep the incident under wraps, likely to protect its reputation. But when APEI began sending out security advisories, questions were raised within the market, and curiosity grew around what had triggered the alerts.
NH Korindo’s attack, meanwhile, happened earlier on May 19. As in the Trimegah case, hackers breached the API of NH Korindo’s NAIK app. However, NH Korindo’s quick decision to shut down the app entirely helped contain the situation. Both the hackers and customers were locked out for about a week, until May 27, but ultimately, no company funds were lost.
The back-to-back breaches have since pushed some brokerages to tighten their security policies. Sucor Sekuritas, for instance, has updated its fund withdrawal procedures. Custodian banks are now only allowed to transfer funds from a customer’s RDN to bank accounts registered under the same customer’s name. Any request to transfer money to a third-party account is automatically rejected. While the move is meant to bolster protection, some customers have complained that the change is inconvenient.
Still, in the wake of these sophisticated cyberattacks, many view such “analog” safeguards as necessary. The breaches at both firms were believed to stem from internal vulnerabilities, meaning weaknesses in operational oversight, rather than from individual customer errors. While breaches at the user level are more common and difficult to stop due to numerous external factors, they are usually limited in scope, affecting only the individual account holder. In contrast, operational-level breaches can endanger the entire fund pool.
The APEI letters also seemed to imply the attacks were rooted in flaws within internal systems. To help firms bolster their defenses, the letters outlined eight recommended measures, including watching for phishing attempts and personal data theft, implementing multi-factor authentication, reviewing IT infrastructure, restricting system access and conducting regular employee training.
With advances in encryption technology, purely technical or brute-force hacks have become increasingly rare. Most modern cybersecurity breaches now rely on social engineering that exploits the human element. The daily habits and digital behaviors of individuals often pose a greater risk than the systems themselves. Today’s more advanced hackers may profile high-level staff through their social media presence, then cross-reference this information with databases of previously leaked credentials from past breaches. These aggregated data sets, which are often bought and sold on the dark web, help hackers identify reused passwords or security patterns, giving them potential entry points into secure systems.
