<![CDATA[Cybersecurity became Indonesia’s national defense priority after the April 2024 ransomware attack on critical infrastructure exposed systemic vulnerabilities. Despite BSSN’s establishment, inter-agency coordination remains fragmented, and response delays persist. This study aims to identify the key determinants of cyber-incident severity and propose data-driven policy recommendations. A descriptive quantitative approach was applied to all 77 incidents recorded by BSSN from January to September 2024 a period chosen because it follows new regulatory measures introduced at the start of 2024 and includes multiple high-profile events. BSSN data were cross-referenced with Kominfo and Id-SIRTII logs (revealing an 8 percent discrepancy) to enhance validity. Preprocessing involved removing non-contributory fields, grouping by attack type, sector, and severity, converting categorical variables (Incident Type, Sector, Origin, Mitigation Measures, Response Time, Status) into factors, and stratified splitting into 80 percent training and 20 percent testing subsets. A decision tree model in RStudio (pruned with cp = 0.05) yielded 93.75 percent accuracy, validated by 10-fold cross-validation (mean accuracy 92.5 percent, SD 2.1 percent). Results show Incident Type as the strongest predictor of severity, followed by Mitigation Measures and Response Time. Attacks responded to within 24 hours seldom exceed medium severity, whereas delays over 48 hours, especially for exploits, Trojans, and malware, almost always result in critical outcomes. Additionally, incidents from the United States and Singapore disproportionately target underdeveloped infrastructure and governance sectors, increasing severity. To bolster Indonesia’s cybersecurity resilience, recommendations include: expanding secure, evenly distributed digital infrastructure; establishing and reinforcing provincial CSIRTs; enforcing uniform audit and certification standards; and integrating digital literacy into education. Ultimately, deepening ASEAN CERT integration through synchronized incident classification and real-time threat attribution will bridge national and regional defense gaps, thereby enhancing cross-border response capabilities]]>
