<![CDATA[The rapid digitalization of commerce in Indonesia has positioned Tokopedia as a central marketplace that facilitates large-scale transactions while managing vast amounts of sensitive user data. This reliance on digital infrastructures, however, exposes the platform to escalating cyber threats that jeopardize both operational continuity and consumer trust. This study evaluates Tokopedia’s cybersecurity strategies by applying the Risk Assessment Framework derived from ISO 27001 and ISO 31000. Using a qualitative descriptive design, the research draws exclusively on secondary sources such as peer-reviewed journals, industry reports, and case studies published between 2015 and 2025. The analysis identifies five dominant risks: large-scale data breaches, phishing and identity theft, ransomware attacks, insider threats, and system misconfigurations. Risk assessment results indicate that data breaches pose the most critical threat, with phishing and ransomware classified as medium but persistent risks. Tokopedia has implemented several protective measures, including encryption, multi-factor authentication, e-KYC verification, and privacy policies. Nevertheless, gaps remain in governance, routine audits, and employee awareness, leaving the platform vulnerable to recurring incidents. A comparative analysis with global platforms highlights the importance of proactive governance, systematic risk documentation, and continuous training, areas where Tokopedia is still underdeveloped. The findings underscore that cybersecurity should be recognized not merely as a technical safeguard or financial burden but as a strategic investment essential for resilience, consumer confidence, and sustainable growth in Indonesia’s competitive digital economy.]]>
Copyrights © 2025
