Anthony Chadd: Data Breach Threats and Strategies to Strengthen Indonesia's Cyber Resilience
JAKARTA - In the midst of increasing data leakage incidents that have hit public institutions - ranging from parliaments to millions of students - cyber security issues have once again become the main spotlight.
Digital attacks are no longer just technical disruptions, but a real threat to individual privacy, institutional stability, and public trust. In this landscape, a big question arises: where is the loophole, and how should the state respond?
To explore global perspectives and find relevance for Indonesia, VOI online interviewed Anthony Chadd, Chief Revenue Officer of Zimbra. With more than a decade of experience in cybersecurity and SaaS, Chadd shared his views on the root causes of digital vulnerabilities, the real threat of data leaks, to concrete strategies for building cyber resilience that is not only strong, but also sovereign.
The leak of data from the Indonesian House of Representatives and millions of students shows a serious gap in digital security governance. From your perspective, what are the main root causes that make large institutions still vulnerable to cyber attacks - are there technological factors, human resources, or policies?
The security problems faced by large institutions in the world are usually caused by several factors. Based on our experience working with various government and corporate clients around the world, the root of the problem almost always lies in the incompatibility between technology, human resources, and governance that operate separately.
Even if an organization has a security system, if this system is not updated regularly, access rights are not reviewed, or policies are not implemented consistently, the company will always be vulnerable, regardless of its size or industry sector.
"What we consistently see is that cybersecurity needs to be treated as part of organizational governance, not just an IT responsibility. When leadership takes a clear role in data protection, invests in user awareness, and ensures systems are constantly monitored and updated, organizations will be much more difficult to hack. This is a shared challenge that is actively being pursued by various organizations around the world.
When sensitive data such as the identities of members of parliament, state agency staff, and students are traded on the dark web, how big is this threat to individual privacy as well as Indonesia's national security?
This is a serious problem that is increasingly worrying and is now faced by governments and various institutions around the world. Leaked data does not necessarily lose its value just because of one incident.
Personal information can be re-used for identity theft, fraud, phishing, impersonation, and targeted scams. If the data is related to public officials, government employees, or students, the risk becomes broader because attackers can use it to create profiles, map relationships, and design more convincing attacks.
From a national security perspective, the emerging concern is that the leaked data sets can be combined with other information exposed over time. This can produce a more complete picture of individuals, institutions, and internal networks.
The wider implication for a country is the decline in public trust in institutions responsible for protecting the data. Therefore, proactive and layered protection is increasingly seen as part of national resilience, not just good IT security practices.
Many parties highlight the importance of data sovereignty. In the context of government and education, why is the storage and management of data under Indonesian jurisdiction crucial, and what are the risks if strategic data is outside the control of national law?
Data sovereignty is critical because sensitive public data must remain under clear legal, operational, and security control. For governments and the education sector, this includes citizen data, student identities, institutional communications, as well as other information that can have long-term strategic value. When data is stored and managed under Indonesian jurisdiction, institutions have stronger oversight over access, compliance, audit trails, and handling in the event of an incident.
If strategic data is outside the control of national law, this can create uncertainty and complexity in the incident handling process, especially when agencies need quick access to log records, recovery systems, evidence, and legal coordination.
This condition can also limit the government's ability to investigate, address, or quickly recover the system from security breaches. For important sectors such as education, which manages public trust on a large scale, data sovereignty is not only related to the location of storage, but also to who controls it, as well as how transparent the protection of the data is.
Email infrastructure and digital collaboration are often the main entry point for cyber attacks. In your opinion, what are the practical steps that government institutions and universities must immediately take to strengthen the protection of their communication systems?
For many institutions, email is the backbone of official communication and often contains sensitive information. Therefore, the government, education, and other important sectors regulated by regulations increasingly need to treat email as a critical infrastructure supported by self-control, auditable access, and strong resilience.
The top priorities to be addressed right now are securing identities and access through two-factor authentication, reviewing privileged accounts, deleting inactive user accounts, and stricter password policies.
At the infrastructure level, institutions need to strengthen email and collaboration platforms with encryption, anti-phishing tools, malware filtering, security gateways, regular updates, reliable backup and recovery, login monitoring, and continuous user awareness training. We believe these measures are practical, achievable, and essential to raising the basic standards of security of public sector communication systems.
If the Indonesian government wants to build a stronger cyber resilience in the short and long term, what are the main priorities that must be carried out so that similar data leakage cases do not continue to occur?
We recognize that cybersecurity is a growing challenge and must be addressed on an ongoing basis by every country and organization. No single party has all the answers. Therefore, we convey these priorities in the spirit of mutual learning and partnership.
The main priority is governance strengthening. Governments around the world need to establish uniform cybersecurity standards across public institutions, accompanied by clear accountability in data protection, system audits, access management, and incident reporting.
The second priority is infrastructure modernization. Unsupported systems, fragmented platforms, and manual processes make institutions more difficult to protect. Governments and educational institutions need to switch to secure and regularly updated platforms, with stronger identity management, monitoring, encryption, and backup capabilities.
The third priority is capacity development. Cyber resilience depends on proven experts and processes, as important as technology. Institutions need trained security teams, periodic simulations, user education, and incident response plans that have been tested before a crisis occurs. Prevention is important, but the ability to quickly detect, control, and recover systems is equally important.
From Zimbra's global experience in supporting government institutions and companies, what kind of data protection model is most effective to implement in Indonesia to be able to maintain security, efficiency, as well as national digital sovereignty?
The most effective approach is to implement a data sovereignty and security model from the outset. This means that sensitive data must be stored in an environment that meets local regulatory and operational requirements, whether on-premises, in a private cloud, or in a sovereign cloud. This model must also allow institutions to continue to monitor the location of data storage, the parties that have access, and how the data is protected.
Based on our global experience through cooperation with various government clients around the world, strong protection is obtained through the integration of local control with layered security systems. This includes encryption, two-factor authentication, secure collaboration tools, data backup and recovery, open standards, and periodic operational supervision.
The goal is not to choose between efficiency and security, but to build a platform that allows institutions to collaborate effectively while maintaining the control, compliance, and transparency demanded by public trust. That balance can be achieved, and that is what we strive for with every government and institution partner we support.
Anthony Chadd's Profile
Anthony Chadd is Chief Revenue Officer at Zimbra, leading global revenue operations, including sales, marketing, partnerships, and customer success. He has over 15 years of experience in cybersecurity and SaaS, with a focus on business development and global market expansion, as organizations' needs for data sovereignty and residency increase.
Throughout his career, Anthony is known as an experienced growth strategist in go-to-market development and the formation of high-performance teams. Before joining Zimbra, he served as CRO at Vercara and developed a global channel partner program that drove business expansion. He also held senior positions at Neustar, with responsibility for global sales and the development of integrated revenue operations.
His leadership approach focuses on mission-based growth and operational efficiency, with an emphasis on aligning commercial strategies and corporate objectives, while helping organizations meet digital security challenges through secure and flexible collaboration.
Follow VOI Whatsapp Channel