Analisis Information Security Awareness Programs and Punisment Severity Terhadap Pelaporan Insiden Keamanan Informasi di WOM Finance

Authors

  • Zdikri Munawwar Ridha Telkom University
  • Candiawan Candiawan Telkom University

Abstract

Ketergantungan organisasi pada teknologi informasi di era digital menjadikan keamanan informasi sebagai
prioritas utama, terutama di sektor pembiayaan yang rentan terhadap serangan siber dan kelalaian internal
karyawan. Penelitian sebelumnya berfokus pada konteks umum di luar negeri, sehingga penelitian ini mengisi
kesenjangan dengan mengkaji secara spesifik faktor-faktor yang memengaruhi pelaporan insiden di industri
pembiayaan Indonesia. Metode penelitian yang digunakan adalah kuantitatif dengan pendekatan survei terhadap
169 karyawan WOM Finance di Jawa Barat. Data dianalisis menggunakan Partial Least Squares Structural
Equation Modeling. Hasil penelitian menunjukkan bahwa persepsi terhadap hukuman yang tegas secara signifikan
mampu menurunkan seluruh bentuk perilaku tidak etis. Sebaliknya, program kesadaran keamanan informasi tidak
berpengaruh signifikan terhadap lemahnya kontrol akses yang sejalan dengan teori deterrence. Ditemukan pula
bahwa hanya kelalaian dalam menjaga keamanan yang berpengaruh signifikan terhadap kesediaan melaporkan
insiden. Oleh karena itu, perusahaan disarankan untuk memperkuat kebijakan sanksi yang tegas dan konsisten
untuk menekan pelanggaran. Selain itu, program edukasi perlu dievaluasi dan diperkuat dengan kontrol teknis,
terutama pada aspek kebijakan kata sandi dan hak akses untuk membangun budaya keamanan yang lebih tangguh.
Kata kunci: Program Kesadaran Keamanan Informasi, Keparahan Hukuman, Kesediaan Melaporkan, Perilaku
Tidak Etis, Partial Least Squares Structural Equation Modeling

References

Aldawood, H., & Skinner, G. (2019). Reviewing cyber security social engineering training and awareness

programs-pitfalls and ongoing issues. In Future Internet (Vol. 11, Issue 3). MDPI AG.

https://doi.org/10.3390/fi11030073

Alkhazi, B., Alshaikh, M., Alkhezi, S., & Labbaci, H. (2022). Assessment of the Impact of Information Security

Awareness Training Methods on Knowledge, Attitude, and Behavior. IEEE Access, 10, 132132–132143.

https://doi.org/10.1109/ACCESS.2022.3230286

Aprilia, Z. (2023, May 30). Ternyata Ini Penyebab BFI Finance Bisa Diserang Hacker. CNBC INDONESIA.

https://www.cnbcindonesia.com/market/20230530100511-17-441683/ternyata-ini-penyebab-bfi-financebisa-diserang-hacker

Asker, H., & Tamtam, A. (2023). Knowledge of Information Security Awareness and Practices for Home Users:

Case Study in Libya. European Scientific Journal, ESJ, 19(15), 238.

https://doi.org/10.19044/esj.2023.v19n15p238

Ballreich, F. L., Volkamer, M., Müllmann, D., Berens, B. M., Häußler, E. M., & Renaud, K. V. (2023).

Encouraging Organisational Information Security Incident Reporting. ACM International Conference

Proceeding Series, 224–236. https://doi.org/10.1145/3617072.3617098

Bansal, G., Muzatko, S., & Shin, S. Il. (2021). Information system security policy noncompliance: the role of

situation-specific ethical orientation. Information Technology and People, 34(1), 250–296.

https://doi.org/10.1108/ITP-03-2019-0109

Candiwan, Pertiwi Sudirman, B., & Kencana Sari, P. (2023). Differences in Information Security Behavior of

Smartphone Users in Indonesia Using Pearson’s Chi-square and Post Hoc Test. 13(2).

https://doi.org/https://doi.org/10.18517/ijaseit.13.2.17975

Candiwan, Sari, P. K., & Nurshabrina, N. (2016). Assessment of Information Security Management on Indonesian

Higher Education Institutions. Lecture Notes in Electrical Engineering, 362.

https://doi.org/https://doi.org/10.1007/978-3-319-24584-3_31

Chu, A. M. Y., & Chau, P. Y. K. (2014). Development and validation of instruments of information security deviant

behavior. Decision Support Systems, 66, 93–101. https://doi.org/10.1016/j.dss.2014.06.008

Chu, A. M. Y., & So, M. K. P. (2020). Organizational information security management for sustainable information

systems: An unethical employee information security behavior perspective. Sustainability (Switzerland),

(8), 1–25. https://doi.org/10.3390/SU12083163

Cox, J. (2012). Information systems user security: A structured model of the knowing-doing gap. Computers in

Human Behavior, 28(5), 1849–1858. https://doi.org/10.1016/j.chb.2012.05.003

Dang-Pham, D., Pittayachawan, S., & Bruno, V. (2017). Exploring behavioral information security networks in

an organizational context: An empirical case study. Journal of Information Security and Applications, 34,

–62. https://doi.org/10.1016/j.jisa.2016.06.002

Darwin, M., Mamondol, M., Sormin, S., Nurhayati, Y., Tambunan, H., Sylvia, D., & Adnyana, M. (2021). Metode

penelitian pendekatan kuantitatif. https://www.researchgate.net/publication/354059356

Dinh, H. P., Nguyen, P. V., Trinh, T. V. A., & Pham, T. H. (2020). Ethical behaviors and willingness to report

misconduct in the public sector. Management Science Letters, 10(13), 3081–3088.

https://doi.org/10.5267/j.msl.2020.5.015

Direktorat Operasi Keamanan Siber. (2023). Lanskap Keamanan Siber Indonesia 2023.

Djotaroeno, M., & Beulen, E. (2024). Information Security Awareness in the Insurance Sector: Cognitive and

Internal Factors and Combined Recommendations. Information (Switzerland), 15(8).

https://doi.org/10.3390/info15080505

Fallahnda, B. (2023). 4 Kasus Peretasan di Indonesia 2023: Ada BFI Finance hingga BSI. Tirto.Id.

https://tirto.id/4-kasus-peretasan-di-indonesia-2023-ada-bfi-finance-hingga-bsi-gKFK

Feingold, S., & Wood, J. (2024, May 15). Global financial stability at risk due to cyber threats, IMF warns. Here’s

what to know.

Gmel, G., Khazaal, Y., Studer, J., Baggio, S., & Marmet, S. (2019). Development of a short form of the compulsive

internet use scale in Switzerland. International Journal of Methods in Psychiatric Research, 28(1).

https://doi.org/10.1002/mpr.1765

Hair, J. F., Hult, T., Ringle, C., & Sarstedt, M. (2022). A Primer on Partial Least Squares Structural Equation

Modeling (PLS-SEM) Third Edition.

Halim, H., & Yusof, M. M. (2019). Framework for Digital Data Access Control from Internal Threat in the Public

Sector. In IJACSA) International Journal of Advanced Computer Science and Applications (Vol. 10, Issue

. www.ijacsa.thesai.org

Kashmar, N., Adda, M., Atieh, M., & Ibrahim, H. (2021). A review of access control metamodels. Procedia

Computer Science, 184, 445–452. https://doi.org/10.1016/j.procs.2021.03.056

Khan, H. U., & AlShare, K. A. (2019). Violators versus non-violators of information security measures in

organizations—A study of distinguishing factors. Journal of Organizational Computing and Electronic

Commerce, 29(1), 4–23. https://doi.org/10.1080/10919392.2019.1552743

Kuo, K. M., Talley, P. C., & Lin, D. Y. M. (2021). Hospital Staff’s Adherence to Information Security Policy: A

Quest for the Antecedents of Deterrence Variables. Inquiry (United States), 58.

https://doi.org/10.1177/00469580211029599

Lankton, N. K., Stivason, C., & Gurung, A. (2019). Information protection behaviors: morality and organizational

criticality. Information and Computer Security, 27(3), 468–488. https://doi.org/10.1108/ICS-07-2018-0092

Natalucci, F., Qureshi, M., & Suntheim, F. (2024, April 9). Rising Cyber Threats Pose Serious Concerns for

Financial Stability. IMF. https://www.imf.org/en/Blogs/Articles/2024/04/09/rising-cyber-threats-poseserious-concerns-for-financial-stability

Paramita, D., Rizal, M. M. N., Riza, C., Sulistyan, B., & Wijayanti, R. (2021). METODE PENELITIAN

KUANTITATIF.

Park, E. H., Kim, J., & Wiles, L. (2023). The role of collectivism and moderating effect of IT proficiency on

intention to disclose protected health information. Information Technology and Management, 24(2), 177–

https://doi.org/10.1007/s10799-022-00362-y

Rahadi, D. (2023). Pengatar Partial Least Square Strctural Equation Model PLS-SEM.

Rasyad, M. (2024). Ancaman siber terhadap industri keuangan: hasil sementara untuk tahun 2023. IdNSA -

Indonesia Network Security Association. https://idnsa.id/article/ancaman-siber-terhadap-industrikeuangan-hasil-sementara-untuk-tahun-2023

Robb, B. (2024, January 22). The Cost of Cybercrime in the Financial Sector.

https://www.blackfog.com/cybercrime-in-the-financial-sector-follow-the-money/

Rochaety, E. (2016). SISTEM INFORMASI MANAJEMEN. www.mitrawacanamedia.com

Saeed, S. (2023). Digital Workplaces and Information Security Behavior of Business Employees: An Empirical

Study of Saudi Arabia. Sustainability (Switzerland), 15(7). https://doi.org/10.3390/su15076019

Sari, P. K., Handayani, P. W., Hidayanto, A. N., Yazid, S., & Aji, R. F. (2022). Information Security Behavior in

Health Information Systems: A Review of Research Trends and Antecedent Factors. In Healthcare

(Switzerland) (Vol. 10, Issue 12). MDPI. https://doi.org/10.3390/healthcare10122531

Sekaran, U., & Bougie, R. (2016). Research Methods for Business. www.wileypluslearningspace.com

Singh, A. N., & Gupta, M. P. (2019). Information Security Management Practices: Case Studies from India. Global

Business Review, 20(1), 253–271. https://doi.org/10.1177/0972150917721836

Spanaki, K., Gürgüç, Z., Mulligan, C., & Lupu, E. (2019). Organizational cloud security and control: a proactive

approach. Information Technology and People, 32(3), 516–537. https://doi.org/10.1108/ITP-04-2017-0131

Trang, S., & Brendel, B. (2019). A Meta-Analysis of Deterrence Theory in Information Security Policy

Compliance Research. Information Systems Frontiers, 21(6), 1265–1284. https://doi.org/10.1007/s10796-

-09956-4

Wang, L., Wang, R., Williams-Ceci, S., Menda, S., & Zhang, A. X. (2023). “Is Reporting Worth the Sacrifice of

Revealing What I Have Sent?”: Privacy Considerations When Reporting on End-to-End Encrypted

Platforms. http://arxiv.org/abs/2306.10478

Wei, L., Sha, Z., Wang, Y., Zhang, G., Jia, H., Zhou, S., Li, Y., Wang, Y., Liu, C., Jiao, M., Sun, S., & Wu, Q.

(2020). Willingness and beliefs associated with reporting travel history to high-risk coronavirus disease

epidemic regions among the Chinese public: A cross-sectional study. BMC Public Health, 20(1).

https://doi.org/10.1186/s12889-020-09282-4

Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security

measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799–2816.

https://doi.org/10.1016/j.chb.2008.04.005

Zammani, M., Razali, R., & Singh, D. (2019). Factors Contributing to the Success of Information Security

Management Implementation. In IJACSA) International Journal of Advanced Computer Science and

Applications (Vol. 10, Issue 11). www.ijacsa.thesai.org

Zammani, M., Razali, R., & Singh, D. (2021). Organisational Information Security Management Maturity Model.

In IJACSA) International Journal of Advanced Computer Science and Applications (Vol. 12, Issue 9).

www.ijacsa.thesai.org

Zheng, B., Tse, D., Ma, J., Lang, X., & Lu, Y. (2023). An Empirical Study of SETA Program Sustaining

Educational Sector’s Information Security vs. Information Systems Misuse. Sustainability (Switzerland),

(17). https://doi.org/10.3390/su151712669

Zhu, R., Li, X., Liu, Q., & Zhou, Q. (2022). Executives’ unethical behaviour with directions for future research.

In Frontiers in Psychology (Vol. 13). Frontiers Media S.A. https://doi.org/10.3389/fpsyg.2022.977130

Downloads

Published

2025-11-20

Issue

Vol. 12 No. 5 (2025): Oktober 2025

Section

Prodi S1 Manajemen (Manajemen Bisnis Telekomunikasi & Informatika)