Image of Indonesia's National Data Center Hack Press Conference
Full press conference video

Indonesia’s Data Caper: A Cautionary Tale

The recent ransomware attack on Indonesia’s National Data Center, which saw hackers demand a cool $8 million, serves as a stark reminder of the importance of effective crisis communication. While the technical aspects of the breach are concerning, the government’s response offers valuable lessons for businesses and organizations navigating data breaches and other public crises.

Crisis Communication: Your Lifeline in Rough Seas

Clear and timely communication is paramount during a crisis. It builds trust with stakeholders, demonstrates control of the situation, and minimizes reputational damage. Conversely, poor crisis communication can erode trust, exacerbate negative press, and hinder recovery efforts.

The National Data Center Breach: A Case Study

This incident provides a valuable case study for implementing crisis communication best practices:

  1. Transparency and Empathy: The initial press conference lacked transparency, failing to acknowledge the public’s concern or offer an apology. A sincere apology and expression of empathy would have fostered trust and a sense of shared responsibility.
  2. Clear Communication: The press conference lacked a clear explanation of the attack. Providing a detailed explanation, in layman’s terms, would have informed the public and addressed their anxieties.
  3. Action Plan and Reassurance: The press conference failed to outline a concrete action plan to prevent future breaches and recover compromised data. A clear plan, outlining remediation steps and preventative measures,would have reassured the public about their data security.

Lacking the 3Rs of Crisis Communication

Effectively the Press conference failed to observe the “3Rs” of crisis communication:

  • Regret: Taking ownership of the situation and offering a sincere apology.
  • Reason: Providing a clear explanation of the crisis and its cause.
  • Remedy: Outlining a concrete action plan for addressing the crisis and preventing future occurrences.

As a result the press conference gave the impression that no one is really in charge, that the problem is still lurking around somewhere with little hopee of an early resolution and that there is no plan to bring things under control, or to prevent future fiascos like this from happening.

Beyond “Don’t Attack Lah”: Projecting Strength and Authority

The public statement urging hackers to “not attack” lacked strength and authority. Instead, a strong message emphasizing cybersecurity measures and legal consequences for attackers would have projected a more proactive stance. Weak messages will only provoke contempt, as expressed by the hacker Bjorka’s remark: “Don’t be an Idiot.”


The National Data Center breach serves as a cautionary tale for crisis communication. By incorporating the principles of transparency, clear communication, and a well-defined action plan, organizations can navigate crises effectively and minimize reputational damage.

Is Your Organization Prepared?

Don’t wait for a crisis to strike. Seek professional help that can help you craft comprehensive crisis communication plans to help you manage any situation with confidence. Contact us through our Corporate Training page if you need to learn more about Crisis Communication.

Writtten by Ong Hock Chuan, Founder & Managing Partner