Enterprise Risk Management and Cyber Fraud Mitigation: Evidence from Indonesian State-Owned Enterprises

This study examines the role of Enterprise Risk Management (ERM) in mitigating cyber fraud in Indonesian State-Owned Enterprises (SOEs). As digital transformation increases organizational exposure to cyber risks, effective risk governance mechanisms become essential for safeguarding financial integrity. This research investigates how ERM implementation contributes to cyber fraud prevention and detection within SOEs. The study employs a mixed-methods approach using quantitative panel data from 48 non-financial SOEs during the 2020–2024 period, resulting in 112 firm-year observations, complemented by qualitative insights from 25 key informants, including auditors, risk officers, and IT/cybersecurity specialists. The empirical analysis indicates that stronger ERM implementation significantly enhances firms’ ability to mitigate cyber fraud risks and improves coordination between financial risk management and information technology governance. The findings also highlight the importance of integrated risk governance structures in strengthening internal controls and organizational resilience against digital threats. This study contributes to the literature on risk governance and digital risk management by providing empirical evidence on the strategic role of ERM in enhancing financial accountability and cyber risk mitigation in emerging market SOEs.