Enterprise Risk Management and Cyber Fraud Mitigation: Evidence from Indonesian State-Owned Enterprises

This study examines the role of Enterprise Risk Management (ERM) in mitigating cyber fraud in Indonesian State-Owned Enterprises (SOEs). As digital transformation increases organizational exposure to cyber risks, effective risk governance mechanisms become essential for safeguarding financial integrity. This research investigates how ERM implementation is associated with cyber fraud prevention and detection within SOEs. The study employs a mixed-methods approach using quantitative firm-year observations from 48 non-financial SOEs during the 2020–2024 period, resulting in 112 pooled observations, complemented by qualitative insights from 25 key informants, including auditors, risk officers, and IT/cybersecurity specialists. The empirical analysis indicates that stronger ERM implementation is positively associated with higher levels of cyber fraud mitigation and improved coordination between financial risk management and information technology governance. The findings also highlight the importance of integrated risk governance structures in strengthening internal controls and organizational resilience against digital threats. However, given the cross-sectional and perception-based nature of the data, the findings should be interpreted as associative rather than causal relationships. This study contributes to the literature on risk governance and digital risk management by providing empirical evidence on the role of ERM in supporting financial accountability and cyber risk mitigation in emerging market SOEs.