As information technology (IT) advancement evolves in Indonesia's insurance sector, organizations like ReinsurCo must accelerate their digital transformation (DT) to remain competitively viable. Although DT paves the way for new business models and operational improvements, the implementation often fails due to poor IT governance. Under the supervision of the State-Owned Enterprises Agency (SOE) and the Financial Services Authority (FSA), ReinsurCo must comply with regulations stating that SOEs must independently assess IT maturity to ensure information security. This research utilizes the five stages of Design Science Research (DSR): problem explication, requirement specification, design and development, demonstration, and evaluation. Data was collected through semi-structured interviews and both internal and external document triangulation. The data were then analyzed using the COBIT 2019 Information Security framework, implementing design factors prioritizing information technology governance and management (ITGM) objectives: APO13 Managed Security, DSS05 Managed Security Services, and BAI06 Managed IT Changes. Further analysis and identification were conducted to discover gaps against the seven component capabilities. These identified gaps were mapped into people, process, and technology aspects, which led to the creation of essential improvement recommendations. These recommendations were compiled into an implementation roadmap that can serve as a priority guide for ReinsurCo. This research is expected to provide a knowledge base for prioritizing information security management in supporting DT by implementing the COBIT 2019 Information Security framework. In a practical context, it aids ReinsurCo in controlling its strategic plans to face information security challenges. Furthermore, this study also offers extensive benefits to the insurance industry.

K. S. R. Warner and M. Wäger, “Building dynamic capabilities for digital transformation: An ongoing process of strategic renewal,†Long Range Plann, vol. 52, no. 3, pp. 326–349, Jun. 2019, doi: 10.1016/j.lrp.2018.12.001.

C. Gong and V. Ribiere, “Developing a unified definition of digital transformation,†Technovation, vol. 102, Apr. 2021, doi: 10.1016/j.technovation.2020.102217.

V. Gurbaxani and D. Dunkle, “Gearing up for successful digital transformation,†MIS Quarterly Executive, vol. 18, no. 3, pp. 209–220, 2019, doi: 10.17705/2msqe.00017.

J. Jewer and N. Van Der Meulen, “Governance of Digital Transformation: A Review of the Literature,†2022, [Online]. Available: https://hdl.handle.net/10125/80144

R. Mulyana, L. Rusu, and E. Perjons, “IT Governance Mechanisms Influence on Digital Transformation: A Systematic Literature Review,†in Proc. 27th Annu. Am. Conf. Inf. Syst, Twenty-Seventh Americas’ Conference on Information Systems (AMCIS), 2021, pp. 1–10. [Online]. Available: https://aisel.aisnet.org/amcis2021

N. Obwegeser, T. Yokoi, M. Wade, and T. Voskes, “7 Key Principles to Govern Digital Initiatives,†2020. [Online]. Available: https://mitsmr.com/2UWvNEs

S. Vejseli and A. Rossmann, “The Impact of IT Governance on Firm Performance A Literature Review,†in AIS Electronic Library (AISeL), Langkawi, 2017.

S. De Haes, L. Caluwe, T. Huygh, and A. Joshi, Governing Digital Transformation. Springer, 2020. doi: https://doi.org/10.1007/978-3-030-30267-2.

S. De Haes and W. Van Grembergen, “IT Governance and Its Mechanisms,†Information systems control journal, no. 1, pp. 27–33, 2004.

R. Pereira and M. M. Da Silva, “Towards an integrated IT governance and IT management framework,†in Proceedings of the 2012 IEEE 16th International Enterprise Distributed Object Computing Conference, EDOC 2012, 2012, pp. 191–200. doi: 10.1109/EDOC.2012.30.

N. Robbiyani, R. Mulyana, and L. Abdurrahman, “Pengujian Model Pengaruh Tata Kelola TI Terhadap Transformasi Digital dan Kinerja Asuransi C,†Explore: Jurnal Sistem Informasi dan Telematika, vol. 13, no. 2, p. 95, Dec. 2022, doi: 10.36448/jsit.v13i2.2712.

F. A. Pahrevi, R. Mulyana, L. Ramadani, and J. S. Informasi, “Analisis Pengaruh Tata Kelola TI terhadap Transformasi Digital dan Kinerja Asuransi C,†Jurnal Sistem Informasi dan Telematika (Telekomunikasi, Multimedia dan Informatika), vol. 13, 2022.

S. F. Bayastura, S. Krisdina, and A. P. Widodo, “Analisis Dan Perancangan Tata Kelola Teknologi Informasi Menggunakan Framework COBIT 2019 Pada PT.XYZ,†JIKO (Jurnal Informatika dan Komputer), vol. 4, 2021, doi: 10.33387/jiko.

P. M. Dewi, R. Fauzi, and R. Mulyana, “Perancangan Tata Kelola Teknologi Informasi Untuk Transformasi Digital Di Industri Perbankan Menggunakan Framework COBIT 2019 Dengan Domain Build, Acquire and Implement: Studi Kasus Bank XYZ,†e-Proceeding of Engineering, vol. 8, no. 5, p. 9672, 2021.

ISACA, COBIT 2019 Framework: Introduction and Methodology. USA, 2018.

A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design Science in Information Systems Research,†2004. [Online]. Available: https://www.jstor.org/stable/25148625

A. Hevner and S. Chatterjee, Design Research in Information Systems, vol. 22. in Integrated Series in Information Systems, vol. 22. Boston, MA: Springer US, 2010. doi: 10.1007/978-1-4419-5653-8.

A. K. Shenton, “Strategies for ensuring trustworthiness in qualitative research projects,†Education for Information, vol. 22, no. 2, pp. 63–75, 2004, doi: 10.3233/EFI-2004-22201.

ISACA, Designing and Information and Technology Governance Solution. 2018.

ISACA, COBIT Focus Area: Information Security. 2020. [Online]. Available: www.isaca.org

R. Mulyana, L. Rusu, and E. Perjons, “How Hybrid IT Governance Mechanisms Influence Digital Transformation and Organizational Performance in the Banking and Insurance Industry of Indonesia,†in Information Systems Development (ISD) Conference, Lisbon: Association for Information Systems (AIS), 2023.

R. Mulyana, L. Rusu, and E. Perjons, “IT Governance Mechanisms that Influence Digital Transformation: A Delphi Study in Indonesian Banking and Insurance Industry,†Pacific Asia Conference on Information Systems (PACIS), no. AI-IS-ASIA, pp. 1–16, Jun. 2022.

Kementerian Badan Usaha Milik Negara, Peraturan Menteri Badan Usaha Milik Negara tentang Panduan Penyusunan Pengelolaan Teknologi Informasi Badan Usaha Milik Negara. Indonesia: jdih.bumn.go.id : 4 hlm., 2013.

A. K. Kavanagh, T. Bussa, and G. Sadowski, “Magic Quadrant for Security Information and Event Management,†Feb. 2020. [Online]. Available: https://www.gartner.com/doc/reprints?id=1-1YEDHXVD&ct=200219&st=sb

M. Horvath, D. Gardner, Bhat Manjunath, R. Chugh, and A. Zhao, “Magic Quadrant for Application Security Testing,†May 2023.