Cybercrime has become a significant global threat, with Indonesia experiencing a sharp increase in cyber-related offenses. Reports from the National Cyber and Crypto Agency (BSSN) indicate that cybercrime cases rose from 3,000 in 2018 to 15,400 in 2023, underscoring the need for stricter legal enforcement. Despite existing regulations under the Electronic Information and Transactions Law (UU ITE), penalties often fail to provide a deterrent effect. Around 60% of convicted cybercriminals receive less than three years of imprisonment, while only 15% serve more than five years. This study examines the effectiveness of cybercrime penalties in Indonesia and evaluates their impact on recidivism rates. Using a qualitative approach with content analysis, this study reviews legal documents, court rulings, and expert interviews. A comparative analysis with European Union and United States regulations is conducted to identify best practices. Findings reveal that weak enforcement leads to a recidivism rate exceeding 40% within two years. Additionally, Indonesia’s maximum penalty of six years and a fine of IDR 2 billion remain significantly lower than the EU’s 10-year sentence and fines up to €20 million. Stricter legal reforms, increased sanctions, and regulatory harmonization with global standards are essential to enhancing deterrence and law enforcement effectiveness. This study contributes to the discourse on cybercrime law by highlighting gaps in Indonesia’s legal system and proposing measures to strengthen enforcement.