Sri Lanka Advances National Cybersecurity Strategy to Combat Rising Cyber Threats

Sri Lanka is taking significant strides to enhance its cybersecurity capabilities amidst growing concerns over cybercrime and vulnerabilities within critical infrastructure. The Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) is leading the charge in the development of a comprehensive national cybersecurity strategy aimed at addressing the alarmingly high number of cyber incidents reported in recent years. With over 12,650 complaints related to cybersecurity issues received in 2025 alone, and the increasing sophistication of cyber crimes—from phishing scams to ransomware attacks—the urgency for a robust cybersecurity framework has never been greater.

The rise in incidents reflects broader global patterns, highlighting how technological advancements, particularly the surge in Artificial Intelligence (AI), may further complicate the cybersecurity landscape. Moreover, a recent $2.5 million cyber breach involving government financial systems serves as a stark reminder of the potential risks that external threats pose to national security and economic integrity. This landscape has galvanized stakeholders to call for a more cohesive and proactive approach to cybersecurity, leading to the establishment of a national strategy that focuses on technological upgrades, workforce development, and regulatory improvements.

The government initiative outlines a multi-pronged approach to address these pressing issues. Among the critical components of the strategy is the enhancement of technical capabilities and processes within both public and private sectors. Charuka Damunupola, Lead Information Security Engineer at Sri Lanka CERT, emphasizes the need for a specific information security policy tailored for government organizations, developed in line with international standards to reflect local contexts. This policy framework is pivotal, as it targets approximately 10,000 government officials for training and awareness programs that aim to elevate the overall cybersecurity posture of the nation.

Despite these advancements, industry leaders point to the marked absence of a dedicated cybersecurity law and a central regulatory authority, which poses challenges to unified governance across sectors. As the landscape evolves, there is an urgent need for public-private partnerships that foster collaboration between government entities and private firms to bridge existing skills gaps and improve oversight of critical national infrastructure. This collaborative spirit is crucial for establishing regulatory frameworks that not only protect sensitive information but also create a sustainable environment for further investments in cyber defense initiatives.

As the national cybersecurity strategy unfolds, procurement professionals and vendors in the cybersecurity realm should prepare for burgeoning opportunities. Demand for products and services focused on cybersecurity solutions, consulting services, and training programs that align with these strategic objectives are likely to increase. Moreover, as the strategy lacks formal regulatory backing at this stage, vendors can play a pivotal role in driving policy development, consulting, and compliance solutions that align with the emerging requirements of the national cybersecurity directive. By proactively engaging with government agencies in this transformative period, contractors can position themselves as key players in the nation's cybersecurity evolution.

This national strategy not only highlights immediate procurement implications but also sets a precedent for future legislative frameworks in cybersecurity governance. For contractors, the call for more sophisticated frameworks and collaboration creates a range of opportunities that can drive engagement in collaborative cybersecurity initiatives, ensuring a comprehensive and effective response to the threats facing Sri Lanka's digital ecosystem.

• Sri Lanka CERT is spearheading efforts to modernize cybersecurity frameworks and build technical and human resource capabilities.
• Procurement professionals should anticipate increased demand for cybersecurity technologies, consulting services, and training programs aligned with national strategy objectives.
• The lack of a formal cybersecurity regulatory framework suggests opportunities for vendors to support policy development and compliance solutions.
• Public-private partnerships are likely to expand, creating avenues for contractors to engage in collaborative cybersecurity initiatives and capacity-building projects.
• Approximately 10,000 government officials will receive training and awareness sessions under the new strategy.
• Increased cooperation between government entities and private firms is essential for bridging skills gaps in the cybersecurity workforce.
• Sri Lanka aims to protect critical infrastructure with a dedicated 5-year national cybersecurity strategy including action plans for workforce development.
• The focus on workforce capacity building indicates significant future contract opportunities in training and education sectors.