Sri Lanka advances in global cybersecurity ranking

With the National Digital Economy Strategy identifying cybersecurity as a core pillar, reforms to the National Cyber Security Act are underway, alongside efforts to improve incident response capabilities through institutions such as the Sri Lanka Computer Emergency Response Team  (SLCERT).

Reforms to the National Cyber Security Act aim to establish a Cybersecurity Authority (CSA) as the apex institution for cybersecurity in Sri Lanka, empower the SLCERT in incident response, and create a comprehensive legal and administrative framework for a secure digital ecosystem, Digital Economy Deputy Minister Eng. Eranga Weeraratne told Biometric Update recently.

“With technology advancing faster than policy can keep pace, trust is our most valuable digital asset. Defending that trust requires shared commitment from policymakers, cybersecurity professionals, academics, the private sector, and civil society,” he said on the sidelines of the National Cyber Security Conference held recently, noting that Sri Lanka is continuing to place crucial attention on this area. Weeraratne pointed out that conflicts are not only caused by weapons as in the past, and therefore, international cooperation on cybersecurity should be built and is vital.

Sri Lanka has achieved a big milestone by progressing to Tier Two in the Global Cybersecurity Index, joining the ranks of countries like China, Canada, Austria, and Switzerland. Dr. Kanishka Karunasena, the Acting CEO of the Sri Lanka Computer Emergency Reporting Team (SLCERT), highlighted this progress during the recent cybersecurity conference, emphasizing the strategic development of the National Cybersecurity Strategy, which is built on four key pillars.

The strategy aims to launch a robust legal and administrative framework for cybersecurity, which includes finalizing the Cybersecurity Bill and creating a Cybersecurity Regulatory Authority. It also focuses on developing a skilled workforce in cybersecurity, boosting public awareness, improving cybersecurity readiness in government institutions, and bolstering the capabilities of Sri Lanka CERT. Collaboration with various stakeholders is also a priority to foster a secure cyber environment. The overarching goal is to initiate a secure and trusted digital space for the nation and to elevate Sri Lanka to Tier One in global cybersecurity rankings.

Technological investments have strengthened the country’s cybersecurity capabilities, particularly through the formation of the National Cyber Security Operations Centre (NCSOC). This center is tasked with monitoring cyberattacks on critical government institutions and certifying prompt responses. In August 2025, the Cabinet approved the connection of 37 critical government institutions to the NCSOC, including the Departments of Immigration, Motor Traffic, Treasury, Health, Electricity, and Water Supply, which will enhance national cyber resilience. SLCERT plans to connect all critical organizations to the NCSOC by December 2026.

Additionally, SLCERT operates the National Certificate Authority (NCA), enabling the issuance of digital certificates by registered service providers. Recognizing that 95% of cyber incidents stem from human errors, SLCERT emphasizes the importance of cybersecurity awareness and training, Dr. Karunasena said. “To build a strong human firewall, SLCERT has trained over 5,000 government officers and plans to continue these training programs with the support of industry partners. This initiative is crucial for creating a secure digital environment that enables Sri Lanka to fully leverage the benefits of the digital economy.”

Article Topics

cybersecurity  |  data protection  |  digital economy  |  digital ID  |  legislation  |  Sri Lanka