Ravi raises alarm over cyber vulnerabilities in banks, State institutions

Colombo, May 19 (Daily Mirror) - UNP MP Ravi Karunanayake raised serious concerns in Parliament over the growing vulnerability of Sri Lanka’s public institutions and financial systems to cybercrime, cyberattacks, hacking, ransomware, data breaches and digital espionage.

Addressing Parliament, Karunanayake sought the Government’s position regarding the country’s cyber resilience and institutional preparedness amid increasing threats targeting critical State institutions and the banking sector.

He said recent incidents and attempted intrusions involving the Ministry of Finance, banking institutions, the Registrar of Persons, Registrar of Companies, the Central Bank of Sri Lanka, Road Development Authority and the General Post Office had raised serious concerns regarding national security, institutional preparedness and public confidence in Sri Lanka’s digital infrastructure.

The MP also questioned whether key institutions including the Inland Revenue Department, Sri Lanka Customs, Department of Excise, Department of Immigration and Emigration, the Ceylon Electricity Board, Ceylon Petroleum Corporation, Bank of Ceylon, People's Bank, National Savings Bank and SriLankan Airlines were adequately protected against cyberattacks, financial fraud, data theft and operational disruptions.

Karunanayake said that despite repeated assurances and the Government’s push towards digital transformation, e-governance, digital identity systems and fintech expansion, many critical institutions appeared exposed due to outdated systems, weak safeguards, inadequate monitoring, insufficient staff preparedness and lack of accountability.

Through his questions directed at the Finance Minister, the MP sought details on the total number of cyberattacks, attempted breaches, ransomware incidents, phishing attacks, hacking attempts and digital fraud complaints reported from 2023 to date involving government institutions, State and private banks and critical public infrastructure institutions.

He also asked whether institutions referred to had faced cyber intrusions, attempted breaches or unauthorised access during the past three years.

The MP further questioned what cybersecurity systems, monitoring mechanisms, encryption safeguards, backup systems and cyber defence protocols were presently operational and whether they complied with internationally accepted standards.

Karunanayake also asked whether many institutions continued to operate on outdated legacy systems, thereby exposing Sri Lanka to financial fraud, identity theft, disruption of services and foreign cyber espionage.

He questioned whether annual cybersecurity audits, penetration testing and independent cyber risk evaluations were mandatory for Government institutions and, if so, which institutions had failed to comply.

The MP also sought clarification on who would be directly accountable for cyber breaches, data theft or cyber fraud within Government institutions.

He further requested the Government to reveal the financial losses and operational disruptions arising from cyber incidents reported from January 1, 2025 to date.

Karunanayake finally asked the Government to outline the urgent measures it planned to take to protect Sri Lanka from future cyber warfare and organised cybercrime.