The Digital Trust Alliance, together with a coalition of professional organisations in Sri Lanka, has called on the government to strengthen cybersecurity governance and institutional resilience across the public sector following recent incidents involving government financial systems.

Addressing President Anura Kumara Dissanayake in a letter dated April 27, the Alliance noted that investigations are underway into the diversion of approximately USD 2.5 million after a breach of Finance Ministry systems. 

While stressing that they do not seek to prejudge the facts, the organisations said the incident has raised serious public concern and highlighted the need for stronger preparedness, accountability, and resilience.

As such, the Alliance proposed a structured advisory engagement between government institutions and professional bodies to identify practical governance and assurance measures. 

Suggested outcomes include:

• Establishing a designated government cybersecurity governance structure.
• Clear ownership and accountability for recommendations.
• A structured maturity and gap assessment of current systems.
• Alignment with recognised frameworks such as the NIST Cybersecurity Framework 2.0.
• Convening a focused public‑sector cybersecurity roundtable.

The letter further recommended involving institutions such as the Ministry of Digital Economy, Sri Lanka CERT, the Data Protection Authority, and GovTech.

“Our purpose is not to criticise but to offer constructive support. Cybersecurity is now a matter of financial integrity, public trust, institutional continuity, and national resilience,” the Alliance stated.

The organisations expressed readiness to contribute expertise from certified cybersecurity professionals, auditors, governance specialists, and ICT practitioners, noting that structured engagement could strengthen public confidence and provide clearer implementation priorities for Sri Lanka’s digital future.