Sri Lanka could be losing between $450 million and $1 billion each year to cybercrime, according to Asian Development Bank (ADB) Digital Sector Office Director Antonio Zaballos, who urged stronger cybersecurity frameworks and a national shift in digital awareness to safeguard the country’s growing online economy.
Speaking at the ADB’s Serendipity Knowledge Program (SKOP) on Digital Transformation: Cybersecurity and Data Protection for Digital Economy Development held in Colombo, Zaballos said global cybercrime losses have now reached $10.5 trillion nearly 9% of global GDP.
“If we consider even 0.5-1% of Sri Lanka’s GDP, the annual cost of cybercrime could easily fall between $450 million and $1 billion,” he said, emphasizing that as economies become more digitally interconnected, their exposure to cyber threats rises sharply.
“The more connected we are, the more at risk we are,” Zaballos warned, noting that cybersecurity is no longer just a technical issue but a development challenge that demands collaboration between governments, private enterprises, and citizens.
He highlighted that Sri Lanka’s push toward a digital economy through online banking, e-commerce, and digital governance makes the country particularly vulnerable without adequate cyber protection, adding that proactive investment in cybersecurity infrastructure is essential to prevent economic disruption and loss of public trust.
Meanwhile, Data Protection Authority Chairman Rajeeva Bandaranaike stressed that Sri Lanka’s biggest hurdle lies not merely in technology but in building a culture of cybersecurity and data privacy.
“We don’t have a culture of data privacy and data protection, and awareness levels remain very low,” he said. “Policymakers need to take ownership and embed a sense of responsibility across all sectors of society.”
Bandaranaike said that Sri Lanka’s forthcoming Data Protection Act and cybersecurity legislation will set an important legal foundation for digital governance. However, he cautioned that legislation alone will not be enough unless supported by continuous education and public engagement.
“Like wearing helmets or seatbelts, data protection needs to become second nature,” he added. “That will take consistent enforcement, awareness campaigns, and digital literacy efforts.”
Experts at the forum agreed that Sri Lanka must accelerate its institutional readiness and cross-sector collaboration to mitigate rising cyber threats as digital adoption expands. Without stronger protections, they warned, cybercrime could significantly undermine investor confidence, financial stability, and long-term economic growth.
