Strengthening Cybersecurity for Sri Lankan MSMEs: Launch of the APAC Cybersecurity Fund
By: Staff Writer
November 01, Colombo (LNW): In Colombo, The Asia Foundation, with the backing of Google.org, announced the launch of the APAC Cybersecurity Fund aimed at enhancing the cyber capabilities of over 300,000 small and medium-sized enterprises (SMEs) across 12 countries in the Asia-Pacific region.
The event gathered key stakeholders from various sectors to discuss this important initiative. In Sri Lanka specifically, the project seeks to train and equip 13,000 micro, small, and medium enterprises (MSMEs) with the essential skills to effectively tackle cybersecurity threats.
The initiative will implement training sessions across all nine provinces of Sri Lanka. Furthermore, two cyber clinics will be set up at the Sri Lanka Institute of Information Technology and Uva Wellassa University to boost cybersecurity knowledge among undergraduates. These students will, in turn, leverage their training to assist MSMEs with cybersecurity challenges.
Establishing robust cybersecurity practices within the MSME sector is crucial, as these businesses account for over 50% of the national economic output. This sector comprises nearly all businesses in the country and employs almost half of the workforce.
However, the COVID-19 pandemic and subsequent economic decline have severely impacted MSMEs, leading to a reduction of over 15% in their numbers. Many of these enterprises have had to rely heavily on affordable digital tools, including social media and personal mobile devices, for their operations.
As these businesses increasingly adopt digital solutions, they have also become more susceptible to cyber threats.
The rise in internet access in Sri Lanka has led to a corresponding increase in cybercrime, with 14.58 million internet users recorded in 2023, reflecting a 67% penetration rate. Although this figure saw a slight drop in 2024, social media user numbers continued to climb.
Phishing has emerged as the most prevalent form of cybercrime in Sri Lanka, with malicious emails and links redirecting users to fraudulent websites designed to harvest sensitive personal information.
This poses a significant risk to smaller enterprises. Other common scams include impersonation of delivery services, aimed at extracting fees from users, and hacking incidents on platforms like Facebook and LinkedIn, where attackers steal login credentials to send fraudulent requests for money.
Addressing these challenges necessitates a unified and sustained effort to bolster cybersecurity frameworks and regulatory mechanisms.
The government’s initiatives, along with programs like the APAC Cybersecurity Fund, aim to strengthen the cybersecurity ecosystem by empowering micro and small businesses, nonprofits, and social enterprises with the skills to navigate the digital landscape safely.
With $15 million in grant support from Google.org, the initiative is set to equip 13,000 SMEs in Sri Lanka with the necessary cybersecurity skills, while also extending support to businesses in Bangladesh, Vietnam, India, Japan, Korea, Malaysia, Pakistan, the Philippines, Singapore, and Thailand.
The program will focus on training across all nine provinces and establishing two cyber clinics to enhance the knowledge and capacity of undergraduates.
Despite the significance of the SME and microenterprise segment, which constitutes nearly 50% of domestic production, knowledge and interest in cybersecurity remain low due to various challenges, including limited education and investment.
The Asia Foundation’s program will particularly emphasize the participation of women to enhance their role in economic activities.
Although the Online Safety Act was passed by the Sri Lankan Parliament earlier this year, the absence of a comprehensive Cyber Security Act remains a concern, as discussions on this issue have been ongoing for over five years.
Experts have pointed out that without effective policy frameworks and public engagement, only larger corporations are adequately prepared to address the current cybersecurity challenges.
The Ceylon Chamber of Commerce has urged the government to expedite discussions on the draft Cybersecurity Bill to ensure compliance with the upcoming Personal Data Protection Act.
Notably, despite the rising popularity of digital platforms, 79% of Sri Lankans still prefer cash transactions, underscoring the need for enhanced cybersecurity awareness and infrastructure.