Sri Lanka’s annual losses from cybercrime could range between USD 450 million and USD 1 billion, according to Asian Development Bank (ADB) Digital Sector Office Director Antonio Zaballos, who urged the country to strengthen its cybersecurity framework as it advances its digital economy.
Speaking at the ADB Serendipity Knowledge Program (SKOP) on “Digital Transformation: Cybersecurity and Data Protection for Digital Economy Development” held in Colombo, Zaballos noted that global cybercrime losses have soared to USD 10.5 trillion, accounting for nearly 9% of the world’s GDP.
“If we consider just between 0.5–1% of Sri Lanka’s GDP, cybercrime costs could amount to around USD 450 million to USD 1 billion annually,” Zaballos said, warning that greater connectivity also increases vulnerability. “The more connected we are, the more at risk we are,” he added.
Data Protection Authority Chairman Rajeeva Bandaranaike highlighted that Sri Lanka’s key challenge lies in building a culture of data privacy and cybersecurity awareness. “We don’t have a culture of data protection, and awareness levels are very low,” he said, emphasizing the need for policy ownership and public responsibility.
Bandaranaike noted that the upcoming Data Protection Act and cybersecurity legislation would establish a foundation for improved governance. “Like helmets and seatbelts, data protection will eventually become second nature—but it requires consistent enforcement and education,” he added.
