Sri Lanka is in the middle of a digital transformation. Government services are moving online. Banks are pushing cashless transactions. The national QR-based fuel pass became, for a few weeks in early 2026, the country's most debated piece of technology. But while the country has been racing toward a digital economy, a quieter and more damaging race has been running in the opposite direction.
The online conversation tells the story. Over the past 90 days, cybersecurity-related content generated more than 20,000 results and nearly 146,000 engagements across social media and news platforms in Sri Lanka, according to an analysis conducted by Mark & Comm using Talkwalker social listening data. Unique authors numbered 7,800 people who actively chose to post, comment, or share on the subject. Compared with the previous quarter, results rose nearly 20,000 percent. That is not a gradual increase in awareness. It is a country reacting to events that arrived in quick succession and did not let up.
Only 9.7 percent of the conversation was positive. Nearly half, at 47.6 percent, was negative.
"The conversation reflected in this data goes beyond cyber threats themselves. It reveals how quickly security incidents can become reputation issues, public trust issues and, ultimately, business issues. Understanding these shifts in stakeholder perception is becoming increasingly important for organisations operating in a digital environment," said Anjalie Munasinghe, Manager – PR & Social Intelligence, Mark & Comm.
The Numbers Behind the Noise
The Kaspersky Security Bulletin for 2025 placed Sri Lanka 20th globally for web-borne cyber threats, with 30.4 percent of internet users experiencing attacks during the year. It also recorded nearly 15 million local malware incidents during the same period, with over a third of users attacked through shared devices and removable drives. These are not sophisticated targeted attacks. They are the kind no national strategy can fix without basic digital hygiene at the ground level.
SLCERT's figures reinforce this. Reported incidents rose from 596 in 2019 to 4,347 in 2024. In 2025 alone, the agency received more than 12,650 complaints. By mid-May 2026, police had arrested 628 foreign nationals for activities ranging from immigration violations to organised online fraud, with suspects from China, India, Vietnam, Myanmar, the Philippines, and Cambodia. In the first three months of the year alone, arrests had already exceeded 50 percent of the total recorded throughout all of 2025.
The reason Sri Lanka keeps appearing in these operations is not accidental. Criminal networks pushed out of Thailand and Cambodia by enforcement crackdowns there have been relocating here, drawn by reliable connectivity and, with some irony, a government policy actively promoting digital nomad tourism. Sri Lanka is no longer just a country where citizens are being defrauded. It is being used as a staging ground to target victims in other countries entirely.
What the Conversation Reflects
Digital infrastructure, foreign nationals, cyber fraud, national security, and artificial intelligence are all running thousands of percent higher in volume than the previous period. The AI thread is significant not because people are debating technology policy, but because AI is appearing as a weapon used against the public. Deepfake content misusing the identities of public figures to promote fraudulent investment schemes has become a recurring complaint, feeding directly into the news cycle.
Social and news coverage increased at comparable rates, with social up 26.8 percent and news 25.6 percent.The issue is generating cross-platform attention driven by events rather than media amplification.
The Incidents Behind the Sentiment
The negative sentiment is the accumulated weight of several things happening at once.
A major domestic bank disclosed an internal fraud that exceeded its entire annual profit, with irregularities apparently building for close to two years before action was taken. The central bank instructed licensed banks to review their controls, underlining the loss of confidence.
Around the same time, the Ministry of Finance lost USD 2.5 million when a debt repayment intended for the Australian government was intercepted and redirected through a business email compromise. The Posts Department lost over USD 600,000 under almost identical circumstances shortly after. Both cases followed the same pattern: phishing emails exploiting human error rather than sophisticated technical breaches. The national carrier then dealt with a vendor payment fraud, with AED 974,500 diverted to a rogue account in Abu Dhabi, before warning the public about a malicious app circulating in the airline's name, designed to drain bank accounts remotely.
When incidents of this nature hit a bank, a government ministry, and a state-owned carrier within the same window, the conversation stops being technical. It becomes a referendum on institutional reliability. The most engaging content in the dataset reflected exactly that: coverage of the banking fraud, reporting on the foreign national arrests, and a consumer video on recovering money lost through an ATM error. People are not just processing the news. They are looking for information to protect themselves because they no longer assume the institutions around them are doing it.
A Country Digitising Faster Than It Is Securing Itself
A Cybersecurity Act has been in draft since 2019, with six versions produced across successive governments and none passed. Banking, telecoms, and government institutions still operate independent security frameworks with limited coordination. Thirty-seven critical institutions are being connected to a National Cyber Security Operations Centre, with a 2026 completion target. A digital identity system and a government super-app are also in development, both aggregating more citizen data into systems whose security record is still being established.
The sentiment breakdown, 9.7 percent positive against 47.6 percent negative, is not a reaction to criminals. Criminals have always existed. The negativity is directed at the systems that were supposed to be the defence. That loss of trust accumulates across 7,800 authors and nearly 146,000 interactions.
“Online conversations provide organisations with an early warning system. By analysing sentiment, emerging themes and stakeholder concerns in real time, organisations can identify reputational risks early and respond before issues escalate.” said Anjalie Munasinghe, Manager – PR & Social Intelligence, Mark & Comm.
Sri Lanka's legal architecture is taking shape. What the conversation is asking for is evidence that institutions are moving at the same speed as the threats they face.
The question is whether that evidence arrives before the next major incident doe
Natasha