The Asia Foundation brings APAC Cybersecurity Fund to Sri Lanka, with support from Google.org

In a significant move to enhance cybersecurity across the Asia-Pacific region, The Asia Foundation launched the APAC Cybersecurity Fund with $15M grant support from Google.org, Google’s philanthropic arm. This initiative aims to strengthen the cyber capabilities of 300,000 underserved micro, small and medium businesses, nonprofits, and social enterprises in the APAC region. The initiative will span 12 countries, including Bangladesh, India, Indonesia, Japan, Korea, Malaysia, Pakistan, Philippines, Singapore, Sri Lanka, Thailand, and Vietnam.

The launch event of the local project, held in Colombo, brought together key stakeholders from various sectors. In Sri Lanka, the project aims to educate and equip 13,000 micro, small, and medium businesses (MSMEs) with the necessary skills to navigate cybersecurity threats. This will be achieved through training sessions planned across all nine provinces. Additionally, two cyber clinics will be established at the Sri Lanka Institute of Information Technology and the Uva Wellassa University, enhancing the cybersecurity knowledge of undergraduates. These undergraduates will use their training to assist MSMEs with cybersecurity issues, applying the knowledge they have gained.

Creating cybersecurity best practices in the MSME sector in Sri Lanka is vital, as these enterprises contribute over 50% of the national economic output. The MSME sector, which accounted for nearly all businesses and almost half of employment in the country, has shrunk by over 15% due to the COVID-19 pandemic and the subsequent economic downturn. The surviving MSMEs rely mainly on low-cost digital resources such as social media platforms and personal mobile devices for business purposes.

Parallel to this increasing reliance by MSMEs on digital technology in recent years is an unfortunate rise in cyber threats matching the rise in internet access and usage across Sri Lanka. As MSMEs have turned to digital solutions to sustain and grow their businesses, they have become more vulnerable to cyberattacks. In recent years, internet access and usage across Sri Lanka have surged, with 14.58 million internet users in 2023, amounting to an internet penetration rate of 67%. Although this slightly dropped in 2024, the number of social media users in the country has continued to grow.

The most common form of cybercrime in Sri Lanka is phishing, where users are redirected by malicious emails and links to fake webpages aimed at collecting their sensitive personal information, leading to data breaches—a significant threat for smaller enterprises in the country. Among the most common cyber scams that Sri Lankans face is the impersonation of delivery services intended to extract fees from users. Incidents that facilitate hacking on platforms like Facebook and LinkedIn are also common, where social media logins are stolen to send fraudulent messages requesting money or advance payments for services.

These pressing issues require a concerted and continued effort to strengthen cybersecurity frameworks and regulatory mechanisms. Through the government’s various efforts and regional initiatives such as the APAC Cybersecurity Fund, the country’s cybersecurity ecosystem will be strengthened by equipping micro and small businesses, nonprofits, and social enterprises with the skills to navigate the internet safely and confidently.