Sri Lanka’s decision to sign the United Nations Convention against Cybercrime (UNCC) marks a significant policy shift as the nation grapples with a dramatic escalation in online offences. The move, approved by the Cabinet of Ministers, is being framed as part of a wider national effort to strengthen cooperation, enhance digital security, recover assets, and protect victims. However, experts warn that simply signing the convention will not be enough unless it is backed by systemic reforms and a long-term cybersecurity strategy.
According to official data, Sri Lanka recorded more than 5,400 cybercrime complaints during the first nine months of 2025, compared to around 2,887 complaints during the same period in 2024. This represents nearly a 90 percent surge in reported incidents, highlighting the growing sophistication and scale of digital crime.
Most of the cases involved social media-related offences such as phishing, financial fraud, impersonation, online harassment, and deepfake exploitation. Cybersecurity authorities say that criminals are increasingly using artificial intelligence to create fake profiles, manipulate videos, and deceive users, while law enforcement continues to struggle with detection and prosecution.
The government hopes that joining the UN Convention will improve access to international cooperation mechanisms, enabling faster cross-border investigations, data exchange, and the recovery of stolen digital assets. It will also provide frameworks for witness protection, victim assistance, and capacity building through global partnerships.
The joint Cabinet proposal, presented by the President in his capacity as Minister of Digital Economy, together with the Ministers of Justice and Foreign Affairs, underscores the urgent need to align Sri Lanka’s cybersecurity systems with global standards.
Despite existing laws such as the Cybercrimes Act of 2007 and the Online Safety Act No. 9 of 2024, enforcement remains weak. Many cases go unreported or unresolved, and only a handful result in convictions.
The lack of skilled investigators, outdated equipment, and limited coordination between agencies have all contributed to poor outcomes. Sri Lanka’s Computer Emergency Readiness Team (SLCERT), which leads the national cyber response, has called for more resources and training to handle the increasing volume and complexity of digital crimes.
The National Cyber Protection Strategy for 2025–2029, recently approved by the government, acknowledges these gaps. It outlines the need for improved law enforcement capacity, greater public awareness, and stronger collaboration between state institutions and private technology firms.
Experts also emphasize the importance of mandatory data breach reporting, tighter regulations for corporate cybersecurity governance, and the establishment of a dedicated digital forensics division capable of real-time analysis.
With more than 12.4 million internet users and 8.2 million active social media accounts, Sri Lanka’s online ecosystem continues to expand rapidly. Yet this growth has also widened the window of vulnerability. Analysts argue that unless the government moves beyond symbolic gestures and commits to tangible reforms, the wave of cybercrimes could soon outpace the country’s defensive capabilities.
The decision to sign the UN Cybercrime Convention is therefore seen as a vital step—but only the beginning. Without effective domestic implementation, investment in technology and training, and sustained public awareness, Sri Lanka risks remaining a soft target for cybercriminals even under the banner of global cooperation.
Leave your comments
Login to post a comment
Post comment as a guest