The Digital Trust Alliance, joined by a coalition of professional organisations, has written to President Anura Kumara Dissanayake calling for a structured cybersecurity governance framework following the Finance Ministry breach that diverted approximately USD 2.5 million.
In a letter dated April 27, the Alliance said the incident has raised serious public concern about preparedness, accountability and resilience across government financial systems, and stressed that it does not seek to prejudge the facts of the ongoing investigations.
The group proposed a structured advisory engagement between government institutions and professional bodies to identify practical governance and assurance measures. Suggested outcomes include establishing a designated government cybersecurity governance structure, clear ownership and accountability for recommendations, a structured maturity and gap assessment of current systems, alignment with the NIST Cybersecurity Framework 2.0, and a focused public-sector cybersecurity roundtable.
The letter further recommended drawing in the Ministry of Digital Economy, Sri Lanka CERT, the Data Protection Authority and GovTech for the engagement.
βOur purpose is not to criticise but to offer constructive support. Cybersecurity is now a matter of financial integrity, public trust, institutional continuity, and national resilience,β the Alliance said.
The organisations expressed readiness to contribute expertise from certified cybersecurity professionals, auditors, governance specialists and ICT practitioners, arguing that structured engagement could strengthen public confidence and clarify implementation priorities.
The proposal lands as the Treasury cyber heist investigation continues to widen, with the CID examining potential second-vector targeting around French loan documents and a cluster of civic groups protesting at the Finance Ministry and Central Bank. The professional sectorβs intervention marks the first formal civil society call for institutional cybersecurity reform tied directly to the breach.
