Sri Lanka has been recognized as an “Advancing” country in the Global Cybersecurity Index (GCI), which highlights its commitment to enhancing cybersecurity practices across multiple pillars.
The Global Cybersecurity Index (GCI) that published by the International Telecommunication Union (ITU) serves as a trusted benchmark for assessing countries’ commitment to cybersecurity on a global scale. The fifth edition of the Global Cybersecurity Index (GCI) 2024 provides a comprehensive assessment of countries’ commitment to cybersecurity across five key pillars namely (a) Legal, (b) Technical, (c) Organizational, (d) Capacity Development, and (e) Cooperation.
The fifth edition of the 2024 Global Cybersecurity Index (GCI) assesses countries’ cybersecurity commitment across five key pillars. The Legal pillar evaluates the strength of laws related to cybercrime and cybersecurity, while the Technical pillar focuses on the capabilities of national and sector-specific agencies.
The Organizational pillar examines national strategies and organizations dedicated to cybersecurity governance, and the Capacity Development pillar looks at efforts to build cybersecurity knowledge through training, education, and awareness campaigns. Lastly, the Cooperation pillar measures partnerships between government, private sector, and international organizations.
In the 2024 report, 193 countries have been categorized into 5 tiers as Tier 1 (T1) – Role-modelling, Tier 2 (T2) – Advancing, Tier 3 (T3) – Establishing, Tier 4 (T4) – Evolving, and Tier 5 (T5) – Building based on their efforts to safeguard the cyberspace. Sri Lanka has been classified as a Tier 2 – Advancing country, achieving a score of 85-95 out of 100.
A “T2 Advancing” country shows a strong commitment to cybersecurity through coordinated, government-led actions. This includes assessing, setting up, or implementing widely recognized cybersecurity measures across at least four pillars or many key indicators.
This result demonstrates the effectiveness of the implementation of National cybersecurity strategy by Sri Lanka CERT during the past several years. Sri Lanka was ranked 83rd in 2020 GCI report and in 84th in 2018 report prior to the implementation of the nation’s first cyber security strategy.
The report further highlights that Sri Lanka’s strength lies in its Legal Measures, Technical measures, and Capacity Development, where it scored highest. However, the Organizational and Cooperation measures are identified as areas for potential growth.
Notably, Sri Lanka’s performance surpasses the average score for the Asia-Pacific region, indicating a robust commitment to advancing cybersecurity initiatives. The report encourages continued efforts in enhancing organizational frameworks and fostering international cooperation to further strengthen the country’s cybersecurity landscape.
Sri Lanka CERT is actively working to enhance the country’s cybersecurity standing and position itself to a T1: role modelling in the future. To achieve this, Sri Lanka CERT has launched several key initiatives, including the implementation of the National Cybersecurity Strategy (2025–2028), the establishment of the National Certification Authority, and the operationalization of the National Cybersecurity Operations Center.
Additionally, the country is advancing the implementation of a national information and cybersecurity policy, alongside various capacity-building activities aimed at strengthening the nation’s overall cybersecurity framework.