By Raj Gonsalkorale

Information and communication technologies (ICTs) are the cornerstone for sustainable development, but if they are not appropriately managed, they will impede progress towards the United Nations Global Sustainable Development Goals. Among undesirable impacts, emphasis must be put on the risk of information security (ISec) breaches, as they pose a potential threat to businesses there. Especially for publicly traded firms, they could create a long-lasting influence on their financial performance and, thus, stock investors’ confidence – MDPI (Multidisciplinary Digital Publishing Institute.

MDPI (Multidisciplinary Digital Publishing Institute), a major Switzerland-based publisher of over 500 peer-reviewed, open-access journals, founded in 1996, in a review titled The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesisby Syed Emad Azhar Ali, Fong-Woon Lai, Rohail Hassan and Muhammad Kashif Shad in an MDPI publication in January 2021) point out that Among undesirable impacts, emphasis must be put on the risk of information security (ISec) breaches, as they pose a potential threat to businesses there. Especially for publicly traded firms, they could create a long-lasting influence on their financial performance and, thus, stock investors’ confidence (https://www.mdpi.com /2071- 050/13/3/1066#:~:text=Especially%20for%20publicly%20traded%20firms, context%20of%20efficient%20market %20hypothesis), In summary, the paper says that when large-scale computer scams are, or are perceived to be, handled poorly or are facilitated by corruption, they lead to a significant loss of both local and international investor reputation, potentially causing capital flight.

fDi Intelligence, a specialist division of the Financial Times, is a premier source for foreign direct investment (FDI) information, providing data-driven news, analysis, and tracking tools. In recent research publication they have stated that Cyber-attacks are on the rise as they emerge as the flipside of the global digital economy and they cost the world $8tn in damages in 2023 alone, and that public institutions at the highest level, particularly in developing economies, have proven vulnerable to such attacks. (https://www.fdiintelligence.com/content/aebb2169-e74e-53b6-b6ca-4b3a521cca8c#:~:text= The%20 stakes%20are%20high.,The%20FDI%20risk). 

Terence Toland, a manager at Kearney, a leading global management consulting firm, has stated that Countries with poor cyber hygiene risk seeing their investment appeal decrease as multinationals limit exposure to such risks and that the reputational damage caused by a big breach, particularly a well-publicised breach, would definitely have a negative impact on the market’s prospect for FDI or being a supply chain destination”. As one would say, it’s not rocket science to say that financial scams pose significant threats to the economic stability and growth of emerging economies. These fraudulent activities undermine investor confidence, distort market efficiency, and divert scarce resources away from productive investments.

In Sri Lanka, a few IT and non-IT related issues, but primarily large-scale computer scams and high-profile cyber incidents appear to have the potential to severely damage investor confidence by eroding trust in the security of financial systems, weakening the reputation of local markets, and introducing significant financial and operational risks.  It is vital for the government to address these issues very urgently and expeditiously and possibly considering the engagement of a reputed international entity specialised in this area to undertake an urgent assessment of the adequacy of cyber security measures in the central bank and all local banks, and management measures in place to detect possible scams.

Amongst the issues that appear to have had a dent in the government’s ability to handle major beaches, both in IT and non-IT related areas, is the controversial container release saga. While it is not a computer related issue, it has raised a considerable amount of debate and discussion, and the government’s position has been that the practice of releasing  some containers without an inspection has been a practice that has been adopted in the past as a means of easing backlogs of containers whenever such backlogs impeded on the efficiency of the Port. A Parliamentary Select Committee (PSC) is probing the release of 323 containers from the Colombo Port in early 2025 without mandatory physical inspections, many of which reported were marked “red” (high-risk). With the investigation extended by three months, and a final report expected in the coming weeks, the PSC report will hopefully provide the required clarity and identify any misdeeds, indeed if any, had occurred. However, the time period that has elapsed since the issue hit the headlines and a comprehensive explanation to the public about the circumstances relating to the release of the containers has been far too long, and it has provided ample opportunities for speculation to take hold of whatever it might be the factual situation. 

The context relating to the Sri Lankan Ports situation needs to be mentioned here. Port congestion and delayed cargo clarencein what has beenthe highest-performing months for cargo handling, roughly 4,200 containers had been held up as of April 2026.The Sri Lanka Ports Authority (SLPA) is attempting to clear backlogs through 24-hour services and is reviewing, as a temporary measure, the use of space in Port City to alleviate yard congestion. Port capacity and developments so far has been unprecedented with theHambantota International Port (HIP) recording its highest single-vessel container volume (13,260 TEUs) on the MSC Marie Leslie in April 2026.The Colombo West International Terminal (CWIT), a joint venture involving India’s Adani Ports, is accelerating development to increase capacity by late 2026, ahead of its 2027 deadline.While some carriers are returning to the Red Sea, continued instability in the region due to the mid-eastern conflict has caused a structural shift in shipping patterns, placing high demand on Sri Lankan terminals as a transshipment hub. The overall situation indicates that while Sri Lanka is successfully positioning itself as a major Indian Ocean logistics hub, it faces severe operational and bureaucratic bottlenecks in handling the increased traffic.

The challenge for the government is to assess whether equipment shortages and/or lack of skilled management expertise is causing port congestion, and if so, what measures should be taken to address these as a matter of priority, as its goal of Sri Lanka being a major Indian Ocean hub may be impacted.

In terms of the three IT related issues, the two Commercial Bank related issues (the scams at the NDB and the one at the Commercial bank), are not directly related to the government, but related possibly to monitoring shortcomings at the Central Bank which is independent of the government.  It certainly appears that the monitoring measures and IT guard rails to detect and prevent scams have not been as effective as they should have been, both within the two institutions concerned and within the central bank. However, as investigations are ongoing, speculations will not assist the investigations, but clarity on this serious matter will have to be considered a very urgent matter as the potential damage to confidence in these institutions could become irreversible otherwise.

The challenge for the government (more the central bank) is to take all possible measures, including obtaining international technical expertise to investigate, strengthen if necessary through legislation, preventive measures and to introduce more fool proof guard rails in all banks so that recurrence of these scams will not happen, and if any attempts are being made by cyber criminals to hack systems, they will be detected before its too late, Besides this, punishment for convicted offenders should be made extremely severe so that would be criminals would think twice before committing them.

What is very concerning and perhaps most serious is the theft of USD 2.5 million dollars from the governments own external resources entity which is inseparable from the treasury itself. To the best of the writer’s knowledge based on information publicly released so far, it appears that a serious management shortcoming has contributed to the eventual cyber theft. This being the apparent failure of the external resources/treasury not to have sought an acknowledgement from the recipient of the funds, the Australian government, way back in January when supposedly, the transfer had been done. Had the treasury assumed that the funds had been transferred on the due date, surely an acknowledgement should have been sought as a matter of routine, or they should have had a management mechanism to identify funds that had to be transferred by a due date but not actually transferred and which would have prompted them to make investigations why the transfer had not taken place. On the face of it, it appears that there had been a clear management failure.

Impact on investor confidence

As mentioned earlier, besides the loss of money, which may be totally or partially recovered, what would be difficult to recover would be the possible dents on investor confidence when Sri Lanka desperately needs direct foreign investments to boost the economy. The IT related scams will result in the erosion of trust in digital finance.

Cyber-enabled fraud, which has tripled recently, erodes trust in the digital channels that modern financial systems rely on. When scams are perceived as widespread, investor trust in digital services decreases, making it harder for financial institutions to maintain confidence. There would be reduced foreign direct investment (FDI), as countries with poor cyber guard rails runs the risk of being characterized as countries with weak governance and not attuned to giving the topmost priority to arresting cybercrime and losing their appeal for FDI as multinationals will take risk avoidance measures and limit their exposure to these hazards. Significant breaches could prompt firms to relocate to jurisdictions with higher security standards. Even if governments are not necessarily weak, investors will view high-scale scams as evidence of inept management or severe operational vulnerabilities within institutions including the central bank. To add to this, the high cost of remediation, along with potential legal and regulatory fines, could impair the institutions’ ability to operate efficiently, making them less attractive to investors.

From the country’s perspective, a national economysuffering from cyber-security breaches may experience increased equity risk, as potential investors could become hesitant to invest, either making only small investments as a risk mitigating measure or demanding higher, short-term returns. Another serious risk that could arise from widespread digital fraud is the flight of capital, posing threats to economic stability. 

fDi Intelligence lists the following as key drivers of reduced confidence

• The adoption of AI and deepfakes by criminals makes scams harder to detect, leading to prolonged periods of risk for institutions.
• In some instances, regulations requiring data to be stored locally can heighten a country’s attractiveness as a target for cyber-criminals, inadvertently raising risks for foreign investors.
• Foreign investors could find their local partners or suppliers as the “weakest link,” exposing the overall investment to contagion risks from low-quality local cybersecurity. 

In conclusion, the following conclusion from Research Gate paper titled Economic Impact Of Financial Scams On Emerging Economies: A Legal Review” is quoted here as it summarises the potential fallout from scams that are becoming quite widespread globally (https://www.researchgate.net/publication/393335164 Economic_Impact_Of_ Financial_Scams On_Emerging_Economies_A_Legal_Review#:~:text=Abstract,) %2C%20and%20financial %20sector % 20integrity)

The rapid advancement of technology has led to significant changes in the global financial landscape. The rise of digital transactions presents new opportunities for financial inclusion and economic growth, but it has also led to a surge in financial fraud. (Lakew & Azadi, 2020). Financial frauds exert extensive and diverse economic impacts on developing nations. Financial fraud undermines economic stability, distorts markets, and erodes trust in financial institutions (Sajid et al., 2023).  The inadequacy of legal and regulatory frameworks in numerous emerging nations have exacerbated the problem further.  Mitigating the economic impact of financial fraud relies on robust legal and regulatory responses. This encompasses the enhancement of national legal frameworks, the augmentation of regulatory oversight, the promotion of international collaboration, and the empowerment of consumers through protective measures and education. (Babu & Xavier, 2015.  The convergence of information technology and financial services has propelled the growth of financial technologies, necessitating legislative reforms to address the interplay of financial products, services, technologies, risks, and institutions. (Tritto et al., 2020).

One hopes that the government has taken heed of the urgency to strengthen all avenues that pose threats to cyber fraud, strengthen management shortcomings via legislation if need be, the utmost urgency to do this as a matter of priority and taking the ordinary people of the country to their confidence by providing open, consistent, accurate updates on the issues concerned and prevent avenues for speculation arising from gaps in what might be known and what is being made known to the public. At present, speculation appears to be ahead and social media proliferation arising from them appears to be getting a foothold about the governments ability to meet these and similar major challenges.