Sri Lanka has been recognised as an ‘Advancing’ country in the Global Cybersecurity Index (GCI), which highlights its commitment to enhancing cybersecurity practices across multiple pillars.

The Global Cybersecurity Index (GCI) published by the International Telecommunication Union (ITU) serves as a trusted benchmark for assessing countries’ commitment to cybersecurity on a global scale.

The fifth edition of the Global Cybersecurity Index (GCI) 2024 provides a comprehensive assessment of countries’ commitment to cybersecurity across five key pillars namely (a) Legal, (b) Technical, (c) Organisational, (d) Capacity Development, and (e) Cooperation.

In the 2024 report, 193 countries have been categorised into five tiers as Tier 1 (T1) – Role-modelling, Tier 2 (T2) – Advancing, Tier 3 (T3) – Establishing, Tier 4 (T4) – Evolving, and Tier 5 (T5) – Building based on their efforts to safeguard the cyberspace. Sri Lanka has been classified as a Tier 2 - Advancing country, achieving a score of 85-95 out of 100.

A ‘T2 Advancing’ country shows a strong commitment to cybersecurity through coordinated, government-led actions. This includes assessing, setting up, or implementing widely recognised cybersecurity measures across at least four pillars or many key indicators.

This result demonstrates the effectiveness of the implementation of National cybersecurity strategy by Sri Lanka CERT during the past several years. Sri Lanka was ranked 83rd in the 2020 GCI report and in 84th in the 2018 report prior to the implementation of the nation’s first cyber security strategy.

The report further highlights that Sri Lanka’s strength lies in its legal measures, technical measures, and capacity development, where it scored highest. However, the organisational and cooperation measures are identified as areas for potential growth.

Notably, Sri Lanka’s performance surpasses the average score for the Asia-Pacific region, indicating a robust commitment to advancing cybersecurity initiatives. The report encourages continued efforts in enhancing organisational frameworks and fostering international cooperation to further strengthen the country’s cybersecurity landscape.

Sri Lanka CERT is actively working to enhance the country’s cybersecurity standing and position itself to a T1: role modelling in the future. To achieve this, Sri Lanka CERT has launched several key initiatives, including the implementation of the National Cybersecurity Strategy (2025–2028), the establishment of the National Certification Authority, and the operationalization of the National Cybersecurity Operations Centre.

Additionally, the country is advancing the implementation of a national information and cybersecurity policy, alongside various capacity-building activities aimed at strengthening the nation’s overall cybersecurity framework.