📈 Boardroom Alert: Rising Insider Threats & Systemic Governance Failures

Sri Lanka’s corporate and state sectors are facing a "systemic disease" of internal financial disasters, totaling billions in losses over the last quarter. Recent incidents highlight that the primary risk to the ICT/BPM and banking sectors is internal governance, not external hackers. • Major Financial Losses (Provisional) - Commercial Banking: Rs. 13.2 Bn lost to internal fraud. - National Treasury: $ 2.5 Mn mysteriously siphoned. - State Postal Service: $ 650,000 vanished due to process failures. • Critical Vulnerabilities - Internal Threats: Firms are over-focused on external firewalls while ignoring employees with direct access to systems and money. - Cost-Cutting Risks: Cybersecurity is often treated as a "compliance checkbox" with boards opting for the lowest-cost vendors, compromising total security outcomes. - Boardroom Tech Gap: A significant disconnect exists between digital operations and board-level expertise, leading to inadequate oversight of process risks. • Strategic Recommendations - Governance: Shift from "buying software" to implementing continuous insider threat programs and independent consultancy. - Board Composition: Appointment of tech-savvy directors capable of auditing access logs and risk protocols. - Investment: Treating cybersecurity as a strategic enabler rather than a regulatory burden to protect national economic assets. _Source: CICRA Group/Daily FT (May 2026)_