📈 Cybersecurity Crisis: South Asia Battles Multi-Million Dollar AI-Driven Scams

• Overall Financial Impact: High-profile Business Email Compromise (BEC) attacks and system glitches have severely hit major Sri Lankan state institutions and financial entities based on recent official media reports. • Key Sri Lankan Exposures: • SriLankan Airlines: Lost AED 974,000 (~Rs. 87 Mn) after attackers altered supplier bank details. • National Treasury: Diverted US$ 2.5 Mn in bilateral debt repayments via compromised emails. • Department of Posts: Defrauded of US$ 625,000 using identical BEC methods. • Banking & Welfare: NDB Bank disclosed a Rs. 13.2 Bn fraud exposure, People's Bank flagged a Rs. 656 Mn remittance error, and the Aswesuma programme issued Rs. 248.79 Mn in duplicate payments. • Regional Threat Context: Sri Lanka's rapid digital transformation is outpacing its defences. Regionally, India recorded over 2.8 Mn cybercrime complaints in 2025 (losses of Rs. 22,495 crore), with banking deepfake fraud surging 550% since 2019. • AI Defensive Solutions: Experts urge South Asian nations to adopt generative AI and ICT/BPM tools to secure national infrastructure. Key recommendations include: • Intelligent email and behavioral AI payment verification to prevent BEC. • Machine learning for advanced transaction monitoring. • Deepfake liveness detection for banking KYC verification. • Natural Language Processing (NLP) to scan vernacular languages like Sinhala and Tamil for scam patterns. • Strategic Actions: Governments must mandate automated payment verification for state bodies, update outdated cybercrime laws, and establish a shared regional AI threat-intelligence platform to disrupt transnational crime networks.