While the government explores work-from-home options for public and private sector employees to cut fuel use amid regional tensions, Sri Lanka’s banking sector is sounding a strong caution: remote access to core systems could invite serious cyber risks that the industry is not yet equipped to fully contain.
Decision-makers in major banks have resisted broad adoption of remote work policies, according to reliable sources in the sector. Chief IT officers and cyber security experts have highlighted that expanding system access beyond tightly controlled Local Area Networks (LANs) in bank premises dramatically increases vulnerability to scams, phishing, malware, and data theft.
Widening accessibility to home networks opens doors for cyber criminals
“Widening accessibility to home networks opens doors that cyber criminals are eagerly waiting to exploit,” a senior industry insider told reporters on condition of anonymity. “Our experts have consistently warned that remote setups multiply the attack surface in ways that current safeguards struggle to match.”
Cyber incidents remain a persistent headache for Sri Lankan banks. Hundreds of complaints surface monthly from customers facing unauthorised transactions, account takeovers, and fraud attempts. Globally and locally, financial institutions report escalating threats, with recent years seeing major breaches, ransomware incidents, and data leaks across the sector. The Central Bank of Sri Lanka has tightened incident reporting rules, requiring banks to notify authorities within hours of significant events to bolster overall resilience.
What Banking leaders stress?
Bank leaders stress that on-site controls, multi-layered firewalls, real-time monitoring, and secure data centres—provide far stronger protection than what can reliably be enforced across thousands of remote employee devices and home internet connections. While some limited remote capabilities exist for critical staff (as seen in past pandemic responses), full-scale work-from-home is viewed as too risky at present.
“We’re not outright banning flexibility forever, but right now the cyber threat landscape makes it impractical for core banking operations,” another banking executive explained. “Protecting depositors’ funds and maintaining system integrity has to come first.”
The government’s recent push to study remote work as a fuel-saving measure has sparked hope among many employees for greater work-life balance. However, in banking, cyber security warnings are tempering enthusiasm, keeping most staff anchored to office environments for the foreseeable future.
Until advanced tools like zero-trust architectures, enhanced endpoint protection, and foolproof remote access protocols become standard and proven, Sri Lankan banks are prioritising caution over convenience in the face of persistent digital threats.
