Commercial Bank of Ceylon has reached a major milestone in its long-standing commitment to digital education in Sri Lanka with the donation of its 400th IT Lab, alongside the launch of ‘ComBank Akshara’, a unified initiative designed to strengthen its education-focused corporate social responsibility efforts.
The milestone 400th IT Lab has been established at Mahamathya Vidyalaya, Athurugiriya, further extending the Bank’s flagship programme that equips underserved schools with essential digital infrastructure to support teaching and learning in an increasingly technology-driven environment.
With IT Labs deployed across schools islandwide, the initiative represents one of the largest private-sector-led digital education programmes in Sri Lanka. Each lab provided by Commercial Bank of Ceylon is fully equipped with computers, accessories and furniture, collectively benefiting an estimated 500,000+ students and playing a key role in bridging the country’s digital divide.
Funded through the Bank’s Corporate Social Responsibility Trust, the programme aligns with national priorities focused on improving digital literacy, promoting inclusive education and supporting long-term socio-economic development.
Speaking on the milestone, Chairman Sharhan Muhseen said the initiative reflects the Bank’s belief that equal access to education is essential for national progress, noting that the 400th IT Lab represents the scale of impact achieved in bridging Sri Lanka’s digital divide and equipping students with future-ready skills.
Managing Director/CEO Sanath Manatunge said the launch of ‘ComBank Akshara’ brings all education-related CSR initiatives under a single identity representing knowledge, learning and opportunity, adding that the milestone is about the lives impacted and futures being shaped through sustained investment in education.
Principal Gamini Jayarathne welcomed the initiative, noting that the new IT Lab will significantly enhance learning opportunities for students who previously had limited access to digital resources, and expressed gratitude for the Bank’s contribution to the school and community.
Over the years, Commercial Bank of Ceylon has expanded its education support beyond IT Labs, including STEM classrooms, mathematics labs, digital curriculum development and initiatives supporting coding and networking education.
The Bank’s sustained investment in education reflects its broader belief that empowering the next generation with digital skills is essential for national development. Through scale, consistency and strategic focus, Commercial Bank of Ceylon continues to strengthen its role as a leading socially responsible corporate institution in Sri Lanka.
Commercial Bank operates more than 270 strategically-located branches and an extensive network of automated machines island-wide, and has the widest international footprint among Sri Lankan banks, with 21 branches in Bangladesh, a fully-fledged Tier I Bank with a majority stake in the Maldives, a microfinance company in Myanmar, and a representative office in the Dubai International Financial Centre (DIFC). The Bank’s fully owned subsidiaries, CBC Finance PLC and Commercial Insurance Brokers (Pvt) Limited, also deliver a range of financial services via their own branch networks.
Sophos Reports 71% of Organizations Experienced at Least One Identity Breach in the Past Year
Sophos has released its State of Identity Security 2026, a vendor-agnostic survey covering 5,000 IT and cybersecurity leaders across 17 countries, highlighting the growing scale of identity-driven cyber threats worldwide.
The report found that 71% of organizations suffered at least one identity-related breach in the past year, with organizations experiencing an average of three separate incidents. A further 5% reported six or more breaches, underscoring the increasing frequency of repeat victimization.
According to the findings, these attacks are largely driven by human error and weak management of non-human identities (NHIs), a risk area that is accelerating as agentic AI systems increasingly automate processes and expand attack surfaces.
The report also revealed that two-thirds (67%) of ransomware victims confirmed their incidents originated from identity attacks, reinforcing identity compromise as a key entry point for ransomware campaigns. The average recovery cost reached $1.64 million, while the median stood at $750,000, with 73% of affected organizations reporting costs exceeding $250,000.
Ross McKerchar noted that identity has become the primary attack surface in modern cybersecurity, warning that organizations are losing ground as AI agents are granted privileges faster than security teams can monitor them.
Key findings from the report also show that data and financial theft remain the dominant outcomes of identity breaches, with 49% reporting data theft, 48% ransomware impact, and 47% financial theft.
Visibility remains a major weakness, with only 24% of organizations continuously monitoring for unusual login attempts, while more than half conduct checks only every three months or less. Detection gaps also persist, as 14% of breached organizations failed to detect and stop their most significant identity attack before damage occurred.
Industry-wise, critical infrastructure sectors were among the most exposed, with energy, oil and gas, and utilities (80%), along with federal and central government (78%), reporting the highest breach rates.
The report also highlights compliance challenges, noting that organizations struggling significantly with compliance requirements experienced an 82.4% breach rate, compared to 68.3% among those with fewer difficulties.
Human error accounted for nearly 43% of incidents, while weak NHI management—such as exposed API keys, static credentials, and orphaned service accounts—was responsible for 41%. Organizations with weak NHI management were found to be 22% more likely to suffer financial theft and incurred approximately $150,000 higher recovery costs.
The report further warns that the rise of AI agents is intensifying the NHI challenge, as autonomous systems can generate new credentials and sub-agents with persistent access and limited human oversight.
To address these risks, Sophos recommends a multi-layered security approach, including enforcing multi-factor authentication, applying least-privilege access, and eliminating inactive identities. For non-human identities, it emphasizes inventorying and classifying NHIs, replacing long-lived credentials with short-lived ones, and implementing secrets management platforms.
The company also highlights Identity Threat Detection and Response (ITDR) and Zero Trust architecture as increasingly critical defenses in the evolving identity security landscape.
Commercial Bank Marks Milestone with 400th IT Lab and ‘ComBank Akshara’ Initiative to Empower Future Leaders
