Page last updated on
Multilateral processes on cybersecurity have recently begun to include official statements drawing attention to its gendered dimensions. Several delegations participating in the United Nations Open Ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security have stated the need for gender mainstreaming into cyber norm implementation and gender-sensitive capacity building, as well as a better understanding of the linkages between cybersecurity and gender equality frameworks. However, questions remain about the overall application of gender perspectives to cybersecurity, as well as what kinds of action are needed to effectively implement a gender approach to cybersecurity and turn those goals into reality.
To tackle this knowledge gap, this report outlines the relevance of gender norms to cybersecurity. It draws on existing research, supplemented by stakeholder and expert interviews, to assess gender-based differences in the social roles and interaction of women, men and non-binary people of all ages reflected in the distribution of power (e.g. influence over policy decisions and corporate governance), access to resources (e.g. equitable access to education, wages or privacy protections), and construction of gender norms and roles (e.g. assumptions regarding victims and perpetrators of cyber-facilitated violence).
Overall, gender norms inform cybersecurity in two ways. First, gender constructs individual identities, roles and expectations within cybersecurity and broader society, such as the frequent association of technical expertise with men and masculinity. Second, gender operates as a form of hierarchical social structure. This means that activities and concepts associated with masculinity, such as technical expertise, are often, but not always, valued over those associated with women and femininity, such as communications expertise or equality, diversity and inclusion initiatives.
To understand how gender shapes specific cybersecurity activities, this report proposes a new cyber-centric framework based on the three pillars of design, defence and response, aligned with prevalent perspectives among cybersecurity practitioners and policymakers. In each of these three pillars, the research identifies distinct dimensions of cyber-related activities that need to be considered from a gender perspective.