A framework for developing gender-responsive cybersecurity policy

Beyond the fact that cybersecurity problems are formulated in techno-functional terms, which gives it an objective halo, cybersecurity is a contested field and an inherently political one: it is a contest between different worldviews, ideologies and strategic interests, even if all these are concealed as unquestioned assumptions. Indeed, security, as a value, is not universal and immutable; instead, security is constantly sustained and elaborated by local socio-cultural practices that characterise who and what is considered “safe” or “unsafe”, conceptualising the objects that are protected by security and articulating the moral justification for security. The gender approach has also entered the dispute about what and how cybersecurity is considered.

While great strides have been made in recognising the applicability of human rights frameworks to gender-based threats and abuses in digital contexts, the gendered impact of international cyber operations and incidents, as well as gender inequality, has been a largely unexplored part of the discourse in more securitised cyber processes and forums.

This three-part framework developed by the Association for Progressive Communications seeks to support policy makers and civil society organisations by providing practical guidance for developing gender-responsive cybersecurity policies, laws and strategies. Thus, it is expected to contribute to the various stakeholders interested in the contributions of a gender approach to cybersecurity to find a theoretical background that can support their policies and actions.

Literature review

This paper is organised as follows: first, a short positioning on important concepts around gender. Second, it describes the general background context that precedes the idea of cybersecurity as a gendered space. The third part explores the connections between the irruption of human rights in cybersecurity and the gender perspective and analyses the most prevalent crosscutting concepts that appear in the different research that takes gender into the various fields of cybersecurity. In the fourth part, some of the topics where the gender perspective in cybersecurity is more present are discussed in depth, to end with a brief chapter of conclusions.


Norms, standards and guidelines

This paper presents an overview of the most relevant of these instruments. It specifically considers the Convention on the Elimination of all Forms of Discrimination against Women (CEDAW), the Beijing Declaration and Platform for Action, the Women, Peace and Security (WPS) Agenda, the outcome documents of the World Summit on the Information Society (WSIS), the 2030 Agenda for Sustainable Development and the Sustainable Development Goals, UN Human Rights Council (HRC) reports and resolutions, International Telecommunication Union (ITU) initiatives, and UN General Assembly cybersecurity processes.


An assessment tool

This assessment tool seeks to provide step-by-step advice and concrete recommendations for those wishing to develop a gender approach to cybersecurity policy. Drawing on the Cybersecurity Capacity Maturity Model for Nations (CMM), this assessment tool offers a method of analysis based on the stage of maturity of national policies in each country. Its focus is on the first three stages of maturity – what are called the “start-up”, “formative” and “established” stages – given that these are the most important stages where policy can be influenced. It also adapts a tool for assessing national cybersecurity strategies from a human rights perspective developed by Global Partners Digital (GPD) as part of its analytical approach.


This publication was developed with support from the UK Government.