The report points out the relevance of gender norms to cybersecurity. It draws on existing research, supplemented by stakeholder and expert interviews, to assess gender-based differences in the social roles and interaction of women, men and non-binary people of all ages reflected in the distribution of power (e.g. influence over policy decisions and corporate governance), access to resources (e.g. equitable access to education, wages or privacy protections), and construction of gender norms and roles (e.g. assumptions regarding victims and perpetrators of cyber-facilitated violence).
It looked at gender norms in two ways. First, gender constructs individual identities, roles and expectations within cybersecurity and broader society, such as the frequent association of technical expertise with men and masculinity. Second, gender operates as a form of hierarchical social structure. This means that activities and concepts associated with masculinity, such as technical expertise, are often, but not always, valued over those associated with women and femininity—concepts such as communications expertise or equality, diversity and inclusion initiatives.
The report proposes a new cyber-centric framework to understand better how gender shapes specific cybersecurity activities. The framework is based on the three pillars of design, defence and response, aligned with overall perspectives among cybersecurity practitioners and policymakers. In each of these three pillars, the research identifies distinct dimensions of cyber-related activities that should be considered from a gender perspective.