IGF 2023 WS #477 Framework to Develop Gender-responsive Cybersecurity Policy

Wednesday, 11th October, 2023 (07:30 UTC) - Wednesday, 11th October, 2023 (08:30 UTC)
WS 2 – Room A

Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security

Organizer 1: Valeria Betancourt, 🔒

Speaker 1: David Fairchild, Government, Western European and Others Group (WEOG)
Speaker 2: Kemly Camacho, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 3: Vivian Affoah, Civil Society, African Group
Speaker 4: Paula Martins, Civil Society, Intergovernmental Organization
Speaker 5: Valeria Betancourt, Civil Society, Latin American and Caribbean Group (GRULAC)


Paula Martins, Civil Society, Intergovernmental Organization

Online Moderator

Valeria Betancourt, Civil Society, Latin American and Caribbean Group (GRULAC)


Velasco Karla, Civil Society, Latin American and Caribbean Group (GRULAC)


Panel - 60 Min

Policy Question(s)

A. What does a gender perspective in cybersecurity policy and norms mean? B. How gender is understood in the context of cybersecurity in the different region, how these issues could be addressed in international cyber processes and how the potential of the IGF could be leveraged to promote intersectional gender responses to cybersecurity challenges? C. What are the current gaps and challenges the different stakeholders involved in cyber policy-making have faced when applying a gender perspective to cybersecurity and what are the tools stakeholders need to champion gender in their cybersecurity work?

What will participants gain from attending this session? The framework and the recommendations that we will be presenting seek to support policymakers, international delegations and civil society organisations in developing gender-responsive cybersecurity policies and norms. The IGF is a unique multistakeholder platform and this session will allow for awareness raising and inclusive dialogue with the global community on an important issue. With this session and the discussions, overall, participants will expand their knowlege on the intersctions of gender and cybersecurity, will gain new tools to promote a stronger intersectional approach and champion gender in their cybersecurity work. In this session, we’ll hear from speakers representing different stakeholders involved in cyber processes at national, regional, and international levels discussing the framework and the current gaps and challenges in integrating a gender perspective in cybersecurity.


It is encouraging that gender perspectives are being more accounted for and discussed in national, regional, and global cyber policy-making spaces. However, the intersection of gender and cybersecurity is still a field in development. APC research found that it is still challenging to find comprehensive examples of a gender approach to national cybersecurity policies. Around the globe, few countries have national cybersecurity policies with references to a gender perspective or gender equity. At the global level, although at cyber norms processes such as the UN OEWG on ICTs, there are signs of agreement in some areas such as the need to close the digital gender divide and for more diversity in cyber security, on the importance of gender-sensitive and inclusive capacity building, and the need to address differentiated impacts of cyber threats vulnerable groups, there is still a need more guidance on what States should do to mainstream gender into cyber policy and norms. To fill this gap, APC developed collaboratively a framework to support policymakers and civil society in developing gender-responsive cybersecurity policy [https://www.apc.org/en/pubs/framework-gender-cybersec]. This framework provides recommendations with a focus on cyber policy at the national level, but the principles of the approach can also be applied in regional or global multilateral cybersecurity forums and discussions. Building on this framework and in a series of conversations APC and partners have been organizing at regional levels, with this session we seek to explore with the IGF community how the recommendations made in the framework could be adapted to be meaningful to particular contexts so that the transformative power of a gender approach to cybersecurity at national, regional and international levels can be realised.

Expected Outcomes

This session feeds into ongoing international and national cybersecurity policy advocacy efforts. Building on this session, APC will continue working to train and provide guidance to policymakers for the incorporation of gender perspectives into cybersecurity policies; strengthen civil society to engage in global and national policy spaces to advocate for inclusion of gender into cyber policies and norms; inform international diplomatic delegations engaging in cyber security negotiations.  With this workshop, we also seek to discuss the framework, its usefulness and gaps, and gather input for future work on this agenda and continue giving visibility to the differentiated impacts of cyber incidents on women and LGBTQI+. APC also seeks to identify and work with interested stakeholders from the IGF community to use the framework. This session will also seek to collectively identify future policy advocacy and research opportunities, including unresolved questions around an intersectional gender approach to cybersecurity norms/policy.

Hybrid Format: The design of the session will take into account that we all have a different pace of participation which depends on our technology and digital literacy, language, accessibility, internet connectivity, public speaking skills, etc. The pace of the will be adapted to both online and in person participants’ needs and contexts.  When planning the session, we’ll allocate time for all participants (both online and offline). Tools like surveys, shared pads and boards will be used to offer different spaces and ways of participation. Facilitators should always give more time than they think is needed for activities and exercises, taking into account the time it takes to mute/unmute, move to breakout rooms or move in the room, tech issues, etc.

Key Takeaways (* deadline 2 hours after session)

1. Cybersecurity unlike other policy issues is complex and requires a multifaceted approach involving different stakeholders and strategies. As a result, there are specific intersectional challenges.

2. Gender in cybersecurity is not only a women's and or tech issue. It's part of a power structure. It is urgent to create secure environments online for everyone, and at the same time, embrace intersectionality. This is why bringing gender in every step of the design is needed, in order to impact greatest number of people. Systemic approaches to cybersecurity are needed.

Call to Action (* deadline 2 hours after session)

1.Reevaluate the concept of security overcoming the masculine framing of it.

2. Educate engineers and their constituencies on a narrative and language that is conducive to considering the gender dimensions of cybersecurity, and to raise awareness about the political complexities of building consensus about it.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

IGF 2023 "Framework to Develop Gender-responsive Cybersecurity Policy" (WS #477) | October 11, 16:30-17:30 JST.
Moderated By: Veronica Ferrari, Global Policy Advocacy Coordinator (APC)
Speakers: Kemly Camacho, Co-founder and general coordinator, Sulá Batsú CooperativeL, Jessamine Pacis, Program Officer, Foundation for Media Alternatives, Grace Githaiga, Co-Convenor of the Kenya ICT Action Network (KICTANet), David Fairchild, First Secretary, Permanent Mission of Canada.
Online Moderator: Pavitra Ramanujam, Asia Digital Rights Lead (APC)
Rapporteur: Karla Velasco, Policy Advocacy Coordinator of APC's Women's Rights Programme.


There is an increasing recognition in international, regional and national debates about the fact that different social groups are in different positions when dealing with cybersecurity threats. However, few countries have fully integrated gender considerations into their national cybersecurity policies. At the global level, although there is consensus on the need to bridge the digital gender gap and promote diversity in cybersecurity, clear guidance on mainstreaming gender into cyber norms is still lacking. This session discussed how to integrate gender perspectives in cybersecurity policy at national, regional and international levels. Speakers from diverse stakeholders covered issues ranging from what do we mean by a gender approach to cybersecurity, how to deal with the challenges in integrating this perspective, to examples of how cybersecurity policy directly affects women and diversities in different regions of the world, and what is the status of the integration of gender in national and international cyber policy debates, among other issues.  

The moderator started the session by unpacking what is a gender approach to cybersecurity and providing an overview of APC framework for developing gender-responsive cybersecurity policy. It was restated that gender in cybersecurity is not only a women's issue; it's intrinsically linked to power dynamics. A gender approach to cybersecurity entails recognizing the diverse risks and varied impacts, encompassing intersectional factors like race, ethnicity, religion, class, and the perceptions and practices of different groups and individuals. It embodies a comprehensive, systemic approach that integrates gender considerations at every stage of design and implementation to maximize its impact on a broader spectrum of people.

The first speaker, Kemly Camacho, in her intervention, addressed the main issues that a gender perspective on cybersecurity should consider in Central America and the status of the integration of a gender perspective in cybersecurity policy in the region. Camacho provided an overview of Sula Batsú’s experience engaging in national cybersecurity strategies discussions in Costa Rica, where the organization participated in its creation and in the monitoring and evaluating the action plan. Camacho shed light on the importance of looking at government’s budget allocation to cybersecurity to see the possibility of “doing things and of forming big coalitions for advocacy that should be based in social movements. Camacho also stressed the importance of raising awareness of the gender implications of cybersecurity at the very beginning of the policy discussion.

The session continued with Grace Githaiga that, based on her experience and work at national, regional and international levels and direct work on cyber capacity-building for groups that experience disadvantage, explored what are the main intersectional challenges that policymakers should consider when shaping holistic cybersecurity policy. Githaiga also addressed the question of how can policy makers effectively address these intersectional challenges that consider gender, but broader inequality-related concerns. The speaker highlighted how cybersecurity is a complex, multifaceted policy issue that involves different domains and stakeholders. Githaiga spotlighted the lack of participation of people affected by these policies and that groups most impacted and in position of marginalization should be meaningfully involved in the cybersecurity discussions.

Next, Jessamine Pacis, addressed how increasingly laws that, while theoretically drafted to protect people, are ultimately used to censor, criminalise women and LGBTQIA+ people around the world and shared FMA research and advocacy work around this in the Philippines' context. Pacis shared the problems from a gendered perspective that the Philippines cybercrime law presented and, in particular, what strategies the organization put in place to engage in cyber policy discussions to bring feminist perspectives. It was highlighted that a key strategy for advocacy involved collaborating with various networks, including children's rights groups, to ensure coordinated efforts. Since this law presented challenges on multiple fronts, Pacis emphasized and in agreement with the previous speaker, that a multifaceted approach is necessary. Lastly, Pacis mentioned their collaboration with a senator who is a strong advocate for gender issues, emphasizing the importance of forming coalitions and identifying champions as a key strategy.

Finally, David Fairchild provided a comprehensive overview of how gender considerations appear in multilateral processes on cybersecurity such as the UN OEWG. The speaker stressed some of the crucial factors that a gender perspective on international cybersecurity should consider moving forward. Fairchild highlighted the importance of what happens between the negotiations and that this is “a long term work” and we need to keep pushing. Fairchild underscored the need for human rights and gender considerations in technical and engineering policy spaces and the significance of reinforcing standards and international frameworks within these technical spaces to enhance awareness and compliance with human rights and gender principles.

The session continued with a Q&A, where audience members inquired and shared, among other issues, about the role of the private and the technical sectors in integrating a gender perspective to cybersecurity. One main take away of the discussion was the need to educate engineers and their constituencies on a narrative that is conducive to considering the gender dimensions of cybersecurity, and to raise awareness about the political complexities of building consensus about it.

Speakers and the audience provided valuable insights on the main obstacles they have encountered when advocating for these considerations at national, regional or international levels, and how a framework like the one APC developed could offer solutions or support the various stakeholders in integrating a gender perspective into cybersecurity policy and norms and what future work on this agenda should focus on. Feedback during the session on APC framework positively recognized its focus on reshaping discussions about security and its efforts to reform policies and perspectives of various stakeholders, including government and private sector actors.

The speakers and the moderator closed the session with a strong emphasis on the need for systemic approaches to cybersecurity. They stressed that due to its complexity, cybersecurity requires a multifaceted strategy involving diverse stakeholders and tactics. They underscored the importance of building coalitions and identifying champions to address these challenges effectively.

Looking ahead, speakers highlighted the need to reassess our conventional understanding of security since current security frameworks often have a masculine bias. It was emphasized that adopting a gender approach to cybersecurity goes beyond increasing women participation in the IT sector or even incorporating gender provisions into policies.

To conclude, speakers acknowledged the progress in incorporating gender perspectives into cybersecurity policy making but emphasized that there is still much work to be done. They highlighted the importance of further research, data collection, educational initiatives, and raising awareness as key elements for future work in this agenda.