He is the subject— She is the other.
Simone de Beauvoir
In the Global Risks Report 2022 of the World Economic Forum, cybersecurity failure was ranked as the seventh place most pertinent global risk in the horizon for the next two years. Cybersecurity failure is one of the risks that has significantly worsened during the COVID-19 pandemic. Even though many countries and industries were able to adapt quickly to new forms of human interaction and remote work, it came at the expense of increased vulnerability to cyber threats.[1] This rather alarming development is exacerbated by a growing skills shortage in the cybersecurity field, which is projected to reach a global deficit of approximately 1.8 million cybersecurity professionals this year.[2] So overall, we’re not only threatened by cybercrime, we also don’t have the means to fight it.
Providing a cybersecure world is shaping up to be a crucial global challenge for the next few years. We need as many resources and capacity as we can muster to control, fight and prevent cybercrime, including cyber abuse and cyber harassment. This goal can only be met, however, by considering the bigger picture and disengaging from the masculine stereotypes that have been dominant for many years.[3] These stereotypes have had a major influence on women in cyber from two different points of view: first, on women’s portrayal as victims of cybercrime and technological bias, of having their needs ignored by cybersecurity measures and discussions, and second, on women as professionals in cyber. Addressing both perspectives is paramount to be well-equipped to face the challenges ahead and providing a cybersecure world—for everyone.
Part I - Cybersecurity failing women
Cybersecurity is gender-biased with regard to whom it is failing: Women and girls are more likely to be victims of cybercrime than boys and men.[4],[5],[6] This gender gap can be found, for example, regarding stolen identities and fraud.[4] And, unfortunately, it is especially pronounced regarding the more severe types of cybercrime, e.g., cyberstalking and online sexual abuse, such as sextortion.[5] Digital discrimination is not only inflicted by other humans, but cybersecurity technology may also put women at a disadvantage: Biometric software, for example, has more trouble recognising female than male faces.[4]
This technological discrimination against women is grounded in how the software within a device is designed: “Smart” devices tend to misunderstand women, because they are trained to think like men do. They do not take the different needs of women and men into consideration, nor do they account for different kinds of uses that emerge from these needs. They favour what in society is perceived as a masculine practice over what is perceived as a feminine one. They stereotype femininity in ways that are problematic. All these general issues also specifically apply to cybersecurity.[7]
Domestic abuse and violence, for example, are not adequately considered.[7],[8] Generally, most violence against women is domestic violence. One out of three women worldwide has been subject to physical and/or sexual violence in a relationship.[9] However, this knowledge is not sufficiently included in the development and marketing of IoT devices. The threat modelling phase during development does not account for domestic abuse, facilitating gender-biased, that is female, risk. Advertisement of remote monitoring devices focuses on their child protection features, which tend to affect women more. And with the increasing use of IoT devices, their misuse increases, while reporting and user-control procedures downplay or omit cybersecurity threats towards women.[7],[8]
Another example of technology design failing women lies within the construction of cybersecurity measures. Most personal accounts are protected by passwords. In case a password is forgotten, a prevalently used approach is to use personal information to restore access to the account. Basis for this idea is that a “stranger” is the perpetrator; someone who does not have access to a woman’s personal information, such as the name of a childhood pet. This assumption, however, does not hold in the case of domestic abuse. Perpetrators living within the same household can, relatively easily, gain access to log-in details because they were the ones responsible for purchasing and installing the device, because they convinced or coerced the woman to share the credentials or simply because they know the victim well enough to correctly guess.[7],[9]
Additionally, society tends to victim-blame women: Women, in comparison to men, are expected to be a perfect user, activating privacy settings (which they are actually more likely to do [10]), changing passwords regularly, and keeping track of their accounts—in short: exercising near-total control over their digital footprint. These expectations, of course, are impossible to meet, either because of a lack of time or literacy. When women fall victim to cybercrime, they are blamed rather than it being acknowledged that in reality expectations towards cybersecurity measures are gendered.[7]
Overall, cybersecurity tends to fail women to a greater extent than men. This could be partially solved by bringing more women professionals into the field of cybersecurity, where right now they are heavily underrepresented. Why? Read Women in Cyber – Part II: Female professionals in cybersecurity.
For more information on CC-DRIVER sign up for our newsletter, follow us on Twitter and LinkedIn and subscribe to our channel on YouTube.
References
[1] World Economic Forum, The Global Risks Report 2022, 17th Edition, 2022.
[2] Deloitte AG, 24 January 2022. https://www2.deloitte.com/ch/en/pages/risk/articles/women-in-cyber.html
[3] Khan, M. K., Overcoming gender disparity in cybersecurity profession [Policy brief], G20 Insights. https://www.g20-insights.org/policy_briefs/overcoming-gender-disparity-in-cybersecurity-profession/
[4] Poster, W. R., „Cybersecurity needs women”, Nature, Vol. 555, March 2018, pp. 577-581.
[5] European Institute of Gender Equality, Cyber violence against women and girls, 2017.
[6] Malwarebytes, Demographics of cybercrime report, 2021. https://www.malwarebytes.com/resources/2021-demographics-of-cybercrime-report/index.html
[7] Millar, K., J. Shires, and T. Tropina, Gender approaches to cybersecurity: Design, defence and response, United Nations Institute for Disarmament Research, Geneva, 2021.
[8] Slupska, J., and L. M. Tanczer, „Threat modelling intimate partner violence: Tech abuse as a cybersecurity challenge in the internet of things” in J. Bailey, A. Flynn and N. Henry (Eds.), The Emerald International Handbook of Technology-Facilitated Violence and Abuse, Emerald Publishing Ltd., Bingley, 2021, pp. 663-688.
[9] World Health Organisation, “Violence against women”, Geneva, March 2021. https://www.who.int/news-room/fact-sheets/detail/violence-against-women
[10] Anwar, M., W. He, I. Ash, X. Yuan, L. Li, and L. Xu, “Gender difference and employees' cybersecurity behaviors”, Computers in HumanBehavior, Vol. 69, April 201, pp. 437-443.
Author:
Dr Agnes Hoechtl
University of Applied Sciences for Public Services in Bavaria - Department Police