|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. We have implemented cybersecurity policies, procedures, technologies, and controls to aid in our efforts to access, identify, and manage such risks. Material risks from cybersecurity threats are managed across GM, GM Financial, service providers such as data processors, third-party suppliers, dealers, and vendors, and monitoring such risks and threats are integrated into the Company's overall risk management program.
GM has a Cybersecurity Management Board that brings together representatives from senior management across the Company's Software & Services, Product Development, Information Technology, Manufacturing, Finance, Communications, Human Resources, Legal, and Public Policy organizations to provide guidance and monitor overall company cybersecurity risk. The Company's cybersecurity maturity scorecard, cybersecurity threats, and incident information are reviewed by the Company's Chief Information Security Officer (CISO), the Risk and Cybersecurity Committee of the Company's Board of Directors, and the Cybersecurity Management Board during standing meetings as well as in impromptu sessions, when appropriate. During the reviews, various topics are discussed, which may include:
•implementation and maturity of the Company's cybersecurity program, risk management framework, including cybersecurity risk policies, procedures, and governance;
•cybersecurity and privacy risk, including potential impact to the Company's employees, customers, supply chain, joint ventures, and other stakeholders;
•intelligence briefings on notable cyber events impacting the industry; and
•cybersecurity budget and resource allocation, including industry benchmarking and economic modeling of various potential cybersecurity events.
The Company maintains administrative, physical, technical, and organizational safeguards, including employee training, incident response capability reviews and exercises, cybersecurity insurance, and business continuity mechanisms for the protection of the Company's assets. From time to time, the Company's processes are audited and validated by internal and external experts. The Company leverages a third-party risk management process with the goal of minimizing disruption to the Company's business and production operations, strengthening supply chain resilience in response to cyber-related events, and supporting the integrity of components and systems used in its products and services.
When cybersecurity incidents occur, the GM Cybersecurity team's focus is on responding to and containing the threat and minimizing impact. When we become aware of a cybersecurity incident, we have defined policies and procedures to respond to and recover from such incident as quickly as possible. In the event of a cybersecurity incident, the Cybersecurity team also assesses, among other factors, safety impact, supply chain and manufacturing disruption, data and personal information loss, business operations disruption, projected cost, and potential for reputational harm, with support from external technical, legal, and law enforcement, as appropriate. Our policies and procedures are reviewed periodically for alignment with regulatory requirements and the threat landscape.
The Company has not experienced any material cybersecurity incidents and expenses incurred from cybersecurity incidents were immaterial (including penalties and settlements, of which there were none). For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or, if realized, are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition, see Item 1A. Risk Factors – "Risks related to our intellectual property, cybersecurity, information technology, and data management practices", which are incorporated by reference into this Item 1C.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats. We have implemented cybersecurity policies, procedures, technologies, and controls to aid in our efforts to access, identify, and manage such risks. Material risks from cybersecurity threats are managed across GM, GM Financial, service providers such as data processors, third-party suppliers, dealers, and vendors, and monitoring such risks and threats are integrated into the Company's overall risk management program
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The GM Board of Directors is responsible for overseeing the Company's enterprise risk, and has established its Risk and Cybersecurity Committee with specific responsibility for overseeing our cybersecurity program, among other things.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The GM Board of Directors is responsible for overseeing the Company's enterprise risk, and has established its Risk and Cybersecurity Committee with specific responsibility for overseeing our cybersecurity program, among other things.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The CISO and the Cybersecurity Management Board monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including through the operation of the Company's incident response plans, which include periodic reports and escalation to the Risk and Cybersecurity Committee, as appropriate, and simulated exercises.
|Cybersecurity Risk Role of Management [Text Block]
|
The GM Board of Directors is responsible for overseeing the Company's enterprise risk, and has established its Risk and Cybersecurity Committee with specific responsibility for overseeing our cybersecurity program, among other things. The Company's cybersecurity organization is led by the CISO, who is responsible for assessing and managing material risks from cybersecurity threats and reports to the Risk and Cybersecurity Committee. The CISO has served in this role since December 2024 and has more than 20 years of experience in various information technology, cybersecurity, and software engineering roles. The CISO's experience includes building and leading cybersecurity functions at large enterprises, startups, and research and development centers, as well as leading software engineering teams responsible for building and operating large-scale software services. The CISO also has expertise in building and designing secure software, scalable and resilient systems, incident response practices, privacy programs, and other critical security disciplines and practice areas. The CISO holds a master's degree in information security policy and management, has taught information security courses at the graduate level, is an inventor on cybersecurity-related patents, and has been a speaker at leading cybersecurity conferences.
The CISO and the Cybersecurity Management Board monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including through the operation of the Company's incident response plans, which include periodic reports and escalation to the Risk and Cybersecurity Committee, as appropriate, and simulated exercises.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company's cybersecurity organization is led by the CISO, who is responsible for assessing and managing material risks from cybersecurity threats and reports to the Risk and Cybersecurity Committee.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Company's cybersecurity organization is led by the CISO, who is responsible for assessing and managing material risks from cybersecurity threats and reports to the Risk and Cybersecurity Committee. The CISO has served in this role since December 2024 and has more than 20 years of experience in various information technology, cybersecurity, and software engineering roles. The CISO's experience includes building and leading cybersecurity functions at large enterprises, startups, and research and development centers, as well as leading software engineering teams responsible for building and operating large-scale software services. The CISO also has expertise in building and designing secure software, scalable and resilient systems, incident response practices, privacy programs, and other critical security disciplines and practice areas. The CISO holds a master's degree in information security policy and management, has taught information security courses at the graduate level, is an inventor on cybersecurity-related patents, and has been a speaker at leading cybersecurity conferences.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
GM has a Cybersecurity Management Board that brings together representatives from senior management across the Company's Software & Services, Product Development, Information Technology, Manufacturing, Finance, Communications, Human Resources, Legal, and Public Policy organizations to provide guidance and monitor overall company cybersecurity risk. The Company's cybersecurity maturity scorecard, cybersecurity threats, and incident information are reviewed by the Company's Chief Information Security Officer (CISO), the Risk and Cybersecurity Committee of the Company's Board of Directors, and the Cybersecurity Management Board during standing meetings as well as in impromptu sessions, when appropriate. During the reviews, various topics are discussed, which may include:
•implementation and maturity of the Company's cybersecurity program, risk management framework, including cybersecurity risk policies, procedures, and governance;
•cybersecurity and privacy risk, including potential impact to the Company's employees, customers, supply chain, joint ventures, and other stakeholders;
•intelligence briefings on notable cyber events impacting the industry; and
•cybersecurity budget and resource allocation, including industry benchmarking and economic modeling of various potential cybersecurity events.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef