|
Cybersecurity Risk Management And Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management Strategy And Governance [Abstract]
|Cybersecurity Risk Management Processes For Assessing Identifying And Managing Threats [Text Block]
|
We assess, identify and manage risks from cybersecurity threats through CNH’s Information Technology Security and Compliance organization (“Cybersecurity Program”), which is part of CNH’s larger enterprise risk management framework. The Cybersecurity Program is currently overseen by the Audit Committee of the Board of Directors for CNH (the “CNH Audit Committee”) and is managed by CNH’s Chief Information Officer (the “CNH CIO”) and a dedicated CNH Chief Information Security Officer (the “CNH CISO”). The CNH CISO's organization has oversight of cybersecurity strategy, policy, standards, architecture and processes for the security of our enterprise network and, information assets. The CNH CISO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are updated to align with the changing threat landscape, our evolving business needs and global regulatory requirements. Our strategy includes risk assessments, risk and threat analysis, utilization of security tools, cybersecurity-related tabletop and phishing exercises designed to simulate cybersecurity incidents, and security awareness and technical security trainings.
We use a range of defenses to help protect against cybersecurity threats and to work to secure our assets, reduce detection time and improve recoverability. These include the ongoing monitoring of our systems, including with the assistance of third-party vendors, conducting exercises with employees and senior management, including our executive officers, to promote awareness and improve internal processes. In addition, to promote security awareness throughout the Company, employees with an email address received training and access to security awareness materials in 2024. Further, we are implementing a program for the assessment and monitoring of security standards and control procedures for external suppliers and vendors.
Under the Cybersecurity Program, cybersecurity matters are generally managed by a combination of functional groups that report to CNH N.V.’s global leadership team, as appropriate, on matters such as enterprise level cybersecurity initiatives, threat intelligence and product cybersecurity risks and remediations.
CNH’s Board of Directors (the “CNH Board”) addresses our cybersecurity risk management as part of its general oversight function. The CNH Audit Committee is responsible for overseeing our key risks and controls relating to information systems, including our assessment and mitigation of material risks from cybersecurity threats. The CNH Audit Committee receives periodic reports, summaries or presentations related to cybersecurity threats, risk, mitigation and related processes from the CNH CIO and the CNH CISO. In addition, on at least an annual basis, the CNH Board receives reports, summaries or presentations from the CNH CIO and the CNH CISO related to cybersecurity threats, risk, mitigation and related processes.
The CNH CISO maintains and periodically updates a Cybersecurity Incident Response Plan which is a guide to respond effectively and efficiently to cybersecurity incidents in a coordinated manner in the interest of minimizing the risk of harm to our customers, operations, partners, employees and third parties, consistent with our legal obligations. As of the date of this report, we do not believe that risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, we recognize the ever-evolving cyber risk landscape and cannot provide any assurances that we will not be subject to a material cybersecurity incident in the future. For a description of risks related to our information technology systems, including cybersecurity threats, see Item 1A, “Risk Factors.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|The CNH CISO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are updated to align with the changing threat landscape, our evolving business needs and global regulatory requirements. Our strategy includes risk assessments, risk and threat analysis, utilization of security tools, cybersecurity-related tabletop and phishing exercises designed to simulate cybersecurity incidents, and security awareness and technical security trainings.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight And Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected Or Reasonably Likely To Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board Of Directors Oversight [Text Block]
|
CNH’s Board of Directors (the “CNH Board”) addresses our cybersecurity risk management as part of its general oversight function. The CNH Audit Committee is responsible for overseeing our key risks and controls relating to information systems, including our assessment and mitigation of material risks from cybersecurity threats. The CNH Audit Committee receives periodic reports, summaries or presentations related to cybersecurity threats, risk, mitigation and related processes from the CNH CIO and the CNH CISO. In addition, on at least an annual basis, the CNH Board receives reports, summaries or presentations from the CNH CIO and the CNH CISO related to cybersecurity threats, risk, mitigation and related processes.
|Cybersecurity Risk Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|CNH Audit Committee
|Cybersecurity Risk Process For Informing Board Committee Or Subcommittee Responsible For Oversight [Text Block]
|The CNH Audit Committee receives periodic reports, summaries or presentations related to cybersecurity threats, risk, mitigation and related processes from the CNH CIO and the CNH CISO. In addition, on at least an annual basis, the CNH Board receives reports, summaries or presentations from the CNH CIO and the CNH CISO related to cybersecurity threats, risk, mitigation and related processes.
|Cybersecurity Risk Role Of Management [Text Block]
|The Cybersecurity Program is currently overseen by the Audit Committee of the Board of Directors for CNH (the “CNH Audit Committee”) and is managed by CNH’s Chief Information Officer (the “CNH CIO”) and a dedicated CNH Chief Information Security Officer (the “CNH CISO”). The CNH CISO's organization has oversight of cybersecurity strategy, policy, standards, architecture and processes for the security of our enterprise network and, information assets. The CNH CISO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are updated to align with the changing threat landscape, our evolving business needs and global regulatory requirements. Our strategy includes risk assessments, risk and threat analysis, utilization of security tools, cybersecurity-related tabletop and phishing exercises designed to simulate cybersecurity incidents, and security awareness and technical security trainings.
|Cybersecurity Risk Management Positions Or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions Or Committees Responsible [Text Block]
|Chief Information Officer
|Cybersecurity Risk Process For Informing Management Or Committees Responsible [Text Block]
|Under the Cybersecurity Program, cybersecurity matters are generally managed by a combination of functional groups that report to CNH N.V.’s global leadership team, as appropriate, on matters such as enterprise level cybersecurity initiatives, threat intelligence and product cybersecurity risks and remediations.
|Cybersecurity Risk Management Positions Or Committees Responsible Report To Board [Flag]
|true
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.
|X
- Definition
+ References
N/A.
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a
+ Details
No definition available.
|X
- Definition
+ References
n/a.
+ Details
No definition available.