|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
We recognize the importance of cybersecurity risk management, strategy and governance, and we have implemented policies and procedures reasonably designed to manage and reduce cybersecurity risk as part of our overall risk management program. Our global information technology organization, led by our Senior Vice President and Chief Information Officer (“CIO”), is responsible for enterprise-wide information technology, including our overall information security strategy, policies, operations, and threat detection and response. The global information technology organization manages and maintains the cybersecurity program with the goal of preventing, detecting and remediating incidents, and works to increase our system resilience to minimize the business impact should an incident occur. Our cybersecurity program is informed by multiple, overlapping cybersecurity frameworks. These include the National Institute of Standards and Technology Cyber Security Framework (NIST-CSF) and Trusted Information Security Assessment Exchange (TISAX). Our cybersecurity program has achieved TISAX certification, or “labeling”, for its demonstrated ability to identify, protect, detect, respond and recover from cyber risks. The “labeling” process requires independent, third-party auditors to test and confirm the controls we have implemented. Key elements of the program include formal information
management policies; employee training and awareness; phishing resiliency campaigns; periodic risk assessments; penetration tests; tabletop exercises; and incident response testing and reviews.
We also engage third-party services to conduct evaluations of our security controls, whether through penetration testing, independent audits, cybersecurity maturity assessments or consulting on best practices to address current and new challenges. These evaluations include testing both the design and operational effectiveness of our security controls.
We recognize a cybersecurity incident experienced by a supplier or joint venture partner could materially impact us. We assess third-party cybersecurity controls as part of our third-party IT risk due diligence and engage in cybersecurity consultant-led solution design reviews when integrating new tools or third parties. We contractually require third parties to meet specified baseline customary standards of information security and report cybersecurity incidents to us so we can assess the impact of the incident and any necessary regulatory reporting obligations that may be required.
Depending on what events may occur, our cybersecurity incident response team is always ready and supported by a 24/7/365 industry leading security operations center. These teams balance following existing protocols with agile response to novel threats. We escalate potentially significant incidents to the Cybersecurity Disclosure Committee and the Audit Committee of the Board of Directors, as outlined in Goodyear’s policies and support documents. Our Cybersecurity Disclosure Committee is comprised of senior leadership across multiple functional areas and is responsible for reviewing and evaluating potentially significant cybersecurity incidents and for determining whether any notification or disclosure is required under applicable laws, including federal securities laws.
For the year ended December 31, 2025, we did not identify any cybersecurity threats that have materially impacted Goodyear’s operations or financial position. Notwithstanding our risk management efforts related to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material or other adverse effect on us in the future. See Item 1A. “Risk Factors” for a discussion of our information technology and cybersecurity risks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We recognize a cybersecurity incident experienced by a supplier or joint venture partner could materially impact us. We assess third-party cybersecurity controls as part of our third-party IT risk due diligence and engage in cybersecurity consultant-led solution design reviews when integrating new tools or third parties. We contractually require third parties to meet specified baseline customary standards of information security and report cybersecurity incidents to us so we can assess the impact of the incident and any necessary regulatory reporting obligations that may be required.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Audit Committee of the Board of Directors is responsible for overseeing the risks associated with information technology and cybersecurity threats, and reports on its activities to the full Board following each committee meeting. Management is responsible for identifying, monitoring and mitigating the material risks facing the Company, including cybersecurity risks.
The Audit Committee exercises its risk oversight function by carefully evaluating information and cybersecurity reports they receive from management; assessing the priorities and roadmap of the cybersecurity program; and making inquiries of management with respect to areas of particular interest to the Board. Senior leadership, including our CIO and our Senior Director, Global IT Risk & Security, periodically briefs the Audit Committee on our cybersecurity and information security programs and reviews relevant cybersecurity incidents.Our current CIO has more than two decades of experience in the manufacturing industry and has held multiple executive technology leadership roles at several companies in North America and Asia.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of the Board of Directors is responsible for overseeing the risks associated with information technology and cybersecurity threats, and reports on its activities to the full Board following each committee meeting.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Audit Committee exercises its risk oversight function by carefully evaluating information and cybersecurity reports they receive from management; assessing the priorities and roadmap of the cybersecurity program; and making inquiries of management with respect to areas of particular interest to the Board. Senior leadership, including our CIO and our Senior Director, Global IT Risk & Security, periodically briefs the Audit Committee on our cybersecurity and information security programs and reviews relevant cybersecurity incidents.
|Cybersecurity Risk Role of Management [Text Block]
|Our global information technology organization, led by our Senior Vice President and Chief Information Officer (“CIO”), is responsible for enterprise-wide information technology, including our overall information security strategy, policies, operations, and threat detection and response. The global information technology organization manages and maintains the cybersecurity program with the goal of preventing, detecting and remediating incidents, and works to increase our system resilience to minimize the business impact should an incident occur. Our cybersecurity program is informed by multiple, overlapping cybersecurity frameworks. These include the National Institute of Standards and Technology Cyber Security Framework (NIST-CSF) and Trusted Information Security Assessment Exchange (TISAX). Our cybersecurity program has achieved TISAX certification, or “labeling”, for its demonstrated ability to identify, protect, detect, respond and recover from cyber risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our global information technology organization, led by our Senior Vice President and Chief Information Officer (“CIO”), is responsible for enterprise-wide information technology, including our overall information security strategy, policies, operations, and threat detection and response. The global information technology organization manages and maintains the cybersecurity program with the goal of preventing, detecting and remediating incidents, and works to increase our system resilience to minimize the business impact should an incident occur.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our current CIO has more than two decades of experience in the manufacturing industry and has held multiple executive technology leadership roles at several companies in North America and Asia.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our global information technology organization, led by our Senior Vice President and Chief Information Officer (“CIO”), is responsible for enterprise-wide information technology, including our overall information security strategy, policies, operations, and threat detection and response. The global information technology organization manages and maintains the cybersecurity program with the goal of preventing, detecting and remediating incidents, and works to increase our system resilience to minimize the business impact should an incident occur. Our cybersecurity program is informed by multiple, overlapping cybersecurity frameworks. These include the National Institute of Standards and Technology Cyber Security Framework (NIST-CSF) and Trusted Information Security Assessment Exchange (TISAX). Our cybersecurity program has achieved TISAX certification, or “labeling”, for its demonstrated ability to identify, protect, detect, respond and recover from cyber risks. The “labeling” process requires independent, third-party auditors to test and confirm the controls we have implemented. Key elements of the program include formal information management policies; employee training and awareness; phishing resiliency campaigns; periodic risk assessments; penetration tests; tabletop exercises; and incident response testing and reviews.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef