|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity is a critical component of the Company’s overall enterprise risk management program. Howmet has implemented a framework of principles, policies, and technology designed to protect our systems and data from cybersecurity threats. The Company’s Board of Directors (the “Board”), through its Cybersecurity Committee, is actively engaged in overseeing and reviewing the Company’s cybersecurity programs and risk management. Although past cybersecurity incidents did not have a material impact on the Company, including our strategy, financial condition, or results of operations, the scope and impact of any future cybersecurity threat or incident cannot be predicted. See Part I, Item 1A. (Risk Factors) for more information on how material cybersecurity incidents may impact the Company.
Howmet has implemented a multi-faceted cybersecurity risk management framework, which includes progressing toward alignment with cybersecurity standards published by the National Institute of Standards and Technology (NIST) and International Organization for Standardization 27001 (ISO 27001) Framework, and achievement of the U.S. Department of War (DoW) Cybersecurity Maturity Model Certification, which will require companies like Howmet that do business with the DoW to obtain specific third-party certifications relating to specified cybersecurity standards to be eligible for new contract awards. We deploy and operate preventive and detective controls and processes to mitigate cybersecurity threats, including monitoring our network for known vulnerabilities and signs of unauthorized attempts to access our data and systems. Our approach includes conducting internal vulnerability assessments, external penetration testing, and attack simulation. In addition, the Company subscribes to third-party managed security service providers that continuously monitor the Company’s systems to assist with early cybersecurity threat detection and protection. Howmet conducts cybersecurity risk assessments of key vendors and other counterparties for any potential risks. Risk-based action plans are further developed to take into account evolving threats, which result in recommendations for new protocols and infrastructure. The Company has a robust program of employee education on the prevention of unauthorized access to Company information and systems.
The Company's cybersecurity risk management is integrated in our overall risk management processes. Our enterprise risks, including cybersecurity risks, are reviewed on a biannual basis. The review involves participation and engagement by, among others, subject matter experts like the Company’s Chief Information Security Officer (“CISO”) and Chief Information Officer (“CIO”), representatives of the Company’s business segments, and executive management. Mitigation plans are deployed across the Company with cross-functional collaboration as applicable. Enterprise risk management is reviewed with the Board annually.
In the event of a potential material cybersecurity incident or ransomware demand, Howmet has adopted a policy to respond to such event, which includes protocols and procedures to, among other things, escalate the incident or demand, form a core cross-functional response leadership team (including the CISO and CIO) to assess severity, formulate response and remediation, and determine any required reporting or notifications.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The Company's cybersecurity risk management is integrated in our overall risk management processes. Our enterprise risks, including cybersecurity risks, are reviewed on a biannual basis. The review involves participation and engagement by, among others, subject matter experts like the Company’s Chief Information Security Officer (“CISO”) and Chief Information Officer (“CIO”), representatives of the Company’s business segments, and executive management. Mitigation plans are deployed across the Company with cross-functional collaboration as applicable. Enterprise risk management is reviewed with the Board annually.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|The Cybersecurity Committee, which originated in 2015 as a dedicated cybersecurity subcommittee of the Audit Committee, was made a formal committee of the Board in 2022. The Cybersecurity Committee assists the Board in its oversight of the Company’s cybersecurity programs and risks. Its responsibilities include reviewing the state of the Company’s cybersecurity, its strategy, policies, and procedures to mitigate cybersecurity risks, and any significant cybersecurity incidents. The Committee also considers the cybersecurity threat landscape and the impact of emerging cybersecurity developments and regulations that may affect Howmet. The Cybersecurity Committee currently comprises three members and meets at least quarterly with members of management, including the CISO and CIO. The Cybersecurity Committee may, from time to time, invite third-party advisors and experts as it deems appropriate. Pursuant to guidelines adopted by the Cybersecurity Committee, management is required to report immediately to the Chair of the Cybersecurity Committee upon the occurrence of certain cybersecurity incidents and ransomware demands. The Cybersecurity Committee reports to the full Board after each of its meetings and as needed regarding the cybersecurity risks, incidents, and other matters reviewed and considered by the Committee.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Cybersecurity Committee, which originated in 2015 as a dedicated cybersecurity subcommittee of the Audit Committee, was made a formal committee of the Board in 2022. The Cybersecurity Committee assists the Board in its oversight of the Company’s cybersecurity programs and risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Cybersecurity Committee currently comprises three members and meets at least quarterly with members of management, including the CISO and CIO. The Cybersecurity Committee may, from time to time, invite third-party advisors and experts as it deems appropriate. Pursuant to guidelines adopted by the Cybersecurity Committee, management is required to report immediately to the Chair of the Cybersecurity Committee upon the occurrence of certain cybersecurity incidents and ransomware demands. The Cybersecurity Committee reports to the full Board after each of its meetings and as needed regarding the cybersecurity risks, incidents, and other matters reviewed and considered by the Committee.
|Cybersecurity Risk Role of Management [Text Block]
|The Company’s CISO leads management’s assessment, prevention, and management of cybersecurity risks. The CISO reports to the CIO who has responsibility for the usability, implementation, and management of our information and computing systems. Both bring to their roles extensive experience in information technology and cybersecurity:
•The Company’s CISO joined the Company in 2022. The CISO has over 25 years of experience in information technology, cybersecurity and physical security management, including as Cybersecurity Operations Director at United States Steel Corporation (2020-2022); Director, Global Information Security and Compliance at Kennametal, Inc. (2018-2020); and Global Chief Information Security Officer/HIPAA Security Officer at Westlake Chemical (2013-2017). The CISO holds a Bachelor of Sciences degree in Information Systems Management from Carlow University and a Master of Sciences degree in Information Systems from Robert Morris University and is a Certified Systems Security Professional.
•The Company’s CIO joined the Company in 2021. The CIO has over 25 years of experience in information technology, including, most recently, as Vice President Global IT and Chief Information Officer at Varroc Lighting Systems (2018-2021) and Chief Information Officer at AM General LLC (2016-2018). The CIO holds a Bachelor of Engineering degree in Industrial Engineering from Universidad de Lima.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The Company’s CISO leads management’s assessment, prevention, and management of cybersecurity risks. The CISO reports to the CIO who has responsibility for the usability, implementation, and management of our information and computing systems.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Both bring to their roles extensive experience in information technology and cybersecurity:
•The Company’s CISO joined the Company in 2022. The CISO has over 25 years of experience in information technology, cybersecurity and physical security management, including as Cybersecurity Operations Director at United States Steel Corporation (2020-2022); Director, Global Information Security and Compliance at Kennametal, Inc. (2018-2020); and Global Chief Information Security Officer/HIPAA Security Officer at Westlake Chemical (2013-2017). The CISO holds a Bachelor of Sciences degree in Information Systems Management from Carlow University and a Master of Sciences degree in Information Systems from Robert Morris University and is a Certified Systems Security Professional.
•The Company’s CIO joined the Company in 2021. The CIO has over 25 years of experience in information technology, including, most recently, as Vice President Global IT and Chief Information Officer at Varroc Lighting Systems (2018-2021) and Chief Information Officer at AM General LLC (2016-2018). The CIO holds a Bachelor of Engineering degree in Industrial Engineering from Universidad de Lima.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Cybersecurity Committee, which originated in 2015 as a dedicated cybersecurity subcommittee of the Audit Committee, was made a formal committee of the Board in 2022. The Cybersecurity Committee assists the Board in its oversight of the Company’s cybersecurity programs and risks. Its responsibilities include reviewing the state of the Company’s cybersecurity, its strategy, policies, and procedures to mitigate cybersecurity risks, and any significant cybersecurity incidents. The Committee also considers the cybersecurity threat landscape and the impact of emerging cybersecurity developments and regulations that may affect Howmet. The Cybersecurity Committee currently comprises three members and meets at least quarterly with members of management, including the CISO and CIO. The Cybersecurity Committee may, from time to time, invite third-party advisors and experts as it deems appropriate. Pursuant to guidelines adopted by the Cybersecurity Committee, management is required to report immediately to the Chair of the Cybersecurity Committee upon the occurrence of certain cybersecurity incidents and ransomware demands. The Cybersecurity Committee reports to the full Board after each of its meetings and as needed regarding the cybersecurity risks, incidents, and other matters reviewed and considered by the Committee.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef