|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.
We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity risk management program is aligned to the Company’s business strategy. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our cybersecurity risk management program include:
•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;
•a security team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents;
•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
•training and awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•a third-party risk management process for service providers, suppliers, and vendors.
In the last three fiscal years, the Company has not experienced any material cybersecurity incidents, and expenses incurred from cybersecurity incidents were immaterial. For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, refer to Item 1A. Risk Factors – "Risks Related to Cybersecurity, Information Technology and Data Management Practices," which is incorporated by reference into this Item 1C.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.
We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity risk management program is aligned to the Company’s business strategy. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our cybersecurity risk management program include:
•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;
•a security team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents;
•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
•training and awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•a third-party risk management process for service providers, suppliers, and vendors.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors.
Our team of cybersecurity professionals is led by our Global Chief Information Security Officer, who has over 20 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. The cybersecurity team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.
Our cybersecurity team also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|
The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors.
Our team of cybersecurity professionals is led by our Global Chief Information Security Officer, who has over 20 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. The cybersecurity team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants.
Our cybersecurity team also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|
The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our team of cybersecurity professionals is led by our Global Chief Information Security Officer, who has over 20 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef