General Motors Financial Company, Inc. 10-K Cybersecurity GRC - 2024-01-30

Page last updated on July 16, 2024

General Motors Financial Company, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-01-30 15:56:42 EST.

Filings

10-K filed on 2024-01-30

General Motors Financial Company, Inc. filed a 10-K at 2024-01-30 15:56:42 EST
Accession Number: 0000804269-24-000004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program is aligned to the Company’s business strategy. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our cybersecurity risk management program include: - risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment; - a security team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents; - the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls; - training and awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls; - a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and - a third-party risk management process for service providers, suppliers, and vendors. In the last three fiscal years, the Company has not experienced any material cybersecurity incidents, and expenses incurred from cybersecurity incidents were immaterial. For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, refer to Item 1A. Risk Factors - “Risks Related to Cybersecurity, Information Technology and Data Management Practices,” which is incorporated by reference into this Item 1C. Cybersecurity Governance The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors. Our team of cybersecurity professionals is led by our Global Chief Information Security Officer, who has over 20 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. The cybersecurity team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our cybersecurity team also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.
Item 1C. Cybersecurity Governance The GM Board of Directors established its Risk and Cybersecurity Committee with specific responsibility for overseeing cybersecurity threats, among other things. Our Global Chief Information Security Officer provides the Risk and Cybersecurity Committee periodic reports on our cybersecurity risks and any material cybersecurity incidents. In addition, our cybersecurity team provides periodic reports to our Board of Directors. Our team of cybersecurity professionals is led by our Global Chief Information Security Officer, who has over 20 years of experience in the cybersecurity space and has obtained professional security certifications and advanced training in the field of cybersecurity and technology. The cybersecurity team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our cybersecurity team also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.


Company Information

NameGeneral Motors Financial Company, Inc.
CIK0000804269
SIC DescriptionFinance Services
Ticker
Website
CategoryNon-accelerated filer
Fiscal Year EndDecember 30