Page last updated on July 16, 2024
AMERICAN HONDA FINANCE CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-20 13:06:54 EDT.
Filings
10-K filed on 2024-06-20
AMERICAN HONDA FINANCE CORP filed a 10-K at 2024-06-20 13:06:54 EDT
Accession Number: 0000864270-24-000003
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity" Item 1B. Unresolved Staff Comments None. Item 1C. Cybersecurity Risk Management and Strategy HMC and its consolidated subsidiaries, including AHFC and HCFI (Honda), have established a management system and standards for information system security in order to minimize the negative impact on its business and business results from the occurrence of cybersecurity incidents. Based on these standards, Honda has implemented security measures in both hardware and software aspects to strengthen the security of its information systems. To address security, including product security, Honda has established a cross-functional system across business and manufacturing systems, software, quality, and other areas. Honda develops rules and procedures based on laws and regulations, formulate response flows, verify and implement measures for improvement through cybersecurity exercises, and develop human resources, among other things. Honda also utilizes solutions for managing cybersecurity information and monitoring malicious activities to monitor and analyze cybersecurity threats and vulnerabilities, and in the event of a security incident related to a cyberattack with a significant impact on Honda, a Global Emergency Headquarters will be established under the supervision and monitoring of Honda’s Risk Management Officer, and the supervisory division in charge of risks from cybersecurity threats plays a central role in quickly ascertaining the actual situation and taking measures to minimize the impacts of cybersecurity incidents from a company-wide perspective. When implementing third-party packaged software and cloud services, Honda makes decisions based on risk assessments following established security standards and conducts annual checks after implementation. In response to cyberattacks on production facilities and suppliers, Honda verifies the status of security measures at both domestic and overseas production facilities and suppliers. Based on the results of these verifications, Honda takes measures to strengthen security, such as supporting the introduction of solutions for managing cybersecurity incident information, and monitoring malicious activities. For such activities to strengthen security, Honda has concluded outsourcing agreements with security consulting companies and external specialists to receive support. With regard to personal information protection regulations and cybersecurity-related laws and regulations in various countries, in addition to current regulations, Honda collects and monitors information on regulatory trends that are expected to be enforced in the future. Data security incident response plans have been established at AHFC and HCFI that guides the analytical processes, response phases, and procedures to follow during a data security incident of personally identifiable information. Honda, including AHFC and HCFI, have been targeted by cyberattacks in the past; however, no risks from cybersecurity threats have been identified that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, over the past three fiscal years. See " Item 1A. Risk Factors-General Risk Factors-A security breach or a cyber attack may adversely affect our business, results of operations and financial condition. " Governance Based on the resolution of Honda’s Board of Directors, the Board of Directors has appointed the Director, Executive Vice President and Representative Executive Officer, as Honda’s Risk Management Officer, who monitors and supervises the response status of significant risks, including risks from cybersecurity threats. Honda’s Risk Management Committee, chaired by the Risk Management Officer, has been established to deliberate on important matters related to risk management, including risk from cybersecurity threats. Honda has established the Honda Global Risk Management Policy, which stipulates Honda’s basic policy for risk management, the collection of risk information, and the response system in the event of risk occurrence. 20 In accordance with the aforementioned Policy, Honda has designated its cybersecurity supervisory divisions to conduct risk assessments and report the status of cybersecurity risk responses to the Risk Management Officer through Honda’s Risk Management Committee. The designated cybersecurity supervisory divisions consisted of 64 members as of the filing date of this Annual Report with practical experience in various roles related to information technology, including security, auditing, and systems are established in both the Quality Innovation Operations and Corporate Administration Operations divisions. Honda’s Risk Management Officer, who has knowledge and experience in overall risk management, receives technical support from the cybersecurity risk supervisory divisions, and monitors and supervises the responses to risks from cybersecurity threats. In the event of a material cybersecurity incident, the cybersecurity risk supervisory divisions are to immediately report it to Honda’s Risk Management Officer. Upon receiving the report, a Global Emergency Headquarters will be established, which coordinate with relevant organizations affected by the incident in order to prevent and contain the crisis. Such response status is reported to Honda’s Board of Directors and the Executive Council as necessary based on the judgment of the Risk Management Officer. The North American Regional Risk Management Officer and Risk Management Officers of local companies in North America receive technical support from the Cyber Security, Risk & Architecture (CSRA) division of AHM when applying the procedures under the Honda Global Risk Management Policy at the regional and local company levels. The CSRA division includes the Office of the Chief Information Security Officer. The North American Cybersecurity Steering Committee (NACSC) has been established by the North American Regional Operating Board and is responsible for the oversight and monitoring of all North American cybersecurity activities including providing immediate direction and decision-making when threats or incidences of high severity occur. Roles supporting the NACSC include the North American Risk Management Officer who is the chair of the committee, the Chief Information Security Officer, and senior leaders representing various key business functions. The NACSC is also supported by the business through an Advisory Group. AHFC’s and HCFI’s Company Operating Committees advise and support each company’s President on company operations and other matters of corporate importance which includes, among other things, matters regarding cybersecurity. The Company Operating Committees may report on certain matters directly to the North American Regional Operating Board. Confidentiality Committees have also been established at AHFC and HCFI whose roles includes, among other things, the safeguarding of personally identifiable information of our customers and associates from data security breaches. Members of our Confidentiality Committees include the Risk Management Officers, the Chief Information Security Officer or other information technology representative, and members from various areas throughout our companies.
Item 1C. Cybersecurity Risk Management and Strategy HMC and its consolidated subsidiaries, including AHFC and HCFI (Honda), have established a management system and standards for information system security in order to minimize the negative impact on its business and business results from the occurrence of cybersecurity incidents. Based on these standards, Honda has implemented security measures in both hardware and software aspects to strengthen the security of its information systems. To address security, including product security, Honda has established a cross-functional system across business and manufacturing systems, software, quality, and other areas. Honda develops rules and procedures based on laws and regulations, formulate response flows, verify and implement measures for improvement through cybersecurity exercises, and develop human resources, among other things. Honda also utilizes solutions for managing cybersecurity information and monitoring malicious activities to monitor and analyze cybersecurity threats and vulnerabilities, and in the event of a security incident related to a cyberattack with a significant impact on Honda, a Global Emergency Headquarters will be established under the supervision and monitoring of Honda’s Risk Management Officer, and the supervisory division in charge of risks from cybersecurity threats plays a central role in quickly ascertaining the actual situation and taking measures to minimize the impacts of cybersecurity incidents from a company-wide perspective. When implementing third-party packaged software and cloud services, Honda makes decisions based on risk assessments following established security standards and conducts annual checks after implementation. In response to cyberattacks on production facilities and suppliers, Honda verifies the status of security measures at both domestic and overseas production facilities and suppliers. Based on the results of these verifications, Honda takes measures to strengthen security, such as supporting the introduction of solutions for managing cybersecurity incident information, and monitoring malicious activities. For such activities to strengthen security, Honda has concluded outsourcing agreements with security consulting companies and external specialists to receive support. With regard to personal information protection regulations and cybersecurity-related laws and regulations in various countries, in addition to current regulations, Honda collects and monitors information on regulatory trends that are expected to be enforced in the future. Data security incident response plans have been established at AHFC and HCFI that guides the analytical processes, response phases, and procedures to follow during a data security incident of personally identifiable information. Honda, including AHFC and HCFI, have been targeted by cyberattacks in the past; however, no risks from cybersecurity threats have been identified that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, over the past three fiscal years. See " Item 1A. Risk Factors-General Risk Factors-A security breach or a cyber attack may adversely affect our business, results of operations and financial condition. " Governance Based on the resolution of Honda’s Board of Directors, the Board of Directors has appointed the Director, Executive Vice President and Representative Executive Officer, as Honda’s Risk Management Officer, who monitors and supervises the response status of significant risks, including risks from cybersecurity threats. Honda’s Risk Management Committee, chaired by the Risk Management Officer, has been established to deliberate on important matters related to risk management, including risk from cybersecurity threats. Honda has established the Honda Global Risk Management Policy, which stipulates Honda’s basic policy for risk management, the collection of risk information, and the response system in the event of risk occurrence. 20 In accordance with the aforementioned Policy, Honda has designated its cybersecurity supervisory divisions to conduct risk assessments and report the status of cybersecurity risk responses to the Risk Management Officer through Honda’s Risk Management Committee. The designated cybersecurity supervisory divisions consisted of 64 members as of the filing date of this Annual Report with practical experience in various roles related to information technology, including security, auditing, and systems are established in both the Quality Innovation Operations and Corporate Administration Operations divisions. Honda’s Risk Management Officer, who has knowledge and experience in overall risk management, receives technical support from the cybersecurity risk supervisory divisions, and monitors and supervises the responses to risks from cybersecurity threats. In the event of a material cybersecurity incident, the cybersecurity risk supervisory divisions are to immediately report it to Honda’s Risk Management Officer. Upon receiving the report, a Global Emergency Headquarters will be established, which coordinate with relevant organizations affected by the incident in order to prevent and contain the crisis. Such response status is reported to Honda’s Board of Directors and the Executive Council as necessary based on the judgment of the Risk Management Officer. The North American Regional Risk Management Officer and Risk Management Officers of local companies in North America receive technical support from the Cyber Security, Risk & Architecture (CSRA) division of AHM when applying the procedures under the Honda Global Risk Management Policy at the regional and local company levels. The CSRA division includes the Office of the Chief Information Security Officer. The North American Cybersecurity Steering Committee (NACSC) has been established by the North American Regional Operating Board and is responsible for the oversight and monitoring of all North American cybersecurity activities including providing immediate direction and decision-making when threats or incidences of high severity occur. Roles supporting the NACSC include the North American Risk Management Officer who is the chair of the committee, the Chief Information Security Officer, and senior leaders representing various key business functions. The NACSC is also supported by the business through an Advisory Group. AHFC’s and HCFI’s Company Operating Committees advise and support each company’s President on company operations and other matters of corporate importance which includes, among other things, matters regarding cybersecurity. The Company Operating Committees may report on certain matters directly to the North American Regional Operating Board. Confidentiality Committees have also been established at AHFC and HCFI whose roles includes, among other things, the safeguarding of personally identifiable information of our customers and associates from data security breaches. Members of our Confidentiality Committees include the Risk Management Officers, the Chief Information Security Officer or other information technology representative, and members from various areas throughout our companies.
Company Information
Name | AMERICAN HONDA FINANCE CORP |
CIK | 0000864270 |
SIC Description | Personal Credit Institutions |
Ticker | |
Website | |
Category | Non-accelerated filer |
Fiscal Year End | March 30 |