More technology means new types of risk. A new Global Cybersecurity organization manages cyber risks across our business.
Management of cybersecurity is a long-established priority for General Motors. The continued evolution of connected car technologies, the expansion of the vehicle ecosystem and advent of autonomous driving capabilities elevates cybersecurity concerns to another level of complexity and risk. In recognition of these developments and their potential impact on our business, GM has implemented a new cybersecurity governance structure at the highest levels of the company.
Oversight responsibilities for cybersecurity programs and risks now lies with the GM Board of Directors, which has created a Cybersecurity Committee. Specifically, this group oversees the practices, procedures and controls management used to identify, assess and manage key cybersecurity programs and risks; the protection of the confidentiality, integrity and availability of GM electronic information, intellectual property and data; and the protection of the safety and privacy of GM customers, as it relates to connected GM products and the connected ecosystem. The Committee’s charter was adopted at the end of 2017.
Further, in early 2018, cybersecurity management was placed with a newly created Global Cybersecurity organization that encompasses both product and corporate cybersecurity functions across all areas of the business. This newly centralized organization, headed by the Vice President of Global Cybersecurity, will provide an enterprise-wide view of cyber risks and threats to augment the company’s ability to defend, detect and respond to them. It’s a holistic approach with several specific focus areas, including autonomous vehicles and their development, customer smartphone apps, manufacturing automation and the operations of GM Financial and OnStar. The goal is to align cyber efforts cross-functionally across the company to achieve harmonization and optimization.
Moving forward, Global Cybersecurity will be engaging regularly to develop collective strategies in the areas of joint ventures and alliances, risk management, governance and policy, companywide monitoring, physical security, government regulation and data analytics in an ecosystem that is constantly evolving.