GENERAL DYNAMICS CORP - (GD)
10-K Filing Date: February 08, 2024
ITEM 1C. CYBERSECURITY
We face various cybersecurity threats. The purpose of our cybersecurity program is to assess, identify, manage and mitigate cybersecurity risk while supporting the achievement of our business objectives.
Under our comprehensive risk management program, the board of directors (Board) of the company maintains oversight of the most significant risks facing the company, including cybersecurity risks, while senior management is responsible for the identification and prioritization of risks that are material to our business, corresponding risk-mitigation efforts and day-to-day management of our risk management program. The full Board retains oversight over management’s cybersecurity efforts. At least annually, and often more frequently, the Board receives cybersecurity briefings from senior executives, including, when appropriate, executives focused on cybersecurity matters.
Our companywide cybersecurity policy sets the framework for our approach to cybersecurity. Each business unit and our corporate headquarters designates individuals with appropriate qualifications and experience to be responsible for addressing cybersecurity matters, including assessing, identifying and managing risks from cybersecurity threats, with a direct reporting line to senior management. Under our approach to cybersecurity, each business unit designs and operates its own information and cybersecurity program tailored to its market, customer requirements, regulatory requirements and threats. Our cybersecurity policy and procedures are designed to ensure senior management receives timely and adequate information regarding cybersecurity matters, including threats and incident response, as appropriate to the matter. Our policies and procedures are also designed to oversee and identify material cybersecurity risks related to third-party vendors and service providers.
Our companywide Cyber Council, comprised of information technology and cybersecurity executives from our business units, shares information and cybersecurity practices throughout the company, recommends policy and procedure updates and tracks emerging trends. The chair of the Cyber Council reports directly to the company’s chief executive officer.
As part of our approach to cyber risk management, we regularly perform internal audits of internal processes and controls relating to cybersecurity. From time to time, as appropriate under our overall cybersecurity program, we engage third-party experts to support the assessment of cyber related risks, including to conduct cyber penetration testing.
27
See Item 1A—Risk Factors above for additional discussion of various risks related to cybersecurity that are reasonably likely to have a material impact on our company, including our business strategy, results of operations or financial condition.