Page last updated on February 19, 2026
VISTEON CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 07:14:40 EST.
Filings
10-K filed on 2026-02-19
VISTEON CORP filed a 10-K at 2026-02-19 07:14:40 EST
Accession Number: 0001111335-26-000006
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Governance Responsibility for assessing and managing cybersecurity risk includes, but is not limited to, input from our Board of Directors, including the Audit Committee of the Board (the "Audit Committee"), senior management and the Crisis Management Team -a cross functional task force comprised of representatives from key corporate and operational functions. These groups devote significant resources to cybersecurity and the risk management processes to adapt to the evolving threat landscape. V isteon's internal cyber and information security team oversees and collaborates with external service providers using the National Institute of Standards and Technology ("NIST") framework to support a layered cybersecurity strategy focused on prevention, detection, mitigation, and remediation of cybersecurity matters. The Chief Information Officer ("CIO") is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the 16 Audit Committee and the full Board. The CIO has over 20 years of experience in cybersecurity oversight, and our internal team includes professionals with industry-recognized certifications such as Certified Information Systems Security Professional ("CISSP") and Certified in Risk and Information Systems Control ("CRISC"). The Audit Committee receives quarterly updates on material risks from cybersecurity threats, cybersecurity status, including threat detection, incident response readiness, and strategic roadmap progress. At least twice per year, the full Board reviews key performance indicators, test results, remediation actions, and emerging threats. Management regularly reports cybersecurity risk information to the Board and its committees. Risk Management, Strategy and Testing Our cybersecurity risk management program is integrated into Visteon's Enterprise Risk Management framework and incorporates external expertise through third-party providers for threat intelligence, monitoring, forensics, and advisory services. Visteon engages a managed security service provider to augment its cyber and information security team and to provide additional monitoring capabilities. Visteon's cyber and information security team reviews enterprise risk management-level cybersecurity risks regularly, and key cybersecurity risks are incorporated into the annual corporate-wide Enterprise Risk Management assessment. We maintain company-wide policies and procedures addressing cybersecurity matters, including encryption standards, endpoint protection, security monitoring, remote access, access control, and the use of confidential information. Visteon has obtained Trusted Information Security Assessment Exchange ("TISAX") certification labels at multiple global locations. We periodically perform simulations and tabletop exercises at the management level and incorporate external advisors as needed. All employees complete mandatory cybersecurity training and have access to additional modules throughout the year. Our defenses are regularly tested through technical simulations, including red team/blue team exercises, and operational policy reviews with third-party experts. At the management level, our cyber and information security team regularly monitors alerts and meets to discuss threat levels, trends and remediation. Our cyber and information security team conducts regular reviews of third-party hosted applications with a specific focus on any sensitive data shared with third parties. Internal audit collaborates with business owners to review user access and obtain System and Organization Controls ("SOC") reports from vendors hosting sensitive data. Where SOC reports are unavailable, we take additional steps to assess vendor cybersecurity preparedness. For certain products more susceptible to cybersecurity threats, we apply additional risk assessments and management processes aligned with customer requirements and industry standards, including ISO 21434 for road vehicle cybersecurity engineering. Product-level cybersecurity management is led by a dedicated team within engineering, which reports at least twice per year to the Technology Committee of the Board. The Company has from time-to-time experienced threats to and breaches of its data and systems, including malware attacks. However to date, cybersecurity risks have not materially affected our business strategy, operations, or financial condition. Despite our extensive approach, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company or its stakeholders. See Item 1A, "Risk Factors," for additional discussion of cybersecurity risks.
Company Information
| Name | VISTEON CORP |
| CIK | 0001111335 |
| SIC Description | Motor Vehicle Parts & Accessories |
| Ticker | VC - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 31 |