v3.26.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
May 31, 2026
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] Our enterprise risk management framework considers cybersecurity risk alongside other company risks, as part of our overall risk
assessment process. We leverage an industry-leading framework, the National Institute of Standards and Technology Cybersecurity
Framework, and assess our maturity against that framework in partnership with an independent firm on an annual basis.
We assess and manage our cybersecurity risk using various mechanisms, starting with threat intelligence, which provides us a
necessary viewpoint to help us identify trends, understand how certain attacks may affect us, and prepare for evolutions in threat actor
behavior that may require changes to our security posture. To drive readiness, we perform periodic adversarial testing of our
cybersecurity posture through penetration testing, using both internal resources and external expertise, as well as table-top and “red
team” exercises to understand where processes or controls may be insufficient based on adversarial techniques.
Our internal audit team performs regular assessments of our program and selected components. We also leverage retrospectives from
previous cybersecurity incidents to understand weaknesses and to improve our security controls. We assess our critical suppliers
regularly for cybersecurity risk and prescribe remediation activities when necessary. As a part of a collaborative defense approach, we
regularly participate in multiple cybersecurity forums to share threat intelligence, best practices, and points of caution.
We train our employees through annual security training, phishing simulations, and regular communications about timely
cybersecurity topics and threats. We have a documented and well-tested cybersecurity incident response plan that guides us in
responding, containing, and eradicating cybersecurity threats that have breached our preventative controls. We regularly practice
technical recovery, and we maintain cybersecurity insurance.
Like most companies, our systems are continually subjected to cybersecurity threats. Although we have not experienced a material cybersecurity breach, we cannot guarantee that we will not experience a cyber threat or incident in the future.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our enterprise risk management framework considers cybersecurity risk alongside other company risks, as part of our overall risk
assessment process. We leverage an industry-leading framework, the National Institute of Standards and Technology Cybersecurity
Framework, and assess our maturity against that framework in partnership with an independent firm on an annual basis.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Cybersecurity Governance
Our cybersecurity program is led by our Chief Digital, Technology and Transformation Officer (CDTTO) and Vice President of Cyber
Security & Enterprise Architecture and Digital Core. Our Vice President of Cyber Security & Enterprise Architecture, who reports to
our CDTTO, has a master’s degree in information assurance, and more than 21 years of experience working in this field, including
more than 14 years with General Mills. He has strategic and operational responsibility for all aspects of the Company’s cybersecurity
program, from how cyber risks are identified, governed, and mitigated, to how General Mills detects, responds, contains, and recovers
from cybersecurity threats.
The Audit Committee of our Board of Directors provides oversight for our cybersecurity program. The Audit Committee receives
regular updates from management on the effectiveness of our cybersecurity program, reviews plans on how management will
continually mature the program, and receives updates on special topics that help the committee provide effective oversight of the
program.
Our Security & Resilience Governance Committee provides oversight and governance for the Company’s cybersecurity risk through
quarterly meetings, monthly dashboard reporting on management-aligned program performance targets, and as-needed updates on
cybersecurity incidents. This committee is composed of our Chief Financial Officer, General Counsel, Chief Human Resources
Officer, Chief Supply Chain Officer, and CDTTO.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee of our Board of Directors provides oversight for our cybersecurity program.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee receives
regular updates from management on the effectiveness of our cybersecurity program, reviews plans on how management will
continually mature the program, and receives updates on special topics that help the committee provide effective oversight of the
program.
Cybersecurity Risk Role of Management [Text Block] Our cybersecurity program is led by our Chief Digital, Technology and Transformation Officer (CDTTO) and Vice President of Cyber
Security & Enterprise Architecture and Digital Core. Our Vice President of Cyber Security & Enterprise Architecture, who reports to
our CDTTO, has a master’s degree in information assurance, and more than 21 years of experience working in this field, including
more than 14 years with General Mills. He has strategic and operational responsibility for all aspects of the Company’s cybersecurity
program, from how cyber risks are identified, governed, and mitigated, to how General Mills detects, responds, contains, and recovers
from cybersecurity threats.
The Audit Committee of our Board of Directors provides oversight for our cybersecurity program. The Audit Committee receives
regular updates from management on the effectiveness of our cybersecurity program, reviews plans on how management will
continually mature the program, and receives updates on special topics that help the committee provide effective oversight of the
program.
Our Security & Resilience Governance Committee provides oversight and governance for the Company’s cybersecurity risk through
quarterly meetings, monthly dashboard reporting on management-aligned program performance targets, and as-needed updates on
cybersecurity incidents. This committee is composed of our Chief Financial Officer, General Counsel, Chief Human Resources
Officer, Chief Supply Chain Officer, and CDTTO.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our cybersecurity program is led by our Chief Digital, Technology and Transformation Officer (CDTTO) and Vice President of Cyber Security & Enterprise Architecture and Digital Core.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Vice President of Cyber Security & Enterprise Architecture, who reports to
our CDTTO, has a master’s degree in information assurance, and more than 21 years of experience working in this field, including
more than 14 years with General Mills.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Security & Resilience Governance Committee provides oversight and governance for the Company’s cybersecurity risk through
quarterly meetings, monthly dashboard reporting on management-aligned program performance targets, and as-needed updates on
cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true