Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
May 31, 2026 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Our enterprise risk management framework considers cybersecurity risk alongside other company risks, as part of our overall risk assessment process. We leverage an industry-leading framework, the National Institute of Standards and Technology Cybersecurity Framework, and assess our maturity against that framework in partnership with an independent firm on an annual basis. We assess and manage our cybersecurity risk using various mechanisms, starting with threat intelligence, which provides us a necessary viewpoint to help us identify trends, understand how certain attacks may affect us, and prepare for evolutions in threat actor behavior that may require changes to our security posture. To drive readiness, we perform periodic adversarial testing of our cybersecurity posture through penetration testing, using both internal resources and external expertise, as well as table-top and “red team” exercises to understand where processes or controls may be insufficient based on adversarial techniques. Our internal audit team performs regular assessments of our program and selected components. We also leverage retrospectives from previous cybersecurity incidents to understand weaknesses and to improve our security controls. We assess our critical suppliers regularly for cybersecurity risk and prescribe remediation activities when necessary. As a part of a collaborative defense approach, we regularly participate in multiple cybersecurity forums to share threat intelligence, best practices, and points of caution. We train our employees through annual security training, phishing simulations, and regular communications about timely cybersecurity topics and threats. We have a documented and well-tested cybersecurity incident response plan that guides us in responding, containing, and eradicating cybersecurity threats that have breached our preventative controls. We regularly practice technical recovery, and we maintain cybersecurity insurance. Like most companies, our systems are continually subjected to cybersecurity threats. Although we have not experienced a material cybersecurity breach, we cannot guarantee that we will not experience a cyber threat or incident in the future.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our enterprise risk management framework considers cybersecurity risk alongside other company risks, as part of our overall risk assessment process. We leverage an industry-leading framework, the National Institute of Standards and Technology Cybersecurity Framework, and assess our maturity against that framework in partnership with an independent firm on an annual basis.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Cybersecurity Governance Our cybersecurity program is led by our Chief Digital, Technology and Transformation Officer (CDTTO) and Vice President of Cyber Security & Enterprise Architecture and Digital Core. Our Vice President of Cyber Security & Enterprise Architecture, who reports to our CDTTO, has a master’s degree in information assurance, and more than 21 years of experience working in this field, including more than 14 years with General Mills. He has strategic and operational responsibility for all aspects of the Company’s cybersecurity program, from how cyber risks are identified, governed, and mitigated, to how General Mills detects, responds, contains, and recovers from cybersecurity threats. The Audit Committee of our Board of Directors provides oversight for our cybersecurity program. The Audit Committee receives regular updates from management on the effectiveness of our cybersecurity program, reviews plans on how management will continually mature the program, and receives updates on special topics that help the committee provide effective oversight of the program. Our Security & Resilience Governance Committee provides oversight and governance for the Company’s cybersecurity risk through quarterly meetings, monthly dashboard reporting on management-aligned program performance targets, and as-needed updates on cybersecurity incidents. This committee is composed of our Chief Financial Officer, General Counsel, Chief Human Resources Officer, Chief Supply Chain Officer, and CDTTO.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee of our Board of Directors provides oversight for our cybersecurity program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee receives regular updates from management on the effectiveness of our cybersecurity program, reviews plans on how management will continually mature the program, and receives updates on special topics that help the committee provide effective oversight of the program.
|
| Cybersecurity Risk Role of Management [Text Block] | Our cybersecurity program is led by our Chief Digital, Technology and Transformation Officer (CDTTO) and Vice President of Cyber Security & Enterprise Architecture and Digital Core. Our Vice President of Cyber Security & Enterprise Architecture, who reports to our CDTTO, has a master’s degree in information assurance, and more than 21 years of experience working in this field, including more than 14 years with General Mills. He has strategic and operational responsibility for all aspects of the Company’s cybersecurity program, from how cyber risks are identified, governed, and mitigated, to how General Mills detects, responds, contains, and recovers from cybersecurity threats. The Audit Committee of our Board of Directors provides oversight for our cybersecurity program. The Audit Committee receives regular updates from management on the effectiveness of our cybersecurity program, reviews plans on how management will continually mature the program, and receives updates on special topics that help the committee provide effective oversight of the program. Our Security & Resilience Governance Committee provides oversight and governance for the Company’s cybersecurity risk through quarterly meetings, monthly dashboard reporting on management-aligned program performance targets, and as-needed updates on cybersecurity incidents. This committee is composed of our Chief Financial Officer, General Counsel, Chief Human Resources Officer, Chief Supply Chain Officer, and CDTTO.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our cybersecurity program is led by our Chief Digital, Technology and Transformation Officer (CDTTO) and Vice President of Cyber Security & Enterprise Architecture and Digital Core. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our Vice President of Cyber Security & Enterprise Architecture, who reports to our CDTTO, has a master’s degree in information assurance, and more than 21 years of experience working in this field, including more than 14 years with General Mills.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Security & Resilience Governance Committee provides oversight and governance for the Company’s cybersecurity risk through quarterly meetings, monthly dashboard reporting on management-aligned program performance targets, and as-needed updates on cybersecurity incidents.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |