| Rolls-Royce

Global
- China
- Japan
- Germany
- North America
- South East Asia
- United Kingdom
- India
- Korea
- Arabic
- Brazil
- Global contacts

We develop and deliver complex power and propulsion solutions.

For more than 100 years we have been at the forefront of innovation. Helping to power, protect and connect the modern world.

About

Create your future with us

Help us deliver better power for our changing world.

We develop and deliver complex power and propulsion solutions for safety-critical applications in the air, at sea and on land.

Our products and service packages enable our customers to connect people, societies, cultures and economies together.

Products & Services

Doing more with less

We have a fundamental role in meeting the environmental and societal opportunities and challenges that the world faces.

Sustainability

Rolls-Royce 2025 Half Year Results

Rolls-Royce announced 2025 Half Year Results on Thursday 31 July 2025

View webcast and materials

News centre

Updates and news from around the Rolls-Royce businesses.

Home

Sustainability

Cyber Security

Must-Read Cyber Security News

Supply chain threats, wiperware, and an intriguing cyber role

An interview with Clare McBrearty of Rolls-Royce

Working on cybersecurity in the defense industry requires technical expertise, but also discretion because of the national security responsibilities involved.

Just ask Clare McBrearty, Supplier Cyber Security Lead at Rolls-Royce in London.

She’ll politely tell you almost nothing about a sensitive role with the British government she held before joining Rolls-Royce — except that it had been publicly advertised in a newspaper.

Alas, that hardly narrows the possibilities. The UK Ministry of Defence, MI6,10 Downing Street, and Buckingham Palace, among other important British institutions, all publicize cyber-related job openings.

We asked Clare about her important work for Rolls-Royce plus the things she can’t talk about much. This interview was condensed and edited.

Q. We’re told you had an intriguing job before joining Rolls-Royce. Can you speak about it?

A. It involved responsibilities for information security, data protection, and records management for a British institution, but I can’t put anything on the record about my role. What I can say is there’s been a real push recently in the UK to protect VIPs from cyberattacks — anyone who is a very well-known person. But in my opinion, everybody is a very important person. Phones can be hacked just as emails can be hacked. By practicing cybersecurity in your personal life, you can bring that into your work environment.

Q. Anything else you can share about your background?

A. I’ve been involved in numerous UK government projects related to cybersecurity. I worked on the response to the LulzSec hacking group attack on (what is now) the National Crime Agency. I also performed the threat and vulnerability assessment of the European Space Agency’s Galileo GPS system, Europe’s own global satellite navigation system. Through the years, I’ve seen the scope of cyberthreats become more sophisticated and been reminded again and again that threat actors will look everywhere possible for vulnerabilities to exploit. The best defense is constant vigilance and getting basic security done right.

Q. What is your role at Rolls-Royce?

A. My role is to ensure we manage the cybersecurity risk within our supply chain. I'm responsible for identifying the opportunities attackers may take to attack our suppliers to gain access to our critical assets, such as data or essential products, and to work with our suppliers and colleagues within Rolls-Royce to reduce that risk to an acceptable level. My first day at Rolls-Royce, I was told by our chief information security officer that we had an estimated 15,000 suppliers in our supply chain. I am close to quantifying the actual number, but it's not that far off. Together Rolls-Royce and its suppliers have a role to play in protecting our organization and critical assets so we’re able to prevent a cyberattack that may cause disruption or loss of data and customer services.

Q. What do you see as the biggest threat?

A. Ransomware. Threat actor groups are very successful at introducing malware through phishing emails to gain access to sensitive information or perhaps collect logon credentials for critical systems. Ransomware will continue to increase as a mode of attacking suppliers throughout 2025, but we’re also starting to see more wiperware attacks. It’s the same type of attack as ransomware, but there's no ransom. They will just deploy malware to cause destruction to a company’s systems and walk away with the data they've stolen.

Q. Supply chain risk is systemic, right? One small supplier can inadvertently open the door to a much greater attack.

A. Yes, we can think about it being interconnected vulnerabilities. Many organizations in the supply chain have the same vulnerabilities. We have common business systems and applications. This high connectedness within our supply chain makes us a prime target for cyberattacks. A cyberattacker can exploit one vulnerability in a system and watch that replicate from company to company.

Q. What’s the right approach to defend the supply chain?

A. All companies have a shared responsibility in protecting themselves. I don’t think any organization operates in isolation. By strengthening each of our organizations and relationships, it leads to a more collaborative approach — raising standards, reducing risks, and making the supply chain more secure and less likely to be vulnerable to cyberattacks.

Q. So, do you still have a connection to the British institution where you previously worked?

A. Yes, I’m still a trusted advisor. … But I can’t say anything about my role there. My main priority now is safeguarding Rolls-Royce, its customers and suppliers.