| Rolls-Royce

Global
- China
- Japan
- Germany
- North America
- South East Asia
- United Kingdom
- India
- Korea
- Arabic
- Brazil
- Global contacts

We develop and deliver complex power and propulsion solutions.

For more than 100 years we have been at the forefront of innovation. Helping to power, protect and connect the modern world.

About

Create your future with us

Help us deliver better power for our changing world.

We develop and deliver complex power and propulsion solutions for safety-critical applications in the air, at sea and on land.

Our products and service packages enable our customers to connect people, societies, cultures and economies together.

Products & Services

Doing more with less

We have a fundamental role in meeting the environmental and societal opportunities and challenges that the world faces.

Sustainability

Rolls-Royce 2025 Half Year Results

Rolls-Royce announced 2025 Half Year Results on Thursday 31 July 2025

View webcast and materials

News centre

Updates and news from around the Rolls-Royce businesses.

Home

Sustainability

Cyber Security

Must-Read Cyber Security News

How to Get Your CEO's Buy-In on Cybersecurity

An interview with Neil Cassidy, Rolls-Royce's Global Chief Information Security Officer.

Imagine your boss walking into the office one morning next week, and everything is down. No production lines. No marketing. No email. No finance or payroll.

What would happen?

That’s a thought experiment that those in charge of cybersecurity should run through with top leaders in their companies, says Neil Cassidy, Chief Information Security Officer at Rolls-Royce.

That thought process, he says, is “a way to translate between the technical side of cybersecurity and the language we speak to a group of people when that's not their sweet spot.”

Then take the experiment a step further.

If you could bring just one system or one operation back up, what would it be? What would you want first? What’s critical?

That discussion leads to the identification of the true “crown jewels” of a company.

Those are the places where resources can and should be directed first. Such scenarios are not all that farfetched, Cassidy says.

Historically, major IT service incidents were localized to individual applications or business teams. But today, a major cyberattack can take away every system, in every geographic location where a business operates.

“When you start to describe it in those business terms, you do tend to get the attention of leadership, of your CEO,” Cassidy says. “Suddenly they've got a big business continuity risk that far outweighs anything else they have on their plate.”

So, you’ve got their attention. Now what?

Regular communication is important. Keep the higher-ups abreast of current topics. When the CrowdStrike meltdown hit over the summer, Cassidy sent an email to company leaders, explaining that for Rolls-Royce, the impact was limited, but many customers had been affected. “So, they've got some calm, measured facts from somebody that they trust,” he says, “rather than the hyperbole that they'll get from newspapers.”
Keep fine-tuning your reporting. If you are tracking things like the click-rates on phishing schemes, make sure the top leaders know which departments are doing best, and which are lagging. It’s human nature: no one wants to be the worst, so leaders will drive the message home to their teams.