With over 30 years in IT and almost two decades focused on information and cyber security, we have worked across some demanding environments providing consultancy and project support to organisations including Lockheed Martin, the National Bank of Norway and the Danish Foreign Ministry.
The longest and most formative chapter was 16 years at the Foreign and Commonwealth Office, building the cyber defence capability from the ground up, defending against everything from opportunistic attacks to some of the most capable nation-state actors of the time. That work involved numerous breach and attack investigations and helped develop what has since grown into a very successful SOC operation. As close to the sharp end as it gets.
I left in 2017 because something we had started a few years earlier refused to leave us alone. The idea was straightforward: bring genuine, operationally grounded cyber security expertise to the superyacht sector and the wider community of high-net-worth individuals, family offices and private estates that surround it. The passion felt for that was stronger than expected. So we took the plunge. It was going well until circumstances beyond our control hit hard. It took time to recover, but the conviction never left.
We started Active Cyber Resilience because we believe this sector deserves more independent advice than it is currently being offered. Many vendors are tied to products or managed services, meaning their advice is filtered through what they have to sell. What a vessel or principal actually needs and what a vendor tied integrator provides are not always the same thing.
Too much is built around product portfolios and compliance checkboxes. Not enough around how a vessel actually operates, what crew face at sea, or what a high-profile individual's real threat profile looks like.
Cyber security works best built in from the start, not bolted on as an afterthought that quietly gets ignored. Done properly it becomes the norm, not a blocker. That is what ACR exists to do.
"Independent advice, no vendor agenda. Just an honest assessment of where you stand and practical support to improve it."
No 'Vendor Agenda' If we recommend something, it is because it is the right answer for your environment.
We give you an honest picture of where you stand. If your security is adequate, we will tell you so. If it is not, or if what you have been told exists does not, we will tell you that too.
Not every client faces the same risk or requires the same controls. We calibrate our recommendations to your actual exposure and operational requirements. Good security is appropriate security.
We do not publicise client relationships or reference engagements without explicit permission. Confidentiality is not a feature of our service, it is a baseline expectation we hold ourselves to.
Our goal is to leave you in a stronger position, with a clear understanding of what you have and why. You should not have to rely on ACR beyond what is genuinely useful to you and what you require.
We work alongside your existing IT providers, captains, and management teams, not in competition with them. Our role is to provide independent oversight and support better decision-making across the board.
Superyachts present a genuinely distinctive challenge. They combine the connectivity of a corporate environment with the physical isolation of a vessel at sea, the personal data of high-profile principals and guests, and increasingly integrated systems navigation, engineering, communications, entertainment that were not originally designed with security in mind.
Regulatory obligations have formalised minimum requirements for cyber risk management. But compliance is a starting point, not a destination. A vessel can meet every audit requirement and still have controls that do not function as described, crew who are not equipped to maintain them, and an owner who has been given a false sense of assurance as a result.
ACR understands both the regulatory landscape and the reality behind it. We advise on both.
Initial conversations are without obligation. We take time to understand your situation before recommending anything.
Get in Touch