Independent cyber security services, delivered without agenda.

A thorough examination of your actual cyber security posture, not just a review of what your documentation says it should be.

We assess your network infrastructure, connected devices, operational technology, and procedures against current threat patterns. The result is a clear, prioritised picture of where you genuinely stand, one that reflects reality rather than policy intent.

For superyachts this includes onboard IT and communications systems, VSAT and connectivity equipment, navigation systems, and crew device management. For private estates and family offices it covers corporate and personal networks, cloud services, remote access, and the people and processes that sit around them. We look at what controls exist, whether they function as intended, where gaps are, and advise accordingly.

Controlled attack simulation that tests whether your defences hold, not just whether they exist on paper.

Penetration testing goes beyond identifying known vulnerabilities. It tests whether those vulnerabilities can be exploited in practice, and what the realistic consequences would be. We scope engagements carefully so the results are meaningful and actionable rather than exhaustive and unread.

Testing can be conducted against vessel networks, private estate and family office infrastructure, web applications, external perimeters, and physical access controls. All work is agreed and fully documented before engagement begins.

Practical guidance on resolving cyber security vulnerabilities and making sure they stay resolved.

A findings report only has value if the issues get addressed. We work alongside your team or existing IT providers to ensure remediation is correctly prioritised and properly implemented, not deferred, diluted, or marked complete when it is not.

Because we have no managed services or vendor relationships, our remediation guidance focuses entirely on the most appropriate solution for your environment. Whether that is a superyacht, a private estate, or a family office, the advice is the same: what actually works, not what we happen to sell.

Independent review and configuration of your network boundary controls with no product to sell you in the process.

Firewalls are frequently misconfigured, over-permissive, or carrying rule sets that have accumulated over years of unmanaged changes. We review existing configurations against your actual operational requirements and implement changes that reflect where you are now, not where you were when the system was first set up.

For superyachts this includes segmentation between guest, crew, and operational networks. For private estates and family offices it covers the boundaries between personal, business, and smart home infrastructure. A straightforward control that is far more often missing or broken than it should be.

Strategic cyber risk management for principals, owners, and decision-makers who need clarity without unnecessary technical detail.

We translate complex cyber risk into straightforward terms that support confident decision-making at the principal or board level. What your current controls actually provide, where the gaps are, and what genuine remediation looks like versus what looks good on a compliance return.

For vessel operators this includes full support for IMO 2021 compliance, IMO MSC-FAL.1/Circ.3 requirements, flag state obligations, BIMCO guidelines, and the expectations of underwriters and P&I clubs. For family offices and private principals it covers personal threat profiling, risk prioritisation, and building a security posture that is proportionate to the actual exposure.

Cyber security policies and procedures that reflect how your operation actually works and hold up when tested.

Documentation has value when it is accurate, current, and understood by the people it applies to. We write cyber security policies and procedures that are proportionate and readable, built around your real environment rather than adapted from a generic template, and designed to be used rather than filed.

For vessel operators this includes acceptable use policies, incident response procedures, crew device policies, and vessel-specific cyber security management plans required for IMO compliance. For family offices and private principals it covers personal data handling, device policies, and the practical procedures that protect both the principal and the people around them.

Practical cyber security awareness training focused on the threats your people will actually encounter, not a generic compliance exercise.

The most robust technical controls can be undermined by a single poorly-handled device or a person who does not recognise a social engineering or phishing attempt. We deliver training that is direct, relevant, and appropriate to the environment your team operates in. For superyacht crew that means the particular vulnerabilities of high-profile, high-value operations at sea. For family offices and household staff it means understanding the personal threat profile of the principals they work for and how to handle the information and access that comes with it.

A retained independent cyber security adviser relationship for principals, owners and family offices who need expert guidance on a continuous basis.

The threat landscape evolves constantly. Regulations change. Vendors make claims that deserve independent scrutiny. New technology gets introduced into sensitive environments without proper evaluation. An ongoing advisory arrangement gives you a trusted, experienced perspective, whether for periodic reviews, a second opinion before a technology decision, or support when something unexpected happens.

This is a direct relationship with the principal of ACR. Not a managed service, not a helpdesk, and not a junior analyst working from a script.