Every service is delivered independently. No vendor relationships, no agenda beyond giving you an accurate picture of where you stand and what to do about it.
A thorough examination of your actual maritime cyber security posture, not just a review of what your documentation says it should be.
We assess your network infrastructure, connected devices, operational technology, and procedures against current threat patterns. The result is a clear, prioritised picture of where you genuinely stand, one that reflects reality rather than policy intent.
For superyachts, this includes onboard IT and communications systems, VSAT and connectivity equipment, ECDIS and navigation systems, and crew device management. We look at what controls exist, whether they function as intended, where gaps exist, and advise accordingly.
Controlled attack simulation that tests whether your maritime cyber defences hold, not just whether they exist on paper.
Penetration testing goes beyond identifying known vulnerabilities. It tests whether those vulnerabilities can be exploited in practice, and what the realistic consequences would be. We scope engagements carefully so the results are meaningful and actionable rather than exhaustive and unread.
Testing can be conducted against superyacht networks, web applications, external perimeters, and physical access controls. All work is agreed and fully documented before engagement begins.
Practical guidance on resolving cyber security vulnerabilities and making sure they stay resolved.
A findings report only has value if the issues get addressed. We work alongside your team or existing IT providers to ensure remediation is correctly prioritised and properly implemented, not deferred, diluted, or marked complete when it is not.
Because we have no managed services or vendor relationships, our remediation guidance focuses entirely on the most appropriate solution for your environment, whether that is a superyacht, private estate, or family office infrastructure.
Independent review and configuration of your maritime network boundary controls with no product to sell you in the process.
Firewalls are frequently misconfigured, over-permissive, or carrying rule sets that have accumulated over years of unmanaged changes. We review existing configurations against your actual operational requirements and implement changes that reflect where you are now, not where you were when the system was first set up.
For superyachts, this includes segmentation between guest, crew, and operational networks. A straightforward cyber security control that is far more often missing than it should be.
Strategic maritime cyber risk management for owners, principals and decision-makers who need clarity without technical detail.
We translate complex cyber risk into straightforward terms that support confident decision-making at the principal or board level, including what your current controls actually provide, where the gaps are, and what genuine remediation looks like versus what looks good on a compliance return.
This includes full support for IMO 2021 cyber security compliance, IMO MSC-FAL.1/Circ.3 requirements, flag state requirements, BIMCO guidelines, and the expectations of underwriters and P&I clubs.
Maritime cyber security policies and procedures that reflect how your operation actually works and hold up when tested.
Documentation has value when it is accurate, current, and understood by the people it applies to. We write cyber security policies and procedures that are proportionate and readable, built around your real environment rather than adapted from a generic template, and designed to be used rather than filed.
This includes acceptable use policies, incident response procedures, crew device policies, and vessel-specific cyber security management plans required for IMO compliance.
Practical maritime cyber security awareness training focused on the threats superyacht crew will actually encounter.
The most robust technical controls can be undermined by a single poorly-handled device or a crew member who does not recognise a social engineering or phishing attempt. We deliver cyber awareness training that is direct, relevant, and appropriate to the environment your crew operates in, covering the particular vulnerabilities that come with high-profile, high-value operations at sea.
A retained independent cyber security adviser relationship for superyacht owners, HNWI and family offices who need expert guidance on a continuous basis.
The maritime cyber threat landscape evolves constantly. Regulations change. Vendors make claims that deserve independent scrutiny. An ongoing advisory arrangement gives you a trusted, experienced perspective whether for periodic reviews, a second opinion before a technology decision, or support when something unexpected happens.
This is a direct advisory relationship with the principal of ACR, not a managed service, not a helpdesk, and not a junior analyst working from a script.
Every engagement begins with a conversation. We take time to understand your specific circumstances before recommending anything, and we will tell you honestly if what you already have is adequate. There are no standard packages, no pressure, and no obligation beyond what we have agreed.
Start a conversation