When you look at the situation of defending a vessel against piracy, the methodology from a merchant vessel to a cruise ship should not change. What does change, is the consideration of the passengers and the configuration of the vessel.
Normal cruise ship security should be concerned with the on board threats against the vessel, its crew and the passengers on the vessel. Anti piracy security is a whole different concern. When you consider security, you need to understand that the security provided for anti piracy operations needs to concentrate on the piracy aspect. The normal security on the vessel needs to concentrate on the on board threats.
To have a security entity be concerned with both aspects at the same time will severely hamper one or the other. These are two completely different methodologies and should be treated as such.