Sophos, a global cybersecurity company, has acquired UK-based Arco Cyber, a cybersecurity assurance firm focused on helping organisations validate security controls and meet compliance requirements, the company said.
The deal, for which financial terms were not disclosed, strengthens Sophos’ move beyond threat detection into cybersecurity governance, risk management and executive-level assurance.
Arco Cyber’s technology and team will be integrated into Sophos CISO Advantage, a set of capabilities aimed at delivering CISO-level cybersecurity strategy and oversight to organisations with or without dedicated security leadership. The offering combines AI-assisted systems, integrated platforms and human expertise delivered through Sophos’ network of managed service providers (MSPs) and managed security service providers (MSSPs).
“There is no shortage of security technology in the market,” Sophos Chief Executive Joe Levy said in a statement. “What’s missing for most organisations is the ability to govern those tools, understand whether controls are actually working, and make informed decisions about risk.”
Arco Cyber provides continuous validation of security controls, maps controls to risk and compliance frameworks, and produces executive-ready reporting designed for boards, regulators and insurers. Sophos said these capabilities will help customers demonstrate the effectiveness of their cybersecurity investments rather than simply track activity.
The acquisition comes as many organisations face a shortage of senior cybersecurity leadership. Sophos estimates that fewer than 32,000 of the world’s roughly 359 million organisations employ a chief information security officer, increasing reliance on external partners for strategic guidance.
“As cybersecurity matures beyond alerts and point solutions, organisations are increasingly focused on proving impact, not just activity,” said Phil Harris, research director for governance, risk and compliance solutions at IDC. He said the combination of Sophos and Arco Cyber points to a growing category of platforms that link security operations with assurance and risk-based outcomes.
Arco Cyber will join Sophos as a dedicated team, with its technology integrated into Sophos Central, the company’s platform for advisory services, managed detection and response, and partner-delivered security offerings.
Matt Helling, chief executive and co-founder of Arco Cyber, said the deal would allow the company to reach a broader customer base and help organisations better prioritise risk and justify security decisions.
Sophos said the acquisition will enable MSPs and MSSPs to provide more strategic, CISO-level services, positioning them as long-term security advisers rather than technology operators.
