Sophos, a global leader in innovative cybersecurity solutions, has acquired Arco Cyber, a UK-based cybersecurity assurance company focused on validating security controls, mapping to compliance frameworks, and providing executive-ready risk insights. This acquisition accelerates Sophos’ vision to scale world-class CISO expertise across organizations of all maturity levels through its partner ecosystem.
An estimated 359 million organizations exist globally, yet only a small fraction have a dedicated Chief Information Security Officer or equivalent leadership. Even organizations with CISOs need efficient tools for risk assessment, governance, prioritization, and demonstrating security effectiveness to stakeholders.
Sophos CISO Advantage bridges this gap by leveraging advances in agentic and AI-assisted systems to deliver real-time insights into control performance, grounded in human oversight. Arco Cyber’s platform adds critical capabilities for ongoing assurance, compliance alignment, and actionable executive visibility.
“There is no shortage of exemplary security technology in the market,” said Joe Levy, CEO of Sophos. “What’s missing for most organizations is the ability to govern those tools, understand whether controls are actually working, and make informed decisions about risk. Arco has built a platform and a team that offers clarity, accountability, and proof. That work directly supports our strategy, and it gives customers a stronger foundation for simplifying compliance and managing cyber risk with confidence.”
A key focus of Sophos CISO Advantage is enabling managed service providers (MSPs) and managed security service providers (MSSPs) to deliver high-level governance at scale. Partners gain AI-driven tools for continuous assurance, risk visibility, and decision support, elevating their role from technology operators to strategic security advisors.
This approach provides organizations with greater clarity, control, and confidence in cyber risk management, whether they have in-house leadership or rely entirely on trusted partners.
“As cybersecurity matures beyond alerts and point solutions, organizations are increasingly focused on proving impact, not just activity,” said Phil Harris, Research Director, Governance, Risk and Compliance Solutions at IDC. “Boards, regulators, and insurers want clear evidence that security investments are reducing risk and strengthening governance. Platforms that integrate detection and response with assurance, advisory, and risk-based measurement are better aligned with how organizations actually operate. The Sophos and Arco Cyber combination represents a new category of platform-led cybersecurity that connects operations, assurance, and risk-based outcomes.”
“Arco was founded to help organizations move from assumption to proof in cybersecurity,” said Matt Helling, CEO and co-founder of Arco Cyber. “By joining Sophos, we can deliver against that mission and reach far more customers who are struggling to demonstrate control effectiveness, prioritize risk, and justify security decisions. Sophos shares our belief that cybersecurity should deliver clarity, confidence, and control, not just data. Together, we can help organizations of all sizes turn security into a managed, defensible business discipline.”
Arco Cyber will operate as a dedicated team within Sophos, with its technology integrating into Sophos Central—the unified platform supporting advisory services, managed detection and response (MDR), extended detection and response (XDR), and partner-enabled solutions.
About Sophos
Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response. Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.