Sophos, a cybersecurity solutions provider, has acquired UK-based Arco Cyber, a cybersecurity assurance company that helps organizations strengthen security while meeting compliance requirements and addressing emerging threats.
The acquisition supports Sophos’ strategy to improve cybersecurity governance across organizations of all maturity levels through its global partner ecosystem. This effort is delivered under Sophos CISO Advantage, a set of tools and services that bring the expertise of a chief information security officer (CISO) to organizations, whether or not they have dedicated security leadership. The offering combines agentic AI, integrated platforms, and human expertise through managed service providers (MSPs) and managed security service providers (MSSPs).
Advances in AI-assisted systems allow real-time insight into security control performance while maintaining human oversight. Arco Cyber strengthens this approach by providing tools to validate security controls, map them to risk and compliance frameworks, and present executive-ready insights for better decision-making.
“There is no shortage of exemplary security technology in the market,” said Joe Levy, CEO of Sophos. “What’s missing for most organizations is the ability to govern those tools, understand whether controls are actually working, and make informed decisions about risk. Arco has built a platform and a team that offers clarity, accountability, and proof. That work directly supports our strategy, and it gives customers a stronger foundation for simplifying compliance and managing cyber risk with confidence.”
“As cybersecurity matures beyond alerts and point solutions, organizations are increasingly focused on proving impact, not just activity,” said Phil Harris, research director for governance, risk, and compliance solutions at IDC. “The Sophos and Arco Cyber combination represents a new category of platform-led cybersecurity that connects operations, assurance, and risk-based outcomes.”
Sophos CISO Advantage will give organizations with a CISO a more integrated way to manage risk, track progress, and report outcomes, while organizations without one will receive practical guidance to strengthen their security posture.
“Arco was founded to help organizations move from assumption to proof in cybersecurity,” said Matt Helling, CEO and co-founder of Arco Cyber. “By joining Sophos, we can deliver against that mission and reach far more customers who are struggling to demonstrate control effectiveness, prioritize risk, and justify security decisions. Sophos shares our belief that cybersecurity should deliver clarity, confidence, and control, not just data. Together, we can help organizations of all sizes turn security into a managed, defensible business discipline.”
Arco Cyber will join Sophos as a dedicated team advancing Sophos CISO Advantage. Its technology and expertise will be integrated into Sophos Central, the platform that powers advisory services, managed detection and response, and partner-delivered services for MSPs and MSSPs.