Sophos has announced the acquisition of UK-based Arco Cyber, a cybersecurity assurance company. The move strengthens Sophos CISO Advantage by adding assurance, governance, and compliance-focused capabilities. The acquisition was revealed as part of Sophos’ broader strategy to help organizations improve cybersecurity decision-making at every maturity level.

According to the company, the deal enhances Sophos CISO Advantage, which is designed to scale CISO-level knowledge and operational discipline to organizations with or without dedicated security leadership. The offering combines agentic AI, integrated platforms, and human expertise. These capabilities are delivered through Sophos’ global ecosystem of managed service providers (MSPs) and managed security service providers (MSSPs).

Meanwhile, advances in agentic and AI-assisted systems now enable real-time visibility into security control performance. At the same time, Sophos reported that the approach remains grounded in human oversight and judgment to support responsible governance.

Arco Cyber adds technology that helps organizations continuously validate security controls, map them to risk and compliance frameworks, and present executive-ready insights. As a result, customers can make clearer, evidence-based security decisions and demonstrate control effectiveness.

Joe Levy, CEO of Sophos, said the market already has strong security tools. However, he noted that many organizations lack governance, clarity, and proof that controls are working. He added that Arco Cyber supports Sophos’ goal of simplifying compliance and improving cyber risk management with confidence.

A key element of Sophos CISO Advantage is partner delivery. Most organizations rely on MSPs and MSSPs to turn insights into action. Therefore, Sophos revealed that the platform equips partners with AI-driven governance, continuous assurance, and clear risk insights. This enables them to deliver CISO-level leadership as a service.

Industry data shows there are an estimated 359 million organizations worldwide. However, fewer than 32,000 have a Chief Information Security Officer. Even organizations with security leadership still require clear risk assessments, governance, and proof of effectiveness for boards, regulators, and insurers.

Phil Harris, Research Director at IDC, said organizations are increasingly focused on proving security impact rather than activity. He explained that platforms combining operations, assurance, and risk-based measurement are better aligned with real-world needs. He added that the Sophos and Arco Cyber combination represents a new category of platform-led cybersecurity.

For organizations with a CISO, Sophos CISO Advantage is expected to offer a more integrated way to manage and communicate risk. For those without one, it provides practical guidance to improve security posture and decisions.

Matt Helling, CEO and co-founder of Arco Cyber, said the company was founded to help organizations move from assumption to proof in cybersecurity. He stated that joining Sophos allows the platform to reach more customers seeking clarity, control, and defensible security decisions.

Following the acquisition, Arco Cyber will join Sophos as a dedicated team. Its technology will be integrated into Sophos Central, which delivers advisory services, managed detection and response (MDR), and partner-led offerings.

Key highlights include:

• Sophos CISO Advantage expanded with assurance and compliance validation
• AI-driven governance delivered through MSPs and MSSPs
• Arco Cyber technology integrated into the Sophos Central platform

Related post

View all