Sophos Oficially Acquires Arco Cyber to Bring CISO-Level

Sophos today announced it has acquired UK-based Arco Cyber, a cybersecurity assurance company dedicated to helping organizations improve their security posture while staying ahead of compliance requirements and emerging threats.

The acquisition is an important step in Sophos’ strategy to help organizations strengthen cybersecurity strategy and governance across all levels of maturity, delivered through the company’s global partner ecosystem. Sophos refers to this as Sophos CISO Advantage, a set of capabilities designed to scale the knowledge, judgment, and operating discipline of a world-class CISO to organizations with or without dedicated security leadership, combining agentic AI, integrated platforms, and trusted human expertise delivered in partnership with managed service providers (MSPs) and managed security service providers (MSSPs). Advances in agentic and AI-assisted systems now make it possible to deliver real-time insight into control performance, while remaining grounded in human oversight and judgment.

Arco Cyber accelerates this vision by adding capabilities that help organizations continuously validate whether security controls are effective, map controls to risk and compliance frameworks, and present clear, executive-ready insight that supports better decision-making.

“There is no shortage of exemplary security technology in the market,” said Joe Levy, CEO of Sophos. “What’s missing for most organizations is the ability to govern those tools, understand whether controls are actually working, and make informed decisions about risk. Arco has built a platform and a team that offers clarity, accountability, and proof. That work directly supports our strategy, and it gives customers a stronger foundation for simplifying compliance and managing cyber risk with confidence.”

A critical element of Sophos CISO Advantage is the role of MSPs and MSSPs in delivering these capabilities at scale. Most organizations rely on trusted partners to translate insight into action, provide context, and guide day-to-day decision-making. Sophos CISO Advantage is designed to strengthen that relationship by equipping partners with AI-driven governance, continuous assurance, and clear risk insight, enabling them to deliver CISO-level leadership as a service. This approach allows MSPs and MSSPs to elevate their role from technology operators to strategic security advisors, while giving customers greater clarity, control, and confidence in how cyber risk is managed.

Addressing a Leadership Gap in Cybersecurity

There are an estimated 359 million organizations worldwide, yet fewer than 32,000 have a Chief Information Security Officer (CISO). Those with CISOs or other dedicated security leadership also require clear risk assessments, governance, prioritization, and demonstrability of security effectiveness to boards, regulators, and insurers.

“As cybersecurity matures beyond alerts and point solutions, organizations are increasingly focused on proving impact, not just activity,” said Phil Harris, Research Director, Governance, Risk and Compliance Solutions at IDC. “Boards, regulators, and insurers want clear evidence that security investments are reducing risk and strengthening governance. Platforms that integrate detection and response with assurance, advisory, and risk-based measurement are better aligned with how organizations actually operate. The Sophos and Arco Cyber combination represents a new category of platform-led cybersecurity that connects operations, assurance, and risk-based outcomes.”

For organizations with a CISO or similar leadership, Sophos CISO Advantage will provide a more efficient, integrated way to manage risk, track progress, and communicate outcomes. For organizations without one, it will deliver practical, CISO-level guidance that helps them take control of their security posture and decisions.

“Arco was founded to help organizations move from assumption to proof in cybersecurity,” said Matt Helling, CEO and co-founder of Arco Cyber. “By joining Sophos, we can deliver against that mission and reach far more customers who are struggling to demonstrate control effectiveness, prioritize risk, and justify security decisions. Sophos shares our belief that cybersecurity should deliver clarity, confidence, and control, not just data. Together, we can help organizations of all sizes turn security into a managed, defensible business discipline.”

Arco Cyber will join Sophos as a dedicated team to advance Sophos CISO Advantage. Its technology and expertise will be integrated into Sophos Central, the platform which delivers Sophos’ broader ecosystem including advisory services, managed detection and response (MDR), and partner-delivered services that enable MSPs and MSSPs to scale cybersecurity strategy for their customers.

Read Also: Sophos Expands Portfolio with Workspace Protection to Secure Hybrid Work