Sophos acquisition of Arco Cyber expected to boost CISO-level cyber risk oversight. Credit: Sundry Photography/Shutterstock.com.

Sophos, a British security software and hardware company, has acquired London-based cybersecurity assurance company Arco Cyber, for an undisclosed price.

The move is intended to expand Sophos’ ability to provide chief information security officer (CISO)-level, AI-powered security insight to businesses through its global network of partners.

The acquisition forms part of Sophos’ wider strategy to strengthen cyber risk management and governance capabilities across organisations regardless of their internal security maturity or leadership structure.

Arco Cyber has developed a cloud platform which focuses on collecting and correlating data from various security systems to provide organisations with visibility into which controls are functioning effectively. It also identifies areas of exposure and highlights priorities for remediation in terms relevant to business and risk outcomes.

This approach aligns with Sophos’ initiative, CISO Advantage, which aims to equip both managed service providers (MSPs) and managed security service providers (MSSPs) with tools enabling them to deliver executive-level oversight as a service.

Arco Cyber CEO and co-founder Matt Helling said: “Arco was founded to help organisations move from assumption to proof in cybersecurity.

GlobalData Strategic Intelligence US Tariffs are shifting - will you react or anticipate? Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis. By GlobalData Learn more about Strategic Intelligence

“By joining Sophos, we can deliver against that mission and reach far more customers who are struggling to demonstrate control effectiveness, prioritise risk, and justify security decisions.

“Sophos shares our belief that cybersecurity should deliver clarity, confidence, and control, not just data. Together, we can help organizations of all sizes turn security into a managed, defensible business discipline.”

Following the acquisition, Sophos will integrate Arco Cyber’s technology and team into its central platform, Sophos Central. This integration aims to help partners expand continuous security assurance, risk mapping and compliance monitoring for their customers.

Sophos stated that Arco Cyber enhances its strategic vision by enabling organisations to continually validate the effectiveness of security controls and align these controls with risk and compliance frameworks. The company also said that Arco Cyber’s platform delivers clear insight to support decision-making at the executive level.

With these enhanced capabilities in place, MSPs and MSSPs play a central role in delivering cybersecurity services at scale. Organisations frequently depend on such partners to translate technical insights into actionable steps and guide daily decision-making around cyber risk. With the addition of Arco Cyber’s capabilities, Sophos intends for these providers to move from technical operators towards strategic advisors for clients’ cybersecurity needs.

According to Sophos, even companies with dedicated CISOs or similar roles require robust risk assessments and demonstrable effectiveness of controls for oversight by boards, regulators or insurers. For organisations already employing CISOs or similar professionals, CISO Advantage aims to streamline risk management processes and reporting.

For those without such leadership roles in place, the platform is expected to provide practical guidance that enables them to manage their security profile more effectively.

Arco Cyber will operate within Sophos as a dedicated team tasked with advancing the CISO Advantage offering. Its technology will form part of the broader suite available through Sophos Central, which also includes advisory services and managed detection and response functions delivered by partners.

Sophos CEO Joe Levy said: “There is no shortage of exemplary security technology in the market.

“What’s missing for most organisations is the ability to govern those tools, understand whether controls are actually working, and make informed decisions about risk. Arco has built a platform and a team that offers clarity, accountability, and proof. That work directly supports our strategy, and it gives customers a stronger foundation for simplifying compliance and managing cyber risk with confidence.”

The acquisition follows Sophos’ introduction last month of Workspace Protection, an expansion in its product range designed to address security requirements for hybrid working environments and emerging technologies such as artificial intelligence. This offering centres on securing applications, users and data via a unified approach rather than relying on multiple infrastructure-heavy solutions.

Sophos reports that integrating workspace protection directly at user endpoints reduces operational complexity while addressing gaps in visibility created by traditional network-centric models.

The company intends these developments to provide organisations at all stages of cybersecurity maturity with tools capable of supporting their evolving workplace environments without increasing operational overhead or complexity.