Sophos acquires Arco Cyber to add continuous assurance

Sophos acquired UK-based Arco Cyber to deliver AI-enhanced cybersecurity governance to an underserved market, providing organizations greater clarity, control and decision-making for managing cyber risk.

The acquisition formed part of Sophos’ stated strategy to strengthen cybersecurity strategy and governance across all levels of maturity through its global partner ecosystem, and to scale CISO capabilities where dedicated security leadership is not present. The company cited a gap in CISO coverage, noting an estimated 359 million organizations worldwide and fewer than 32,000 Chief Information Security Officers.

Sophos CISO Advantage was described as a set of capabilities that combined agentic Artificial Intelligence (AI), integrated platforms and human expertise delivered via MSPs and MSSPs, and that provided real-time insight into control performance while remaining grounded in human oversight and judgment. Arco Cyber added capabilities to continuously validate control effectiveness, map controls to risk and compliance frameworks, and produce executive-ready insight to support decision-making.

Arco Cyber was presented in the release as a cybersecurity assurance company focused on improving security posture while addressing compliance requirements and emerging threats, and its platform and team were identified as complementary additions to Sophos’ existing offerings and partner-delivered services.

“There is no shortage of exemplary security technology in the market,” said Joe Levy, CEO of Sophos.

Sophos said Arco Cyber will join as a dedicated team to advance Sophos CISO Advantage and that its technology and expertise will be integrated into Sophos Central, the platform that delivers Sophos’ advisory services, Managed Detection and Response (MDR) and partner-delivered services.