Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise
Friday, February 13, 2026
Photo courtesy - Ashkan Forouzani/Unsplash
Sophos, a provider of innovative security solutions for defeating cyberattacks, has announced the acquisition of UK-based Arco Cyber, a cybersecurity assurance company that helps organisations strengthen their security posture while staying ahead of compliance requirements and emerging threats.
The acquisition enables Sophos to deliver AI-enhanced cybersecurity governance to an underserved market, giving organisations the clarity, control and decision-making needed to manage cyber risk. Continue
This acquisition marks a significant step in Sophos’ strategy to strengthen cybersecurity governance and risk management for organisations across India and globally, delivered through its extensive partner ecosystem. Sophos refers to this approach as Sophos CISO Advantage - a set of capabilities designed to scale the knowledge, judgment, and operational discipline of a world-class CISO to organisations with or without dedicated security leadership. This combines agentic AI, integrated security platforms and trusted human expertise delivered in collaboration with Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs).
Arco Cyber strengthens this vision by adding capabilities that enable organisations to continuously validate the effectiveness of their security controls, align them with risk and compliance frameworks, and present clear, executive-ready insights that support better decision-making.
“There is no shortage of exemplary security technology in the market,” said Joe Levy, CEO, Sophos. “What’s missing for most organisations is the ability to govern those tools, understand whether controls are actually working and make informed decisions about risk. Arco has built a platform and a team that offers clarity, accountability and proof. That work directly supports our strategy; and it gives customers a stronger foundation for simplifying compliance and managing cyber risk with confidence.”
A key pillar of Sophos CISO Advantage is the role of MSPs and MSSPs in delivering these capabilities at scale. Most organisations rely on trusted partners to translate insights into action, provide context and guide day-to-day security decisions. Sophos CISO Advantage strengthens this relationship by equipping partners with AI-driven governance, continuous assurance and clear risk intelligence, enabling them to act as strategic security advisors rather than just technology operators.
There are an estimated 359 million organisations worldwide, yet fewer than 32,000 have a Chief Information Security Officer (CISO). Even those with dedicated security leadership require clear risk assessments, governance frameworks, prioritisation, and the ability to demonstrate security effectiveness to boards, regulators, and insurers.
“As cybersecurity matures beyond alerts and point solutions, organisations are increasingly focused on proving impact, not just activity,” said Phil Harris, Research Director, Governance, Risk and Compliance Solutions at IDC. “Boards, regulators and insurers want clear evidence that security investments are reducing risk and strengthening governance. Platforms that integrate detection and response with assurance, advisory and risk-based measurement are better aligned with how organisations actually operate. The Sophos and Arco Cyber combination represents a new category of platform-led cybersecurity that connects operations, assurance and risk-based outcomes.”
For organisations with a CISO or dedicated security leadership, Sophos CISO Advantage will provide a more efficient and integrated way to manage risk, track progress and communicate outcomes. For organisations without a CISO, it will deliver practical, CISO-level guidance to help them take control of their security posture and decision-making.
“Arco was founded to help organisations move from assumption to proof in cybersecurity,” said Matt Helling, CEO and Co-Founder of Arco Cyber. “By joining Sophos, we can deliver against that mission and reach far more customers who are struggling to demonstrate control effectiveness, prioritise risk and justify security decisions. Sophos shares our belief that cybersecurity should deliver clarity, confidence and control, not just data. Together, we can help organisations of all sizes turn security into a managed, defensible business discipline.”
Arco Cyber will join Sophos as a dedicated team to advance Sophos CISO Advantage. Its technology and expertise will be integrated into Sophos Central, the platform that powers Sophos’ ecosystem, including advisory services, managed detection and response (MDR); and partner-delivered services that enable MSPs and MSSPs to scale cybersecurity strategy for their customers.
