OXFORD, United Kingdom, Feb. 10, 2026 (GLOBE NEWSWIRE) -- Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced it has acquired UK-based Arco Cyber, a cybersecurity assurance company dedicated to helping organizations improve their security posture while staying ahead of compliance requirements and emerging threats.
The acquisition is an important step in Sophos’ strategy to help organizations strengthen cybersecurity strategy and governance across all levels of maturity, delivered through the company’s global partner ecosystem. Sophos refers to this as Sophos CISO Advantage, a set of capabilities designed to scale the knowledge, judgment, and operating discipline of a world-class CISO to organizations with or without dedicated security leadership, combining agentic AI, integrated platforms, and trusted human expertise delivered in partnership with managed service providers (MSPs) and managed security service providers (MSSPs). Advances in agentic and AI-assisted systems now make it possible to deliver real-time insight into control performance, while remaining grounded in human oversight and judgment.
Arco Cyber accelerates this vision by adding capabilities that help organizations continuously validate whether security controls are effective, map controls to risk and compliance frameworks, and present clear, executive-ready insight that supports better decision-making.
“There is no shortage of exemplary security technology in the market,” said Joe Levy, CEO of Sophos. “What’s missing for most organizations is the ability to govern those tools, understand whether controls are actually working, and make informed decisions about risk. Arco has built a platform and a team that offers clarity, accountability, and proof. That work directly supports our strategy, and it gives customers a stronger foundation for simplifying compliance and managing cyber risk with confidence.”
A critical element of Sophos CISO Advantage is the role of MSPs and MSSPs in delivering these capabilities at scale. Most organizations rely on trusted partners to translate insight into action, provide context, and guide day-to-day decision-making. Sophos CISO Advantage is designed to strengthen that relationship by equipping partners with AI-driven governance, continuous assurance, and clear risk insight, enabling them to deliver CISO-level leadership as a service. This approach allows MSPs and MSSPs to elevate their role from technology operators to strategic security advisors, while giving customers greater clarity, control, and confidence in how cyber risk is managed.
Addressing a Leadership Gap in Cybersecurity
There are an estimated 359 million organizations worldwide, yet fewer than 32,000 have a Chief Information Security Officer (CISO)1. Those with CISOs or other dedicated security leadership also require clear risk assessments, governance, prioritization, and demonstrability of security effectiveness to boards, regulators, and insurers.
“As cybersecurity matures beyond alerts and point solutions, organizations are increasingly focused on proving impact, not just activity,” said Phil Harris, Research Director, Governance, Risk and Compliance Solutions at IDC. “Boards, regulators, and insurers want clear evidence that security investments are reducing risk and strengthening governance. Platforms that integrate detection and response with assurance, advisory, and risk-based measurement are better aligned with how organizations actually operate. The Sophos and Arco Cyber combination represents a new category of platform-led cybersecurity that connects operations, assurance, and risk-based outcomes.”
For organizations with a CISO or similar leadership, Sophos CISO Advantage will provide a more efficient, integrated way to manage risk, track progress, and communicate outcomes. For organizations without one, it will deliver practical, CISO-level guidance that helps them take control of their security posture and decisions.
“Arco was founded to help organizations move from assumption to proof in cybersecurity,” said Matt Helling, CEO and co-founder of Arco Cyber. “By joining Sophos, we can deliver against that mission and reach far more customers who are struggling to demonstrate control effectiveness, prioritize risk, and justify security decisions. Sophos shares our belief that cybersecurity should deliver clarity, confidence, and control, not just data. Together, we can help organizations of all sizes turn security into a managed, defensible business discipline.”
Arco Cyber will join Sophos as a dedicated team to advance Sophos CISO Advantage. Its technology and expertise will be integrated into Sophos Central, the platform which delivers Sophos’ broader ecosystem including advisory services, managed detection and response (MDR), and partner-delivered services that enable MSPs and MSSPs to scale cybersecurity strategy for their customers.
About Sophos
Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-driven platform and expert-led services. Sophos meets organizations wherever they are in their security maturity and grows with them to defeat cyberattacks. Its solutions combine machine learning, automation, and real-time threat intelligence with frontline human expertise from Sophos X-Ops to deliver advanced, 24/7 threat monitoring, detection, and response. Sophos offers industry-leading managed detection and response (MDR) alongside a comprehensive portfolio of cybersecurity technologies — including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Together with expert advisory services, these capabilities help organizations proactively reduce risk and respond faster, with the visibility and scalability needed to stay ahead of evolving threats. Sophos goes to market with a global partner ecosystem, including Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), resellers and distributors, marketplace integrations, and cyber risk partners, giving organizations the flexibility to choose trusted relationships when securing their business. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.
1 https://cybersecurityventures.com/2023-ciso-report/
Media Contact: Kelly Archer Director Marketing Communications, Sophos PR@sophos.com
