Sophos Acquires Arco Cyber to Scale CISO-Level Governance for SMBs
Event summary
- Sophos acquired UK-based Arco Cyber on February 10, 2026 for an undisclosed sum.
- Arco Cyber's platform validates security controls, maps them to risk/compliance frameworks, and provides executive-ready insights.
- The acquisition supports Sophos' CISO Advantage strategy, which combines AI, integrated platforms, and human expertise to scale security governance.
- Arco Cyber will be integrated into Sophos Central, enhancing managed detection and response (MDR) and partner-delivered services.
The big picture
The acquisition addresses a critical gap in cybersecurity: fewer than 32,000 of the 359 million organizations worldwide have dedicated CISOs. By embedding governance and assurance capabilities into its platform, Sophos aims to democratize enterprise-grade security strategy for SMBs and mid-market firms. This aligns with broader industry shifts toward outcome-based security metrics and board-level accountability.
What we're watching
- Market Differentiation
- Whether Sophos can sustain competitive advantage by bundling governance with detection/response capabilities.
- Partner Adoption
- The pace at which MSPs/MSSPs integrate CISO Advantage into their service offerings.
- Regulatory Alignment
- How effectively the platform adapts to evolving compliance requirements across global markets.
Related topics