GRC Group, a company specializing in software and services for managing business risks and regulatory compliance, has acquired the cybersecurity firm Pentest People. This acquisition is GRC’s second in the cybersecurity sector, following its acquisition of Bulletproof in June. Together, these acquisitions form a new cyber division within the group, enhancing their ability to offer comprehensive cybersecurity services.
Pentest People, based in Leeds, is known for its penetration-testing-as-a-service (PTaaS) model, which combines consultant-led penetration testing with continuous vulnerability scanning using its proprietary SecurePortal platform. The company serves over 1,200 clients and is recognized for its graduate trainee program, CHECK-accredited testing, and a growing Incident Response service. This expansion into cybersecurity further solidifies GRC’s capabilities in managing security risks.
The new cyber division, which includes Bulletproof in the UK and Target Defense in the USA, now serves over 3,000 clients across these regions. Alex Dacre, CEO of GRC Group, expressed enthusiasm for the acquisition, highlighting the group’s commitment to becoming a leader in the Governance, Risk, and Compliance market. The merger will help GRC provide tech-led compliance solutions to SMEs while also offering enterprise-level SaaS solutions.
Pentest People’s founders, Andrew Mason and Anthony Harvey, expressed their excitement about joining GRC Group, noting that the partnership would allow them to continue their rapid growth trajectory while expanding their service offerings. GRC Group, which employs over 1,200 experts across the UK, USA, and other regions, aims to accelerate growth through both organic strategies and acquisitions, with the recent acquisitions strengthening its cybersecurity division.
Reference:
