Pentest People has been acquired by GRC Group

Arrowpoint Advisory’s Cyber Security sector team has advised the shareholders of Pentest People on its sale to GRC Group, a leading provider of software and tech-enabled services to manage business risks and regulatory compliance. Pentest People will join Bulletproof (UK) and Target Defense (USA) as part of the newly formed cyber division.

Pentest People is a disruptive cyber-security business focused on bringing the benefits of penetration-testing-as-a-service (PTaaS) to UK clients. Combining the benefits of consultant led penetration testing and continuous vulnerability scanning through its in-house developed software platform SecurePortal. Headquartered in Leeds, Pentest People provides services to over 1,200 clients - directly and through channel partnerships and runs an award-winning graduate trainee programme. In addition to pen testing and cyber consultancy, the business offers CHECK accredited testing and has a rapidly growing Incident Response service - widening the services offered by the Group.

Founded in 2019 and growing rapidly, The GRC Group employs more than 1,200 experts across the UK, USA and certain international geographies, providing software and tech-enabled services to manage business risks and ensure customers remain compliant with legal & regulatory standards. With six business lines, Compliance eLearning, Regulatory Intelligence, Risk Management Software, Employment Compliance, ISO services and Cyber Security, the business delivers compliance to both SMEs and large global enterprises. In May 2024, The GRC Group was acquired by Inflexion to accelerate its growth and expand into new markets through further investment in its organic growth strategy complemented by M&A.

The combined cyber division will provide services to more than 3,000 clients in the UK and USA, in a risk area that continues to be under-serviced.

Alex Dacre, Chief Executive at The GRC Group, said: “I’m delighted to welcome Andrew, Anthony and the Pentest People team to the Group. The addition of Pentest People following our acquisition of Bulletproof in June demonstrates our commitment to become an international leader in Governance, Risk and Compliance market, delivering tech-led compliance to SMEs alongside leading enterprise SaaS point solutions. We look forward to working with the Pentest People team in further accelerating our collective growth.”

Andrew Mason, Founder / Managing Director at Pentest People, commented: “We were delighted to find a new owner for Pentest People that both shares our values and will be able to continue its rapid growth trajectory and focus on innovation. We look forward to extending the services we can offer, through a close relationship with our new sister company and the other businesses within the Group.”

Anthony Harvey, Founder / Managing Director at Pentest People, highlighted: “We’re delighted to be joining The GRC Group to continue the development journey of Pentest People. It is clear that GRC is committed to developing an outstanding cyber security and that our capabilities will complement the services already offered.”

Andrew Mason went on to add: “Arrowpoint Advisory’s track record in the cyber security sector speaks for itself, so they were a natural choice of adviser once we decided to sell Pentest People. The hands-on support and guidance we received was invaluable in smoothly navigating the sale process and achieving a successful outcome.”

Joe Austin, Director at Arrowpoint Advisory, concluded: “We were thrilled to be entrusted by Andrew, Anthony, Robin and Gavin with the sale of Pentest People. It was a pleasure to work with such an innovative and disruptive business with such a strong track record of growth. The transaction marks yet another important milestone for our Cyber Security sector team as we continue our work as one of the most active advisers in the space.”

Contact the deal team