Cyber security company acquired to create division serving more than 3,000 clients
The GRC Group, a provider of software and tech-enabled services to manage business risks and regulatory compliance, has acquired Pentest People Ltd.
GRC says it is focused on building market-leading positions in select areas of the governance, risk and compliance market, and the acquisition of Pentest People represents its second acquisition in the cyber security risk management market following the acquisition of Bulletproof in June.
Leeds-headquartered Pentest People will join Bulletproof (UK) and Target Defense (USA) as part of the newly formed cyber division.
Pentest People is a cyber-security business focused on bringing the benefits of penetration-testing-as-a-service (PTaaS) to UK clients through its in-house developed software platform, SecurePortal. H
It provides services to over 1,200 clients – directly and through channel partnerships and runs a graduate trainee programme.
In addition to pen testing and cyber consultancy, the business offers CHECK-accredited testing and has a growing Incident Response service.
The combined cyber division will provide services to more than 3,000 clients in the UK and USA.
Alex Dacre, chief executive of The GRC Group, said: “I’m happy to welcome Andrew, Anthony and the Pentest People team to the group.
“The addition of Pentest People following our acquisition of Bulletproof in June demonstrates our commitment to become an international leader in the Governance, Risk and Compliance market, delivering tech-led compliance to SMEs alongside leading enterprise SaaS point solutions.
“We look forward to working with the Pentest People team in further accelerating our collective growth.”
Andrew Mason, founder/managing director of Pentest People, said “We were pleased to find a new owner for Pentest People that both shares our values and will be able to continue its rapid growth trajectory and focus on innovation.
“We look forward to extending the services we can offer, through a close relationship with our new sister company and the other businesses within the group.”
Anthony Harvey, fellow founder/managing director of the firm, added: “We’re happy to be joining The GRC Group to continue the development journey of Pentest People.
“It is clear that GRC is committed to developing outstanding cyber security and that our capabilities will complement the services already offered.”
Founded in 2019, The GRC Group employs more than 1,200 experts across the UK, USA and other international locations, providing software and tech-enabled services to manage business risks and ensure customers remain compliant with legal & regulatory standards.
In May 2024, The GRC Group was acquired by Inflexion to accelerate its growth and expand into new markets through further investment in its organic growth strategy complemented by M&A.
Advisers on the Pentest People deal were: Fieldfisher (David Bowcock and Adam Jones) on legals and KPMG (James Kergon and Shippi Chandak) on financial due diligence acting for The GRC Group; 3volution (Jonathan Priestley and Emma Tomkins) on legals and Rothschild (Joe Austin) on corporate finance acting for the sellers.