GRC Group Acquires Pentest People

The GRC Group ("GRC"or the "Group"), a leading provider of software and tech-enabled services to manage business risks and regulatory compliance, has today acquired Pentest People Ltd (“Pentest People”). The GRC Group is focused on building market-leading positions in select areas of the governance, risk and compliance market, and the acquisition of Pentest People represents GRC’s second acquisition in the cyber security risk management market following the acquisition of Bulletproof in June. Pentest People will join Bulletproof (UK) and Target Defense (USA) as part of the newly formed cyber division.

Pentest People is a disruptive cyber-security business focused on bringing the benefits of penetration-testing-as-a-service (PTaaS) to UK clients. Combining the benefits of consultant led penetration testing and continuous vulnerability scanning through its in-house developed software platform SecurePortal. Headquartered in Leeds, Pentest People provides services to over 1,200 clients - directly and through channel partnerships and runs an award-winning graduate trainee programme. In addition to pen testing and cyber consultancy, the business offers CHECK accredited testing and has a rapidly growing Incident Response service - widening the services offered by the Group.

The combined cyber division will provide services to more than 3,000 clients in the UK and USA, in a risk area that continues to be under-serviced.

Alex Dacre, Chief Executive of The GRC Group:

‍“I’m delighted to welcome Andrew, Anthony and the Pentest People team to the Group. The addition of Pentest People following our acquisition of Bulletproof in June demonstrates our commitment to become an international leader in Governance, Risk and Compliance market, delivering tech-led compliance to SMEs alongside leading enterprise SaaS point solutions. We look forward to working with the Pentest People team in further accelerating our collective growth."   

Andrew Mason, Founder/ Managing Director of Pentest People:

“We were delighted to find a new owner for Pentest People that both shares our values and will be able to continue its rapid growth trajectory and focus on innovation. We look forward to extending the services we can offer, through a close relationship with our new sister company and the other businesses within the Group.”

Anthony Harvey, Founder / Managing Director of Pentest People:

“We’re delighted to be joining The GRC Group to continue the development journey of Pentest People. It is clear that GRC is committed to developing an outstanding cyber security offering and that our capabilities will complement the services already offered.” 

Additional Background on The GRC Group

Founded in 2019 and growing rapidly, The GRC Group employs more than 1,200 experts across the UK, USA and certain international geographies, providing software and tech-enabled services to manage business risks and ensure customers remain compliant with legal & regulatory standards. With six business lines, Compliance eLearning, Regulatory Intelligence, Risk Management Software, Employment Compliance, ISO services and Cyber Security, the business delivers compliance to both SMEs and large global enterprises.  

In May 2024, The GRC Group was acquired by Inflexion to accelerate its growth and expand into new markets through further investment in its organic growth strategy complemented by M&A.

In June 2024, the Group acquired Bulletproof Cyber Ltd, which trades as Bulletproof in the UK and as Target Defense in the USA - a leading provider or cyber security, information security and data protection services. Together the new group’s new cyber division will be able to call on the expertise of more than 100 accredited professionals and cyber consultants.

Final Words

Looking ahead, The GRC Group's acquisition of Pentest People marks another significant step in its mission to become a global leader in governance, risk, and compliance. By expanding its cyber security offerings and integrating innovative platforms like Pentest People’s SecurePortal, GRC is well-positioned to meet the evolving security needs of its clients. With further investment in cutting-edge technology, expert talent, and service expansion, the Group remains committed to delivering high-quality, tech-enabled solutions. As GRC continues to grow and invest, it aims to provide unparalleled compliance and security services to a diverse and expanding client base, driving innovation and excellence in the industry.

‍