London-based cybersecurity services provider Saepio announced the acquisition of Milton Keynes-based offensive security specialist Ruptura.
This marks Saepio’s first publicly reported acquisition since its own change of ownership in 2024. Saepio has brought Ruptura’s entire penetration-testing capability in-house, including staff and services. Ruptura’s founder and managing director, Tom Heenan, will join Saepio as Director of Offensive Security. The acquisition adds to Saepio’s service portfolio Ruptura’s advanced pen-testing offerings, CREST and CHECK certifications, and government-recognised Cyber Essentials and Cyber Essentials Plus compliance capabilities. While financial terms were not disclosed, the deal is reported to add about 15 heads to Saepio’s workforce, lifting total headcount to just under 100.
Ruptura brings highly specialised offensive security skills — penetration testing, red-teaming, and resilience assessments — which complement Saepio’s existing consultative cyber-resilience, advisory, and managed service work. By internalising these capabilities, Saepio can offer a more integrated service suite from strategy and compliance to real-world adversarial testing. In the current threat landscape, organisations face not just defensive requirements but increasingly sophisticated adversaries. Saepio’s co-CEO, Amir Nooriala, referred to the acquisition as “excellent timing” in light of escalating cyber threats and regulatory burdens.
The UK alone is reported to experience around four nationally significant cyber incidents per week. Organisations increasingly need not only to detect and respond to threats, but also to prove their resilience and compliance — drawing together policy, people, technology, and attacker simulation. Ruptura’s Cyber Essentials services and its accreditation as a certification body add a compliance and governance component that broadens Saepio’s value proposition.
For Saepio, this acquisition is not just tactical but strategic. Co-CEO Daniel Cárdenas-Clark has publicly stated the aim of becoming “the largest independent cybersecurity provider in the UK and Europe.” With Ruptura now under its umbrella, Saepio gains an enhanced offensive security capability — a differentiator in the mid-market, where many service providers focus only on defensive or managed services. The deal also signals a willingness to pursue M&A as a growth lever, with Saepio confirming that further acquisitions are on the horizon.
Integrating a specialist offensive security team such as Ruptura into a broader service organisation like Saepio will require cultural and operational alignment, preserving Ruptura’s technical edge while aligning with Saepio’s broader client delivery model. With internalised pen-testing, Saepio can potentially bundle resilience testing with advisory, compliance, and managed services, shifting from point solutions toward end-to-end cyber-resilience engagements. Mid-market buyers — SMEs and larger corporates outside the enterprise segment — increasingly seek single-stop cybersecurity providers that can advise, test, deliver, and certify. If Saepio leverages Ruptura’s brand and capabilities effectively, it may gain advantage versus niche pentest firms and larger aggregators.
Offensive security specialists are in high demand, so retaining and scaling such talent will be critical, as will ensuring quality is maintained as services expand. With Cyber Essentials certification status, Saepio can address a growing regulatory and compliance market in the UK and EU, especially for organisations needing independent assurance of their resilience posture.
Cybersecurity M&A has been active as providers seek to augment capabilities such as AI-powered detection, zero-trust advisory, and red-teaming. By acquiring Ruptura, Saepio taps into this trend — consolidating specialist offensive skills within a broader managed and advisory services firm. The move illustrates how the value chain in cyber defence is shifting: firms that can simulate attackers, advise clients, and manage ongoing risk are increasingly in demand. As regulatory burdens such as the UK’s evolving security framework and Europe’s NIS2 directive intensify, compliance and independent assurance services are becoming growth areas, not only for large enterprises but also for the mid-market.
Saepio’s acquisition of Ruptura is a significant step for both organisations. For Ruptura, it represents a chance to scale and leverage a broader platform; for Saepio, it marks a leap in capability and ambition. As cyber threats grow more sophisticated and compliance demands more stringent, the ability to both test and advise becomes a competitive differentiator. If Saepio can integrate Ruptura’s specialist team, retain the depth of technical capability, and deliver an end-to-end value proposition to its clients, the acquisition could well position them for the next phase of growth.
