The decision may be hard to some because they are very similar in their ability. Both signature wise, and web blocking.
The biggest difference is in how you set them up. Forticlient being the easiest and less of a pain in the butt. It is a true home AV unlike Sophos which gives a "business" or I suppose an enterprise feel to it. It is after all based off of one. Having to set it up on a browser is not very user friendly for one computer use (which is what most would use it for).
For protection, I believe both to be equal or at least similarly equal. Both uses signatures and heuristics. Both very strong in use against malware and adware alike. Web blocking is very configurable and more effective than most suites (if not all). There is the built in Forticlient VPN support (not a security features, but an addon), Sandbox support (via FortiSandbox), etc which Sophos is lacking. For that reason, Forticlient does have an advantage against unknowns if fully utilized.
On a personal note: Forticlient has also been far more stable. Upon installation (many times - even after updates) I could not get Sophos to start up by itself. It's somewhat forced deletion (unless you use exclusions) of what it deemed malicious was a huge nuisance to me since I do use tools that are uncommon or even thrown together myself.
With Forticlient it was far easier to not only set exclusions, but to add to exclusions upon detection without the need to select individual folders, drives (which is risky even if a secondary drive, external, USB, etc) and files.