Layoffs Mount as Cybersecurity Vendors Hunker Down
With the vast majority of business leaders expecting a recession in 2023, cybersecurity firms are bolstering their operations and cash flow by laying off workers.
November 1, 2022
Cybersecurity firms Snyk and Cybereason separately announced significant layoffs during the last week of October, cutting their workforces by 198 and 200 workers and representing 14% and 17% of their workforces, respectively.
The two companies are the latest cybersecurity vendors to join a growing list of more than three dozen firms to pare their workforces in the past six months, as the global economy continues to flash signs of a slowdown and possible recession. On Oct. 24, for example, Snyk CEO Peter McKay announced that, while the developer security firm continues to grow, the company "must operate even more efficiently in order for Snyk to effectively withstand the continued headwinds facing the global economy."
Cybereason CEO and co-founder Lior Div also claimed strong operations but stressed its need to move away from aggressive investments in research and development, sales, and marketing and instead focus on customer retention and innovating in its core market of extended detection and response (XDR).
"While we are making significant traction in these areas and our growth remains strong, we are seeing significant volatility in the global financial markets that require us to prioritize profitability over growth," he said in an Oct.26 blog post.
Industrywide Layoffs Loom
Snyk and Cybereason are not alone. In June, privacy and security firm OneTrust announced it would lay off 950 employees, or 25% of its workforce. In late May, cloud security firm Lacework announced it would layoff approximately 300 workers, or 20% of its head count. Last week, cybersecurity automation firm Forescout announced it would be cutting costs but did not release the specific number of layoffs, instead saying the company intended to "optimize our cost base to prepare for difficult economic times over the next period to ensure the future success."
In total, 32 cybersecurity firms have announced layoffs or restructuring since early May, according to layoff tracking site Layoffs.FYI, most citing the tightening market and need to protect the longevity of the business.
"While we do not have control of the environment around us, we do have a responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success," Jay Parikh, CEO of Lacework, said in a May update. "We have adjusted our plan to increase our cash runway through to profitability and significantly strengthened our balance sheet so we can be more opportunistic around investment opportunities and weather uncertainty in the macro environment."
Investments Become Scarcer
Cybersecurity vendors' retrenchment is not without cause. The vast majority (83%) of companies expect to contend with a recession in 2023, and most of those businesses are taking steps to prepare, according to the "2023 State of IT" report. IT budgets will likely stagnate: While half of businesses (51%) expect to increase IT budgets in 2023, a significant portion of those increases are due to inflation, not expanding purchases and services, the report stated.
Investments are drying up as well, leaving startup companies more reliant on their actual cash flow to fuel future operations. Venture capital financing totaled $3.1 billion in the third quarter of 2022, down from $7.9 billion for the same quarter in 2021, according to cybersecurity-focused venture capital firm Momentum Cyber.
"It's at that point where investors can be much more scrutinizing with valuations, because if they feel like the whole economy is slowing down, they might not feel like they want to take that go-to-market risk," Eric McAlpine, managing partner at Momentum Cyber, said in the company's "Cybersecurity Market Review Q3 2022" report.
It should be said that not every company says layoffs are the result of economic realities. In August, for example, security software firm Malwarebytes reportedly sacked at least 125 employees, or about 14% of its global workforce, maintaining the company was not trying to achieve profitability but shifting to a different strategy. A month later, Malwarebytes announced a $100 million investment and a strategic shift to the managed detection and response (MDR) market.
Yet for the most part, companies appear to be hunkering down, cutting spending, and making sure they can survive as long as possible if market conditions worsen. Privacy and security firm OneTrust, for example, pointed to a potential poor economy as the reason for the paring of its workforce.
"My responsibility is to ensure OneTrust thrives and is positioned for sustained growth, and unfortunately, reducing our headcount and adapting to the capital markets sentiment is what is needed to keep us in our leadership position," Kabir Barday, the firm's CEO, said in a blog post.
Cybersecurity Jobs Still Strong
While specific cybersecurity vendor companies are cutting workers, overall the job market for cyber pros continues to be strong — a good sign for those workers who have been laid off. Businesses continue to look for cybersecurity experts, with the workforce growing 6% to 1.34 million in North America over the past 12 months, according to (ISC)2, a cybersecurity professional organization.
And job listings for tech jobs in general on jobs site Indeed.com have climbed 49% above the pre-pandemic baseline as of Oct. 21.
Meanwhile, the continued shortfall in cybersecurity workers and the increasing adoption of cloud services will result in more organizations gaining their cybersecurity expertise delivered as a service. (ISC)2 expects greater adoption, especially by small businesses, that do not have the need or budget to fund a permanent on-site team.
"We have seen a greater demand for cybersecurity skills to defend, protect, and secure our trail of personal data as threats become increasingly complex and our digital footprint continues to grow," says Clar Rosso, CEO of (ISC)2, urging organizations to not drop their collective guard.
"As organizations navigate increased economic pressures, I encourage them to continue to prioritize their cybersecurity needs," Rosso says. "Bad actors and exploits will not go away if the economy worsens; in fact, one might argue the threat landscape worsens during challenging times."
About the Author
You May Also Like
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024