Despite the increase in cyber attacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty inspired by the current economy.
2023 will probably be remembered as the “year of the layoff.” While many expected the tide to turn after a rough 2022 that saw more than 130,000 tech workers lose their jobs, those alarming workforce declines only worsened this year as the industry continued to battle economic uncertainty. TechCrunch has closely tracked these layoffs, which have so far seen more than 240,000 jobs lost in the past 12 months alone, a huge increase over 2022.
The cybersecurity sector was once largely untouched by the massive downsizing taking place across the wider industry, but 2023 shows no sector is immune. Cybersecurity isn’t the hardest-hit area — that unfortunate distinction seems to have been claimed by the transportation industry. But it’s clear that cybersecurity companies are no longer exempt from layoffs, despite a strong workforce and an ever-increasing number of cyberattacks and breaches.
According to data from the layoffs tracker Layoffs.fyimore than 110 cybersecurity companies have made cuts since early 2023. We rounded up some of the most notable.
Sophos is cutting 10% of its global workforce, or 450 employees
TechCrunch learned in January that UK-based security firm Sophos was starting the year with layoffs affecting 10% of its global workforce, or about 450 employees. TechCrunch first learned of the layoffs after hearing about several employees in India who were let go. Sophos blamed the cuts on a “challenging and uncertain macroeconomic environment”. In a statement, the company said it made the move in part to “achieve the optimal balance of growth and profitability to support the long-term success of Sophos,” while shuffling its headcount to “support our strategic imperative to be market leader in providing cyber security as a service”.
Bishop Fox made ill-advised cuts after organizing the conference party
Cybersecurity firm Bishop Fox laid off about 50 employees, or 13% of its workforce, in May — just days after the company hosted a party at the RSA security conference that featured specialty drinks. Bishop Fox, which had about 400 employees before the cuts, said at the time that it “proactively made these changes in response to the global economic situation and the opportunities we identified to make our business more efficient.” The company claimed that while demand for its cyber products remained steady, “we cannot ignore market uncertainty and investment trends in this very diverse global economy.”
NCC Group is carrying out two rounds of layoffs months apart
UK cyber security giant NCC Group confirmed in August that it was making further cuts to its workforce, just months after it laid off 7% of its staff, or 125 employees, based in the UK and across North America. TechCrunch learned of the second round of layoffs from a person with knowledge, and NCC later said it was letting go a “small number” of employees in response to “changing market dynamics and customer demands.”
Rapid7 lays off hundreds of employees, closes offices
Rapid7, a similarly established US cybersecurity company, also announced job cuts in August. The company announced plans to lay off 18% of its workforce, affecting more than 400 employees worldwide, in what it said was a necessary effort “designed to improve operational efficiency, reduce operating costs and better align workforce of the company with the current business needs’. At the time, Rapid7 — which bills itself as a “hybrid-first” organization — said it also planned to permanently close some office locations as a result of the restructuring.
Bug giant HackerOne calls cuts ‘necessary’ for long-term survival
August also saw sweeping layoffs at HackerOne, a well-known bug bounty and penetration testing platform. The San Francisco-based startup announced it was cutting up to 12% of its workforce, or about 50 employees, affecting staff based in the United States, Canada, the United Kingdom, the Netherlands and other countries. HackerOne has raised nearly $160 million since its inception in 2012, but blamed the cuts on the macroeconomic climate. “These actions are necessary to be successful in the long term,” HackerOne CEO Mårten Mickos said in an email to affected employees, calling the workforce reduction a “one-off.”
Malwarebytes laid off 100 employees before the company split
Capping off a relentless month of layoffs, Malwarebytes laid off 100 employees worldwide as it prepared for a corporate restructuring that saw the business split in two. The layoffs come almost exactly a year after Malwarebytes eliminated 14 percent of its global workforce. TechCrunch learned about the cuts from a former employee, who said the layoffs came just weeks after several members of the company’s C-suite left. While many cybersecurity companies have blamed economic headwinds for downsizing, Malwarebytes CEO Marcin Kleczynski told TechCrunch that the layoffs were an exercise in streamlining costs. Kleczynski said the company continued to be “healthy and profitable.”
IronNet shut down after extensive layoffs
IronNet, a promising cybersecurity startup founded by former NSA director Keith Alexander, laid off all of its remaining staff as it prepared to shut down the struggling business in October. In a regulatory filing, IronNet president and chief financial officer Cameron Pforr said the company had ceased all business operations as it prepares for Chapter 7 bankruptcy, effectively liquidating the company’s remaining assets to pay its remaining debts.
