While the number of cyberattacks is growing, several cybersecurity providers are laying off employees, possibly reflecting a broader concern about the global economy.
Even as many cybersecurity experts have complained about a shortage of qualified workers in the space, at least half a dozen cybersecurity providers have laid off employees in recent months.
In late June, Virginia-based IronNet announced layoffs of 17% of its workforce, totaling 55 employees. The company had reported a net loss of $33.2 million in the first quarter of its 2023 fiscal year, more than doubling its loss from a year earlier.
Also in June, Cybereason, based in Boston and Tel Aviv, said it was laying off 10% of its workforce, affecting about 130 employees. The company had applied for an initial public offering just four months earlier. Still, a slowing tech market forced it to “exercise more strict financial discipline and prioritize profitably over top-line growth,” Cybereason said in a statement.
And in late May, San Jose-based Lacework, a cloud security provider, laid off about 20% of its staff, affecting an estimated 200 employees. In November, the company announced $1.3 billion in funding, but the layoffs came as the company focused on containing costs during an uncertain economy.
Also in June:
- Privacy-focused provider OneTrust, based in Atlanta, announced the layoffs of 950 employees, or 25% of its workforce.
- Cybersecurity provider Deep Instinct, based in New York, cut 10% of its sales workforce.
- Colorado-based Automox, a provider of endpoint security, laid off an estimated 18% of its workforce, or about 75 employees.
The decision to lay off employees met with a mixed reaction from other cybersecurity and IT professionals.
“With a raging war in Eastern Europe and cybersecurity threats engaging targets across the globe, it would be absurd to reduce your security spend right now,” said Richard Gardner, CEO of Modulus, a provider of banking and artificial intelligence software. “What we’re seeing in the cybersecurity space is a mix of shortsightedness and economic fear.”
He told the Washington Examiner that economic conditions worldwide, including high inflation, are causing many companies to retrench.
“With massive pandemic-related spending packages, an unpredictable Putin, and a supply chain which still hasn’t shaken off the COVID-induced collywobbles, investor fear is through the roof, and that’s translating to corporate decision-making,” he said.
Still, Gardner compared cybersecurity investments to a homeowner replacing the roof, saying, “It’s an investment that doesn’t seem to immediately pay off. You don’t really notice cybersecurity until you’ve been breached, just like you don’t notice the roof until you have a leak.”
In some cases, the layoffs may focus on support staff, some business experts noted, instead of cybersecurity and engineering staff. In those cases, the impact on products may be minimal.
With the layoffs coming at cybersecurity product companies, many of the employees affected are likely to be in sales, marketing, and software development, instead of people with direct cybersecurity roles, said Matt Shepherd, co-founder and vice president of information security and privacy at MindPoint Group, a security consulting firm.
With cybersecurity services and consulting firms, increased demand means increased hiring, but cybersecurity product providers operate under a different hiring model, he told the Washington Examiner. “They have to continue trying to make a viable product for the least cost possible, and that is how you end up deciding to lay off staff while facing increased demand,” he said.
Customers have the right to ask how these layoffs will affect products and services, said John Li, co-founder and chief technology officer of lending company Fig Loans. “If providers get nervous, sensitive, or incensed by the question, it could be time [for customers] to move on,” he told the Washington Examiner.
These cybersecurity companies, however, are reacting to market conditions and protecting their finances for the long term, he added.
“Though the demand for cybersecurity remains high, every business must watch its bottom line when inflation rises and the market faces a potential recession,” Li said. “There isn’t one correct answer for layoffs, but those providers that lay off enough employees to negatively affect their ability to protect their clients may be shooting themselves in the metaphorical foot.”
