Despite the rise in cyberattacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty that inspires today's economy.
2023 will likely be remembered as the “year of layoff.” While many expected the tide to turn after a difficult 2022 that saw more than 130,000 tech workers lose their jobs, these troubling workforce reductions only got worse this year as the industry continued to struggle with economic uncertainty. TechCrunch has closely tracked these layoffs, which have so far led to the loss of more than 240,000 jobs in the last 12 months alone, a considerable increase from 2022.
The cybersecurity sector was once largely untouched by the major workforce reductions occurring across the industry, but 2023 shows that no sector is immune. Cybersecurity is not the most affected sector: that unfortunate accolade seems to have been claimed by the transportation industry. But it's clear that cybersecurity companies are no longer exempt from layoffs, despite a strong workforce and an increasing number of cyberattacks and breaches.
According to data from the layoff tracker Layoffs.for your informationMore than 110 cybersecurity companies have made cuts since the beginning of 2023. We've rounded up some of the most notable ones.
Sophos cuts 10% of its global workforce, or 450 employees
TechCrunch learned in January that British-based security company Sophos was starting the year with layoffs affecting 10% of its global workforce, or about 450 employees. TechCrunch first learned of the layoffs after learning that several employees in India were laid off. Sophos attributed the cuts to a “challenging and uncertain macroeconomic environment.” In a statement, the company said it was taking the move in part to “strike the optimal balance between growth and profitability to support Sophos' long-term success,” while reorganizing its workforce to “support our strategic imperative to be a market leader in delivery. Cybersecurity as a service.
Bishop Fox Made Untimely Cuts After Hosting Conference Party
Cybersecurity company Bishop Fox laid off about 50 employees, or 13% of its workforce, in May, just days after the company hosted a party at the RSA security conference with custom-branded drinks. Bishop Fox, which had about 400 employees before the cuts, said at the time that it “proactively made these changes in response to the global economic situation and the opportunities we identified to make our business more efficient.” The company said that while demand for its cybersecurity products remained strong, “we cannot ignore market uncertainty and investment trends in this very different global economy.”
NCC Group carries out two rounds of layoffs months apart
British cybersecurity giant NCC Group confirmed in August that it was making further cuts to its workforce, just months after laying off 7% of its staff, or 125 employees, based in the United Kingdom and across North America. TechCrunch learned of the second round of layoffs from a person with knowledge, and NCC later said it was laying off a “small number” of employees in response to “changing market dynamics and customer demands.”
Rapid7 laid off hundreds of employees and closed offices
Rapid7, a similarly established US cybersecurity company, also announced job cuts in August. The company announced plans to lay off 18% of its workforce, affecting more than 400 employees worldwide, which it said was a necessary effort “designed to improve operational efficiency, reduce operating costs and better align the company's workforce with current business needs.” At the time, Rapid7, which describes itself as a “hybrid-first” organization, said it also planned to permanently close certain offices as a result of the restructuring.
Bug bounty giant HackerOne makes cuts 'necessary' for long-term survival
August also saw widespread layoffs at HackerOne, a widely known penetration testing and bug bounty platform. The San Francisco-based startup announced it would cut up to 12% of its workforce, or approximately 50 employees, affecting staff based in the United States, Canada, the United Kingdom, the Netherlands and other countries. HackerOne has raised about $160 million since its inception in 2012, but attributed the cuts to the macroeconomic climate. “These actions are necessary for long-term success,” HackerOne CEO Mårten Mickos said in an email to affected employees, calling the workforce reduction a “one-time event.”
Malwarebytes laid off 100 employees ahead of company split
To top off a relentless month of layoffs, Malwarebytes laid off 100 employees worldwide as it prepared for a corporate restructuring that saw the business split in two. The layoffs came almost exactly a year after Malwarebytes eliminated 14% of its global workforce. TechCrunch learned of the cuts from a former employee, who said the layoffs came just weeks after several members of the company's senior management were let go. While many cybersecurity companies blamed economic headwinds for the workforce reductions, Malwarebytes CEO Marcin Kleczynski told TechCrunch that the layoffs were an exercise in expense rationalization. Kleczynski said the company remained “healthy and profitable.”
IronNet closed after extensive layoffs
IronNet, a once-promising cybersecurity startup founded by former NSA director Keith Alexander, laid off all of its remaining staff as it prepared to close the faltering business in October. In a regulatory filing, IronNet President and Chief Financial Officer Cameron Pforr said the company had ceased all business activities as it prepares for Chapter 7 bankruptcy, effectively liquidating the company's remaining assets to pay off its remaining debts.
