Layoffs hit the once-immune cyber industry

  • News
  • By Daniel Michan
  • Published on September 8

Over the past few months, numerous cybersecurity professionals have been laid off despite initial expectations that this industry would be shielded from the wave of job cuts affecting the tech sector.

Recent reports indicate that at least nine cybersecurity companies have announced layoffs. IronNet, a cyber firm established by intelligence officials, made a public filing stating that it will lay off a significant portion of its workforce and scale back its operations. Other companies such as Malwarebytes, Fortinet, NCC Group, Rapid7, Dragos, HackerOne, and Bishop Fox have also reduced their staff this year.

The landscape reveals an expanding threat environment where demand for cybersecurity products and skilled professionals has never increased. However, this increased demand has also led to competition among cybersecurity vendors vying for a share in their client's increasingly streamlined IT and security budgets.

According to Krista Macomber from the Futurum Group, these companies in the cybersecurity space may be encountering longer lead times and sales cycles. This could be attributed to evolving market conditions.

Amidst the economic climate, cybersecurity companies are not immune to feelings of anxiety and uncertainty, according to Macomber. Companies of all sizes actively seek ways to reduce costs in preparation for a recession and other unexpected changes that may arise in the macro economy next year. Unfortunately, this often leads to workforce reductions or layoffs.

Recent reports indicate that several cybersecurity vendors have cut their workforce. Some companies have downsized by 10% to 20%, resulting in the loss of hundreds of jobs. Rapid7, for instance, let go of 18% of its employees, amounting to around 470 job losses. Similarly, SecureWorks implemented a round of layoffs in 2023, reducing their workforce by 15%.

It is worth noting that not all positions affected by these cuts were directly related to cybersecurity. Sales and marketing teams were among those impacted at some companies. For instance, CRN reported that Fortinet's recent layoffs primarily targeted their sales, business development, and channel partner teams.

Interestingly, security executives are increasingly becoming involved in IT spending decisions. While this considers perspectives during decision-making processes, it can also prolong sales cycles as executives navigate multiple opinions.

"We're observing that CISOs and cybersecurity teams now have a voice when it comes to deliberating on the IT infrastructure." And the systems and programs are in place to store and safeguard information," Macomber explained. Looking at the picture, the recent staff reductions may also contribute to stabilizing the workforce of cybersecurity vendors, which experienced significant hiring sprees during the pandemic.

During the months of the pandemic, there was a surge in cybersecurity job postings on LinkedIn as companies hurriedly transitioned their daily operations online. Now, similar to the technology industry, cybersecurity firms may be reaching a point where their employee numbers are leveling off, Macomber added. These recent layoffs are likely to worsen existing issues of burnout and retention faced by cyber workers.

A survey conducted this year by Cobalt revealed that following layoffs, half of those employees whose teams were affected expressed a desire to leave their jobs. However, it's important to note that reports suggest a need for more cybersecurity professionals.

According to CyberSeek data, 69% of available cybersecurity roles in the United States can be filled by current workers.