Despite a rise in cyberattacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty inspired by the current economy.

2023 will likely be remembered as the “year of the layoff.” While many expected the tide to shift after a rough 2022 that saw more than 130,000 tech workers lose their jobs, these unsettling workforce reductions only worsened this year as the industry continued to battle economic uncertainty. TechCrunch has comprehensively tracked these layoffs, which have so far seen more than 240,000 jobs lost across the past 12 months alone, a hefty increase over 2022.

The cybersecurity sector was once largely untouched by the vast headcount reductions taking place across the wider industry, but 2023 shows no sector is immune. Cybersecurity is not the worst affected sector — that unfortunate accolade appears to have been claimed by the transportation industry. But it’s clear that cybersecurity firms are no longer exempt from layoffs, despite a strong workforce and an ever-increasing number of cyberattacks and breaches.

According to data from layoffs tracker Layoffs.fyi, more than 110 cybersecurity companies have made cuts since the beginning of 2023. We’ve rounded up some of the most notable.

Sophos cuts 10% of global workforce, or 450 employees

TechCrunch learned in January that the Britain-based security company Sophos was starting the year with layoffs affecting 10% of its global workforce, or about 450 employees. TechCrunch first learned of the layoffs after hearing of several employees in India who were let go. Sophos blamed the cuts on a “challenging and uncertain macro environment.” In a statement, the company said it was making the move in part to “achieve the optimal balance of growth and profitability to support Sophos’ long-term success” while shuffling its headcount to “support our strategic imperative to be a market leader in delivering cybersecurity as a service.”

Bishop Fox made ill-timed cuts after throwing conference party

Cybersecurity firm Bishop Fox laid off around 50 employees, or 13% of its workforce, in May — just days after the company threw a party at the RSA security conference featuring custom-branded beverages. Bishop Fox, which counted approximately 400 employees prior to the cuts, said at the time that it “proactively made these changes in response to the global economic situation and opportunities we identified to make our business more efficient.” The company claimed that while demand for its cybersecurity products remained solid, “we can’t ignore market uncertainty and investment trends in this very different global economy.”

NCC Group conducts two rounds of layoffs months apart

U.K. cybersecurity giant NCC Group confirmed in August that it was making further cuts to its workforce, just months after it laid off 7% of staff, or 125 employees, based in the U.K. and across North America. TechCrunch learned of the second round of layoffs from a person with knowledge, and NCC later said that it was letting go of a “small number” of employees in response to “changing market dynamics and client demands.”

Rapid7 laid off hundreds of employees, shutters offices

Rapid7, a similarly established U.S. cybersecurity firm, also announced job cuts in August. The company announced plans to lay off 18% of its workforce, affecting more than 400 global employees, which it said was a necessary effort “designed to improve operational efficiencies, reduce operating costs and better align the company’s workforce with current business needs.” At the time, Rapid7 — which describes itself as a “hybrid-first” organization” — said it also planned to permanently close certain office locations as a result of the restructuring.

Bug bounty giant HackerOne makes cuts ‘necessary’ for long-term survival

August also saw sweeping layoffs at HackerOne, a widely known bug bounty and penetration testing platform. The San Francisco-based startup announced that it was cutting up to 12% of its workforce, or approximately 50 employees, impacting staff based in the United States, Canada, the United Kingdom, the Netherlands and other countries. HackerOne raised close to $160 million since its inception in 2012, but blamed the cuts on the macroeconomic climate. “These actions are necessary to be successful long-term,” HackerOne CEO Mårten Mickos said in an email to affected employees, calling the workforce reduction a “one-time event.”

Malwarebytes let go of 100 employees ahead of company split

Rounding out a relentless month of layoffs, Malwarebytes laid off 100 employees around the world as it prepared for a corporate restructuring that saw the business split into two. The layoffs came almost exactly a year after Malwarebytes eliminated 14% of its global workforce. TechCrunch learned of the cuts from a former employee, who said that the layoffs were made just weeks after several members of the company’s C-suite were let go. While many cybersecurity firms blamed economic headwinds for reductions in headcount, Malwarebytes CEO Marcin Kleczynski told TechCrunch that the layoffs were an exercise in rationalizing expenditures. Kleczynski said the company continued to be “healthy and profitable.”

IronNet shut down after extensive layoffs

IronNet, a once-promising cybersecurity startup founded by former NSA director Keith Alexander, laid off all of its remaining staff as it prepared to shutter the faltering business in October. In a regulatory filing, IronNet’s president and chief financial officer Cameron Pforr said the company had ceased all business activities as it prepares for Chapter 7 bankruptcy, effectively liquidating the company’s remaining assets to pay its remaining debts.

Read More