Job cuts hit cybersecurity industry despite surging growth from ransomware attacks

At the RSA Conference this week, security software companies were grappling with soaring attacks and the new realities of the capital markets.

Job cuts hit cybersecurity industry despite surging growth from ransomware attacks

A construction crew assembles a display for the RSA Conference at Moscone Center in San Francisco, Calif.

Paul Chinn | San Francisco Chronicle via Getty Images

Nothing has lowered Cybereason's expectations for growth. Rather, the continuing rise in ransomware attacks has forced its clients to bolster spending on security systems, putting the security software company ahead of schedule when it comes to revenue.

But Cybereason is cutting costs anyway, confirming last week that it's laying off 10% of its workforce, or about 100 employees. The reductions follow the dramatic swing in the economy this year and the beating that software stocks have taken on the public market.

Cybereason's story resonates with many of the 450-plus vendors in attendance at RSA, the premier conference for companies in security software. The size, scale, complexity and potential damage caused by cyberattacks means that no matter how corporate IT and finance departments are responding to inflation and a potential economic slowdown, budgets are expanding when it comes to protecting data and networks.

The global cybersecurity market is expected to grow at an annual rate of 9.5% a year, reaching almost $375 billion a year by 2028, according to Vantage Market Research. That's about double the rate of growth forecast for overall IT spending, at least over the next two years, according to Gartner.

Still, with the IPO window closed, Cybereason's plans for its next financing round were thwarted. Private capital could have been an option but likely with painful terms and an almost certain markdown from the company's $3 billion valuation achieved in a funding round last year. CEO Lior Div opted instead to reduce expenses and preserve cash.

Lior Div, Cybereason

Kiyoshi Ota | Bloomberg | Getty Images

"We were working under the assumption that capital would be available, as much as we need and at the same price," Div said in an interview this week in San Francisco at the annual RSA Conference, referring to the company's operating plans last year. "We were not optimized as a business."

There's no demand problem.

A report in April from security company Sophos said that 66% of organizations surveyed were hit by a ransomware attack in 2021, up from 37% the prior year. The average ransom payment increased almost fivefold to over $800,000, the report said.

Ransomware attacks occur when a hacker group infiltrates a corporate network and then holds the data hostage, demanding a sum of money from the victim to in return for access to the data.

War in Ukraine makes matters worse

The crisis has intensified this year, with cyberattacks from Russia on the rise following the country's invasion of Ukraine in February. Cybersecurity authorities from the U.S. and four ally countries released an advisory in April, warning of a jump in cyber activity "as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners."

Cybereason's technology is designed to recognize when and how malicious attacks are taking place by establishing a constant real-time view of what's happening inside networks. The company has been particularly effective at helping clients fend off ransomware attacks, thanks to a web of sensors across the world that automatically identify anything suspicious or unfamiliar that hits a network.

Last year, Cybereason raised $325 million, taking advantage of an insatiable demand for high-growth software names. Div said he'd set out to raise just $200 million, but money was so free and easy that the company went bigger.

Four months later, the Nasdaq peaked. Since then, the tech-heavy index is down 27%. Cybereason's closest public market rivals, SentinelOne and CrowdStrike, have dropped 66% and 35%, respectively, over that stretch. Meanwhile, SentinelOne reported revenue growth of 109% in the latest quarter from a year earlier, while CrowdStrike grew 61%.

Across the board, investors have rotated out of high-growth tech, moving into names and sectors that are generally viewed as safer in an environment of rising inflation and interest rates. The IPO market ground to a halt just as Cybereason was confidentially filing paperwork for an upcoming offering.

"We said, 'OK, we planned to go out, and now we have to make sure we're fiscally responsible and can keep running the business for many years,'" Div said.

While neither SentinelOne nor CrowdStrike have backed off their prior hiring plans, their slide alongside the broader market has forced pre-IPO companies and those at even earlier stages to reassess their prospects based on the new realities of the capital markets.

Deep Instinct, a start-up that uses deep learning to try and prevent ransomware, cut 10% of its salespeople this week. That's despite growth of over 200% last year in annual recurring revenue, a rate of expansion that continued into the first quarter of this year.

Lane Bess, chairman of Deep Instinct, said the company had to get more efficient with its sales operation.

"We took a look and said, 'Where are we being most effective in the enterprise?'" Bess said in an interview at RSA. "Are we doing well in the low end of the market, where we have inside salespeople? No. Do we have channel partners that can get to that low end of the market? Yes.'"

In late May, cloud security software vendor Lacework said it was cutting 20% of its workforce, just six months after raising $1.3 billion at an $8.3 billion valuation. The company said a "seismic shift" in the markets forced it to make modifications.

"While we do not have control of the environment around us, we do have a responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success," Lacework said in a blog post.

Lacework ranked 25th on CNBC's Disruptor 50 list, which was released in May. Cybereason ranked 41st in its second straight appearance on the list.

The layoffs and hiring freezes at companies that had been in hyper-growth mode is likely to have a trickle-down effect across the labor market in the industry. While every CEO and recruiter will say that competing for top technical talent, particularly in security, remains as tough as ever, the market turmoil has employers reconsidering how they think about compensation.

"It's less competitive out there, because there are fewer start-ups," said Todd McKinnon, CEO of Okta, a company that provides identity management software for corporations. "We want our pay to be at the top of the market, but not more. If the market goes down, we don't want to be slow to adjust."

Like its publicly-traded peers, Okta has been hammered this year, with its stock falling 58%. But there's no shortage of business opportunities. Revenue jumped 65% in the first quarter.

McKinnon isn't expecting a flood of talent to suddenly hit the market, because "private companies still have a ton of money," he said. Venture capitalists poured a record $332.8 billion into U.S. start-ups last year, double the amount from a year earlier, according to the National Venture Capital Association.

'Path to profitability'

High-valued private security companies like Snyk ($8.5 billion), Tanium (over $9 billion) and Illumio ($2.75 billion) told CNBC that they have no plans for layoffs or to even slow down hiring, as they remain well capitalized and are experiencing a boom in business.

Snyk CEO Peter McKay acknowledged that "the cost of money has gone up massively from what you could raise before in the multiples going forward," but he said his company is just fine after raising $530 million last year.

"We don't have to raise," said McKay, whose company's technology helps customers quickly spot vulnerabilities in their code. "We've got a path to profitability, and we've accelerated our path to profitability."

Charles Ross, the chief customer officer at Tanium, said his team is watching to see what clients are doing, but as of now there's no sign of a slowdown. The company just closed out its biggest first quarter ever in terms of customers and revenue, after increasing headcount last year by 1,000 people, or more than 80%.

One thing Ross said he's hearing from customers is that they're consolidating their security portfolio into a few essential vendors and cutting elsewhere. Tanium's technology gives IT managers visibility across their network to assess threats and see where protection is lacking. It typically sits alongside software from endpoint security providers like CrowdStrike or SentinelOne, Ross said.

"They're running us as better together," Ross said, in an interview at RSA.

And at Illumio, whose software helps prevent ransomware and stops breaches from spreading across networks, CEO Andrew Rubin said the topic of downsizing or letting people go "was not on the agenda" at the latest board meeting last month.

"We have absolutely no conversation happening inside the company about laying anybody off," said Rubin, whose company raised $225 million last year. He said the company has "years and years and years and years of runway."

WATCH: SentinelOne CEO discusses keeping an eye on possible cyberattacks from Russia