Cybersecurity startups, once the VC darling, hammered by layoffs

On the face of it, the cybersecurity sector is doing just fine. Demand for cybersecurity products remains high as cyberattacks continue to blight both public and private-sector businesses, and investor enthusiasm for all things cyber-related remains strong.

But while many expect the cybersecurity industry to weather the current economic storm better than most, not least due to the number of high-profile ransomware attacks and data breaches we’re seeing each week, the sector is far from immune from the mass layoffs that are impacting every corner of the technology industry. Layoffs tracker says almost 13,000 tech workers lost their jobs in June alone, compared to about 2,500 this time last year.

These layoffs are happening despite startups raising huge amounts of cash, with VC investments continuing to increase year over year.

On Friday, IronNet, a Virginia-based network security company, announced plans to let go of 55 workers, or 17% of its workforce, less than a year after filing to go public. IronNet’s stock price is down by almost half. “The workforce reduction is part of a broader plan to streamline our operations for higher efficiency, to reduce overall expenses and preserve cash, and to set IronNet up for rationalized growth going forward,” IronNet spokesperson Joseph P. Depa III told TechCrunch in a statement.

The layoffs at IronNet are the latest in a long line of layoffs across the sector, which last year saw the number of unfilled roles increase by 350%. They also appear to be part of a spate of reductions impacting late-stage startups, in particular, as they struggle to demonstrate a path to profitability.

In June, OneTrust, a four-year-old Atlanta-based startup that helps companies manage privacy, security and governance requirements, cut 950 staff or 25% of its workforce. The company raised $300 million in a Series C in December 2020, at a $5.1 billion valuation.

“I know this news is surprising, especially as you heard last month that the business is on track with record quarters and increasing customer demand,” OneTrust CEO Kabir Barday said in an email to employees. “However, capital markets sentiment shifted to a more balanced approach between growth and profitability, and at this time, we have decided the best course of action is to reorganize to position OneTrust for continued long-term success.”

Also in June, U.S.-Israeli late-stage cybersecurity startup Cybereason said it had laid off 10% of its workforce, or around 100 workers. This came just months after it confidentially filed for an IPO and less than a year after it raised an additional $275 million in Series F funding.

“This was an extremely difficult decision,” Cybereason said. “As the bullish tech market conditions have turned and the tech IPO market has essentially closed, companies like us must now exercise more strict financial discipline and prioritize profitability over top-line growth.”

June also saw New York-based security startup Deep Instinct lay off a reported 10% of its workforce, while security startup Automox laid off a reported 75 people, or about 18% of its total headcount.

The previous month, Lacework — a San Jose-based cloud security provider — laid off about 20% of its workforce of about 1,000 employees. The announcement came just six months after the company unveiled a $1.3-billion Series D round of funding, valuing the company at $8.3 billion.

In a blog post announcing the layoffs, Lacework co-CEOs David Hatfield and Jay Parikh blamed a “seismic shift” in both the public and private markets: “While we do not have control of the environment around us, we do have a responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success,” they said.

It remains to be seen what impact, if any, the current economic storm will have on VC investments in the sector.

Data from Momentum Cyber, a financial advisory firm for the security industry, shows that funding for cybersecurity startups hit nearly $6 billion in the first quarter of 2022, up almost 50% from the first quarter of 2021; but data from Crunchbase shows that this $6 billion in funding marks a steep decline from the $7.8 billion invested in the fourth quarter of 2021.

Momentum’s data also shows there were no IPOs during the first quarter and that M&A activity in the cybersecurity sector is showing signs of slowing down: Transaction value totaled $12.2 billion for the quarter, largely thanks to Google’s $5.4 billion acquisition of Mandiant, down from $19.3 billion in 2021.

While we’re only halfway through the year and nothing is certain, it looks unlikely that the cybersecurity sector will smash the records it set last year.