Layoffs hit the once-immune cyber industry

Hundreds of cybersecurity workers have received pink slips in the last few months, despite early expectations that the industry would be spared the tech sector's wave of layoffs.

Driving the news: In the last month, at least nine cybersecurity companies have announced layoffs, according to data from Layoffs.fyi.

• IronNet, a cyber company founded by a group of former intelligence officials, said in a public 8-K filing this week it would lay off most of its workers and "substantially curtail" its operations.
• The company joins a growing list that includes Malwarebytes, Fortinet, NCC Group, Rapid7, Dragos, HackerOne and Bishop Fox in cutting staff this year.

The big picture: As the threat landscape expands, demand for cybersecurity products and workers has never been higher.

• But that demand has also spurred competition among cybersecurity vendors, who are now competing for a place in their clients' increasingly streamlined IT and security budgets.

What they're saying: "It is entirely possible that in the cybersecurity space, these companies are facing longer lead times and longer sales cycles," Krista Macomber, a senior analyst focused on data protection and cybersecurity at the Futurum Group, told Axios.

Between the lines: Cybersecurity companies aren't exempt from the anxiety and uncertainty inspired by the current economy, Macomber said.

• Vendors of all sizes are eager to find ways to cut costs to better prepare for a potential recession and any other unexpected changes the macro economy brings next year, she added — and that often means layoffs.

Details: Public information about recent cybersecurity industry layoffs suggest vendors are making sizable workforce cuts too.

• Some of the companies have cut between 10% and 20% of their workforce, resulting in hundreds of jobs losses.
• Rapid7 cut around 18% of its workforce, or roughly 470 jobs. SecureWorks cut 15% of its workforce last month as part of its second round of layoffs in 2023.
• However, some of the cuts have been focused on non-cybersecurity roles, like sales and marketing teams. For example, Fortinet focused its most recent layoffs on the sales, business development and channel partner teams, CRN reported.

The intrigue: Security executives are starting to weigh in more on IT spending decisions — which can drag out sales cycles as executives juggle the additional opinions.

• "What we're seeing is that the CISO, the cybersecurity teams, they're having a seat at the table when it comes to thinking about the IT infrastructure [and] the hardware and software that's in place to store and protect information," Macomber said.

Zoom out: The recent layoffs may also help stabilize cybersecurity vendors' workforces after massive hiring sprees during the pandemic.

• Hundreds of thousands of cybersecurity job postings cropped up on LinkedIn during the first few months of the pandemic as companies rushed to take their daily workflows online.
• Now, similar to the broader tech sector, cybersecurity firms could be stabilizing their head counts, Macomber added.

Meanwhile, the recent layoffs are likely going to exacerbate the ongoing burnout and retention issues that cyber workers still face.

• Earlier this year, a survey from Cobalt found that after layoffs, half of workers whose teams were affected wanted to quit their jobs.

Yes, but: The industry is reportedly still dealing with a shortage of cybersecurity workers.

• The U.S. has enough workers to fill only 69% of the available cybersecurity roles, according to CyberSeek.

Sign up for Axios' cybersecurity newsletter Codebook here