Cybersecurity giant Sophos has disclosed it is reducing its global workforce by up to ten per cent, citing both the current economic environment as well as plans to invest more heavily into an "as-a-service" model.
The company confirmed the layoff plans to CRN, following a report from TechCrunch, which said the move would affect about 450 employees. Sophos, however, did not confirm that figure.
While dozens of cybersecurity vendors have disclosed staff cutbacks since last May amid economic upheaval, the Sophos layoff is apparently one of the largest.
Last June's trimming of 950 employees by OneTrust appears to have been the only larger staff cutback in the security industry since the troubles began.
In its statement, Sophos blamed the downsize on factors including the "challenging and uncertain macro environment," which has forced the company to reassess its growth prospects.
Many cybersecurity vendors had become accustomed to rapid growth in recent years, partially in response to a string of high-profile cyberattacks including the ransomware attack on Colonial Pipeline and the software supply chain compromise of SolarWinds.
As a result, many vendors had adopted a strategy of "burning money to capture growing market share" while the good times lasted, said Stel Valavanis, founder and CEO of Chicago-based managed security provider onShore Security.
Now, however, some security vendors are clearly recognising they need to step back and "make sure they're spending money on the things that are truly growing," Valavanis said.
For the UK's Sophos, one of those areas would appear to be cybersecurity "as-a-service" offerings, such as managed detection and response (MDR).
The company cited its burgeoning focus on MDR in its statement, saying it is aiming to "allocate our investments across the company to support our strategic imperative to be a market leader in delivering cybersecurity as a service."
"While these changes are difficult, we believe they are necessary to advance our strategic vision to be a leading global innovator and provider of cybersecurity as a service, with managed detection and response (MDR) at its core," Sophos said in the statement.
"We view MDR as a catalyst not only to expand our managed services business, which is now more than $175m and growing at over 50 per cent per year, but also to provide the ideal platform to continue to grow and enhance our $1bn-plus product portfolio across endpoint, network, email, and cloud security."
