Sophos Cites Downturn, MDR Shift In Disclosing Major Layoffs

The cybersecurity giant said that an increasing focus on services such as managed detection and response was part of the reason for its move to cut up to 10 percent of its global workforce.

Cybersecurity giant Sophos disclosed Wednesday that it’s reducing its global workforce by up to 10 percent, citing both the current economic environment as well as plans to invest more heavily into an “as-a-service” model.

The company confirmed the layoff plans to CRN, following a report from TechCrunch, which said the move would affect about 450 employees. Sophos, however, did not confirm that figure.

While dozens of cybersecurity vendors have disclosed staff cutbacks since last May amid economic upheaval, the Sophos layoff is apparently one of the largest. Last June’s layoff of 950 employees by OneTrust appears to have been the only larger staff cutback in the security industry since the troubles began.

In its statement, Sophos blamed the cutbacks on factors including the “challenging and uncertain macro environment,” which has forced the company to reassess its growth prospects.

Many cybersecurity vendors had become accustomed to rapid growth in recent years, partially in response to a string of high-profile cyberattacks including the ransomware attack on Colonial Pipeline and the software supply chain compromise of SolarWinds. As a result, many vendors had adopted a strategy of “burning money to capture growing market share” while the good times lasted, said Stel Valavanis, founder and CEO of Chicago-based managed security provider onShore Security.

Now, however, some security vendors are clearly recognizing they need to step back and “make sure they’re spending money on the things that are truly growing,” Valavanis said.

For U.K.-based Sophos, one of those areas would appear to be cybersecurity “as-a-service” offerings, such as managed detection and response (MDR). The company cited its burgeoning focus on MDR in its statement, saying that the company is aiming to “allocate our investments across the company to support our strategic imperative to be a market leader in delivering cybersecurity as a service.”

“While these changes are difficult, we believe they are necessary to advance our strategic vision to be a leading global innovator and provider of cybersecurity as a service, with managed detection and response (MDR) at its core,” Sophos said in the statement. “We view MDR as a catalyst not only to expand our managed services business, which is now more than $175 million and growing at over 50 percent per year, but also to provide the ideal platform to continue to grow and enhance our $1 billion+ product portfolio across endpoint, network, email, and cloud security.”