Companies that help businesses battle hackers and comply with privacy regulations now face a potentially more formidable adversary: market turmoil.
About 1,400 workers have been laid off since late May from cyber and privacy firms, many of which raised hundreds of millions of dollars in recent years. OneTrust LLC laid off about 950 people last month after touting a $5.3 billion valuation in 2020. IronNet Inc., led by a former head of the National Security Agency, laid off 55 workers in June after raising nearly $137 million in gross proceeds when it went public last year.
“Everyone was thinking about grow, grow, grow at any cost,” said Lior Div, chief executive of Cybereason Inc., which last month laid off nearly 10% of its workforce, or roughly 140 employees. “Growing at any cost is not something the market is going to appreciate any more.”
Many fast-growing technology businesses, including cyber startups, have lost money for years. But share prices of such publicly traded firms have tumbled in 2022 as rising inflation and interest rates fuel fears of a recession. The market tremors have left some cyber and privacy firms scrutinizing spending amid a spate of disruptive hacks.
“For a number of years, nobody went through that exercise because capital was free,” said Bob Ackerman, managing director of cyber-focused venture firm AllegisCyber Capital.
With some venture firms pulling back from cyber or more closely vetting potential investments, he said, “the bar is a lot higher.”
For corporate security and privacy chiefs, cutbacks at cybersecurity providers can turn into potential risks, said Jeff Pollard, principal analyst at Forrester Research Inc.
“You’re ultimately dealing with vendors that are more short-handed,” Mr. Pollard added. “They have taken hits to morale.”
Last July, Boston-based Cybereason raised $275 million en route to doubling its early 2021 head count by the beginning of this year, to about 1,400. The company is still larger than it was last year despite layoffs in June, Mr. Div said. The cuts at Cybereason, which provides software to help companies detect and respond to cyberattacks, were necessary as the company waits for financial markets to improve before going public, he said.
“The [stock] market right now—it is closed,” he said. “Our assumption is that, in at least 12-18 months, the market will still be closed.”
After raising about $1.8 billion last year, cloud-security provider Lacework Inc. laid off about 20% of its staff—or 200 people—in late May. The move was aimed at helping the San Jose, Calif.-based company become profitable, Co-Chief Executive Jay Parikh said.
Profitability wasn’t always rewarded in financial markets last year, Mr. Parikh said, declining to comment on when he expects to turn a profit. “That is a fundamental change,” he added.
With a scourge of ransomware attacks and an array of data regulations enacted world-wide, executives and investors say the demand for cyber and privacy services remains strong. But the market shift means money-losing businesses need cash on hand to become profitable or continue operating until their next investment.
Founded in 2014, IronNet said it had accumulated more than $207 million in losses when filing paperwork to go public last year through a merger with a special-purpose acquisition company. In June, the Maclean, Va.-based firm, which specializes in threat detection, said in securities filings that it would lay off roughly 17% of its staff to “set the company up for rationalized growth going forward.”
Keith Alexander, IronNet’s co-chief executive and a retired general who formerly led the NSA and U.S. Cyber Command, declined to comment through a spokesman.
Guy Caspi, chief executive of Deep Instinct Ltd., said his company’s decision in June to lay off nearly 50 employees wasn’t about cash-flow problems or market pressures but rather a lack of returns from small and medium-size customers.
“It was just a waste of time for us,” said Mr. Caspi, whose firm’s software aims to help customers prevent ransomware attacks and other threats.
For workers, the cutbacks can amount to abrupt setbacks after employers sold them on the upside of working in the fast-growing cyber and privacy industries.
Atlanta-based OneTrust in 2020 was named by Inc. magazine as the fastest-growing company in America. Last year, the company bought four smaller businesses to expand its platform, which helps companies comply with privacy laws and other regulations.
On June 9, as employees fielded sales calls or performed other routine tasks, some received emailed calendar invites for 15-minute meetings in which they were laid off, according to people familiar with the matter. In a blog post about the 950 layoffs, or roughly 25% of staff, Chief Executive Kabir Barday said “reducing our head count and adapting to the capital markets sentiment is what is needed to keep us in our leadership position.”
Mr. Barday declined an interview request through a spokesman, who didn’t respond to written questions.
Tim McAdam, a general partner at TCV, which invested in OneTrust, said his firm has advised the roughly 80 companies in its tech-focused portfolio to be able to cut costs in areas such as marketing and “get to break-even with the funds they have on hand.”
“We’re all kind of getting through this period without a road map, really,” he said.
Write to David Uberti at david.uberti@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8