Managed Detection & Response (MDR) , Security Information & Event Management (SIEM) , Security Operations
Rapid7 Lays Off 18% of Employees Amid Shift to MDR Services
Loss of 470 Workers Is Cybersecurity Industry's Second-Largest Workforce ReductionRapid7 will lay off close to 1 in 5 of its employees in cuts that amount to the second-largest round of layoffs of any pure-play cybersecurity company since worries about an economic downturn began percolating in spring 2022.
See Also: Webinar | Navigating the Evolving SIEM Landscape: Key Insights and Strategic Integrations
The Boston-based security operations vendor on Tuesday revealed plans to reduce its 2,623-person staff by 18%, or more than 470 positions. The firm said the reduction will streamline management layers, reduce role overlap and optimize its mix of onshore and offshore talent. The intended effect will allow Rapid7 to realign its business toward expanding its managed detection and response capabilities across all of security operations.
"We believe this step is critical to build on the momentum we're seeing in security operations and to position us to be a more profitable growth company in 2024 and beyond," Rapid7 Chairman and CEO Corey Thomas told investors late Tuesday.
Investors reacted favorably to the restructuring announcement, and Rapid7's stock surged $5.70 - or 14.33% - to $45.49 per share in premarket trading Wednesday. That's the highest the company's stock has traded since July 31. Rapid7 expects the job cuts to be complete by the end of 2023, and it will spend between $24 million and $32 million on severance payments, benefits and vesting share-based awards.
Of the more than 80 pure-play cybersecurity vendors to disclose layoffs since concerns over an economic downturn began in May 2022, only OneTrust has cut more workers than Rapid7, according to Layoffs.FYI. The Atlanta-based privacy vendor in June 2022 laid off 25% of its staff - or 950 workers. F5 in April laid off 623 of its 7,100 employees, but the company generates much of its revenue from application delivery.
Economic uncertainty has refocused investors on profitability rather than growth, putting pressure on cybersecurity companies to show results and conserve cash. Rapid7 may feel especially compelled to demonstrate good numbers, as leadership reportedly is looking to exit the public market. Reuters reported in February that the company had hired Goldman Sachs to assist with a potential sale to a private equity firm or another buyer. Thoma Bravo, TPG Capital and Alphabet have all reportedly kicked the tires on Rapid7, and The Information found in July that Rapid7 and Thoma Bravo were too far apart on price.
Sales, Engineering Organizations Most Affected by Cuts
Rapid7 also plans to permanently close some of its offices, resulting in a one-time charge of $27 million. The company currently has U.S. offices in Boston, Los Angeles, San Francisco, Austin, Tampa and the Washington, D.C. area, as well as international offices in Canada, England, Northern Ireland, Ireland, Israel, Australia, Germany, Sweden and Singapore. Rapid7 didn't indicate which offices it plans to close.
"When it comes to consolidation, we - and the industry - have been too slow to adjust."
– Corey Thomas, chairman and CEO, Rapid7
Thomas told employees every organization and location at Rapid7 will be affected, and the most "substantial shifts" will occur in the company's engineering and sales teams. At the end of 2022, Rapid7 told regulators it had 1,031 employees in sales and marketing, 780 in research and development, 497 in product and service delivery and support, and 315 in general and administrative (see: Rapid7 CEO Corey Thomas on Targeting Phishing Infrastructure).
Thomas told investors there will be minimal cuts to positions primarily focused on customer-facing tasks such as quotation and frontline support. The reductions focus primarily on management layers and other overhead that has built up over the years, according to Thomas.
"As we have grown our employee base to meet demand, spun up teams quickly, and expanded to new regions, it has also created unnecessary friction and inefficiencies which hinder our customer experience," Thomas wrote in an email to Rapid7 employees that was shared on the company's blog. "When it comes to consolidation, we - and the industry - have been too slow to adjust."
Layoffs Will Drive Profitability, Investments in MDR
Roughly half the cost savings from Rapid7's layoffs will flow directly to the company's bottom line, while the other half will be allocated to capabilities customers need around the SOC such as managed services partnerships. The restructuring allows Rapid7 to "substantially expand its profitability profile" and boost its free cash flow guidance for 2024 from $80 million to $160 million, Thomas told investors Tuesday.
Thomas said the cuts will allow Rapid7 to allocate more resources toward evolving and consolidating the SIEM market around modern SOC capabilities. Rapid7's managed service and MDR offering have high win rates and very high gross margins, according to Thomas.
"These changes position us to drive strong and more profitable growth over time by aligning our investments with our customers' long-term SecOps needs, while at the same time establishing a strong free cash flow support for our business," Thomas said.