Security Operations

Sophos to Lay Off 10% of Workers Amid Shift to MDR Services

Loss of 450 Employees Is Security Industry's Second-Largest Workforce Reduction
Sophos to Lay Off 10% of Workers Amid Shift to MDR Services

Sophos will execute the second-largest round of layoffs of any cybersecurity company in the current economic downturn, axing 450 workers amid a shift to MDR services.

See Also: Unified SASE: The Third Era of Network Security

The Oxford, U.K.-based platform security vendor announced Wednesday plans to reduce its staff by 10% - or roughly 450 employees - as Sophos moves to balance growth and profitability in a challenging and uncertain macroeconomic environment. The job cuts will also allow Sophos to allocate more money to its fast-growing cybersecurity-as-a-service unit, which has managed detection and response at its core.

"This is difficult news for the entire Sophos organization," the company told Information Security Media Group in an emailed statement. "We recognize and appreciate the important work and contributions of all our team members who are potentially affected."

Of the more than 40 pure-play cybersecurity vendors to disclose layoffs since the start of the economic downturn in May 2022, only OneTrust has cut more workers than Sophos, according to Layoffs.FYI. The Atlanta-based privacy vendor in June laid off 25% of its staff - or 950 workers. Then, in November, it shut down carbon accounting startup Planetly - which OneTrust acquired in 2021 - and axed all 200 workers (see: OneTrust Lays Off 950 Due To 'Capital Markets Sentiment').

Employees laid off from Sophos will receive financial support, well-being assistance and appropriate career transitional services where possible, according to the company. Sophos currently employs 4,663 people, up 8% from 4,308 workers as of January 2022, according to LinkedIn. Headcount growth over the past year had been most aggressive in sales and operations, while engineering and IT have grown more slowly.

There have been major turnovers in Sophos' executive ranks. Blue Yonder CFO Sue Savage joined Sophos in the same role this month to replace Jeffrey Boldt, who left in August. And Vice President of Engineering Igor Shmukler and Vice President of Product Management Sean Brady left for jobs at Mimecast, while Vice President of North American Sales Jeff True and Chief Scientist Joshua Saxe departed for roles at Ember River and Meta, respectively.

Another Round of Layoffs Under Thoma Bravo

This is the second round of layoffs Sophos has conducted since being acquired by private equity firm Thoma Bravo for $3.9 billion in March 2020. Private Equity News reported in June 2020 that Sophos planned to cut its workforce by up to 16% and close some offices as Thoma Bravo looked to improve the company's short-term outlook and accelerate its strategic transition in the early days of COVID-19.

The 2020 job cuts affected staff across multiple divisions and geographies, though the United Kingdom was believed to have been the worst hit, The Register reported at the time. One hundred employees, primarily from Sophos' sales engineering division, were told that their services would no longer be required, according to The Register.

Thoma Bravo has emptied its coffers over the past year to move aggressively into the identity market, purchasing identity governance firm SailPoint for $6.9 billion in August and buying identity and access management vendor Ping Identity for $2.8 billion in October. Also in October, the private equity firm agreed to buy fellow identity and access management vendor - and Ping rival - ForgeRock for $2.3 billion.

More than 77% of Sophos' 3,400-person workforce was based in 1 of 5 countries, according to the company’s 2019 annual report: India had 819 employees, the United States had 607, the United Kingdom had 589, Germany had 310 and Canada had 305. Sophos has not released an annual report since then due to being taken private by Thoma Bravo.

MDR Takes Center Stage for Sophos

The rise of ransomware brokers and the continued talent shortage mean defenders increasingly need security technology managed on their behalf, Sophos CEO Kris Hagerman told ISMG in August. Clients should be able to manage all their security products from a single platform, analyze the data these products generate and use artificial intelligence to turn that data into an advantage for the defender (see: Sophos' Kris Hagerman on Powering Cybersecurity as a Service).

"For the vast majority of organizations in the world, cybersecurity is becoming so hard, so complex and moving so fast that the truth is they shouldn't even try to manage cybersecurity themselves," Hagerman told ISMG in August. "They should find a trusted partner and work to have it delivered as a service and then get back to focusing on the things they really want to be great at."

Sophos generates more than $175 million in revenue each year from its managed services business, which is growing at more than 50% annually and is fueled by the company's MDR tool, Sophos revealed in its statement Wednesday. All told, Sophos' product portfolio across endpoint, network, email and cloud security yields more than $1 billion in sales annually, according to the company.

After a flurry of three acquisitions in summer 2021, Sophos has made just one purchase over the past 17 months. The company in April 2022 bought early-stage vendor SOC.OS for an undisclosed amount to help customers detect abnormalities in their IT environment earlier by ingesting data from third-party platforms (see: Sophos Buys Startup SOC.OS to Spot Attacker Activity Sooner).

Layoffs in the cybersecurity sector have largely been concentrated among late-stage startups that have had to indefinitely defer plans to go public. Aqua Security, Armis, Aura, Cybereason, Deep Instinct, Lacework, Malwarebytes, Perimeter 81, OneTrust, Snyk and Transmit Security all have cut staff since the spring.

But until Sophos, no cybersecurity vendor owned by Thoma Bravo has publicly disclosed layoffs during the current economic downturn. In addition to Ping Identity and SailPoint, Thoma Bravo also owns email security vendor Proofpoint, SIEM vendor LogRhythm and application and data protection firm Imperva. Thoma Bravo tried to buy cybersecurity AI firm Darktrace but couldn't come to an agreement on terms.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.