One month into the new year and a wave of gloomy January tech layoff headlines have many infosec professionals biting their nails.
Last month, Alphabet, Microsoft and Amazon all announced headcount cuts. Cybersecurity firms also added to the ballooning tally with security giant Proofpoint announcing recently it pink slipped 6% of its workforce. The company joined cybersecurity vendors Trend Micro, Orca Security, ForeScout, SecureWorks, Rapid7 and more that have laid off staff in recent months.
After the dust settles on the January layoff numbers, layoffs.fyi estimated that 28,000 workers, representing 100 companies, will start the new year looking for a new job.
Job cuts raise questions about the extent to which layoffs across the broader tech sector signal job security dangers for the cybersecurity workforce. What is the overall outlook for cybersecurity vendors, startups, customers and investors in 2024? Should you worry if your cybersecurity vendor solutions team might be next on the chopping block?
Is the employment glass half full or empty?
Despite recent gloomy headlines and dreary stats, tech layoffs shouldn’t rattle cybersecurity workers, according to market experts.
“Cybersecurity is one of the hottest subsectors in the broader tech sector,” said Daniel Ives, managing director and senior equity research analyst at Wedbush Securities. “With a massive shift to the cloud and AI leading the charge, the need to protect workloads, endpoints and vulnerabilities is at a high.”
As others noted, compared with 2023’s January tech sector layoffs, the number of headcount cuts is down by two-thirds. This time last year, Google and Microsoft rattled markets when they announced job cuts totaling 10,000 each. Other tech-related layoffs added 70,000 for the month of January 2023.
“It seems as if inflation is under control, supply chain issues have eased considerably and maybe the worst is behind us,” said Wayne Schepens, founder and managing director of LaunchTech Communications, and chief cyber market analyst at CyberRisk Alliance, parent company of SC Media.
Overall, the cybersecurity market is showing signs of bouncing back. Memories can be short, Schepens pointed out. Last year, companies were largely advised by investors and board members to cut costs amid geopolitical turbulence and an economic downturn, he said.
“We are seeing things settle again for 2024. Not a huge pick up, but certainly a settling,” Schepens said. “Tech companies will remain to be conservative, which means marketing and sales efforts will continue to be heavily scrutinized.”
In a report on global spending on infosec, Gartner said risk management products and services grew 13.4% to $188.3 billion in 2023, compared to 7.2% growth in 2022. Global infosec spending is expected to reach $203.5 billion by 2027, Gartner forecasts.
If only the paranoid survive, will optimists also thrive?
There is no question that cybersecurity professionals have felt the impact of economic uncertainty during the “post-pandemic” period.
More than a third of cybersecurity teams saw budget cuts or freezes between 2022 and 2023, according to a joint report by IANS Research and Artico Search. Additionally, among the 14,865 cybersecurity professionals surveyed for the ISC2 Cybersecurity Workforce Study between April and May of 2023, 22% reported cybersecurity layoffs at their organization within the previous 12 months.
Despite these past troubling trends, experts said the cybersecurity workforce is in a good position to survive job cuts.
“Recruitment and retention of security professionals remain a priority for security teams as the security talent gap persists,” said Casber Wang, partner at Sapphire Ventures.
The numbers back up Wang. In a ISC2’s mid-2023 survey found 67% of organizations planned to hire new staff in order to mitigate cybersecurity skill shortages compared with 62% surveyed in 2022.
A separate survey of C-suite executives also cast the cybersecurity job market in good light. While 85% said they expected the layoff ax to hit their organization, only 10% expected staffing cuts to impact cybersecurity. Most of those cuts were expected to impact human resources (30%), operations and finance (24%), and sales and marketing (22%).
Wedbush Securities’ Ives said because of a high demand for the cybersecurity services, the niche is “relatively shielded” from layoffs compared with others struggling in the tech economy.
Overall, the U.S. Bureau of Labor Statistics’ Occupational Outlook Handbook, last updated September 2023, predicts employment growth of 32% for information security analysts between 2022 and 2032, compared with an average 3% growth across all occupations.
Cybersecurity vendor headwinds
The cybersecurity sector does face headwinds today, just different ones, said experts.
Inflation, interest rates and correcting the trend of over-hiring during the pandemic commonly cited factors by tech firms when explaining recent layoffs.
Cybersecurity companies are not immune to the economic realities impacting other tech firms, said Wang. “During the COVID years, people just over hired. So, there’s a natural downsizing across the board,” he said.
Inflation is another cybersecurity unpleasantry. While the year 2023 ended with inflation at 3.4%, compared with 6.5% in 2022, companies are still feeling the effects of higher costs coupled with another business speed bump: high interest rates.
Interest rates shot up from nearly zero during the height of the pandemic to a 22-year high of 5.5% at the end of 2023. That rapid rise in interest rates is still having a whiplash effect on balance sheets.
Low interest rates juiced the tech sector, making it easier for cyber startups to find capital and customers — also benefiting from “cheap money” — to buy their products. When the U.S. Federal Reserve began boosting interest rates to cool the economy and slow inflation, cybersecurity startups quickly found it harder to secure additional funding from lenders and investors. Some went bankrupt as a result.
Meanwhile, as the cybersecurity sector struggles to shake off a post-COVID hangover, the threat landscape has shifted to cloud, identity, the Internet of Things and generative AI. Now the race is on for cybersecurity firms to build better defenses. That race has meant job security for many in the sector.
Moving forward, Schepens said cybersecurity shows no sign of losing its place as a top business priority. He said it’s a critical catalyst when it comes to driving business continuity priorities, reducing risk and keeping a spotlight on the devastating consequences of cyberattacks.
What doesn’t kill you makes cyber stronger?
Wang predicted rules recently implemented by the U.S. Securities and Exchange Commission (SEC) requiring that companies report material security breaches within four business days will justify increased or steady cybersecurity spending in upcoming budget cycles, ultimately sustaining incumbent cybersecurity providers.
There’s an acknowledgement among CISOs that regulatory pressures will only grow in 2024 and more compliance work will be needed, Wang said. Doubling down on cyber compliance, for many firms, will require a bigger infosec budget.
“This industry is like nothing we have ever seen. There is no other space that has such an incredible impact on every sector out there,” Schepens said.
The 2024 cybersecurity startup
Cybersecurity startups saw a burst of opportunity during the COVID-19 pandemic. Three years later, some startups have continued to ride the wave, while others have gone under.
For example, IronNet, which was valued at $1.2 billion after going public in 2021, shuttered just two-and-a-half years later, raising fears that other promising startups could meet a similar fate. Market experts say that, while funding slows down, there is still opportunity for startups to make headway in 2024.
“It’s a competitive space but innovation continues to be key,” said Schepens. “Enterprises will be more selective, as will VCs for investment, but the opportunities remain.”
The need for innovative new approaches to address future cybersecurity challenges has always been the rocket fuel juicing the startup space, Ives said. “Look for more focus on cloud-driven cybersecurity along with increased competition for innovative cyber strategies that play into the AI theme,” he said.
Experts interviewed by SC Media shared a resounding optimism for the security market. But how the next 12 months play out — with wildcards that include the economy, interest rates, a presidential election and global conflicts — is still far from known.