The Expert's View with Michael Novinson

Endpoint Detection & Response (EDR) , Endpoint Security , Next-Generation Technologies & Secure Development

Why Cybereason Is Making Its 3rd Round of Layoffs Since 2022

Among Those Leaving Is Zohar Alon, Who Was Hired in 2023 to Spearhead Product, R&D
Why Cybereason Is Making Its 3rd Round of Layoffs Since 2022

Cybereason and SentinelOne were once mirror images of each other.

Both endpoint detection and response vendors got their start in Israel in the early 2010s to provide a modern alternative to legacy antivirus firms such as Symantec and McAfee. Both firms saw massive growth during the worst of COVID-19 - Cybereason boosted headcount to 1,342 people and captured 1.8% market share while SentinelOne expanded its workforce to 1,302 people and captured 2.1% market share.

But one fateful decision played a pivotal role in determining each company's future. SentinelOne carried out the largest cybersecurity initial public offering of all time in June 2021, earning a $9 billion valuation. Cybereason, meanwhile, decided to wait one more year before going public and set the wheels in motion with a confidential January 2022 IPO filing that would have valued the company at more than $5 billion.

A Tale of Two Endpoint Security Vendors

Cybereason, however, never became a publicly traded company. Instead, the firm laid off 10% of its employees in June 2022 and acknowledged that "the tech IPO market has essentially closed" (see: Cybereason Lays Off 10% of Staff Months After Raising $325M).

As a public company, SentinelOne weathered the economic downturn more successfully than venture-backed Cybereason, which was saddled with a $3.3 billion valuation and investors who wanted to cut their losses. Granted, SentinelOne laid off 5% of its staff - or 105 workers - in June 2023, and the firm's stock price is still down nearly 50% since its public debut, giving SentinelOne a $6.82 billion valuation.

But compared to Cybereason, SentinelOne's experience has been a walk in the park. Following the June 2022 layoffs, Cybereason laid off an additional 17% of its employees - or 200 people - in October 2022, and in April 2023 it replaced founding CEO Lior Div with SoftBank executive Eric Gan. That coincided with Cybereason's valuation plummeting 90% from $3.3 billion in July 2021 to just $300 million in April 2023 (see: Cybereason Taps SoftBank's Eric Gan to Replace CEO Lior Div).

The numbers lay bare just how much delaying its initial public offering damaged Cybereason. Despite the layoffs, SentinelOne since April 2022 grew its staff by 82% from 1,302 to 2,370 workers. Conversely, Cybereason's headcount during that same time fell by 40% from 1,342 to just 803 workers. During 2022, SentinelOne's market share grew from 2.1% to 3% while Cybereason's fell from 1.8% to 1.7%, IDC found.

SentinelOne and Cybereason's diverging financial fortunes show up in technology evaluations as well. Gartner recognized both companies in December 2022 as leaders in endpoint protection. But by late 2023, Cybereason was downgraded to a visionary, and Gartner called it "an organization in transition" and said its viability and operations assessment were harmed by organizational structure and leadership changes.

Cybereason Confronts a Foreboding Future

Now, Cybereason is carrying out its third round of layoffs in 21 months, and dismissals are expected to affect dozens of senior employees, Globes and Calcalist reported Wednesday. Among the exiting employees is Zohar Alon, the longtime Dome9 Security leader who joined Cybereason just 11 months ago as president of product and research and development when Gan replaced Div as CEO. Gan will remain at Cybereason.

Neither Cybereason nor Alon immediately responded to Information Security Media Group requests for comment. Gan's appointment as CEO coincided with SoftBank once again becoming Cybereason's top shareholder. The Japanese conglomerate led funding rounds for Cybereason in 2015, 2017 and 2019, but the company's 2021 haul came from ex-Treasury Secretary Steve Mnuchin's private equity firm.

Cybereason's global focus is reflected in the location of its workforce. Nearly half are based in Israel, roughly one-fifth each are based in the United States and Japan, and the remaining 10% are spread across the United Kingdom, France and Germany, according to IT-Harvest. Roughly 45% of Cybereason's staff are in engineering, 35% are in sales, 15% are in operations and the remaining 5% are in human resources.

SoftBank will have a tough time orchestrating its exit from Cybereason given the rapid consolidation taking place in the endpoint security market. Of the world's largest 19 endpoint security vendors, just four gained market share in 2022, and two of them - Microsoft and CrowdStrike - already dominate the space. The other 15 vendors, including Cybereason, all gave up ground, putting their relevance into question.

An initial public offering appears highly unlikely for Cybereason even when the economy improves, given both the state of the company as well as the state of the endpoint security market. The best SoftBank can hope for is that Cybereason will be scooped up on the cheap by a private equity firm or a technology aggregator with experience in obtaining cost synergies from acquisitions such as Fortra or OpenText.

Until then, SoftBank will look to keep Cybereason's costs down as the company's outlook grows even more bleak.



About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.