The Reaper Comes For Cyber Unicorns
Jeff Pollard, VP,
Jess Burn, Senior Analyst
Allie Mellen, Analyst
June 20, 2022
like cybersecurity vendor unicorns will follow tech companies as
they begin to prepare for macroeconomic headwinds and a much more
conservative investor environment. Just 12 months ago, the
cybersecurity startup ecosystem seemed fine, with more funding
coming in and valuations continuing to skyrocket. In November of
2021, Lacework raised $1.3 billion on a valuation
of $8.3 billion, bringing it to
raised in total. Cybereason raised $275 million in
July 2021 and
total, and OneTrust raised
in total. But in June 2022, Lacework
cut 20% of its workforce,
cut 10% of its workforce, and
cut 25% days after RSAC 2022.
OneTrust — three vendors, over $3 billon dollars in funding, and
over a thousand out of work.
The economic downturn
is in its early stages, but it certainly appears as if the
hypergrowth phase of the cybersecurity vendor party has come to an
end — abruptly. It turns out that when the spigot of easy investor
capital shut off, some vendor leaders discovered that they were
“not optimized as a
business,” as Cybereason CEO Lior Div commented.
With turbulent times ahead, the tech world signaled that cuts were
coming, and cybersecurity vendors followed. The cuts are happening
for a few reasons:
- Cheap, available
capital disappeared faster than cybersecurity startups expected.
regresses to the mean: Hypergrowth takes a back seat to
profitability in turbulent times.
- Investors prefer
companies with product market fit, not subsidizing those still
searching for it.
reductions are an easy way to cut costs, and remaining employees
are asked to do more with less.
As sales cycles start
to lengthen and attach rates diminish, expect more announcements …
and more personnel to become available. This blog covers what
security leaders and practitioners should know about these
conditions and how to endure trying times … as we enter an entirely
different set of trying times.
Gilded Age Of Cybersecurity Unicorns Ends, An Era Of Opportunity
Begins For CISOs
Security leaders can
rely on externalities to help preserve their budget. After all,
Cybersecurity vendors, however, are not so lucky as the investor
ecosystem that subsidized their mega-growth initiatives goes to
ground. The staffing and skills shortage still very much exists, and
security leaders’ next great hire might come from those let go by a
security vendor “optimizing its business.” As you watch the next
several quarters unfold and more announcements fill your LinkedIn
and Twitter feeds, take the following actions:
from vendors the way they recruit from customers.
Vendors often hire cybersecurity practitioners from nonvendor
organizations, but practitioners do so less often. Do not ignore
vendor talent because they haven’t worked on a corporate
cybersecurity team before. The talent that vendors will let go
as they trim costs will come with diverse backgrounds and
experiences from working with dozens to hundreds of other
organizations. Use this to your advantage by hiring this talent
and learning from experiences that come from other regions,
verticals, and people.
- Look for
skill sets that you may have previously ignored.
Consider how sales engineers could make excellent security
architects — especially in customer-facing roles such as product
security for revenue-generating products and services. Think
about how product marketers, marketers, and account team members
could join to drive security awareness and training initiatives
and help with a security brand internally.
your people…by retaining them. Shiny, new security tech
vendors offering elevated titles, anywhere-work models, and
stock options were appealing destinations for those engineers
and security analysts looking to make a change during the “great
resignation.” But recent announcements will give your team
members pause. Take the time to reinforce your commitment to
your employees by increasing flexibility (if you haven’t
already), delivering market adjustments to salaries, promoting
skip-level meetings and job rotations, and funding and providing
time for training and upskilling within normal working hours.
Make it clear that the path for advancement is with your
your vendor relationship to worsen. Job cuts hurt
morale. Seeing friends and colleagues depart for reasons
entirely out of their control makes everyone nervous. The
personnel let go might be redundant in the eyes of company
leaders, but they may have played a vital role in a process or
function that you depend on from that vendor. The current
personnel will have more added to their plates on a day-to-day
basis, as the company needs the remaining personnel to do more
with less. Pay close attention to fluctuations in vendor
performance, and start evaluating replacement vendors.
- Put the
pressure on vendors now. Security matters — we know
that and your peers on the executive team know that, as well,
but if companies do start cutting costs, cybersecurity will not
escape unscathed. If vendors are cutting as a proactive measure,
use that as leverage to start reducing your costs — in terms of
what you spend with them. Slowing sales cycles will make vendors
want to renew sooner — and with multiyear contracts — so use
this time to negotiate aggressively to maximize your position.
If you can shrink spending with vendors by exploiting their
concerns about economic turbulence, it may result in you saving
your own headcount. And … if you just so happen to migrate from
a vendor that raised a billion or more in funding only to cut
hundreds or thousands of jobs months later because leadership
that does that is leadership you have some concerns about … I
doubt your security team would complain.