Malwarebytes Cuts 14% of Staff to Narrow Focus on SMB

Antivirus stalwart Malwarebytes is laying off employees and vowing to refocus its energies on small and midsized customers, becoming the latest cybersecurity company to shed personnel.

See Also: CyberArk 2023 Identity Security Threat Landscape Report

The Silicon Valley company is cutting 14% of its global workforce, amounting to 125 employees, saying the reduced workforce will allow it to prioritize growth with smaller customers. News of the layoffs was first reported by TechCrunch and subsequently confirmed by Malwarebytes to Information Security Media Group.

All departments within Malwarebytes are affected, and employees were informed during individual Zoom meetings.

"In recent months, we have increasingly refocused our business on SMB and midmarket customer segments in alignment with our mission to protect the underserved," says Malwarebytes CEO Marcin Kleczynski. "Unfortunately, this has meant revisiting our current enterprise sales function and recalibrating the sales organization."

Malwarebytes is one of at least a dozen cybersecurity firms to lay off employees over the past 90 days. The security layoffs have been primarily concentrated on late-stage security startups expected to file for an initial public offering in the next year or two, with Aura, Cybereason, Deep Instinct, Lacework, OneTrust, Snyk and Transmit Security all experiencing job cuts since late May (see: Early-Stage Startups Pump Brakes on Growth as Downturn Looms). Both security companies that went public in 2021 by merging with a special purpose acquisition corporation - Appgate and IronNet - have disclosed layoffs this summer; Appgate cut 55 positions and IronNet cut 130 positions.

Turning Its Attention Downmarket

Kleczynski says Malwarebytes wants to expand its channel partnerships and accelerate its momentum with managed service providers. The company in December hired WatchGuard North American channel chief Brian Thomas to lead Malwarebytes' channel and MSP programs globally, and the company enjoyed 37% MSP partner growth in its most recent fiscal year.

The company hasn't taken any outside funding since January 2016, when Malwarebytes closed a $50 million Series B funding round led by Fidelity. Malwarebytes says its cash flow is positive.

One of the individuals affected is Laura Whitt-Winyard, who said on LinkedIn on Monday that she was laid off after just seven months as the company's chief information security officer. She is one of several executives to leave Malwarebytes in recent months. Senior Vice President of Global Sales Amy Appleyard left Malwarebytes in August after a year with the company to become chief revenue officer at LastPass, while CMO Dariusz Paczuski, Vice President of Corporate Demand Generation Brian Smith and Vice President of Product Marketing Jen Mullin all left the company in May or June.

Malwarebytes in June rolled out a partnership with remote monitoring and management provider Atera to provide incident response, endpoint protection and endpoint detection and response for servers and workstations. A month earlier, the company debuted a new DNS filtering module powered by Cloudflare that blocks access to malicious websites and limits threats introduced by suspicious content.

Reality Bites

Malwarebytes failed to gain much traction in the corporate endpoint security market, holding only 1.2% market share despite growing its business by 29.6% from $91.8 million in 2020 to $119.1 million in 2021, market intelligence firm IDC found.

Neither did the company appear in last year's Gartner's Magic Quadrant for Endpoint Protection Platforms or the Forrester Wave for Endpoint Detection and Response technology.

Forgepoint Capital Managing Director Alberto Yepez told ISMG last month that during an economic downturn, companies should focus on the product or market that accounts for the bulk of revenue and stop research and development programs tied to tangential or ancillary offerings. For a cybersecurity company like Deep Instinct - which cut 10% of its salespeople in June - that meant walking away from smaller clients.

Given Malwarebytes' heritage serving consumers in the antivirus space, that means deemphasizing large enterprise and focusing on smaller businesses whose security needs are more similar to those of consumers.