Managed Detection & Response (MDR) , Security Information & Event Management (SIEM) , Security Operations

Rapid7 Lays Off 18% of Employees Amid Shift to MDR Services

Loss of 470 Workers Is Cybersecurity Industry's Second-Largest Workforce Reduction
Rapid7 Lays Off 18% of Employees Amid Shift to MDR Services

Rapid7 will lay off close to 1 in 5 of its employees in cuts that amount to the second-largest round of layoffs of any pure-play cybersecurity company since worries about an economic downturn began percolating in spring 2022.

See Also: Webinar | Accelerate your SOC with AI-driven security analytics with Elastic and Google Cloud

The Boston-based security operations vendor on Tuesday revealed plans to reduce its 2,623-person staff by 18%, or more than 470 positions. The firm said the reduction will streamline management layers, reduce role overlap and optimize its mix of onshore and offshore talent. The intended effect will allow Rapid7 to realign its business toward expanding its managed detection and response capabilities across all of security operations.

"We believe this step is critical to build on the momentum we're seeing in security operations and to position us to be a more profitable growth company in 2024 and beyond," Rapid7 Chairman and CEO Corey Thomas told investors late Tuesday.

Investors reacted favorably to the restructuring announcement, and Rapid7's stock surged $5.70 - or 14.33% - to $45.49 per share in premarket trading Wednesday. That's the highest the company's stock has traded since July 31. Rapid7 expects the job cuts to be complete by the end of 2023, and it will spend between $24 million and $32 million on severance payments, benefits and vesting share-based awards.

Of the more than 80 pure-play cybersecurity vendors to disclose layoffs since concerns over an economic downturn began in May 2022, only OneTrust has cut more workers than Rapid7, according to Layoffs.FYI. The Atlanta-based privacy vendor in June 2022 laid off 25% of its staff - or 950 workers. F5 in April laid off 623 of its 7,100 employees, but the company generates much of its revenue from application delivery.

Economic uncertainty has refocused investors on profitability rather than growth, putting pressure on cybersecurity companies to show results and conserve cash. Rapid7 may feel especially compelled to demonstrate good numbers, as leadership reportedly is looking to exit the public market. Reuters reported in February that the company had hired Goldman Sachs to assist with a potential sale to a private equity firm or another buyer. Thoma Bravo, TPG Capital and Alphabet have all reportedly kicked the tires on Rapid7, and The Information found in July that Rapid7 and Thoma Bravo were too far apart on price.

Sales, Engineering Organizations Most Affected by Cuts

Rapid7 also plans to permanently close some of its offices, resulting in a one-time charge of $27 million. The company currently has U.S. offices in Boston, Los Angeles, San Francisco, Austin, Tampa and the Washington, D.C. area, as well as international offices in Canada, England, Northern Ireland, Ireland, Israel, Australia, Germany, Sweden and Singapore. Rapid7 didn't indicate which offices it plans to close.

"When it comes to consolidation, we - and the industry - have been too slow to adjust."
– Corey Thomas, chairman and CEO, Rapid7

Thomas told employees every organization and location at Rapid7 will be affected, and the most "substantial shifts" will occur in the company's engineering and sales teams. At the end of 2022, Rapid7 told regulators it had 1,031 employees in sales and marketing, 780 in research and development, 497 in product and service delivery and support, and 315 in general and administrative (see: Rapid7 CEO Corey Thomas on Targeting Phishing Infrastructure).

Thomas told investors there will be minimal cuts to positions primarily focused on customer-facing tasks such as quotation and frontline support. The reductions focus primarily on management layers and other overhead that has built up over the years, according to Thomas.

"As we have grown our employee base to meet demand, spun up teams quickly, and expanded to new regions, it has also created unnecessary friction and inefficiencies which hinder our customer experience," Thomas wrote in an email to Rapid7 employees that was shared on the company's blog. "When it comes to consolidation, we - and the industry - have been too slow to adjust."

Layoffs Will Drive Profitability, Investments in MDR

Roughly half the cost savings from Rapid7's layoffs will flow directly to the company's bottom line, while the other half will be allocated to capabilities customers need around the SOC such as managed services partnerships. The restructuring allows Rapid7 to "substantially expand its profitability profile" and boost its free cash flow guidance for 2024 from $80 million to $160 million, Thomas told investors Tuesday.

Thomas said the cuts will allow Rapid7 to allocate more resources toward evolving and consolidating the SIEM market around modern SOC capabilities. Rapid7's managed service and MDR offering have high win rates and very high gross margins, according to Thomas.

"These changes position us to drive strong and more profitable growth over time by aligning our investments with our customers' long-term SecOps needs, while at the same time establishing a strong free cash flow support for our business," Thomas said.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.