Malwarebytes Cuts Staff, will Split Consumer, Corporate ArmsEndpoint Security Firm Lays Off at Least 100 Employees; CIO, CPO, CTO All Departing
Antivirus stalwart Malwarebytes laid off at least 100 employees this week and plans to split its consumer and corporate-facing business units into separate companies.
The Silicon Valley-based endpoint security company cut between 100 and 110 workers and has in recent weeks axed its chief product officer, chief information officer and chief technology officer. The overhaul precedes Malwarebytes splitting into an enterprise-facing organization focused on managed endpoint detection and a consumer organization offering identity protection and VPN, TechCrunch reported.
"A profitable business is a viable business," Malwarebytes CEO Marcin Kleczynski told TechCrunch. A Malwarebytes spokesperson confirmed the layoffs to Information Security Media Group but declined to answer questions about separating the consumer and enterprise businesses (see: Malwarebytes Cuts 14% of Staff to Narrow Focus on SMB).
Brain Drain in the C-Suite
The layoffs were accompanied by a C-suite exodus. TechCrunch reported that CIO Greg Higham, CPO Mark Strassman and CTO Adam Hyder have all left the company. None of the executives is still listed on Malwarebytes' website, and Kleczynski told TechCrunch the company had made leadership changes as part of the "strategic reorganization." Higham has now joined advisory firm StrataFusion as a partner.
Kleczynski told TechCrunch the layoffs had affected employees globally and were an exercise in rationalizing expenses. The job cuts follow Chief Operating Officer Barry Mainz's November departure to become CEO of Forescout and the exit of CISO Laura Whitt-Winyard, Senior Vice President of Global Sales Amy Appleyard, CMO Dariusz Paczuski, Vice President of Cloud Operations Brian Morehead and Vice President of Corporate Demand Generation Brian Smith since May 2022 (see: Forescout Gets 4th CEO Since 2020, Hires Barry Mainz).
The latest cuts come almost exactly a year after Malwarebytes eliminated 14% of its global workforce, or about 125 employees, to prioritize growth with small and midsized customers. A month after that, Malwarebytes received a $100 million minority investment from private equity firm Vector Capital to accelerate momentum with channel partners and consolidate the company's ownership structure (see: Malwarebytes Gets $100M Weeks After Laying Off 14% of Staff).
Just last week, Malwarebytes bought online privacy startup Cyrus for an undisclosed amount to examine social media, dark web content and a person's online presence to flag early indicators of irregularities. Cyrus will become part of Malwarebytes' consumer business unit, which has been led by former Digital Trends and Corel executive Mark Beare since August 2022.
Malwarebytes has failed to gain much traction in the corporate endpoint security market, holding just 1% market share after growing its business by only 6.4% from $119.1 million in 2021 to $126.7 million in 2022, market intelligence firm IDC found. The company appeared in neither this winter's Gartner Magic Quadrant for Endpoint Protection nor last year's Forrester Wave for Endpoint Detection and Response.
Following in Symantec, McAfee's Footsteps
Today, Malwarebytes is the only U.S.-based endpoint security firm with both a consumer and enterprise arm. Symantec sold its enterprise unit to Broadcom for $10.7 billion in 2019 and merged its consumer team with Avast in 2022 to form Gen Digital. McAfee's enterprise unit and FireEye's product team came together in 2021 to form Trellix, and Advent and Permira bought McAfee's consumer division in 2022.
Once Malwarebytes separates its consumer and enterprise divisions, the only endpoint security firms serving both home users and businesses - Bitdefender, Eset and Kaspersky - will all be based in Europe. In the authentication and password management space, a number of companies - including 1Password, Aura, GoTo and LastPass - continue to serve both consumers and enterprises.
Kleczynski told ISMG in April that the lack of a dedicated security operations center can make it difficult for smaller organizations to benefit from security tools. To streamline security, he said, it's critical to have a user-friendly interface and experience that is easy to comprehend and understand (see: Strengthening Cybersecurity for Organizations Without a SOC).
"You can't expect an SMB to shell out hundreds of dollars per endpoint to just protect devices," Kleczynski said during RSA Conference 2023. "This needs to be a compelling and comprehensive offering - from email to DNS to vulnerability and patch management - trying to bring all of that into a single console, single pane of glass, for a pretty compelling price."