Identity & Access Management , Security Operations
Okta Lays Off 400 Employees in Second Round of Dismissals
The Identity Provider Experienced a String of Embarrassing Cybersecurity IncidentsOkta announced layoffs amounting to 7% of its workforce in a restructuring that will cost 400 employees their jobs. Thursday's disclosure is the second round of layoffs the San Francisco identity and access management giant has undergone in the past 12 months.
In a regulatory filing, the company said the new layoffs will likely result in a $24 million tab for employee severance and extended benefits costs.
In an email broadcast to employees published by CNBC, company CEO Todd McKinnon said the cuts are necessary to run the company with "greater efficiency."
"While we’ve taken steps in the right direction, the reality is that costs are still too high," McKinnon said. Okta stock is up nearly 1.8% as of midday trading.
In February 2023, the company axed 300 workers - then 5% of the workforce, blaming decisions that caused it to "overhire for the macroeconomic reality we're in today."
The company has experienced a string of embarrassing security incidents, including a September 2023 incident in which hackers stole details for all users of its primary customer support system, including a list of customer support system usernames and contact details (see: Okta Says Hacker Stole Every Customer Support User's Details).
In March 2022, a member of the teenager-dominated extortion group Lapsus$ gained access to Okta servers for five days through the compromised account of a third-party customer support engineer in an incident the company said had affected 2.5% of its customers.
The company in November announced a 90-day pause on product development and internal projects in a bid to beef up its security architecture. A company spokesperson did not return a request for comment on the status of the pause.
Today's announcement of layoffs comes one day after email security vendor Proofpoint announced a reduction in force amounting to 6% of its workforce (see: Proofpoint Lays Off 6% of Workforce, Offshores Jobs). The cybersecurity market entered a period of layoffs in 2022 following uncertain economic indicators and a shift in investor demands from growth to profitability.
The layoffs are an outcome of lower-growth years following a burst of new business instigated during the novel coronavirus pandemic, said Merritt Maxim, vice president and research director at Forrester. Okta's fiscal year ends Jan. 31.* In its third-quarter results, the company reported revenue of $584 million, a 21% increase year-over-year.
"There's still growth, it's just not at the level we saw," Maxim told Information Security Media Group. "The hyper-growth years that we saw during the pandemic are probably not going to reappear any time soon. The company also reported a net loss of $81 million during the third quarter. "They're not in danger of going out of business, but I do think they have some headwinds."
"It's possible the identity and access management industry is headed for a bout of consolidation, Maxim said, pointing to the burden on large companies to maintain relationships with individual companies that provide only one function, even if they do it well.
This round of layoffs by Okta is the fourth-largest by a pure-play cybersecurity company since the onset of the coronavirus pandemic. OneTrust let go of 950 employees in June 2022, and Rapid7 and Sophos each axed around 450 employees in 2023.
*Updated Feb. 1, 2024 21:51 UTC: Adds comments from Merritt Maxim
With reporting from Information Security Media Group's Michael Novinson in Massachusetts