Sophos sheds 6% of staff after swallowing Secureworks

Nine days after completing its $859 million acquisition of managed detection and response provider Secureworks, Sophos has laid off around six percent of its staff.

In a statement to The Register, the infosec outfit told us the staff it’s let go are no longer needed now that Secureworks is no longer a public company. Sophos has also cut some roles that were duplicated across the two companies.

"Staff changes and redundancies are difficult at any time, and we deeply appreciate the contributions of our collective employees globally who have worked hard to bring both companies to where we are today," a spokesperson said.

The biz is privately held, and doesn’t disclose headcount, though reports suggest it has between 4,500 and 5,000 people on the payroll, meaning perhaps 300 layoffs were made.

The spokesperson also attributed some of the axing to the changing infosec landscape.

"In addition to aligning our business goals, changes in the cyberattack landscape are driving an urgent shift in security needs. With persistent increases in both targeted and opportunistic cyberattacks, organizations of any type and size are now battling both everyday cybercrime, such as identity theft, data theft and ransomware, and state sponsored attacks, which used to be more focused on specific enterprise or public sector targets."

• Sophos to snatch Secureworks in $859M buyout: Why fight when you can just buy?
• US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
• Second time lucky for Thoma Bravo, which scoops up Darktrace for $5.3B
• Identity access management has a new price: $6.9 billion

People familiar with the matter report that layoffs were made at both Sophos and Secureworks. We’re told by those we trust that departing folks were handled as well as is possible under the circumstances.

This is not the first time Secureworks staff have faced such a cull. In 2023, after a spate of hires during COVID-19 lockdowns, the biz laid off nine percent of staff – and then another 15 percent a little later.

Secureworks started in 1998 as a managed service provider for large corporates and bought up competitors before being swallowed by Dell in 2011 for $612 million as the hardware giant sought to diversify its business. A lackluster IPO followed five years later that left Dell the majority shareholder.

Sophos snapped up Secureworks last year, although the deal was only finalized on February 3 this year.

The takeover means private equity firm Thoma Bravo, which acquired Sophos for about $3.9 billion back in 2020, now has a portfolio of infosec investments it values at over $53 billion.

Its acquisitions include spending $12.3 billion for security and compliance vendor Proofpoint in 2021, and almost $7 billion for identity biz Sailpoint a year later. In 2024 it spent another $5.3 billion buying up enterprise security biz Darktrace. ®

Tell us what's going on at your IT security vendor – in confidence