Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan

Rapid7 (NASDAQ: RPD) is the latest cybersecurity vendor to announce layoffs, with the Boston-based firm announcing a restructuring plan late Tuesday that will result in an 18% reduction in employee headcount.

In total, approximately 500 employees could be impacted based on the roughly 2,700-person headcount at the end of 2022, with more than 700 people in its Boston headquarters.

The company also said in an SEC filing that it would close certain office locations, but did not disclose how many offices would be closed or what locations would be shuttered.

News of the layoffs came as the company reported strong Q2 2023 results, sending shares of the company higher by nearly 15% in after-hours trading on Tuesday.

The company ended the quarter with annualized recurring revenue (ARR) of $751 million, an increase of 14% year-over-year, and total revenue of $190 million, up 14% year-over-year. Products revenue came in at $182 million, also up 14% year-over-year.

“Revenue and Non-GAAP operating income exceeded our guidance ranges and we saw better than expected traction with our consolidation offerings as customers gravitate towards our integrated security operations platform”, Corey Thomas, Chairman and CEO of Rapid7, said in a statement.

“In order to build upon the momentum we’re seeing in security operations, today we announced a restructuring plan to position us to accelerate investments in becoming the leading provider of integrated security solutions for the modern SOC,” Thomas said. “In addition to enabling a higher quality customer experience, we expect the net results of these optimizations will support growth in the business while allowing us to double free cash flow in 2024.”

Designed to improve operational efficiencies, reduce operating costs, and better align its workforce with current business needs, top strategic priorities and growth opportunities, Rapid7 estimates that it will incur roughly $24-$32 million in charges in connection with the restructuring.

“Prior to making restructuring decisions, we engaged an external advisor to indicate the most impactful opportunities in our business,” Thomas wrote in an email to Rapid7 employees. “They determined that we could reduce the size of our business and improve efficiency, while remaining a growth-oriented company with capacity to make strategic customer investments.”

Earlier this year Rapid7 announced a deal to acquire Israeli anti-ransomware startup Minerva Labs for $38 million as part of plans to beef up its managed detection and response portfolio. The company also spent $335 million in 2021 to acquire threat intelligence firm Intsights, and $145 million in a deal to buy cloud security firm DivvyCloud in 2020.

In February 2023, Reuters reported that Rapid7 had been working with investment banking giant Goldman Sachs to explore options of a possible sale.

Rapid7 is not alone in announcing layoffs as companies scramble to cut costs in search of profitability and cash preservation. Other cybersecurity firms that have announced layoffs include OneTrust (950 staff, 25% of employees); Sophos (450, 10%); Lacework (300, 20%); Cybereason (200, 17%); OwnBackup (170, 17%); Dragos (50, 9%) and several others.

Related: Black Hat Preview: The Business of Cyber Takes Center Stage

Related: The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment