Content, Security Staff Acquisition & Development

Mimecast Plans Layoffs; Cyber Incident Investigation Continues

Peter Bauer, CEO, Mimecast
Peter Bauer, CEO, Mimecast

Mimecast has confirmed layoff plans and intends to cut 4 percent of staff, CEO Peter Bauer disclosed in Mimecast's quarterly earnings call today. Moreover, the email security provider continues to investigate a recent cybersecurity incident, though the company sounds confident that Mimecast's response to the issue has been effective.

In a prepared statement just ahead of the earnings call, Bauer said:

“We delivered solid growth and profitability this quarter, with key wins in the enterprise space and continued progress against our multi-product strategy. We are delivering increasingly strong cash flow and meaningful margin expansion. We expect continued top-line growth, but delivering growth at our long-term targets will take additional time and investment. We are prioritizing resources to better align with our strategy, including by implementing a reduction in force. We are confident these actions will help power the next evolution of our business.”

Then, during the earnings call, Bauer confirmed a staff cut plan that involves eliminating 80 positions -- or about four percent of Mimecast's workforce. "We did not make this decision lightly. However, we are confident that this is the right decision for the business, and essential to being able to invest in the right areas and achieve our goals," he said.

The layoffs will result in a restructuring charge of approximately $3.7 million in the fourth quarter of fiscal ‘21, CFO Rafe Brown said.

To accelerate growth, Mimecast will focus on a three-pronged strategy, Bauer added:

  • moving upmarket;
  • advancing a multiproduct strategy; and
  • creating "even stronger and easy to use engagements with the SMB market and our channel efficiency at scale."

Related: List of All Technology Industry Layoffs from ChannelE2E

Mimecast: Security Incident Investigation Status Update

Meanwhile, Mimecast disclosed a certificate compromise in mid-January, 2021. Fast forward to present day, and Bauer sounds confident that the company's response has been effective -- though the investigation is ongoing.

In the earnings statement, Bauer said:

“We are working quickly and thoughtfully to address our recently disclosed cyber incident, and are proactively prioritizing our customers’ protection and transparency. While our investigation is ongoing, we believe that the steps we have taken as part of our ongoing response have been effective. We will continue to examine and closely monitor our environment, collaborate closely with our customers and take appropriate actions to fortify their protections and strengthen their resilience.”

And then on the earnings call, Bauer added:

"Our top priority in responding to this incident has been protecting our customers and being transparent with them. As soon as we became aware of the situation we launched an internal investigation supported by leading third-party forensics experts and began coordinating all activities with law enforcement.

We also immediately began working with the handful of customers who were targeted on remediation measures and we have advised our customer base to take certain other precautionary actions to fortify their protections. Our customers and larger enterprises in particular understand that this is an unfortunate reality of operating today and they have been highly collaborative with us throughout this process.

We remain in close contact with them. We believe that the steps we are taking to isolate and remediate the identified threat has been effective. We continue to examine and closely monitor our environment. As previously disclosed our investigation has confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat factor. Our investigation is ongoing and will continue to communicate updates directly to our customers if warranted and where appropriate disclose in publicly on the Mimecast blog."

Mimecast Financials, Recent Security Acquisitions

For Mimecast's Q3 ended December 31, the company said:

  • Total revenue was $129.6 million, up 18 percent from Q3 the prior year.
  • Net income was $10.8 million, compared to $200,000 from Q3 the prior year.

Mimecast has been striving to grow both organically and via M&A. Key Mimecast acquisitions include:

  • July 2020: MessageControl, a phishing mitigation security provider for Microsoft 365 & MSP partners.
  • January 2020: Segasec to protect customers from fake websites, phishing scams, credential harvesting & impersonation attempts on the Web.
  • Ataata, for security awareness training and cyber risk management.

The company has also integrated with Microsoft Azure Sentinel, the cloud-based SIEM (security information and event management) platform.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.