Skip to main content
close search
site logo
Dive Brief

Okta to cut 7% of workforce as push to revamp security is underway

The layoffs come during the company’s 90-day overhaul to address lax security following a string of cyberattacks targeting Okta and its customers.

Published Feb. 1, 2024
Matt Kapko's headshot
Senior Reporter
Okta booth at RSA Conference on April 27, 2023 in San Francisco.
People assemble at Okta's booth at the RSA Conference on April 27, 2023 in San Francisco. Matt Kapko/Cybersecurity Dive
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Okta is slashing its workforce again, eliminating about 400 jobs, representing 7% of its headcount, the company said Thursday in a filing with the Securities and Exchange Commission. Okta declined to answer an inquiry about the specific roles and business units impacted.
  • The layoffs come one year after the company cut its workforce by 5%, eliminating jobs for about 300 employees.
  • “In order to grow profitably, we need to run the business with greater efficiency,” CEO Todd McKinnon said Thursday in an email to employees. “While we’ve taken steps in the right direction, the reality is that costs are still too high.” An Okta spokesperson confirmed the authenticity of the email, which was published by CNBC.

Dive Insight:

The single sign-on service is used by 18,800 organizations globally. Yet, the company has never reported a quarterly profit and security challenges have dogged the San Francisco-based company for years.

Okta initiated a security action plan in late-November after a cyberattack against the company exposed data on every Okta customer support system client. This followed a string of attacks against high-profile customer environments over the summer, and an attack against a third-party vendor, which exposed sensitive health information on nearly 5,000 current and former Okta employees.

In 2022, the company was breached by the extortion group Lapsus$, hit by a spree of phishing attacks, had its source code repositories on GitHub stolen, and determined primary and secondary customer data was exposed as a result of the August phishing attack against Twilio.

During the company’s Q3 earnings call in November, McKinnon admitted the company’s focus on infrastructure defense was sometimes inadequate and out of balance with other objectives such as company growth and product development.

He repeatedly affirmed the company’s commitment to make security its top priority.

“We have to do more. We know that Okta is one of the most targeted companies in the world,” McKinnon said during the earnings call. Okta has to “raise our game to be able to defend ourselves and our customers” against attacks.

Okta initiated a 90-day sprint in mid-November it calls “Program Bedrock” to address a culture of lax security. The company committed to a previous security action plan in April 2022 and said it completed those efforts in October 2022.

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell