The Hits Keep Coming

I’ve said it for months, the layoff wave isn’t cresting, it’s accelerating. Yesterday Meta joined the pile. Eight thousand jobs, ten percent of the workforce, effective May 20. Same week, the BBC announced 2,000 cuts, ten percent of its people, £500 million out of the cost base, the deepest cut since 2011. A public broadcaster, not a hyperscaler. The contagion has jumped the fence.

Run the roll call. Oracle dropped an estimated 20,000 to 30,000 people in a single 6 a.m. email on March 31. Amazon erased 16,000 corporate roles in January. Microsoft just opened voluntary buyouts to seven percent of its U.S. workforce. Dell, 11,000. Block, 4,000, forty percent of staff. Atlassian, 1,600. Salesforce, 1,000 tied directly to AI automation. Snap, 1,000, sixteen percent. ASML, 1,700. Ericsson, 15,600 since 2023. TrueUp now clocks nearly 96,000 tech workers cut in 2026 alone, 864 per day, already outpacing last year’s 246,000.

The math is not complicated. Meta is pushing 2026 capex to between $115 billion and $135 billion, nearly double 2025. The Big Four, Amazon, Google, Meta, Microsoft, will cross $650 billion in combined capex this year, most of it data centers and AI infrastructure. Human headcount is being liquidated to fund silicon, real estate and power. This is not efficiency. It is a balance sheet transfer from labor to GPU.

Now comes the fraud. Layoffs light up all three legs of the fraud triangle at once. Pressure, people who just lost jobs, watched colleagues lose jobs, or are certain they are next. Opportunity, segregation of duties collapses when one survivor is doing the work of three, monitoring goes dark, offboarding queues back up, access lingers for weeks. Rationalization, they screwed me, I built this, I am owed. Every ACFE report says the same thing: occupational fraud losses are worst where tenure is long, morale is gutted and oversight is thin. That is the control environment you are building right now.

For my clients this means two things. If you run the firm, your 1099, offshore and MSP mix is the operating model you will be audited against next year, document it, govern it, and manage the vendor risk before a regulator or a claim does it for you. And understand that a thinning control environment means fewer hands on the keyboard, fewer eyes on the logs, and a wide-open window for external attackers and insiders who feel wronged. They know it before you do.

One question, when you do mass firing, does anyone think all the access to all the systems is killed promptly, or at all?? It’s not like the old days where killing access to Active Directory did it all for you, now it can sometimes be 2-8 (or more) individual systems that are teathered to your environment. Just an invitation to all hackers. 

The hits will keep coming. Plan like they will.