In a significant move, Russian cybersecurity giant Kaspersky has announced it will cease all operations in the United States, effective July 20. This decision comes in response to a recent U.S. Commerce Department ban on the sale of Kaspersky’s software, citing national security risks. The shutdown marks the end of nearly two decades of the company’s presence in the U.S. market.
Kaspersky’s withdrawal will result in the elimination of fewer than 50 U.S.-based positions. The company, headquartered in Moscow, stated that this decision was made after careful evaluation of the new U.S. legal requirements. “Kaspersky has been operating in the U.S. for close to 20 years, contributing to the nation’s strategic cybersecurity goals by safeguarding organizations and individuals from ever-evolving cyber threats,” the company said in its statement. However, it concluded that continuing business in the U.S. was no longer viable.
The ban, which was announced in June and described as “first of its kind,” prohibits Kaspersky from selling its software to U.S. consumers either directly or through resellers. The Commerce Department justified the ban by highlighting the potential risks posed by Kaspersky’s connections to the Russian government. Gina Raimondo, the U.S. Commerce Secretary, noted that Russia has both the capability and intent to exploit companies like Kaspersky to gather and weaponize personal information from Americans.
In addition to the sales ban, U.S. Treasury sanctions have been imposed on several senior Kaspersky executives, preventing them from conducting business with U.S. entities. Notably, Eugene Kaspersky, the company’s chief executive, was not among those sanctioned.
Kaspersky initially planned to challenge the ban, arguing that it posed no threat to U.S. national security. The company maintained that its software could not be used to access sensitive data deliberately. Kaspersky further contended that the U.S. government’s decision was based on geopolitical concerns rather than concrete evidence of risk. However, the Commerce Department stood by its findings, emphasizing the significant threat to national security posed by the company’s operations.
The phased implementation of the ban is intended to allow U.S. consumers time to transition to alternative cybersecurity solutions. By September 29, Kaspersky will no longer be able to push software or security updates to its U.S. customers, potentially degrading the effectiveness of its antivirus protection.
Kaspersky’s departure from the U.S. market marks the culmination of years of scrutiny by American authorities. The company’s troubles began in 2017 when the Trump administration banned the use of Kaspersky software across the federal government. This action followed an incident in which Russian hackers allegedly stole classified U.S. documents from a contractor’s computer that was running Kaspersky software.
Despite the company’s exit from the U.S. market, Kaspersky remains a prominent player in the global cybersecurity arena, known for its popular consumer antivirus products and respected research unit. In its farewell statement, Kaspersky emphasized that its business remains resilient and reaffirmed its commitment to protecting customers worldwide from cyber threats.
According to Bitsight, Kaspersky software is widely used in many countries outside the United States. The company holds a significant market share in countries like Germany, France, Italy, and Japan. Bitsight’s analysis revealed that nearly 25% of Fortune 1000 companies leverage Kaspersky products, and despite a federal ban, dozens of U.S. government organizations, including multiple federal agencies, appear to be using Kaspersky products. Globally, Kaspersky provides services to over 400 million users and 270,000 corporate clients across 200 countries and territories, with particularly strong user bases in Germany, Italy, India, and Algeria.
The U.S. ban on Kaspersky will significantly impact thousands of U.S.-based customers, who will need to transition to alternative cybersecurity solutions. This transition could be complex, costly, and disruptive, especially for larger organizations. It is crucial for U.S.-based security leaders to identify if their organizations or critical third-party vendors are using Kaspersky products and plan for a swift transition to maintain robust cybersecurity defenses.