It’s not the first time FireEye has blamed its poor performance on a lessening digital threat. Last year it said that a decline in Chinese cyber attacks following the country’s truce with the Obama administration had hurt its financial results. While critics initially scoffed at FireEye’s reasoning, citing a surge in attacks and increasing cyber dangers overall, the industry has since recognized similar trends. In June, FireEye released a report showing that breaches of U.S. businesses by China-based groups have plunged 90% over the past two years.

“While our services personnel are responding to more attacks this year than prior years, the scope and scale of these attacks is simply different,” FireEye (FEYE) CEO Kevin Mandia said on a quarterly earnings call Thursday afternoon. “The average duration and size of each incident response engagement was smaller than in years past.” Rather than having to respond to attacks on “thousands and thousands and thousands” of computers, he added, “suddenly, we’re doing forensics and deep-diving [on] four machines or five machines.”

Mandia said that widespread and persistent breaches designed to spy on a large number of computers—characteristic of cyberespionage and attacks by nation states—are declining, as hackers increasingly turn to ransomware and “extortion attacks,” often in an attempt to steal money, but then exit the system quickly. “That complexity isn’t that high in ransomware attacks where it’s obvious how you scope it, and what you do about it is sometimes less complex than the tenacious attacks by state-level actors and folks who want to maintain access,” he said.

Of course, that’s not good for FireEye, whose business model is based on responding to those large-scale breaches and selling security software to protect against and detect such threats. While FireEye’s second-quarter revenue rose 19% compared with the prior-year period, to $175 million, that was below the company’s forecast of $178 million to $185 million in sales. The company also announced layoffs of 300 to 400 of its employees as part of a broader cost-cutting and reorganization plan. The company’s former CEO David DeWalt resigned in May as FireEye continued to struggle.

But his successor Mandia, a widely respected authority on cross-border hacking whose company, Mandiant, was acquired by FireEye in 2013, has not been able to protect the company’s results from the trend in cyber attacks. Mandia admitted that he believes hackers’ current behavior is probably the “new reality.” “As the current threat environment shifts to smaller scoped breaches, some organizations may be opting for good enough over best-of-breed detection,” he said.

Indeed, computer security firm Symantec (SYMC) has also observed a trend towards attacks that are “are smaller, shorter, and target fewer recipients,” according to a recent report by that company. In the past three years, the number of email phishing campaigns has nearly doubled, but the number of people targeted in each has fallen by more than half, to an average of 11, Symantec said in the study. That doesn’t necessarily mean they are less dangerous, though: “With the length of time shortening, it’s clear that these types of attacks are becoming stealthier,” the report said.

As for FireEye’s prospects, Cowen analysts cited one potential catalyst that could juice the stock: “Possible additional high-profile breaches.” FireEye stock recovered somewhat Friday afternoon, trading down about 13%.