CyberArk Announces First Quarter 2017 Results

First quarter total revenue of $59.0 million increases 26% year-over-year

Generates GAAP operating income of $6.0 million and non-GAAP operating income of $12.7 million

Newton, Mass. and Petach Tikva, Israel – May 11, 2017 – CyberArk, (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced financial results for the first quarter ended March 31, 2017.

“Our results demonstrate that new and existing customers around the world are embracing Privileged Account Security,” said Udi Mokady, CyberArk Chairman and CEO.  “The attack surface continues to expand across on-premises, cloud, and hybrid environments as well as DevOps processes.  With our comprehensive platform and commitment to innovation, we are best positioned to help organizations seamlessly protect privileged accounts and credentials across all enterprise environments.  We plan to continue to make strategic investments across the business that will strengthen our position as the market leader while we also deliver strong growth and profitability.”

Financial Highlights for the First Quarter Ended March 31, 2017

Revenue:

  • Total revenue was $59.0 million, up 26% compared with the first quarter of 2016.
  • License revenue was $33.0 million, up 20% compared with the first quarter of 2016.
  • Maintenance and professional services revenue was $26.0 million, up 34% compared with the first quarter of 2016.

Operating Income:

  • GAAP operating income was $6.0 million, compared to $6.2 million in the first quarter of 2016. Non-GAAP operating income was $12.7 million, compared to $10.7 million in the first quarter of 2016.

Net Income:

  • GAAP net income was $7.5 million, or $0.21 per diluted share, an increase from GAAP net income of $4.3 million, or $0.12 per diluted share, in the first quarter of 2016. Non-GAAP net income was $10.2 million, or $0.28 per diluted share, an increase from $8.3 million, or $0.23 per diluted share, in the first quarter of 2016.

The tables at the end of this press release include a reconciliation of GAAP to non-GAAP gross margin, operating income and net income for the three months ended March 31, 2017 and 2016. An explanation of these measures is also included below under the heading “Non-GAAP Financial Measures.”

Balance Sheet and Cash Flow:

  • As of March 31, 2017, CyberArk had $310.6 million in cash, cash equivalents, marketable securities and short-term deposits, compared to $295.5 million as of December 31, 2016.
  • During the first quarter of 2017, the Company generated $16.0 million in cash flow from operations, compared to $16.5 million in the first quarter of 2016.

Acquisition of Conjur:

  • Announced today the acquisition of Conjur, a provider of DevOps security software, extending CyberArk’s market opportunity deeper into the DevOps lifecycle to protect secrets and manage machine identities.

Business Outlook

Based on information available as of May 11, 2017, CyberArk is issuing guidance for the second quarter and full year 2017 as indicated below. Second quarter and full year 2017 revenue guidance does not include any incremental revenue from the acquisition of Conjur.  CyberArk has included in its guidance incremental cost of goods and operating expenses of approximately $1.0 million in the second quarter of 2017 and approximately $3.5 million for the full year of 2017 related to the acquisition of Conjur.

Second Quarter 2017:

  • Total revenue is expected to be in the range of $61.0 million to $62.0 million, which represents 21% to 23% year-over-year growth.
  • Non-GAAP operating income is expected to be in the range of $10.9 million to $11.7 million.
  • Non-GAAP net income per share is expected to be in the range of $0.23 to $0.25 per diluted share.  This assumes 36.3 million weighted average diluted shares.

Full Year 2017:

  • Total revenue is expected to be in the range of $268.5 million to $271.5 million, which represents 24% to 25% year-over-year growth.
  • Non-GAAP operating income is expected to be in the range of $55.0 million to $57.0 million.
    • Non-GAAP net income per share is expected to be in the range of $1.18 to $1.22 per diluted share. This assumes 36.4 million weighted average diluted shares.

Conference Call Information

CyberArk will host a conference call today, Thursday, May 11, 2017 at 4:30 p.m. Eastern Time (ET) to discuss the company’s first quarter financial results and its business outlook.  To access this call, dial +1 844-237-3590 (U.S.) or +1 484-747-6582 (international).  The conference ID is 3101633. Additionally, a live webcast of the conference call will be available via the “Investor Relations” section of the company’s web site at www.cyberark.com. Following the conference call, a replay will be available for one week at +1 855-859-2056 (U.S.) or +1 404-537-3406 (international). The replay pass code is 3101633. An archived webcast of the conference call will also be available in the “Investor Relations” section of the company’s web site at www.cyberark.com.

About CyberArk

CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the CyberArk blog, or follow on Twitter via @CyberArk, LinkedIn or Facebook.

Copyright © 2017 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

Non-GAAP Financial Measures

CyberArk believes that the use of non-GAAP gross profit, non-GAAP operating income and non-GAAP net income is helpful to our investors. These financial measures are not measures of the Company’s financial performance under U.S. GAAP and should not be considered as alternatives to gross profit, operating income or net income or any other performance measures derived in accordance with GAAP.

  • For the three months ended March 31, 2017 and March 31, 2016, non-GAAP gross profit is calculated as gross profit excluding share-based compensation expense and amortization of intangible assets related to acquisitions.
  • For the three months ended March 31, 2017 and March 31, 2016, non-GAAP operating income is calculated as operating income excluding share-based compensation expense, acquisition related expenses and amortization of intangible assets related to acquisitions.
  • For the three months ended March 31, 2017 and March 31, 2016, non-GAAP net income is calculated as net income excluding share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions and the tax effects related to the non-GAAP adjustments.

Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, the Company believes that providing non-GAAP financial measures that exclude acquisition related expenses, share-based compensation and amortization of intangible assets related to acquisitions allows for more meaningful comparisons of its period to period operating results. Share-based compensation expense has been, and will continue to be for the foreseeable future, a significant recurring expense in the Company’s business and an important part of the compensation provided to its employees. The Company believes that expenses related to its acquisitions and amortization of intangible assets related to acquisitions do not reflect the performance of its core business and impact period-to-period comparability.

Non-GAAP financial measures may not provide information that is directly comparable to that provided by other companies in the Company’s industry, as other companies in the industry may calculate non-GAAP financial results differently, particularly related to non-recurring, unusual items. In addition, there are limitations in using non-GAAP financial measures as they exclude expenses that may have a material impact on the Company’s reported financial results. The presentation of non-GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with U.S. GAAP. CyberArk urges investors to review the reconciliation of its non-GAAP financial measures to the comparable U.S. GAAP financial measures included below, and not to rely on any single financial measures to evaluate its business.

Cautionary Language Concerning Forward-Looking Statements

This release may contain forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions.  Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the rapidly evolving cyber threat landscape; real or perceived shortcomings, defects or vulnerabilities in the Company’s solutions or internal network system, or the failure of  the Company’s customers or channel partners to correctly implement the Company’s solutions; fluctuations in quarterly results of operations, including due to our failure to close significant sales before the end of a particular quarter; the inability to acquire new customers or sell additional products and services to existing customers; the reputational impact of any compromise to our internal IT network system; failure to effectively manage growth; competition from IT security vendors; the Company’s failure to effectively expand, train and retain our sales and marketing personnel; reliance on channel partners; failure to anticipate market needs and enhance the Company’s existing products or develop or acquire new products; the Company’s ability to successfully integrate recent and or future acquisitions; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

###