CyberArk Announces Strong Second Quarter 2023 Results

Company Exceeds Guidance Across all Guided Metrics
Subscription Portion of Annual Recurring Revenue (ARR) of $451 million; Growth of 77% Year-Over-Year
Total ARR of $653 million; Growth of 40% Year-Over-Year
Subscription Revenue of $106.2 million in Q2; Growth of 61% Year-Over-Year
Total Revenue of $175.8 million in Q2 Exceeds Guidance; Growth of 24% Year-Over-Year
Company Raises Full Year ARR Guidance to a Range of $743 million to $753 million from $735 million to $745 million

Newton, Mass. and Petach Tikva, Israel – August 10 – CyberArk (NASDAQ: CYBR), the identity security company, today announced strong financial results for the second quarter ended June 30, 2023.

“We had a great quarter, beating our guidance across all metrics, which demonstrates the momentum in our business and the durability of demand for our identity security platform,” said Matt Cohen, CyberArk’s Chief Executive Officer. “We had a strong new business quarter and existing customers expanded across our identity security platform as we continue to deliver transformational value to customers, across hybrid and cloud environments. This drove robust net new ARR, with strong 77 percent growth in Subscription ARR to $451 million and 40 percent growth in total ARR to $653 million. The explosion of new identities, new environments and new attack methods has rapidly expanded the attack surface, creating an acute need for organizations to secure all identities, humans and machines. Today, organizations are turning to CyberArk to address their most pressing cybersecurity challenges. We have a tremendous opportunity in front of us and are executing our strategy. As the clear leader in identity security, we are well positioned to deliver strong long-term growth, profitability and cash flow.”

Financial Summary for the Second Quarter Ended June 30, 2023:

• Subscription revenue was $106.2 million in the second quarter of 2023, an increase of 61 percent from $66.0 million in the second quarter of 2022.
• Maintenance and professional services revenue was $64.6 million in the second quarter of 2023, compared to $65.3 million in the second quarter of 2022.
• Perpetual license revenue was $5.1 million in the second quarter of 2023, compared to $11.0 million in the second quarter of 2022.
• Total revenue was $175.8 million in the second quarter of 2023, up 24 percent from $142.3 million in the second quarter of 2022, outperforming guidance.
• GAAP operating loss was $(39.9) million and non-GAAP operating loss was $(5.6) million in the second quarter of 2023, outperforming guidance.
• GAAP net loss was $(25.8) million, or $(0.62) per basic and diluted share, in the second quarter of
• 2023Non-GAAP net income was $1.3 million, or $0.03 per diluted share, in the second quarter of 2023, outperforming guidance.

Balance Sheet and Net Cash Provided by Operating Activities:

• As of June 30, 2023, CyberArk had $1.2 billion in cash, cash equivalents, marketable securities, and short-term deposits.
• During the six months ended June 30, 2023, the Company’s net cash used in operating activities was $(5.0) million.
• As of June 30, 2023, total deferred revenue was $418.7 million, a 19 percent increase from $352.1 million at June 30, 2022.

Key Business Highlights:

• Annual Recurring Revenue (ARR) was $653 million, an increase of 40 percent from $465 million at June 30, 2022.
• The Subscription portion of ARR was $451 million, or 69 percent of total ARR at June 30, 2023. This represents an increase of 77 percent from $255 million, or 55 percent of total ARR, at June 30, 2022.
• The Maintenance portion of ARR was $201 million at June 30, 2023, compared to $210 million at June 30, 2022.
• Recurring revenue in the second quarter was $157.8 million, an increase of 31 percent from $120.4 million for the second quarter of 2022.

Recent Developments:

• Announced Artificial Intelligence (AI) and Automation innovations across CyberArk’s Identity Security Platform.
• Announced CyberArk Secure Browser, the first identity security based enterprise browser, enabling organizations to better protect employee and third-party access to enterprise resources.
• Announced launch of BT’s global Privileged Identity Security managed service, built exclusively on CyberArk’s identity security platform, delivering scalable and effective cybersecurity risk reduction.
• Released CyberArk 2023 Identity Security Threat Landscape Report, showing how technology innovation – including AI – is growing the number of identities, compounding ‘cyber debt’.
• Published third annual Environmental, Social and Governance (ESG) Report, in an ongoing commitment to building a diverse, equitable and sustainable organization.

Business Outlook

Based on information available as of August 10, 2023, CyberArk is issuing guidance for the third quarter and full year 2023 as indicated below

Third Quarter 2023:

• Total revenue is expected to be in the range of $181.5 million and $186.5 million, representing growth of 19 percent to 22 percent compared to the third quarter of 2022.
• Non-GAAP operating income is expected to be in the range of $4.0 million to $8.0 million.
• Non-GAAP net income per share is expected to be in the range of $0.19 to $0.27 per diluted share
  • Assumes 46.8 million weighted average diluted shares.

Full Year 2023:

• Total revenue is expected to be in the range of $726.0 million to $736.0 million, representing growth of 23 percent to 24 percent compared to the full year 2022.
• Non-GAAP operating income is expected to be in the range of breakeven to $9.0 million.
• Non-GAAP net income per share is expected to be in the range of $0.44 to $0.63 per diluted share.
  • Assumes 46.4 million weighted average diluted shares.
• ARR as of December 31, 2023 is expected to be in the range of $743 million to $753 million, representing growth of 30 percent to 32 percent from December 31, 2022.

Conference Call Information:In conjunction with this announcement, CyberArk will host a conference call on Thursday, August 10, 2023 at 8:30 a.m. Eastern Time (ET) to discuss the Company’s second quarter financial results and its business outlook. To access this call, dial +1 (888) 330-2455 (U.S.) or +1 (240) 789-2717 (international). The conference ID is 6515982. Additionally, a live webcast of the conference call will be available via the “Investor Relations” section of the company’s website at www.cyberark.com.Following the conference call, a replay will be available for one week at +1 (800) 770-2030 (U.S.) or +1 (647) 362-9199 (international). The replay pass code is 6515982. An archived webcast of the conference call will also be available in the “Investor Relations” section of the company’s website at www.cyberark.com.

About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn , Facebook or YouTube.

 

Key Performance Indicators and Non-GAAP Financial Measures

Annual Recurring Revenue (ARR)

• Annual Recurring Revenue (ARR) is defined as the annualized value of active SaaS, self-hosted subscription and maintenance contracts related to perpetual licenses in effect at the end of the reported period.

Subscription Portion of Annual Recurring Revenue

• Subscription portion of ARR is defined as the annualized value of active SaaS and self-hosted subscription contracts in effect at the end of the reported period. The subscription portion of ARR excludes maintenance contracts related to perpetual licenses.

Maintenance Portion of Annual Recurring Revenue

• Maintenance portion of ARR is defined as the annualized value of active maintenance contracts related to perpetual licenses. The Maintenance portion of ARR excludes SaaS and self-hosted subscription contracts in effect at the end of the reported period.

Recurring Revenue

• Recurring Revenue is defined as revenue derived from SaaS and self-hosted subscription contracts, and maintenance contracts related to perpetual licenses during the reported period.

Non-GAAP Financial Measures

CyberArk believes that the use of non-GAAP gross profit, non-GAAP operating expense, non-GAAP operating loss, non-GAAP net income/(loss) and free cash flow is helpful to our investors. These financial measures are not measures of the Company’s financial performance under U.S. GAAP and should not be considered as alternatives to gross profit, operating loss, net loss or net cash provided by operating activities or any other performance measures derived in accordance with GAAP.

• Non-GAAP gross profit is calculated as GAAP gross profit excluding share-based compensation expense, and amortization of intangible assets related to acquisitions.
• Non-GAAP operating expense is calculated as GAAP operating expenses excluding share-based compensation expense, acquisition related expenses and amortization of intangible assets related to acquisitions.
• Non-GAAP operating loss is calculated as GAAP operating loss excluding share-based compensation expense, acquisition related expenses and amortization of intangible assets related to acquisitions.
• Non-GAAP net income/(loss) is calculated as GAAP net loss excluding share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, amortization of debt discount and issuance costs, gain from investment in privately held companies, and the tax effect of non-GAAP adjustments.
• Free cash flow is calculated as net cash provided by (used in) operating activities less purchase of property and equipment.

The Company believes that providing non-GAAP financial measures that are adjusted by, as applicable, share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, non-cash interest expense related to the amortization of debt discount and issuance cost, gain from investment in privately held companies, and the tax effect of the non-GAAP adjustments and purchase of property and equipment allows for more meaningful comparisons of its period to period operating results. Share-based compensation expense has been, and will continue to be for the foreseeable future, a significant recurring expense in the Company’s business and an important part of the compensation provided to its employees. Share based compensation expense has varying available valuation methodologies, subjective assumptions and a variety of equity instruments that can impact a company’s non-cash expense. The Company believes that expenses related to its acquisitions, amortization of intangible assets related to acquisitions, and non-cash interest expense related to the amortization of debt discount and issuance costs do not reflect the performance of its core business and impact period-to-period comparability. The Company believes free cash flow is a liquidity measure that, after the purchase of property and equipment, provides useful information about the amount of cash generated by the business.

Non-GAAP financial measures may not provide information that is directly comparable to that provided by other companies in the Company’s industry, as other companies in the industry may calculate non-GAAP financial results differently, particularly related to non-recurring, unusual items. In addition, there are limitations in using non-GAAP financial measures as they exclude expenses that may have a material impact on the Company’s reported financial results. The presentation of non-GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with U.S. GAAP. CyberArk urges investors to review the reconciliation of its non-GAAP financial measures to the comparable U.S. GAAP financial measures included below, and not to rely on any single financial measure to evaluate its business.

Guidance for non-GAAP financial measures excludes, as applicable, share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, non-cash interest expense related to the amortization of debt discount and issuance costs and the tax effect of the non-GAAP adjustments. A reconciliation of the non-GAAP financial measures guidance to the corresponding GAAP measures is not available on a forward-looking basis due to the uncertainty regarding, and the potential variability and significance of, the amounts of share-based compensation expense, amortization of intangible assets related to acquisitions, and the non-recurring expenses that are excluded from the guidance. Accordingly, a reconciliation of the non-GAAP financial measures guidance to the corresponding GAAP measures for future periods is not available without unreasonable effort.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes to the drivers of the Company’s growth and its ability to adapt its solutions to IT security market demands; fluctuation in the Company’s quarterly results of operations due to sales cycles and multiple pricing and delivery models; the Company’s ability to sell into existing and new customers and industry verticals; an increase in competition within the Privileged Access Management and Identity Security markets; unanticipated product vulnerabilities or cybersecurity breaches of the Company’s, or the Company’s customers’ or partners’ systems; complications or risks in connection with the Company’s subscription model, including uncertainty regarding renewals from its existing customer base, and retaining sufficient subscription or maintenance and support service renewal rates; risks related to compliance with privacy and data protection laws and regulations; risks regarding potential negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market fluctuations, rising interest rates, bank failures, inflation, and the potential for regional or global recessions; the Company’s ability to hire, train, retain and motivate qualified personnel; reliance on third-party cloud providers for the Company’s operations and SaaS solutions; the Company’s history of incurring net losses and its ability to achieve profitability in the future; risks related to the Company’s ongoing transition to a new Chief Executive Officer; risks related to sales made to government entities; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of strategic acquisitions; the duration and scope of the COVID-19 pandemic and its resulting effect on the demand for the Company’s solutions and on its expected revenue growth rates and costs; the Company’s ability to expand its sales and marketing efforts and expand its channel partnerships across existing and new geographies; regulatory and geopolitical risks associated with global sales and operations, as well as the location of our principal executive offices, most of our research and development activities and other significant operations in Israel; changes in regulatory requirements or fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; risks related to intellectual property claims or the Company’s ability to protect its proprietary technology and intellectual property rights; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.