Newton, Mass. and Petach Tikva, Israel – November 6, 2019 – CyberArk, (NASDAQ: CYBR), the global leader in privileged access management, today announced strong financial results for the third quarter ended September 30, 2019.
“Q3 was another strong quarter for CyberArk,” said Udi Mokady, CyberArk Chairman and CEO. “We delivered revenue growth of 28%, a non-GAAP operating margin of 27% and signed 200 new customers. Our results demonstrate our strong execution, leadership position in the market and the robust demand environment for our solutions. Organizations around the world recognize that Privileged Access Management is critical to a successful security program and are leveraging CyberArk to secure access across on-premises, cloud, and hybrid environments as well as the DevOps pipeline.”
Financial Highlights for the Third Quarter Ended September 30, 2019
- Total revenue was $108.1 million, up 28% compared with the third quarter of 2018.
- License revenue was $57.9 million, up 25% compared with the third quarter of 2018.
- Maintenance and professional services revenue was $50.2 million, up 30% compared with the third quarter of 2018.
- GAAP operating income was $12.7 million, an increase from $8.8 million in the third quarter of 2018. Non-GAAP operating income was $29.4 million, an increase from $21.0 million in the third quarter of 2018.
- GAAP net income was $15.2 million, or $0.39 per diluted share, an increase from GAAP net income of $8.1 million, or $0.22 per diluted share, in the third quarter of 2018. Non-GAAP net income was $25.6 million, or $0.65 per diluted share, an increase from $17.8 million, or $0.48 per diluted share, in the third quarter of 2018.
The tables at the end of this press release include a reconciliation of GAAP to non-GAAP gross margin, operating income and net income for the three months and nine months ended September 30, 2019 and 2018. An explanation of these measures is also included below under the heading “Non-GAAP Financial Measures.”
Balance Sheet and Cash Flow:
- As of September 30, 2019, CyberArk had $555.1 million in cash, cash equivalents, marketable securities and short-term deposits. This compares to $451.2 million as of December 31, 2018 and $410.0 million at September 30, 2018.
- As of September 30, 2019, total deferred revenue was $177.3 million, a 30% increase from $136.0 million at September 30, 2018.
- During the nine months ended September 30, 2019, the Company generated $88.6 million in cash flow from operations, compared with $89.2 million in the first nine months of 2018.
Based on information available as of November 6, 2019, CyberArk is issuing guidance for the fourth quarter and increasing its guidance for the full year 2019 as indicated below.
Fourth Quarter 2019:
- Total revenue between $125.0 million and $127.0 million, representing 15% to 16% year-over-year growth.
- Non-GAAP operating income between $38.5 million and $40.0 million.
- Non-GAAP net income per share between $0.78 and $0.82 per diluted share.
- Assumes 39.2 million weighted average diluted shares.
Full Year 2019:
- Total revenue between $429.2 million and $431.2 million, representing 25% to 26% year-over-year growth.
- Non-GAAP operating income between $119.75 million and $121.25 million.
- Non-GAAP net income per share between $2.58 and $2.61 per diluted share.
- Assumes 39.1 million weighted average diluted shares.
Conference Call Information
CyberArk will host a conference call today, November 6, 2019 at 8:30 a.m. Eastern Time (ET) to discuss the company’s third quarter financial results and its business outlook. To access this call, dial +1 877-823-7693 (U.S.) or +1 647-689-4543 (international). The conference ID is 2039434. Additionally, a live webcast of the conference call will be available via the “Investor Relations” section of the company’s website at www.cyberark.com.
Following the conference call, a replay will be available for one week at +1 800-585-8367 (U.S.) or +1 416-621-4642 (international). The replay pass code is 2039434. An archived webcast of the conference call will also be available in the “Investor Relations” section of the company’s website at www.cyberark.com.
CyberArk (NASDAQ: CYBR) is the global leader in privileged access management, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.
Copyright © 2019 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
Non-GAAP Financial Measures
CyberArk believes that the use of non-GAAP gross profit, non-GAAP operating income and non-GAAP net income is helpful to our investors. These financial measures are not measures of the Company’s financial performance under U.S. GAAP and should not be considered as alternatives to gross profit, operating income or net income or any other performance measures derived in accordance with GAAP.
- Non-GAAP gross profit is calculated as gross profit excluding share-based compensation expense and amortization of intangible assets related to acquisitions.
- Non-GAAP operating income is calculated as operating income excluding share-based compensation expense, acquisition related expenses, facility exit and transition costs and amortization of intangible assets related to acquisitions.
- Non-GAAP net income is calculated as net income excluding share-based compensation expense, acquisition related expenses, facility exit and transition costs, amortization of intangible assets related to acquisitions, intra-entity IP transfer tax effect and the tax effect of other non-GAAP adjustments.
The Company believes that providing non-GAAP financial measures that exclude, as applicable, share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, facility exit and transition costs, intra-entity IP transfer tax effect and the tax effect of the non-GAAP adjustments allows for more meaningful comparisons of its period to period operating results. Share-based compensation expense has been and will continue to be for the foreseeable future, a significant recurring expense in the Company’s business and an important part of the compensation provided to its employees. Share based compensation expense has varying available valuation methodologies, subjective assumptions and a variety of equity instruments that can impact a company’s non-cash expense. The Company believes that expenses related to its acquisitions and amortization of intangible assets related to acquisitions, facility exit and transition costs and intra-entity IP transfer tax effect do not reflect the performance of its core business and impact period-to-period comparability.
Non-GAAP financial measures may not provide information that is directly comparable to that provided by other companies in the Company’s industry, as other companies in the industry may calculate non-GAAP financial results differently, particularly related to non-recurring, unusual items. In addition, there are limitations in using non-GAAP financial measures as they exclude expenses that may have a material impact on the Company’s reported financial results. The presentation of non-GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with U.S. GAAP. CyberArk urges investors to review the reconciliation of its non-GAAP financial measures to the comparable U.S. GAAP financial measures included below, and not to rely on any single financial measure to evaluate its business.
Guidance for non-GAAP financial measures excludes, as applicable, share-based compensation expense, acquisition related expenses, facility exit and transition costs, amortization of intangible assets related to acquisitions, intra-entity IP transfer tax effect and the tax effect of the other non-GAAP adjustments. A reconciliation of the non-GAAP financial measures guidance to the corresponding GAAP measures is not available on a forward-looking basis due to the uncertainty regarding, and the potential variability and significance of, the amounts of share-based compensation expense, amortization of intangible assets related to acquisitions, and the non-recurring expenses that are excluded from the guidance. Accordingly, a reconciliation of the non-GAAP financial measures guidance to the corresponding GAAP measures for future periods is not available without unreasonable effort.
Cautionary Language Concerning Forward-Looking Statements
This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the rapidly evolving cyber threat landscape; failure to effectively manage growth; potential near-term declines in our operating and net profit margins and our revenue growth rate; real or perceived shortcomings, defects or vulnerabilities in the Company’s solutions or internal network system, or the failure of the Company’s customers, channel partners, managed security service providers, or contractors to correctly implement, manage and maintain to correctly implement the Company’s solutions; fluctuations in quarterly results of operations; the inability to acquire new customers or sell additional products and services to existing customers; competition from a wide variety of IT security vendors; the Company’s ability to successfully integrate recent and or future acquisitions; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.