CyberArk Announces Strong Third Quarter 2023 Results

Company Exceeds Expectations Across all Guided Metrics
Subscription Portion of Annual Recurring Revenue (ARR) of $504 million; Growth of 68% Year-over-Year
Total ARR of $705 million; Growth of 38% Year-over-Year
Subscription Revenue of $122.9 million in Q3; Growth of 65% Year-Over-Year
Record Total Revenue of $191.2 million in Q3 Exceeds Guidance; Growth Accelerating to 25% Year-Over-Year
Company Significantly Raises Full Year ARR Guidance to a Range of $758 million to $768 million from $743 million to $753 million

NEWTON, Mass. & PETACH TIKVA, Israel – November 2, 2023 – CyberArk (NASDAQ: CYBR), the identity security company, today announced strong financial results for the third quarter ended September 30, 2023.

“Strong execution and robust industry tailwinds drove our outperformance in the third quarter and our results significantly exceeded expectations across all guided metrics,” said Matt Cohen, CyberArk’s Chief Executive Officer. “We delivered one of the best financial performances in the company’s history in the third quarter and our business accelerated. Our identity security platform is gaining momentum in both our customer base and with new customers who recognize the critical requirement to secure all identities, human and machine, with intelligent privileged controls. The durable demand for our solutions is the result of the severe threat landscape paired with the exponential growth of identities and environments. We delivered robust net new ARR, 68 percent growth in Subscription ARR to $504 million and 38 percent growth in total ARR to $705 million. Our consistent execution, strong competitive position and confidence in the demand environment is best demonstrated by the significant increase in our full year ARR guidance. As the clear leader in identity security, we have a tremendous opportunity in front of us and are well positioned to deliver strong long-term growth, profitability and cash flow.”

Financial Summary for the Third Quarter Ended September 30, 2023

• Subscription revenue was $122.9 million in the third quarter of 2023, an increase of 65 percent from $74.2 million in the third quarter of 2022.
• Maintenance and professional services revenue was $64.3 million in the third quarter of 2023, compared to $64.6 million in the third quarter of 2022.
• Perpetual license revenue was $4.1 million in the third quarter of 2023, compared to $13.8 million in the third quarter of 2022.
• Total revenue was $191.2 million in the third quarter of 2023, up 25 percent from $152.7 million in the third quarter of 2022, outperforming guidance.
• GAAP operating loss was $(25.7) million and non-GAAP operating income was $16.9 million in the third quarter of 2023, outperforming guidance.
• GAAP net loss was $(14.6) million, or $(0.35) per basic and diluted share, in the third quarter of 2023. Non-GAAP net income was $19.6 million, or $0.42 per diluted share, in the third quarter of 2023, outperforming guidance.

Balance Sheet and Net Cash Provided by Operating Activities

• As of September 30, 2023, CyberArk had $1.2 billion in cash, cash equivalents, marketable securities, and short-term deposits.
• During the nine months ended September 30, 2023, the Company’s net cash provided by operating activities was $9.3 million.
• As of September 30, 2023, total deferred revenue was $423.1 million, a 12 percent increase from $376.1 million at September 30, 2022.

Key Business Highlights

• Annual Recurring Revenue (ARR) was $705 million, an increase of 38 percent from $512 million at September 30, 2022.
  • The Subscription portion of ARR was $504 million, or 72 percent of total ARR at September 30, 2023. This represents an increase of 68 percent from $301 million, or 59 percent of total ARR, at September 30, 2022.
  • The Maintenance portion of ARR was $200 million at September 30, 2023, compared to $211 million at September 30, 2022.
• Recurring revenue in the third quarter was $174.4 million, an increase of 36 percent from $128.5 million for the third quarter of 2022.

Recent Developments

• CyberArk was named a Leader in 2023 Gartner Magic Quadrant for Privileged Access Management.⁽¹⁾ CyberArk is recognized in this report for the fifth consecutive time.
• CyberArk launched Artificial Intelligence Center of Excellence to combat attacker innovation with identity security innovation.
• CyberArk was named a Leader in The Forrester Wave™: Privileged Identity Management, Q4 2023,⁽²⁾ receiving the top score in the ‘Current Offering’ category as well as the highest possible score in 16 criteria including: least privilege access, just-in-time access, development and DevOps support, threat detection and response, innovation and partner ecosystem.

Business Outlook

Based on information available as of November 2, 2023, CyberArk is issuing guidance for the fourth quarter and full year 2023 as indicated below.

Fourth Quarter 2023:

• Total revenue is expected to be in the range of $206.5 million and $211.5 million, representing growth of 22 percent to 25 percent compared to the fourth quarter of 2022.
• Non-GAAP operating income is expected to be in the range of $19.0 million to $23.0 million.
• Non-GAAP net income per share is expected to be in the range of $0.41 to $0.50 per diluted share.
  • Assumes 47.1 million weighted average diluted shares.

Full Year 2023:

• Total revenue is expected to be in the range of $735.3 million to $740.3 million, representing growth of 24 percent to 25 percent compared to the full year 2022.
• Non-GAAP operating income is expected to be in the range of $17.7 million to $21.7 million.
• Non-GAAP net income per share is expected to be in the range of $0.72 to $0.80 per diluted share.
  • Assumes 46.5 million weighted average diluted shares.
• ARR as of December 31, 2023 is expected to be in the range of $758 million to $768 million, representing growth of 33 percent to 35 percent from December 31, 2022.

Conference Call Information

In conjunction with this announcement, CyberArk will host a conference call on Thursday, November 2, 2023 at 8:30 a.m. Eastern Time (ET) to discuss the Company’s third quarter financial results and its business outlook. To access this call, dial +1 (888) 330-2455 (U.S.) or +1 (240) 789-2717 (international). The conference ID is 6515982. Additionally, a live webcast of the conference call will be available via the “Investor Relations” section of the company’s website at www.cyberark.com.

Following the conference call, a replay will be available for one week at +1 (800) 770-2030 (U.S.) or +1 (647) 362-9199 (international). The replay pass code is 6515982. An archived webcast of the conference call will also be available in the “Investor Relations” section of the company’s website at www.cyberark.com.

1 – Gartner® Magic Quadrant™ for Privileged Access Management, by Felix Gaehtgens, James Hoover, Michael Kelley, Brian Guthrie, Abhyuday Data, 5 September 2023
2 – The Forrester Wave™: Privileged Identity Management, Q4 2023 by Geoff Cairns, October 11, 2023

Key Performance Indicators and Non-GAAP Financial Measures

Annual Recurring Revenue (ARR)

• Annual Recurring Revenue (ARR) is defined as the annualized value of active SaaS, self-hosted subscription and maintenance contracts related to perpetual licenses in effect at the end of the reported period.

Subscription Portion of Annual Recurring Revenue

• Subscription portion of ARR is defined as the annualized value of active SaaS and self-hosted subscription contracts in effect at the end of the reported period. The subscription portion of ARR excludes maintenance contracts related to perpetual licenses.

Maintenance Portion of Annual Recurring Revenue

• Maintenance portion of ARR is defined as the annualized value of active maintenance contracts related to perpetual licenses. The Maintenance portion of ARR excludes SaaS and self-hosted subscription contracts in effect at the end of the reported period.

Recurring Revenue

• Recurring Revenue is defined as revenue derived from SaaS and self-hosted subscription contracts, and maintenance contracts related to perpetual licenses during the reported period.

Non-GAAP Financial Measures

CyberArk believes that the use of non-GAAP gross profit, non-GAAP operating expense, non-GAAP operating income (loss), non-GAAP net income (loss) and free cash flow is helpful to our investors. These financial measures are not measures of the Company’s financial performance under U.S. GAAP and should not be considered as alternatives to gross profit, operating loss, net loss or net cash provided by operating activities or any other performance measures derived in accordance with GAAP.

• Non-GAAP gross profit is calculated as GAAP gross profit excluding share-based compensation expense, amortization of intangible assets related to acquisitions, and impairment of capitalized software development costs.
• Non-GAAP operating expense is calculated as GAAP operating expenses excluding share-based compensation expense, acquisition related expenses and amortization of intangible assets related to acquisitions.
• Non-GAAP operating income (loss) is calculated as GAAP operating loss excluding share-based compensation expense, impairment of capitalized software development costs, acquisition related expenses and amortization of intangible assets related to acquisitions.
• Non-GAAP net income (loss) is calculated as GAAP net loss excluding share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, impairment of capitalized software development costs, amortization of debt discount and issuance costs, gain from investment in privately held companies, and the tax effect of non-GAAP adjustments.
• Free cash flow is calculated as net cash provided by operating activities less purchase of property and equipment.

The Company believes that providing non-GAAP financial measures that are adjusted by, as applicable, share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, impairment of capitalized software development costs, non-cash interest expense related to the amortization of debt discount and issuance cost, gain from investment in privately held companies, and the tax effect of the non-GAAP adjustments and purchase of property and equipment allows for more meaningful comparisons of its period to period operating results. Share-based compensation expense has been, and will continue to be for the foreseeable future, a significant recurring expense in the Company’s business and an important part of the compensation provided to its employees. Share based compensation expense has varying available valuation methodologies, subjective assumptions and a variety of equity instruments that can impact a company’s non-cash expense. The Company believes that expenses related to its acquisitions, amortization of intangible assets related to acquisitions, and non-cash interest expense related to the amortization of debt discount and issuance costs do not reflect the performance of its core business and impact period-to-period comparability. The Company believes free cash flow is a liquidity measure that, after the purchase of property and equipment, provides useful information about the amount of cash generated by the business.

Non-GAAP financial measures may not provide information that is directly comparable to that provided by other companies in the Company’s industry, as other companies in the industry may calculate non-GAAP financial results differently, particularly related to non-recurring, unusual items. In addition, there are limitations in using non-GAAP financial measures as they exclude expenses that may have a material impact on the Company’s reported financial results. The presentation of non-GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with U.S. GAAP. CyberArk urges investors to review the reconciliation of its non-GAAP financial measures to the comparable U.S. GAAP financial measures included below, and not to rely on any single financial measure to evaluate its business.

Guidance for non-GAAP financial measures excludes, as applicable, share-based compensation expense, acquisition related expenses, amortization of intangible assets related to acquisitions, non-cash interest expense related to the amortization of debt discount and issuance costs and the tax effect of the non-GAAP adjustments. A reconciliation of the non-GAAP financial measures guidance to the corresponding GAAP measures is not available on a forward-looking basis due to the uncertainty regarding, and the potential variability and significance of, the amounts of share-based compensation expense, amortization of intangible assets related to acquisitions, and the non-recurring expenses that are excluded from the guidance. Accordingly, a reconciliation of the non-GAAP financial measures guidance to the corresponding GAAP measures for future periods is not available without unreasonable effort.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes to the drivers of the Company’s growth and its ability to adapt its solutions to IT security market demands; fluctuation in the Company’s quarterly results of operations due to sales cycles and multiple pricing and delivery models; the Company’s ability to sell into existing and new customers and industry verticals; an increase in competition within the Privileged Access Management and Identity Security markets; unanticipated product vulnerabilities or cybersecurity breaches of the Company’s, or the Company’s customers’ or partners’ systems; complications or risks in connection with the Company’s subscription model, including uncertainty regarding renewals from its existing customer base, and retaining sufficient subscription or maintenance and support service renewal rates; risks related to compliance with privacy and data protection laws and regulations; risks regarding potential negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market fluctuations, rising interest rates, bank failures, inflation, and the potential for regional or global recessions; the Company’s ability to hire, train, retain and motivate qualified personnel; reliance on third-party cloud providers for the Company’s operations and SaaS solutions; the Company’s history of incurring net losses and its ability to achieve profitability in the future; risks related to the Company’s ongoing transition to a new Chief Executive Officer; risks related to sales made to government entities; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of strategic acquisitions; the duration and scope of the COVID-19 pandemic and its resulting effect on the demand for the Company’s solutions and on its expected revenue growth rates and costs; the Company’s ability to expand its sales and marketing efforts and expand its channel partnerships across existing and new geographies; regulatory and geopolitical risks associated with global sales and operations, as well as the location of our principal executive offices, most of our research and development activities and other significant operations in Israel; changes in regulatory requirements or fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; risks related to intellectual property claims or the Company’s ability to protect its proprietary technology and intellectual property rights; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

Gartner Disclaimers

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

​Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, Twitter, Facebook or YouTube.