UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 20-F
☐
☒
☐
☐
REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
OR
For the fiscal year ended December 31, 2018
OR
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
OR
SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
Commission file number 001-36625
CYBERARK SOFTWARE LTD.
(Exact name of Registrant as specified in its charter)
ISRAEL
(Jurisdiction of incorporation or organization)
9 Hapsagot St.
Park Ofer B, P.O. BOX 3143
Petach-Tikva 4951040, Israel
(Address of principal executive offices)
�Joshua Siegel
Chief Financial Officer
Telephone: +972 (3) 918-0000
CyberArk Software Ltd.
9 Hapsagot St.
Park Ofer B, P.O. BOX 3143
Petach-Tikva 4951040, Israel
(Name, telephone, e-mail and/or facsimile number and address of company contact person)
Securities registered or to be registered pursuant to Section 12(b) of the Act:
Title of each class
Ordinary shares, par value NIS 0.01 per share
Name of each exchange on which registered
The NASDAQ Stock Market LLC
Securities registered or to be registered pursuant to Section 12(g) of the Act: None.
Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.
Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As
of December 31, 2018, the registrant had outstanding 36,838,523 ordinary shares, par value NIS 0.01 per share.
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
Yes ☒ No ☐
If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities
Exchange Act of 1934.
Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the
preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the
past 90 days.
Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation
S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).
Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer or an emerging growth company. See the
definitions of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer ☒
Accelerated filer ☐
Non-accelerated filer ☐
Emerging growth company ☐
If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use
the extended transition period for complying with any new or revised financial accounting standards† provided pursuant to Section 13(a) of the Exchange
Act. ☐
† The term “new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards
Codification after April 5, 2012.
Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:
U.S. GAAP ☒
International Financial Reporting Standards as issued by the
International Accounting Standards Board ☐
Other ☐
If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.
If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).
Yes ☐ No ☒
☐ Item 17 ☐ Item 18
�CYBERARK SOFTWARE LTD.
FORM 20-F
ANNUAL REPORT FOR THE FISCAL YEAR ENDED DECEMBER 31, 2018
TABLE OF CONTENTS
Introduction
Special Note Regarding Forward-Looking Statements
PART I
Item 1.
Identity of Directors, Senior Management and Advisers
Item 2.
Offer Statistics and Expected Timetable
Item 3.
Key Information
Item 4.
Information on the Company
Item 4A.
Unresolved Staff Comments
Item 5.
Operating and Financial Review and Prospects
Item 6.
Directors, Senior Management and Employees
Item 7.
Major Shareholders and Related Party Transactions
Item 8.
Financial Information
Item 9.
The Offer and Listing
Item 10.
Additional Information
Item 11.
Quantitative and Qualitative Disclosures About Market Risk
Item 12.
Description of Securities Other Than Equity Securities
Item 13.
Defaults, Dividend Arrearages and Delinquencies
Item 14.
Material Modifications to the Rights of Security Holders and Use of Proceeds
PART II
Item 15.
Controls and Procedures
Item 16A.
Audit Committee Financial Expert
Item 16B.
Code of Ethics
Item 16C.
Principal Accountant Fees and Services
Item 16D.
Exemptions from the Listing Standards for Audit Committees
Item 16E.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
Item 16F.
Change in Registrant’s Certifying Accountant
Item 16G.
Corporate Governance
Item 16H.
Mine Safety Disclosure
Item 17.
Financial Statements
Item 18.
Financial Statements
PART III
1
1
2
2
2
30
40
40
62
79
81
82
82
93
94
95
95
95
96
96
96
97
97
97
97
97
97
97
�Item 19.
Exhibits
98
�INTRODUCTION
In this annual report, the terms “CyberArk,” “we,” “us,” “our” and “the company” refer to CyberArk Software Ltd. and its subsidiaries.
This annual report includes statistical, market and industry data and forecasts, which we obtained from publicly available information and independent industry
publications and reports that we believe to be reliable sources. These publicly available industry publications and reports generally state that they obtain their
information from sources that they believe to be reliable, but they do not guarantee the accuracy or completeness of the information. Although we believe that
these sources are reliable, we have not independently verified the information contained in such publications. Certain estimates and forecasts involve uncertainties
and risks and are subject to change based on various factors, including those discussed under the headings “Special Note Regarding Forward-Looking Statements”
and “Item 3.D Risk Factors” in this annual report.
Throughout this annual report, we refer to various trademarks, service marks and trade names that we use in our business. The “CyberArk” design logo is the
property of CyberArk Software Ltd. CyberArk® is our registered trademark in the United States. We have several other trademarks, service marks and pending
applications relating to our solutions. In particular, although we have omitted the “®” and “™” trademark designations in this annual report from each reference to
our Privileged Access Security Solution, Enterprise Password Vault, Privileged Session Manager, Privileged Threat Analytics, CyberArk Privilege Cloud,
Application Access Manager, Conjur, Endpoint Privilege Manager, On-Demand Privileges Manager, secure Digital Vault, Web Management Interface, Master
Policy Engine and Discovery Engine, DNA, and C 3 Alliance, all rights to such names and trademarks are nevertheless reserved. Other trademarks and service
marks appearing in this annual report are the property of their respective holders.
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
In addition to historical facts, this annual report contains forward-looking statements within the meaning of Section 27A of the U.S. Securities Act of 1933, as
amended, or the Securities Act, Section 21E of the U.S. Securities Exchange Act of 1934, as amended, or the Exchange Act, and the safe harbor provisions of the
U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to risks and uncertainties, and include information about
possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify
forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,”
“potential,” or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their
nature:
•
•
•
•
•
•
•
•
•
•
•
our expectations regarding revenues generated by our hybrid sales model;
our expectations regarding our operating and net profit margins;
our expectations regarding significant drivers of our future growth;
our plans to continue to invest in research and development to enhance and develop existing and new on-premises and cloud-based products and services;
our plans to continue to invest in sales and marketing efforts and expand our channel partnerships across existing and new geographies;
our plans to hire additional new employees;
our plans to pursue and integrate additional strategic acquisitions;
our plans to leverage our global footprint in existing and new industry verticals to further expand our market share;
our plans to pursue incremental sales to existing customers;
our plans to further diversify our product deployments and licensing options; and
our expectations regarding our tax classifications.
1
�The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs,
assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based
upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or
achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In
particular, you should consider the risks provided under “Item 3.D Risk Factors” in this annual report.
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking
statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking
statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason
after the date of this annual report, to conform these statements to actual results or to changes in our expectations.
I TEM 1.
IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS
Not applicable.
I TEM 2.
OFFER STATISTICS AND EXPECTED TIMETABLE
PART I
Not applicable.
I TEM 3.
KEY INFORMATION
A. Selected Financial Data
The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with
“Item 5. Operating and Financial Review and Prospects” and our consolidated financial statements and related notes included elsewhere in this annual report.
Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with
U.S. Generally Accepted Accounting Principles, or U.S. GAAP.
2
�The selected consolidated statements of operations data for each of the years in the three-year period ended December 31, 2018 and the consolidated balance sheet
data as of December 31, 2017 and 2018 are derived from our audited consolidated financial statements appearing elsewhere in this annual report. The consolidated
statements of operations data for the years ended December 31, 2014 and 2015 and the consolidated balance sheet data as of December 31, 2014, 2015 and 2016
are derived from our audited consolidated financial statements that are not included in this annual report.
Consolidated Statements of Operations:
Revenues:
License
Maintenance and professional services
Total revenues
Cost of revenues:
License
Maintenance and professional services
Total cost of revenues(2)
Gross profit
Operating expenses:
Research and development(2)
Sales and marketing(2)
General and administrative(2)
Total operating expenses
Operating income
Financial income (expenses), net
Income before taxes on income
Taxes on income
Net income
Basic net income per ordinary share(3)
Diluted net income per ordinary share(3)
2014
$
61,320 $
41,679
102,999
2,654
12,053
14,707
88,292
14,400
44,943
8,495
67,838
20,454
(5,988)
14,466
(4,512)
9,954 $
0.46 $
0.34 $
$
$
$
Year ended December 31,
2016
(in thousands except share and per share data)
2015
2017
100,113 $
60,699
160,812
5,088
17,572
22,660
138,152
21,734
66,206
16,990
104,930
33,222
(1,479)
31,743
(5,949)
25,794 $
0.80 $
0.73 $
131,530 $
85,083
216,613
4,726
25,425
30,151
186,462
34,614
93,775
22,117
150,506
35,956
245
36,201
(8,077)
28,124 $
0.83 $
0.78 $
147,640 $
114,061
261,701
7,911
33,937
41,848
219,853
42,389
126,739
30,399
199,527
20,326
4,103
24,429
(8,414)
16,015 $
0.46 $
0.44 $
2018(1)
192,514
150,685
343,199
10,526
37,935
48,461
294,738
57,112
148,290
42,044
247,446
47,292
4,551
51,843
(4,771)
47,072
1.30
1.27
Weighted average number of ordinary shares used in computing
basic net income per ordinary share(3)
13,335,059
32,124,772
33,741,359
34,824,312
36,174,316
Weighted average number of ordinary shares used in computing
diluted net income per ordinary share(3)
29,704,730
35,322,716
35,838,863
36,175,824
37,065,727
3
�2014
2015
As of December 31,
2016
(in thousands)
2017
2018(1)
Consolidated Balance Sheet Data:
Cash, cash equivalents, marketable securities and short-term
bank deposits
Deferred revenue, current and long term
Working capital(4)
Total assets
Total shareholders’ equity
$
177,181 $
32,160
156,829
210,552
155,008
238,252 $
54,389
197,095
334,424
246,670
295,475 $
73,506
235,010
403,031
296,216
330,340 $
105,235
251,247
502,576
353,965
451,244
149,534
338,340
673,620
466,770
(1)
On January 1, 2018, we adopted Accounting Standard Update (“ASU”) No. 2014-09, Revenue from Contracts with Customers Topic 606 (“ASC No.
606”) using the modified retrospective method. Results for reporting periods beginning after January 1, 2018 are presented under ASC No. 606, while
prior period results are not adjusted and continue to be reported in accordance with historic accounting under Revenue Recognition Topic 605 (“ASC No.
605”). See Note 2(n) to our consolidated financial statements included elsewhere in this report for further information.
(2)
Includes share-based compensation expense as follows:
Cost of revenues
Research and development
Sales and marketing
General and administrative
2014
2015
Year ended December 31,
2016
(in thousands )
2017
2018
$
137 $
172
347
917
499 $
1,507
2,214
2,829
1,386 $
4,660
5,765
5,724
2,289 $
6,110
8,642
8,196
3,350
7,922
12,708
11,984
Total share-based compensation expenses
$
1,573 $
7,049 $
17,535 $
25,237 $
35,964
(3)
(4)
Basic and diluted net income per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period.
For additional information, see note 13 to our consolidated financial statements included elsewhere in this annual report.
We define working capital as total current assets minus total current liabilities. In 2015, we adopted ASU No. 2015-17, Income Taxes (Topic 740):
Balance Sheet Classification of Deferred Taxes (ASU 2015-17) retrospectively and reclassified all of our current deferred tax assets to noncurrent
deferred tax assets on our consolidated balance sheets data for all periods presented. As a result of such reclassifications, certain noncurrent deferred tax
liabilities as of December 31, 2014 were netted with noncurrent deferred tax assets.
4
�Non-GAAP gross profit, non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP gross profit,
non-GAAP operating income and non-GAAP net income as gross profit, operating income and net income, respectively, which each exclude (i) share-
based compensation expense and (ii) amortization of intangible assets related to acquisitions. Non-GAAP operating income also excludes (i) expenses
related to the March 2015 public offering of ordinary shares by certain of our shareholders and to the June 2015 public offering of ordinary shares by us
and certain of our shareholders, (ii) expenses related to acquisitions and (iii) expenses related to facility exit and transition costs. Non-GAAP net income
also excludes (i) financial expenses resulting from the revaluation of warrants to purchase preferred shares, (ii) tax effects related to the non-GAAP
adjustments set forth above, (iii) tax effects related to the impact to our deferred tax assets as a result of the U.S. Tax Cuts and Jobs Act 2017 (the “Tax
Act”) and (iv) intra-entity intellectual property transfer tax effects. The following tables reconcile operating income and net income, the most directly
comparable U.S. GAAP measures, to non-GAAP operating income and non-GAAP net income for the periods presented:
Reconciliation of Gross Profit to Non-GAAP Gross Profit:
Gross profit
Share-based compensation - Maintenance and professional
services
Amortization of intangible assets – License
$
88,292 $
138,152 $
186,462 $
219,853 $
294,738
137
-
499
359
1,386
1,420
2,289
4,213
3,350
5,563
2014
2015
2016
(in thousands )
2017
2018
Non-GAAP Gross profit
$
88,429 $
139,010 $
189,268 $
226,355 $
303,651
Reconciliation of Operating Income to Non-GAAP Operating
Income:
Operating income
Share-based compensation
Public offering related expenses
Acquisition related expenses
Amortization of intangible assets – Cost of revenues
Amortization of intangible assets – Research and development
Amortization of intangible assets – Sales and marketing
Facility exit and transition costs
$
2014
2015
2016
(in thousands )
2017
2018
20,454 $
1,573
—
—
—
—
—
—
33,222 $
7,049
1,568
677
359
749
17
—
35,956 $
17,535
—
—
1,420
1,913
1,190
—
20,326 $
25,237
—
686
4,213
—
1,046
342
47,292
35,964
—
268
5,563
—
793
580
Non-GAAP operating income
$
22,027 $
43,641 $
58,014 $
51,850 $
90,460
5
� $
Reconciliation of Net Income to Non-GAAP Net Income:
Net income
Share-based compensation
Warrant adjustment
Public offering related expenses
Acquisition related expenses
Amortization of intangible assets – Cost of revenues
Amortization of intangible assets – Research and development
Amortization of intangible assets – Sales and marketing
Facility exit and transition costs
Taxes on income related to non-GAAP adjustments
Change in the U.S. federal tax rate
Intra-entity intellectual property transfer tax effect, net
2014
2015
Year ended December 31,
2016
(in thousands)
2017
2018
9,954 $
1,573
4,309
—
—
—
—
—
—
—
—
—
25,794 $
7,049
—
1,568
677
359
749
17
—
(951)
—
—
28,124 $
17,535
—
—
—
1,420
1,913
1,190
—
(4,937)
—
—
16,015 $
25,237
—
—
686
4,213
—
1,046
342
(12,226)
6,582
—
47,072
35,964
—
—
268
5,563
—
793
580
(15,485)
—
1,768
Non-GAAP net income
$
15,836 $
35,262 $
45,245 $
41,895 $
76,523
For a description of how we use non-GAAP gross profit, non-GAAP operating income and non-GAAP net income to evaluate our business, see “Item 5. Operating
and Financial Review and Prospects—Key Financial Metrics.” We believe that these non-GAAP financial measures are useful in evaluating our business because
of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expenses and
because they exclude one-time cash expenditures that do not reflect the performance of our core business. We believe that providing non-GAAP gross profit, non-
GAAP operating income and non-GAAP net income that exclude, as appropriate, share-based compensation expenses, expenses relating to public offerings of our
ordinary shares, expenses related to facility exit and transition costs, financial expenses resulting from the valuation of warrants to purchase preferred shares,
expenses related to acquisitions, amortization of intangible assets related to acquisitions, intra-entity intellectual property transfer tax effects, tax effects related to
the impact to our deferred tax assets as a result of the Tax Act and the tax effects related to these non-GAAP adjustments allows for more meaningful comparisons
between our operating results from period to period. Share-based compensation expense has been, and will continue to be for the foreseeable future, a significant
recurring expense in our business and an important part of the compensation we provide to employees. Additionally, excluding financial expenses with respect to
revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were
exercised in connection with our initial public offering, they are no longer revalued at each balance sheet date. We also believe that expenses related to the public
offerings of our ordinary shares in March 2015 and June 2015, expenses related to our acquisitions, expenses related to facility exit and transition costs,
amortization of intangible assets related to acquisitions, tax effects related to the impact to our deferred tax assets as a result of the Tax Act, intra-entity intellectual
property transfer tax effects and the tax effects related to the non-GAAP adjustments set forth above do not reflect the performance of our core business and would
impact period-to-period comparability.
Other companies, including companies in our industry, may calculate non-GAAP operating income and non-GAAP net income differently or not at all, which
reduces their usefulness as a comparative measure. You should consider non-GAAP operating income and non-GAAP net income along with other financial
performance measures, including operating income and net income, and our financial results presented in accordance with U.S. GAAP.
6
� B. Capitalization and Indebtedness
Not applicable.
C. Reasons for the Offer and Use of Proceeds
Not applicable.
D. Risk Factors
Risks Related to Our Business and Our Industry
The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape and the continuing use of hybrid on-premises and cloud-
based infrastructure. Our sales may not continue to grow at current rates or may decline, and our share price could decrease as a result of market and industry
developments we do not anticipate.
We operate in a rapidly evolving industry focused on securing organizations’ IT systems and sensitive data. Our solutions focus on safeguarding privileged
accounts, credentials, and secrets, which are those accounts within an organization that give users, applications, and machine identities the highest levels of access,
or “privileged” access, to IT systems, on-premises and cloud-based infrastructure, industrial control systems, applications and data. While breaches of such
privileged accounts continue to gain media attention in recent years, IT security spending within enterprises is often concentrated on endpoint and network security
products designed to stop threats from penetrating corporate networks. Organizations that use these security products may allocate all or most of their IT security
budgets to these products and may not adopt our solutions in addition to such products. Organizations are moving portions of their data to be managed by third
parties, primarily infrastructure, platform and application service providers, and may rely on such providers’ internal security measures. Further, security solutions
such as ours, which are focused on disrupting cyber attacks by insiders and external perpetrators that have penetrated an organization’s on-premises infrastructure
or cloud estate, represent a security layer designed to respond to advanced threats and more rigorous compliance standards and audit requirements. However,
advanced cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations’ sensitive data. As our
customers’ technologies and business plans evolve and become more complex, we expect them to face new and increasingly sophisticated methods of attack. We
face significant challenges in ensuring that our solutions effectively identify and respond to such attacks without disrupting the performance of our customers’ IT
systems. As a result, we must continually modify and improve our products, services, and licensing models in response to market and technology trends to ensure
we are meeting market needs and continue providing valuable solutions that can be deployed in a variety of environments, including cloud and hybrid.
We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop or acquire product enhancements or new
products to meet such needs or opportunities in a timely manner or at all. Even if we are able to anticipate, develop and commercially introduce new products and
product enhancements such as CyberArk Privilege Cloud and Privileged Session Manager for Cloud, there can be no assurance that such enhancements or new
products will achieve widespread market acceptance. Delays in developing, completing or delivering new or enhanced products could cause our offerings to be less
competitive, impair customer acceptance of our solutions and result in delayed or reduced revenue for our solutions.
In addition, any changes in compliance standards or audit requirements that reduce the priority for the types of controls, security, monitoring and analysis that our
solutions provide would adversely impact demand for our solutions. It is therefore difficult to predict how large the market will be for our solutions. If solutions
such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our solutions as a critical layer of an effective security
strategy, then our revenues may not continue to grow at their current rate or may decline, which could cause our share price to decrease in value .
Our quarterly results of operations may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter
or unexpected changes in the sales volumes we expect across certain quarters and geographies. We may, as a result, fail to meet publicly announced financial
guidance or other expectations about our business, which could cause our ordinary shares to decline in value.
A meaningful portion of our quarterly revenues is generated through deals of significant size, and purchases of our products and services often occur at the end of
each quarter. We also typically experience seasonality in our sales, particularly demonstrated by increased sales in the last quarter of the year. In addition, our sales
cycle can be intensively competitive and last several quarters from proof of concept to delivery of our solutions to our customers. This sales cycle can be even
longer, less predictable and more resource-intensive for larger sales, or with customers implementing complex digital transformation strategies or facing a complex
set of compliance and user requirements, that need to be met and confirmed during the sales cycle. Customers may also require additional internal approvals or
seek to test our products for a longer trial period before deciding to purchase our solutions. Furthermore, even if we close a sale during a given quarter, we may be
unable to recognize the revenues derived from such sale during the same period due to our revenue recognition policy. See “Item 5.A. Operating and Financial
Review and Prospects—Operating Results—Application of Critical Accounting Policies and Estimates—Revenue Recognition.”
7
�As a result, the timing of closing sales cycles and the resulting revenue from such sales can be difficult to predict. In some cases, sales have occurred in quarters
subsequent to those we anticipated, or have not occurred at all. All of these factors impact our quarterly results and our ability to accurately predict them, and may
lead to difficulties in meeting market expectations regarding our actual results. If our financial results for a particular period do not meet our guidance or if we
reduce our guidance for future periods, the market price of our ordinary shares may decline.
In addition to the sales cycle-related fluctuations set forth above, our results of operations may continue to vary as a result of a number of factors, many of which
may be outside of our control or difficult to predict, including:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
our ability to attract new customers;
our ability to retain existing customers by and through renewals of maintenance and subscription license agreements. Additionally, and because we
recognize revenue from our software maintenance over the term of the engagement, downturns or upturns in renewals may not be immediately reflected
in our operating results until future periods. For example, a decline in renewals for software maintenance in any single quarter may have a small impact
on our revenue for that quarter, however, such a decline will negatively affect our revenue in future quarters;
our ability to sell additional products to current customers;
the ability of our service operation, performed independently or through our service providers, to keep pace with license sales to new and existing
customers and to satisfy customer demands for consultancy and professional services;
the amount and timing of our operating costs;
a change in our mix of products and services;
our ability to successfully expand our business globally;
a disruption in, or termination of, our relationship with channel partners;
the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the
information security market, including consolidation among our customers or competitors;
increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates or changes in taxes or other applicable regulations (See
“—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations”);
introduction of new accounting pronouncements or changes in our accounting policies or practices;
changes in the nature and methodology of cyber attacks and other threats to corporate data;
changes in customer or channel partner requirements or market needs;
changes in our pricing policies or those of our competitors;
changes in the growth rate of the information security market;
general economic conditions in our markets; and
the size and discretionary nature of our prospective and existing customers’ IT budgets.
8
�Any of these factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These
fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any given period. If we fail to meet such
expectations for these or other reasons, the market price of our ordinary shares could decrease substantially.
Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the provision of our
services, or due to the failure of our customers, channel partners, managed security service providers, or subcontractors to correctly implement, manage and
maintain our solutions, resulting in loss of existing or new customers, lawsuits or financial losses.
Security products and solutions are complex in design and deployment, and may contain errors that are not capable of being remediated or detected until after their
deployment. Any errors, defects, or misconfigurations could cause our products or services to not meet specifications, be vulnerable to security attacks or fail to
secure networks and could negatively impact customer operations. If we fail to identify and respond to new and increasingly complex methods of attack on
privileged accounts and update our products to detect or prevent such threats effectively, which may require significant resources, our business and reputation will
suffer. In particular, we may suffer significant adverse publicity and reputational harm if our solutions (or the services we provide in relation to our solutions) are
associated, or are believed to be associated, with a significant breach or a breach at a high profile customer or managed service provider network, or in the event of
a breach in third party systems utilized by us as part of our cloud-based security solution.
In addition, our Endpoint Privilege Manager and new CyberArk Privilege Cloud solutions are made available to our customers as software as a service (“SaaS”).
Providing SaaS involves storage and transmission of customers’ proprietary information related to their assets and users. Security breaches or product defects in
our SaaS solutions could result in loss or alteration of this data, unauthorized access to multiple customers’ data and compromise of our networks or our customer’s
networks secured by our SaaS solutions . Additionally, if such a security breach occurs that results in the disruption or loss of availability, integrity or
confidentiality of customers’ data, we could incur significant liability to our customers and to businesses or individuals whose information was being stored by our
customers.
Further, the third party data hosting facilities used for the provision of our SaaS solutions are vulnerable to damages, interruptions or other unanticipated problems
that could result in disruption in the provision of these solutions. Any disruptions or other performance problems with our SaaS solutions could harm our reputation
and business, damage our customers’ businesses, subject us to potential liability, cause customers to terminate or not renew their subscriptions to our SaaS
solutions and make it more challenging for us to acquire new customers.
False detection of threats (referred to as “false positives”), while typical in our industry, may reduce perception of the reliability of our products and may therefore
adversely impact market acceptance of our products. If our solutions restrict legitimate privileged access by authorized personnel to IT systems and applications by
falsely identifying those users as an attack or otherwise unauthorized, our customers’ businesses could be harmed. There can be no assurance that, despite our
testing efforts, errors will not be found in existing and new versions of our products, resulting in loss of or delay in market acceptance. In such instances, we may
be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct such problem.
As our solutions not only reinforce but also rely on the common security concept of placing multiple layers of security controls throughout an IT system. The
failure of our customers, channel partners, managed service providers or subcontractors to correctly implement and effectively manage and maintain our solutions
(and the environments in which they are utilized), or to consistently implement and utilize generally accepted and comprehensive, multi-layered security measures
and processes in the customer networks, may lessen the efficacy of our solutions. Additionally, our customers or our channel partners may independently develop
plug-ins or change existing plug-ins or APIs that we provided to them for interfacing purposes in an incorrect or insecure manner. Such failures or actions may lead
to breaches of our customers’ IT systems and loss or alteration of sensitive data or systems, and potentially to a perception that our solutions failed. Further, our
failure to provide our customers and channel partners with adequate services or inaccurate product documentation related to the use, implementation and
maintenance of our solutions, could lead to claims against us.
9
�An actual or perceived cyber attack, other security breach or theft of our customers’ data, regardless of whether the breach or theft is attributable to the failure of
our products, SaaS solutions or the services we provided in relation thereto, could adversely affect the market’s perception of the efficacy of our solutions, and
current or potential customers may look to our competitors for alternatives to our solutions. An actual or perceived failure of our products, SaaS solutions or our
failure to provide adequate services to our customers and channel partners, may also subject us to lawsuits, indemnity claims and financial losses, as well as the
expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. In addition, provisions in our license agreements that attempt to
limit our liabilities towards our customers, channel partners and relevant third parties may not withstand legal challenges, and certain liabilities may not be limited
or capped. Additionally, any insurance coverage we may have may not adequately cover all claims asserted against us, or cover only a portion of such claims. An
actual or perceived cyber attack could also cause us to suffer reputational harm, lose existing customers and potential new customers, or deter new and existing
customers from purchasing our solutions, additional products or our services.
If we are unable to acquire new customers or sell additional products and services to our existing customers, our future revenues and operating results will be
harmed.
Our success and continued growth depend, in part, on our ability to acquire a sufficient number of new customers. The number of customers that we add in a given
period impacts both our short and long-term revenues. Similarly, a majority of our license revenues is generated from sales to existing customers. If we are unable
to attract a sufficient number of new customers or fail to continue to sell new licenses and incremental licenses to our existing customers, we may be unable to
generate revenue growth at desired rates.
Although we continue to introduce and acquire new products, we derive and expect to continue to derive a substantial majority of our revenue from customers
using our Core Privileged Access Security offering. Our inability to increase sales of our Core Privileged Access Security offering, including additional software
licenses, associated maintenance and support and professional services, or a decline in prices of our Core Privileged Access Security offering would harm our
business and operating results more seriously than if we derived significant revenues from a variety of different products.
In addition, we have several other products, including Application Access Manager, Endpoint Privilege Manager and CyberArk Privilege Cloud that make up a
smaller portion of our revenue. It is uncertain whether these products will increase their share of revenue generation or gain market acceptance or will compensate
for loss of revenues due to any inability to increase sales of our Core Privileged Access Security offering.
We devote significant efforts to developing, marketing and selling additional licenses and associated maintenance and support to existing customers and rely on
these efforts for a portion of our revenues, and to a lesser extent, renewing term based license agreements. These efforts require a significant investment in building
and supporting customer relationships, as well as significant research and development efforts in order to provide product upgrades and launch new products.
Further, as part of the natural lifecycle of our products, we may determine that certain products will be reaching their end of development or end of life and will no
longer be supported or receive updates and security patches. Failure to effectively manage our product lifecycles could lead to existing customer dissatisfaction and
contractual liabilities.
As we expand our market reach to gain new business, including expanding sales of our products to medium-sized commercial organizations and securing DevOps
environments, we may experience difficulties in gaining traction and raising awareness among potential customers regarding the critical role that our solutions play
in securing their organizations, or may face more competitive pressure in such markets. In particular with DevOps, even if we are successful in promoting the need
for securing accounts in DevOps environments, potential customers may prefer to use our open source version of the Conjur solution which we released in 2017,
instead of purchasing a license for the comprehensive DevOps security solution we offer, and we may be unable to generate revenue growth at desired rates.
As a result, it may be difficult for us to add new customers to our customer base and to retain our existing customers. Competition in the marketplace may lead us
to acquire fewer new customers or result in us providing discounts and other commercial incentives to new or existing customers.
Additional factors that impact our ability to acquire new customers or sell additional products and services to our existing customers include the perceived need for
IT security, the size of our prospective and existing customers’ IT budgets, the utility and efficacy of our existing and new offerings, whether proven or perceived,
changes in our pricing model that may impact the size of new business transactions, and general economic conditions. These factors may have a material negative
impact on future revenues and operating results.
10
�We face intense competition from a wide variety of IT security vendors operating in different market segments and across diverse IT environments, which may
challenge our ability to maintain or improve our competitive position or to meet our planned growth rates.
The IT security market in which we operate is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and
services, and evolving security threats. We compete with a multitude of companies that offer a broad array of IT security products that employ different approaches
and delivery models to address these evolving threats.
Our current and potential future competitors include BeyondTrust Corporation, One Identity LLC, Thycotic Software Ltd., Microsoft Corporation, Broadcom Inc.
(which acquired CA Technologies) and Oracle Corporation in the access and identity management market, some of which may offer solutions at lower price
points. Further, we may face competition due to changes in the manner that organizations utilize IT assets and the security solutions applied to them, such as the
provision of privileged account security functionalities as part of public cloud providers’ infrastructure offerings, or cloud-based identity management solutions.
Limited IT budgets may also result in competition with providers of other advanced threat protection solutions such as McAfee, LLC, Palo Alto Networks, Splunk
Inc., and Symantec Corporation. We also may compete, to a certain extent, with vendors that offer products or services in adjacent or complementary markets to
privileged account security, including identity management vendors and cloud platform providers such as Amazon Web Services, Google Cloud Platform, and
Microsoft Azure. Some of our competitors are large companies and have wider technical and financial resources and broader customer bases used to bring
competitive solutions to the market. These companies may already have existing relationships as an established vendor for other product offerings, and certain
customers may prefer one single IT vendor for product security procurement rather than purchasing solely based on product performance. Such companies may use
these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely
in consideration for maintenance and services fees, which could result in increased market pressure to offer our solutions and services at lower prices. They may
also develop different products to compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities,
technologies, standards or client requirements or enjoy stronger sales and service capabilities in certain regions.
Our competitors may enjoy potential competitive advantages over us, such as:
•
•
•
•
•
•
•
•
•
greater name recognition, a longer operating history and a larger customer base, notwithstanding the increased visibility of our brand in recent years since
our initial public offering;
larger sales and marketing budgets and resources;
broader distribution and established relationships with channel partners, advisory firms and customers;
increased effectiveness in protecting, detecting and responding to cyber attacks;
greater or localized resources for customer support and provision of services;
greater speed at which a solution can be deployed;
greater resources to make acquisitions;
larger intellectual property portfolios; and
greater financial, technical and other resources.
Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources
and capabilities. Current or potential competitors have been acquired and consolidated or may be acquired by third parties with greater resources in the future. As a
result of such acquisitions, our current or potential competitors may be able to adapt more quickly to new technologies and customer needs, devote greater
resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more
readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may reduce the
price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to increased
pricing pressure on our products and could cause the average sales prices for our products to decline. Similarly, we may also face increased competition following
an acquisition of new lines of business that compete with providers of such technologies or from security vendors or other companies in adjacent markets
extending their solution into privilege access management.
11
�In addition, other IT security technologies exist or could be developed in the future by current or future competitors, and our business could be materially and
adversely affected if such technologies are widely adopted. We may not be able to successfully anticipate or adapt to changing technology or customer
requirements on a timely basis, or at all. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our
solutions even in light of new technologies, our business, results of operations and financial condition could be materially and adversely affected.
Our share price may be adversely affected if our investments in our business do not deliver anticipated growth and we are unable to increase our operating and
net income margins.
As we invest in the growth of our business, we expect our operating and net income margins to decline compared to prior periods. During the year ended
December 31, 2018, we did not experience a decline due to an increase in revenue at a rate that exceeded the increase in expenses; however, in future periods, we
expect our operating and net income margins to decline, primarily as a result of the costs associated with expanding our direct and indirect sales forces and
marketing activities coupled with our increased costs to provide our professional services and support as well as the increased rate of investment in research and
development. We expect that these invested costs will adversely impact our operating and net income margins as we may not be able to increase our revenue at a
rate sufficient to offset the expected increase in our costs. From the year ended December 31, 2016 to the year ended December 31, 2018, our revenue grew from
$216.6 million to $343.2 million, representing a compound annual growth rate of approximately 26%. We expect to continue to expand our sales and marketing
personnel, and we may face a number of challenges in achieving our hiring and integration goals. It takes time and resources to train and integrate new sales force
members across our global operations. Costs associated with adding new personnel to our sales force are expensed before their positive impact on our sales is
recognized, and even then, a significant portion of any revenues that they generate from maintenance and services are deferred over the delivery period of those
services. Our share price may be adversely affected even if we generate future growth if we are unable to increase our operating and net income margins at the
same time or if the growth rate generated was less than anticipated causing the operating and net income margins to decline.
We may fail to fully integrate, or realize the benefits expected from acquisitions, which may require significant management attention, disrupt our business,
dilute shareholder value and adversely affect our results of operations.
As part of our business strategy and in order to remain competitive, we continue to evaluate acquiring or making investments in complementary companies,
products or technologies. We may not be able to find suitable acquisition candidates or complete such acquisitions on favorable terms. If we do complete
acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our
customers, analysts and investors. In addition, if we are unsuccessful at integrating our acquisitions or the technologies associated with such acquisitions or fail to
fully attain the expected benefits of these acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require
significant time and resources, and we may not be able to manage the process successfully and may experience a decline in our profitability as we incur expenses
prior to fully realizing the benefits of the acquisition. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the
financial impact of an acquisition transaction, including accounting charges and tax liabilities. Further, the issuance of equity to finance any such acquisitions could
result in dilution to our shareholders and the issuance of debt could subject us to covenants or other restrictions that would impede our ability to manage our
operations. We could become subject to legal claims following the acquisition, or fail to accurately forecast the potential impact of any pre-existing claims. We
have experienced some of these types of issues in connection with past acquisitions, none of which materially affected our operations or financial condition. In the
future, any of these issues could have a material adverse impact on our business and results in the future.
12
�We are subject to a number of risks, including regulatory risks, associated with global sales and operations, which could materially affect our business.
We are a global company subject to varied and complex laws, regulations and customs. The application of these laws and regulations to our business is often
unclear and may at times conflict. Compliance with these laws and regulations may involve significant costs or require changes in our business practices that result
in reduced revenue and profitability. Furthermore, business practices in the global markets that we serve may differ from those in the United States and may
require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts
that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted. Further, there
may be higher costs of doing business globally including costs incurred in maintaining office space, securing adequate staffing and localizing our contracts.
Additionally, our global sales and operations are subject to a number of risks, including the following:
•
•
•
•
•
•
•
•
•
•
•
•
compliance with privacy laws, including, without limitation, compliance with the General Data Protection Regulations 2016/679, or GDPR, and other
global data privacy laws (See “—Regulatory data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and
other domestic or foreign regulations may limit the use and adoption of, or require modification of, our products and services, which could limit our
ability to attract new customers or support our current customers, thus reducing our revenues, harming our operating results and adversely affecting our
business”);
uncertainty of the economic, financial, regulatory, trade, tax and legal implications of the withdrawal of the U.K. from the E.U. (“Brexit”) and how this
could affect our business, both globally and specifically in the region. In particular, a withdrawal from the European Union by the U.K. could, among
other potential outcomes, disrupt the free movement of goods, services and people between the U.K. and the European Union and significantly disrupt
trade between the U.K. and the European Union and other parties, including by imposing greater taxes, restrictions and regulatory complexities on
imports and exports between the U.K. and the European Union;
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (See “—We are exposed to fluctuations in
currency exchange rates, which could negatively affect our financial condition and results of operations”);
greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;
compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act 2010;
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements by us or by our channel
partners or service providers that may impact financial results and result in restatements of, or irregularities in, financial statements;
risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may
be required in foreign countries;
greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties (See “— Our business may be materially affected by changes
to fiscal and tax policies. Potentially negative or unexpected tax consequences of these policies, or the uncertainty surrounding their potential effects,
could adversely affect our results of operations and share price”);
compliance with, and the uncertainty of, laws and regulations that apply to our areas of business, including corporate governance, anti-trust and
competition, import and export control, employee and third-party complaints, conflicts of interest, securities regulations and other regulatory requirements
affecting trade and investment;
reduced or uncertain protection of intellectual property rights in some countries;
social, economic and political instability, terrorist attacks and security concerns in general; and
management communication and integration problems resulting from cultural and geographic dispersion.
13
�These and other factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and
financial condition. Non-compliance could also result in fines, damages, or criminal sanctions against us, our officers or our employees, prohibitions on the
conduct of our business, and damage to our reputation.
If our internal IT network system is compromised by cyber attackers or other data thieves, or by a critical system failure, our reputation, financial condition
and operating results could be materially adversely affected.
Our solution and product offerings will not gain market share unless the marketplace is confident that we provide effective IT security protection. As we provide
privileged account security products, we may be an attractive target for cyber attackers or other data thieves since a breach of our system could provide data
information regarding not only us, but potentially regarding the customers that our solutions protect. Further, we may be targeted by cyber terrorists because we are
an Israeli company.
From time to time we encounter intrusion incidents and attempts, none of which to date has resulted in any material adverse impact to our business or operations.
Any such future attacks could materially adversely affect our business or results of operations. In addition, as our market position continues to grow, specifically in
the security industry, an increasing number of cyber attackers may focus on finding ways to penetrate our network systems, which might eventually affect our
products and services. For example, third parties may attempt to fraudulently induce employees or customers into disclosing sensitive information such as user
names, passwords or other information or otherwise compromise the security of our internal networks, electronic systems and/or physical facilities in order to gain
access to our data or our customers’ data. Additionally, the risk of cyber attacks to our company may also result from breaches of our contractors, business
partners, vendors and other third parties associated with us, or due to human errors of those acting on our behalf.
Separately, we may be subject to information technology system failures or network disruptions caused by natural disasters, accidents, power disruptions,
telecommunications failures, acts of terrorism, security breaches, wars, computer viruses, or other events or disruptions. System redundancy and other continuity
measures may be ineffective or inadequate, and our business continuity and disaster recovery planning may not be sufficient for all eventualities. These events
could adversely affect our operation, reputation, financial condition and operating results.
In addition, we rely on hosted SaaS technologies from third parties in order to operate critical functions of our business, including customer relationship
management and financial operation services (provided by our ERP system). If these services are breached or become unavailable due to extended outages or
interruptions or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage our operations could be
interrupted and our processes for managing sales of our products and services and supporting our customers could be impaired until equivalent services, if
available, are identified, obtained and integrated; all of which could materially harm our business.
If we experience a significant technology incident, such as a serious product vulnerability, security breach or a failure of a system that is critical for the operations
of our business, it could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this
happens, our revenues could decline and our business could suffer, and we may need to make significant further investments to protect data and infrastructure.
Because we are in the computer security industry, an actual or perceived vulnerability, failure, disruption, or breach of our network or privileged account security
in our systems also could adversely affect the market perception of our products and services, or of our expertise in this field, as well as our perception among new
and existing customers. Additionally, a significant security breach could subject us to potential liability, litigation and regulatory or other government action. If any
of the foregoing were to occur, our business may suffer and our share price may be negatively impacted.
If we do not effectively expand, train and retain our sales and marketing personnel, we may be unable to acquire new customers or sell additional products and
services to existing customers, and our business will suffer.
We depend significantly on our sales force to attract new customers and expand sales to existing customers. We generate approximately 35% of our revenues from
direct sales and the balance from indirect sales. As a result, our ability to grow our revenues depends in part on our success in recruiting, training and retaining
sufficient numbers of sales personnel to support our growth. The number of our sales and marketing personnel increased from 491 as of December 31, 2017 to 541
as of December 31, 2018. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring
and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of
sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales
force personnel to understand our solutions and growth strategy. Based on our past experience, it takes an average of approximately six to nine months before a
new sales force member operates at target performance levels. However, we may be unable to achieve or maintain our target performance levels with large
numbers of new sales personnel as quickly as we have done in the past. Our failure to hire a sufficient number of qualified sales force members and train them to
operate at target performance levels may materially and adversely impact our projected growth rate.
14
�We rely on channel partners to generate a significant portion of our revenue, market our solutions and provide necessary services to our customers. If we fail
to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our
solutions will be limited, and our business, financial position and results of operations will be harmed.
In addition to our direct sales force, we rely on our channel partners to market, sell, support and implement our solutions, particularly in Europe and the Asia
Pacific and Japan regions. We expect that sales through our channel partners will continue to account for a significant percentage of our revenue. In the year ended
December 31, 2018, we generated approximately 65% of our revenues from sales to channel partners such as distributors, systems integrators, value-added
resellers and managed security service providers, and we expect that channel partners will represent a substantial portion of our revenues for the foreseeable future.
Further, we cooperate with advisory firms in marketing our solutions and providing implementation services to our customers, in both direct and indirect sales. Our
agreements with channel partners are non-exclusive, meaning our partners may offer customers IT security products from other companies, including products that
compete with our solutions. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell their own
products and services or the products and services of our competitors, our ability to grow our business will be adversely affected. Our channel partners may cease
or deemphasize the marketing of our solutions with limited or no notice and with little or no penalty. Further, new channel partners require training and may take
several months or more to achieve productivity. The loss of key channel partners, the inability to replace them or the failure to recruit additional channel partners
could materially and adversely affect our results of operations. Our reliance on channel partners could also subject us to lawsuits or reputational harm if, for
example, a channel partner misrepresents the functionality of our solutions to customers, fails to appropriately implement our solutions or violates applicable laws,
and may further result in termination of such partner’s agreement and potentially curb future revenues associated with it. Our ability to grow revenues in the future
will depend in part on our success in maintaining successful relationships with our channel partners and training our channel partners to independently sell and
install our solutions. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our indirect sales channel, or if our
channel partners fail to perform, our business, financial position and results of operations could be adversely affected.
Failure by us, our service providers or our channel partners to maintain sufficient levels of customer support could have a material adverse effect on our
business, financial condition and results of operations.
Our customers depend, in large part, on customer support and professional services delivered by us, our service providers or our channel partners to implement and
roll out our solutions, and resolve issues relating to their use. Even with our support and that of our service providers and channel partners, our customers are
ultimately responsible for effectively using our solutions and ensuring that their IT staff and other relevant users are properly trained in the use of our products and
complementary security products, methodologies and processes. Our failure or the failure of our service providers or channel partners to support and train our
customers in the correct use of our solutions, or failure to effectively assist customers in installing our solutions and providing effective ongoing support, may
result in an increase in the vulnerability of our customers’ IT systems and sensitive data. Additionally, if our service providers or channel partners do not
effectively provide support and professional services to the satisfaction of our customers, we may be required to provide support to such customers, which would
require us to invest in additional personnel and expend significant time and resources. We may not be able to keep up with demand for our services and support,
particularly if the sales of our solutions exceed our internal forecasts. To the extent that we, our service providers or our channel partners are unsuccessful in hiring,
training and retaining adequate support resources, our ability and the ability of our service providers and channel partners to provide adequate and timely support
and other services to our customers will be negatively impacted, and our customers’ satisfaction with us and our products may be adversely affected. Accordingly,
our failure to provide satisfactory maintenance and technical support services, whether directly or through our service providers and channel partners, could have a
material and adverse effect on our business and results of operations.
15
�Regulatory data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic or foreign regulations
may limit the use and adoption of, or require modification of, our products and services, which could limit our ability to attract new customers or support our
current customers, thus reducing our revenues, harming our operating results and adversely affecting our business.
Regulation related to the provision of services on the internet is increasing, as federal, state and foreign governments continue to adopt new laws and regulations
addressing cybersecurity, privacy, data protection and the collection, processing, storage and use of personal information.
We are subject to diverse laws and regulations relating to data privacy, including, as a result of our presence in the European Union (EU), GDPR which took effect
on May 25, 2018. We and many of our customers will be subject to GDPR, and we are required to expend significant capital and other resources to ensure we are
compliant with privacy legislation. Compliance with global data privacy laws including GDPR and certain associated contractual obligations may require changes
in services, business practices, or internal systems resulting in increased costs, lower revenue, reduced efficiency, or greater difficulty in competing with firms
which are not subject to GDPR. For example, GDPR imposes several stringent requirements for controllers and processors of personal data and will increase our
obligations including, for example, by requiring more robust disclosures to individuals, strengthening the individual data rights regime, shortening timelines for
data breach notifications, requiring detailed internal policies and procedures and limiting retention periods. Compliance may require changes in services and
business practices which may lead to the diversion of engineering resources from other projects. As a company that focuses on privilege access security, if we are
unable to engineer products that meet our legal duties or help our customers meet their obligations under GDPR or other data regulations, we might experience
reduced demand for our products or services. Claims that we have breached our contractual obligations, even if we are not found liable, could be expensive and
time-consuming to defend and could result in adverse publicity that could harm our business.
GDPR also increases the scrutiny applied to transfers of personal data from within the EU to countries that are considered to lack an adequate level of data
protection, such as the United States. There are currently a number of legal challenges to the validity of EU mechanisms for adequate data transfers (such as the
Privacy Shield Framework and the standard contractual clauses), and our work could be impacted by changes in law as a result of a future review of these transfer
mechanisms by European regulators and the European courts under GDPR. In addition, following Brexit, the U.K. will cease to be in the EU, and depending on
how and when Brexit occurs (which is still unclear), data flows from the EU to the U.K. may need additional safeguards in place, which could affect our operations
in the U.K. These and other regulatory requirements around the privacy or cross-border transfer of personal data could restrict our ability to store and process data
as part of our solutions, or, in some cases, impact our ability to offer our solutions or services in certain jurisdictions.
In the EU, Directive 2002/58 on Privacy and Electronic Communications (the “ePrivacy Directive”) is also under reform, and will be replaced by a new E-privacy
Regulation once agreed. This is likely to impose stricter rules on business to business marketing throughout the EU, requiring fully informed and freely given
consent before businesses can market to leads.
If we or our service providers fail to comply with applicable data protection laws, we may be subject to litigation, regulatory investigations, negative publicity,
potential loss of business, enforcement notices and/or fines (which under GDPR can be up to four percent of global turnover for the preceding financial year or 20
million euros, whichever is higher).
16
�We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
Our functional and reporting currency is the U.S. dollar. In 2018, the majority of our revenues were denominated in U.S. dollars and the remainder primarily in
euros and British pounds sterling. In 2018, the substantial majority of our cost of revenues and operating expenses were denominated in U.S. dollars and New
Israeli Shekels (NIS) and the remainder primarily in euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel,
marketing programs, rent and other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in
NIS, any appreciation of the NIS relative to the U.S. dollar could materially adversely impact our operating income. In addition, since the portion of our revenues
generated in euros and British pounds sterling is greater than our expenses incurred in euros and British pounds sterling, respectively, any depreciation of the euro
or the British pounds sterling relative to the U.S. dollar would adversely impact our operating income. We estimate that a 10% strengthening or weakening in the
value of the NIS against the U.S. dollar would have decreased or increased, respectively, our operating income by approximately $6.0 million in 2018. We estimate
that a 10% strengthening or weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our operating income by
approximately $3.4 million in 2018. We estimate that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would
have increased or decreased, respectively, our operating income by approximately $0.6 million in 2018. These estimates of the impact of fluctuations in currency
exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the
mix of currencies comprising our revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take hedging
measures to reduce the potential adverse impact from the appreciation or the depreciation of our non U.S. dollar-denominated operations, as appropriate. We
expect that the majority of our revenues will continue to be generated in U.S. dollars with the balance primarily in euros and British pounds sterling for the
foreseeable future and that a significant portion of our expenses will continue to be denominated in NIS, U.S. dollars, British pounds sterling and in euros. We
cannot provide any assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations. In
addition, we have monetary assets and liabilities that are denominated in non-U.S. dollar currencies. For example, starting January 1, 2019, in accordance with a
new lease accounting standard, we are required to present a significant NIS linked liability related to our operational leases in Israel. As a result, significant
exchange rate fluctuations could have a negative effect on our net income. See “Item 11—Quantitative and Qualitative Disclosures About Market Risk—Foreign
Currency Risk.”
Our research and development efforts may not produce successful products or enhancements to our solutions that result in significant revenue or other
benefits in the near future, if at all.
We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position.
For example, in 2018, we increased our dedicated research and development personnel by 15% compared to 2017. However, investing in research and
development personnel, developing new products and enhancing existing products is expensive and time consuming, and there is no assurance that such activities
will successfully anticipate market needs and result in significant new marketable products or enhancements to our products, design improvements, cost savings,
revenues or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our
investment, we may not be able to compete effectively, and our business and results of operations may be materially and adversely affected.
Our investment in product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:
•
•
•
•
•
•
•
•
delays in releasing product enhancements or new products;
failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;
inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective
customers;
defects in our products, errors or failures of our solutions to secure and protect privileged accounts against existing and new types of attacks;
negative publicity about the performance or effectiveness of our products;
introduction or anticipated introduction of competing products by our competitors;
installation, configuration or usage errors by our customers; and
easing or changing of regulatory requirements related to security.
17
�If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could
cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of
operations.
Prolonged economic uncertainties or downturns in certain regions or industries could materially adversely affect our business.
Our business depends on our current and prospective customers’ ability and willingness to invest money in IT security, which in turn is dependent upon their
overall economic health. Negative economic conditions in the global economy or certain regions such as U.S. or Europe, including conditions resulting from
financial and credit market fluctuations, could cause a decrease in corporate spending on information security software. In 2018, we generated 55 % of our
revenues from the United States, 33% of our revenues from Europe, the Middle East and Africa and 12% from the rest of the world, which includes countries from
Asia Pacific and Japan region, Latin America region and Canada.
In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance. Negative
economic conditions may cause customers generally, and in that industry in particular, to reduce their IT spending. Customers may delay or cancel IT projects,
choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. Additionally, customers or
channel partners may be more likely to make late payments in worsening economic conditions which could lead to increased collection efforts and additional
associated costs to receive expected revenues. To the extent purchases of licenses for our software are perceived by customers and potential customers to be
discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy
or industries in which we operate worsen from present levels, our results of operation could be adversely affected.
If we are unable to hire, retain and motivate qualified personnel, our business will suffer.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Our inability to attract or retain qualified personnel or
delays in hiring required personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their
employment at any time. Competition for highly skilled personnel, specifically engineers for research and development positions, is often intense and results in
increasing wages, especially in Israel, where we are headquartered and most of our research and development positions are located, and where several large
multinational corporations have entered the market. We may struggle to retain employees, and due to our profile and market position, competitors actively seek to
hire skilled personnel away from us. Furthermore, from time to time, we have been subject to allegations that employees that have been hired from competitors
may have been improperly solicited or divulged proprietary or other confidential information.
Our business and operations will be negatively affected if we fail to effectively manage our growth.
We have experienced significant growth in a relatively short period of time and intend to continue to grow our business. Our revenues grew from $216.6 million in
2016 to $343.2 million in 2018. In addition, the number of customers that we serve has grown significantly over the same period.
Our rapid growth has placed significant demands on our management, sales, operational and financial infrastructure, and our growth will continue to place
significant demands on these resources. Our headcount has increased from 823 as of December 31, 2016 to 1,146 as of December 31, 2018. We plan to hire
additional employees in 2019 across all areas of the organization. Additionally, we believe our corporate culture is a critical component of our growth and success.
As we continue to add new employees, we may find it challenging to maintain our corporate culture and that may affect our ability to recruit and retain personnel.
Further, in order to manage our current and future growth effectively, we must continue to improve and expand our IT and financial infrastructure, operating and
administrative systems and controls as well as efficiently manage headcount, capital and processes. If we are not able to successfully scale or implement these
improvements in a manner that keeps pace with our growth, or is timely and efficient, then our failure to do so may materially impact our projected growth rate.
18
�Intellectual property claims may increase our costs or require us to cease selling certain products, which could adversely affect our financial condition and
results of operations.
The IT security industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other
intellectual property rights. Leading companies in the IT security industry have extensive patent portfolios. From time to time, third-parties have asserted, and in
the future may assert, their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Furthermore, we
may be subject to indemnification obligations with respect to third-party intellectual property rights pursuant to our agreements with our customers and channel
partners. Such indemnification provisions are customary for our industry. Any claims of intellectual property infringement or misappropriation brought against us,
our channel partners or our customers, even those without merit, could be expensive and time-consuming to defend, and divert management’s attention. We cannot
assure you that we will have the resources to defend against all such claims. Successful claims of infringement or misappropriation by a third-party against us or a
third-party that we indemnify could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages
(including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully
infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or
misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to
develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or
intellectual property rights, and to indemnify our customers and channel partners (and parties associated with them). Even if third parties may offer a license to
their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our
business, results of operations or financial condition to be materially and adversely affected. Defending against claims of infringement or being deemed to be
infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services.
If we were to violate the intellectual property rights of others, our financial position may be adversely affected.
If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and
results of operations could be materially and adversely affected.
We generate a substantial portion of our revenues from our products and services which enable our customers to achieve and maintain compliance with certain
government regulations and industry standards, and we expect that to continue for the foreseeable future. This includes third party certifications where our
solutions are being utilized by our customers as a control demonstrating compliance with specific elements of these standards. These industry standards may
change with little or no notice, including changes that could make them more or less onerous for businesses, including, without limitations, updates to the Common
Criteria for Information Technology Security Evaluation (CC). In addition, governments may also adopt new laws or regulations, or make changes to existing laws
or regulations, some of which may conflict with each other, that could impact whether our solutions enable our customers to maintain compliance with such laws
or regulations. If we are unable to adapt our solutions to changing government regulations and industry standards in a timely manner, or if our solutions fail to
expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In
addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view
compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial
results would suffer.
If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, installations could be delayed or cancelled, which
could harm our business.
Our products must effectively interoperate with our customers’ existing or future IT infrastructures, which often have different specifications, utilize multiple
protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the
existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify our
software so that our products will interoperate with our customers’ infrastructure and business processes. In addition, to stay competitive within certain markets,
we may be required to make software modifications in future releases to comply with new statutory or regulatory requirements. These issues could result in longer
sales cycles for our products and order cancellations, either of which could adversely affect our business, results of operations and financial condition.
19
�If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.
The success of our business depends on our ability to protect our proprietary technology, brands and other intellectual property and to enforce our rights in that
intellectual property. We attempt to protect our intellectual property under patent, copyright, trademark and trade secret laws, and through a combination of
confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.
As of December 31, 2018, we had 34 issued patents in the United States, and 41 pending U.S. patent applications. We also had 3 issued patents and 20 applications
pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications. We expect to file additional patent applications in
the future.
The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a
reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain
innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted
patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any
competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or
litigation. Finally, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees
(and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us
their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service
providers, their engagement to develop such intellectual property), but we cannot be certain that we have adequately protected our rights in every such agreement
or that we have executed an agreement with every such party. Finally, in order to benefit from the protection of patents and other intellectual property rights, we
must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions. Litigating claims related to the
enforcement of intellectual property rights is very expensive and can be burdensome in terms of management time and resources. Any litigation related to
intellectual rights or claims against us could result in loss or compromise of our intellectual property rights or could subject us to significant liabilities. As a result,
we may not be able to obtain adequate protection or to effectively enforce our issued patents or other intellectual property rights.
In addition to patents, we rely on trade secret rights, copyrights and other rights to protect our unpatented proprietary intellectual property and technology.
Unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our
trade secrets or other confidential information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors,
channel partners, subcontractors and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through
certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not
provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot be certain that the steps taken by
us will prevent misappropriation of our intellectual property or technology or infringement of our intellectual property rights. In addition, the laws of some foreign
countries where we sell our products do not protect intellectual property rights and technology to the same extent as the laws of the United States, and these
countries may not enforce these laws as diligently as government agencies and private parties in the United States. If we are unable to protect our intellectual
property, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative
products that have enabled us to be successful to date.
Our use of open source software, third-party software and other intellectual property may expose us to risks.
We license and integrate certain open source software components from third parties into our software, and we expect to continue to use open source software in
the future. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software
product to publicly disclose all or part of the source code of the users’ developed software or to make available any derivative works of the open source code on
unfavorable terms or at no cost. Our efforts to use the open source software in a manner consistent with the relevant license terms that would not require us to
disclose our proprietary code or license our proprietary software at no cost may not be successful. We may face claims by third parties seeking to enforce the
license terms applicable to such open source software, including by demanding the release of the open source software, derivative works or our proprietary source
code that was developed using such software. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or
incur additional costs.
20
�Further, some of our products and services include other software or intellectual property licensed from third parties, and we also use software and other
intellectual property licensed from third parties in our business. This exposes us to risks over which we may have little or no control. For example, a licensor may
have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. There can be no
assurance that the licenses we use will be available on acceptable terms, if at all. In addition, a third party may assert that we or our customers are in breach of the
terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain
or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these
matters, could result in delays in releases of new products, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or
developed.
Our business may be materially affected by changes to fiscal and tax policies. Potentially negative or unexpected tax consequences of these policies, or the
uncertainty surrounding their potential effects, could adversely affect our results of operations and share price.
As a multinational corporation, we are subject to income taxes, withholding taxes and indirect taxes in numerous jurisdictions worldwide. Significant judgment and
management attention and resources are required in evaluating our tax positions and our worldwide provision for taxes. In the ordinary course of business, there are
many activities and transactions for which the ultimate tax determination is uncertain. In addition, our tax obligations and effective tax rates could be adversely
affected by changes in the relevant tax, accounting, and other laws, regulations, principles and interpretations. This may include recognizing tax losses or lower
than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory
rates, changes in foreign currency exchange rates, or changes in the valuation of our deferred tax assets and liabilities.
We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes against us. If we experience unfavorable results from one or more
such tax audits, there could be an adverse effect on our tax rate and therefore on our net income. The final determination of any tax audits or litigation could be
materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period
or periods for which a determination is made. Additionally, we are subject to transfer pricing rules and regulations in various jurisdictions, including those relating
to the flow of funds between us and our affiliates, which are designed to ensure that appropriate levels of income are reported in each jurisdiction in which we
operate.
We rely significantly on revenues from maintenance and support contracts, which we recognize ratably over the term of the associated contract and, to a lesser
extent, from professional services contracts, which we recognize as services are performed, and any downturns in sales of these contracts would not be
immediately reflected in full in our quarterly operating results.
Maintenance and support and professional services revenues accounted for 44% of our total revenues in 2018. Sales of maintenance and support and professional
services may decline or fluctuate as a result of a number of factors, including the number of product licenses we sell, our customers’ level of satisfaction with our
products and services, the prices of our products and services, the prices of products and services offered by our competitors or reductions in our customers’
spending levels. If our sales of maintenance and support and professional services contracts decline, our revenues or revenue growth may decline, and our business
will suffer. We recognize revenues from maintenance and support contracts ratably on a straight-line basis over the term of the related contract which is typically
one year and, to a lesser extent, three years, and from professional services as services are performed. As a result, a meaningful portion of the revenues we report
each quarter results from the recognition of deferred revenues from maintenance and support and professional services contracts entered into during previous
quarters. Consequently, a decline in the number or size of such contracts in any one quarter will not be fully reflected in revenues in that quarter, but will
negatively affect our revenues in future quarters. Accordingly, the effect of significant downturns in maintenance and support and professional services contracts
would not be reflected in full in our results of operations until future periods.
21
�A portion of our revenues is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive
pressures, administrative delays and additional approval requirements.
A portion of our revenues is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales
to government entities. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and
expense without any assurance that we will complete a sale or imposing terms of sale which are less favorable than the prevailing market terms. Government
demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions,
government shutdowns or delays adversely affecting public sector demand for our products. Additionally, for purchases by the U.S. government, the government
may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in
locations that meet the requirements of the U.S. government. Finally, some government entities require our products to be certified by industry-approved security
agencies as a pre-condition of purchasing our products. The grant of such certifications depends on the then-current requirements of the certifying agency. We
cannot be certain that any certificate will be granted or renewed or that we will be able to satisfying the technological and other requirements to maintain
certifications. The loss of any of our product certificates, or the failure to obtain new ones, could cause us to suffer reputational harm, lose existing customers, or
deter new and existing customers from purchasing our solutions, additional products or our services.
We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in
international markets.
We incorporate encryption capabilities into certain products and these products are subject to U.S. export control requirements. We are also subject to Israeli export
controls on encryption technology since our product development initiatives are primarily conducted in Israel. If the applicable U.S. or Israeli requirements
regarding the export of encryption technology were to change or if we change the encryption functionality in our products, we may need to satisfy additional
requirements or obtain specific permissions (licenses) in the United States or Israel in order to continue to export our products to the same range of customers and
countries as we presently do. There can be no assurance that we will be able to satisfy such additional requirements or obtain specific licenses under these
circumstances in either the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology,
including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’
ability to implement our products in those countries.
We are also subject to U.S., Israeli and other applicable export control and economic sanctions laws, which prohibit the export or sale of certain products or
services to embargoed or sanctioned countries, governments and persons. Our products could be exported to these sanctioned targets by our channel partners or
sold directly by us to such targets despite our due diligence and, in the case of sanctionable activities by our channel partners, the contractual undertakings they
have given us, and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export
or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments,
persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to,
existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products and
services would likely adversely affect our business, financial condition and results of operations.
22
�In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli
Defense Export Control Law, 5767-2007, but if they were used for purposes that are classified as defense-related or if they fall under “dual-use goods and
technology” as referred to below, we could become subject to such regulation. In particular, under the Israeli Defense Export Control Law, 5767-2007, an Israeli
company may not conduct “defense marketing activity” without a defense marketing license from the Israeli Ministry of Defense (MOD) and may be subject to a
requirement to obtain a specific license from the MOD for any export of defense related products and/or knowhow. The definition of defense marketing activity is
broad and includes any marketing of “defense equipment,” “defense knowhow” or “defense services” outside of Israel, which includes “dual-use goods and
technology” (material and equipment intended in principle for civilian use and that can also be used for defensive purposes, such as our cybersecurity solutions)
that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use
Goods and Technologies, if intended for defense use only, or is specified under Israeli legislation. “Dual-use goods and technology” will be subject to control by
the Ministry of Economy if intended for civilian use only. In December 2013, regulations under the Wassenaar Arrangement included for the first time a chapter on
cyber-related matters, which chapter was last amended in December 2018. We believe that our products do not fall under this chapter; however, in the future we
may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our
results of operations. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in
Arms Regulations. Accordingly, there can be no assurance whether our solutions would be impacted by any potential new regulations pertaining to cybersecurity
products and services similar to those provided by us, and what impact potential new regulations would have on our sales or our costs relating to compliance.
Risks Related to Our Ordinary Shares
Our share price may be volatile, and you may lose all or part of your investment.
Since our initial public offering in September 2014, our ordinary shares have traded on the NASDAQ Global Select Market (“NASDAQ”) as high as $109.77 per
share and as low as $22.12 per share through February 28, 2019. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate
substantially as a result of many factors, some of which are beyond our control, including, but not limited to:
•
•
•
•
•
•
actual or anticipated fluctuations in our results of operations and the results of other similar companies;
variance in our financial performance from the expectations of market analysts;
announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion
plans;
changes in the prices of our products and services or in our pricing models;
our involvement in litigation;
our sale of ordinary shares or other securities in the future;
• market conditions in our industry;
•
•
•
•
•
•
changes in key personnel;
speculation in the press or the investment community;
the trading volume of our ordinary shares;
changes in the estimation of the future size and growth rate of our markets;
any merger and acquisition activities; and
general economic and market conditions.
In addition, the stock markets have experienced price and volume fluctuations. Broad market and industry factors may materially harm the market price of our
ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class
action litigation has often been instituted against that company. If we were involved in any similar litigation we could incur substantial costs and our management’s
attention and resources could be diverted, which could materially adversely affect our business.
23
�If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and
trading volume could decline.
The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us, our business or our industry. If
one or more of the analysts who cover us or our business publish inaccurate or unfavorable research reports about us or our business, and in particular, if they
downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our
company, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline. In addition, industry analysts often
provide reviews of our offerings, as well as those of our competitors, and perception of our offerings in the marketplace may be significantly influenced by these
reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products and professional services or compared to prior reviews of
our offerings, our brand may be adversely affected.
As a foreign private issuer whose shares are listed on NASDAQ, we may follow certain home country corporate governance practices instead of otherwise
applicable SEC and NASDAQ requirements, which may result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.
As a foreign private issuer whose shares are listed on NASDAQ, we are permitted to follow certain home country corporate governance practices instead of certain
rules of NASDAQ. We currently follow Israeli home country practices with regard to the quorum requirement for shareholder meetings and NASDAQ
requirements relating to distribution of our annual report to shareholders. As permitted under the Israeli Companies Law, 5759-1999, or the Companies Law, our
articles of association provide that the quorum for any meeting of shareholders shall be the presence of at least two shareholders present in person or by proxy who
hold at least 25% of the voting power of our shares instead of 33 1/3% of our issued share capital (as prescribed by NASDAQ’s rules). Further, as permitted by the
Companies Law and in accordance with the generally accepted business practice in Israel, we do not distribute our annual report to shareholders but make it
available through our public website. We may in the future elect to follow Israeli home country practices with regard to other matters such as director nomination
procedures, separate executive sessions of independent directors and the requirement to obtain shareholder approval for certain dilutive events (such as for the
establishment or amendment of certain equity-based compensation plans, issuances that will result in a change of control of the company, certain transactions other
than a public offering involving issuances of a 20% or more interest in the company and certain acquisitions of the stock or assets of another company).
Accordingly, our shareholders may not be afforded the same protection as provided under NASDAQ corporate governance rules. Following our home country
governance practices as opposed to the requirements that would otherwise apply to a U.S. company listed on NASDAQ may provide less protection than is
accorded to shareholders of domestic issuers. See “Item 16.G. Corporate Governance.”
Our business could be negatively affected as a result of the actions of activist shareholders, and such activism could impact the trading value of our securities.
In recent years, U.S. and non-U.S. companies listed on securities exchanges in the United States have been faced with governance-related demands from activist
shareholders, unsolicited tender offers and proxy contests. Although as a foreign private issuer we are not subject to U.S. proxy rules, responding to any action of
this type by activist shareholders could be costly and time-consuming, disrupting our operations and diverting the attention of management and our employees.
Such activities could interfere with our ability to execute our strategic plans. In addition, a proxy contest for the election of directors at our annual meeting would
require us to incur significant legal fees and proxy solicitation expenses and require significant time and attention by management and our board of directors. The
perceived uncertainties due to such actions of activist shareholders also could affect the market price of our securities.
As a foreign private issuer we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain Exchange Act reports.
As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private
issuers. In particular, we are exempt from the rules and regulations under the Exchange Act related to the furnishing and content of proxy statements, and our
officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange
Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly
as U.S. domestic companies whose securities are registered under the Exchange Act, and we are generally exempt from filing quarterly reports with the SEC under
the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic
information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will
trade in the company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and
leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor. For so long as we qualify as a foreign
private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, although pursuant to the Companies Law, we disclose the
annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis, including in this annual
report.
24
�Since a majority of our voting securities are either directly or indirectly owned of record by residents of the United States, we would lose our foreign private issuer
status if any of the following were to occur: (i) the majority of our executive officers or directors were U.S. citizens or residents, (ii) more than 50 percent of our
assets were located in the United States, or (iii) our business was administered principally in the United States. Although we have elected to comply with certain
U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S.
securities laws as a U.S. domestic issuer may be significantly higher. We may also be required to modify certain of our policies to comply with good governance
practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely on
NASDAQ exemptions from certain corporate governance requirements that are available to foreign private issuers.
If we sell our ordinary shares in future financings, ordinary shareholders could experience immediate dilution and, as a result, the market price of our
ordinary shares may decline.
We may from time to time issue additional ordinary shares at a discount from the current trading price of our ordinary shares. As a result, our ordinary shareholders
would experience immediate dilution upon the purchase of any ordinary shares sold at such discount. In addition, as opportunities present themselves, we may
enter into equity or debt financings or similar arrangements in the future, including the issuance of convertible debt securities, preferred shares or ordinary shares.
If we issue ordinary shares or securities convertible into ordinary shares, holders of our ordinary shares could experience dilution.
If we are unable to satisfy the requirements of Sections 404(a) and 404(b) of the Sarbanes-Oxley Act of 2002 or if our internal control over financial reporting
is not effective, investors may lose confidence in the accuracy and the completeness of our financial reports and the trading price of our ordinary shares may
be negatively affected.
Pursuant to Section 404(a) of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley Act”), we are required to furnish a report by management on the effectiveness of
our internal control over financial reporting. Additionally, pursuant to Section 404(b) of the Sarbanes-Oxley Act, we must include an auditor attestation on our
internal control over financial reporting.
To maintain the effectiveness of our disclosure controls and procedures and our internal control over financial reporting, we expect that we will need to continue
enhancing existing, and implement new, financial reporting and management systems, procedures and controls to manage our business effectively and support our
growth in the future. The process of evaluating our internal control over financial reporting requires an investment of substantial time and resources, including by
our Chief Financial Officer and other members of our senior management. As a result, this process may divert internal resources and take a significant amount of
time and effort to complete. Additionally, as part of management assessments of the effectiveness of our internal control over financial reporting required by
Section 404(a), our management may conclude that our internal control over financial reporting is not effective due to our failure to cure any identified material
weakness or otherwise, which would require us to employ remedial actions to implement effective controls. If we identify material weaknesses in our internal
control over financial reporting, if we are unable to comply with the requirements of Section 404(a) or 404(b) in a timely manner or to assert that our internal
control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion or issues an adverse opinion in
its attestation as to the effectiveness of our internal control over financial reporting required by Section 404(b), investors may lose confidence in the accuracy and
completeness of our financial reports and the trading price of our ordinary shares could be negatively affected. We could also become subject to investigations by
NASDAQ, the SEC or other regulatory authorities, which could require additional financial and management resources.
Irrespective of compliance with Sections 404(a) and 404(b), any failure of our internal control over financial reporting could have a material adverse effect on our
stated results of operations and harm our reputation. In order to implement changes to our internal control over financial reporting triggered by a failure of those
controls, we could experience higher than anticipated operating expenses, including higher independent auditor fees during and after the implementation of these
changes.
25
�As a public company we may become subject to further compliance obligations, which may strain our resources and divert management’s attention.
Changing laws, regulations and standards in the United States relating to corporate governance and public disclosure and other matters may be implemented in the
future, which may increase our legal and financial compliance costs, make some activities more time consuming and divert management’s time and attention from
revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by
regulatory or governing bodies due to ambiguities related to practice, regulatory authorities may initiate legal proceedings against us and our business may be
harmed. Being a publicly traded company in the United States and being subject to U.S. rules and regulations may make it more expensive for us to obtain director
and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also
make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee, and qualified executive
officers.
Our U.S. shareholders may suffer adverse tax consequences if we are classified as a “passive foreign investment company.”
Generally, if for any taxable year, after the application of certain look-through rules, 75% or more of our gross income is passive income, or at least 50% of the
average quarterly value of our assets (which may be measured in part by the market value of our ordinary shares, which is subject to change) are held for the
production of, or produce, passive income (as defined in the relevant provisions of the Code), we would be characterized as a “passive foreign investment
company,” or PFIC, for U.S. federal income tax purposes under the Code. Based on our market capitalization and our income, assets, and the nature of our
business, we believe that we were not classified as a PFIC for the taxable year that ended December 31, 2018. Because PFIC status is determined annually and
requires a factual determination that depends on, among other things, the composition of our income, assets and activities in each taxable year, and can only be
made annually after the close of each taxable year, it is not possible to determine whether we will be characterized as a PFIC for the current taxable year, or for any
subsequent year. Furthermore, because the value of our gross assets is likely to be determined in large part by reference to our market capitalization, a decline in
the value of our ordinary shares may result in our becoming a PFIC. Accordingly, there can be no assurance that we will not be considered a PFIC for any taxable
year. Our characterization as a PFIC could result in material adverse tax consequences for you if you are a U.S. Holder (as defined in “Item 10.E. Taxation—
Certain United States Federal Income Tax Consequences”), including upon a sale, exchange, or other disposition of our ordinary shares, or upon the receipt of
distributions in respect of our ordinary shares. We cannot provide any assurances in determining whether we or any of our non-U.S. subsidiaries are a PFIC for any
taxable year. Prospective U.S. Holders should consult their own tax advisers regarding the potential application of the PFIC rules to them. Prospective
U.S. investors should refer to “Item 10.E. Taxation—Certain United States Federal Income Tax Consequences” for discussion of additional U.S. income tax
considerations applicable to them based on our treatment as a PFIC.
If a United States person is treated as owning at least 10% of our ordinary shares, such holder may be subject to adverse U.S. federal income tax
consequences.
Depending upon the aggregate value and voting power of our shares that U.S. persons are treated as owning (directly, indirectly, or constructively), we could be
treated as a controlled foreign corporation (“CFC”). Additionally, because our group consists of one or more U.S. subsidiaries, under recently enacted rules, certain
of our non U.S. subsidiaries could be treated as CFCs, regardless of whether or not we are treated as a CFC (although there is currently a pending legislative
proposal to significantly limit the application of these rules). If a U.S. person is treated as owning (directly, indirectly or constructively) at least 10% of the value or
voting power of our shares, such person may be treated as a “U.S. shareholder” with respect to each CFC in our group (if any), which may subject such person to
adverse U.S. federal income tax consequences. Specifically, a U.S. shareholder of a CFC may be required to annually report and include in its U.S. taxable income
its pro rata share of each CFC’s “Subpart F income,” “global intangible low taxed income” and investments in U.S. property, whether or not we make any
distributions of profits or income of a CFC to such U.S. shareholder. If you are treated as a U.S. shareholder of a CFC, failure to comply with these reporting
obligations may subject you to significant monetary penalties and may prevent the statute of limitations with respect to your U.S. federal income tax return for the
year for which reporting was due from starting. We cannot provide any assurances in determining whether we or any of our non U.S. subsidiaries are treated as
CFCs or whether any investor is treated as a U.S. shareholder with respect to any of such CFC, nor do we expect to furnish to any U.S. shareholders information
that may be necessary to comply with the aforementioned reporting and tax paying obligations. U.S. investors should consult their own advisors regarding the
potential application of these rules to their investment in our ordinary shares.
26
�We do not intend to pay dividends on our ordinary shares for the foreseeable future so any returns will be limited to changes in the value of our ordinary
shares.
We have never declared or paid any cash dividends on our ordinary shares. We currently anticipate that we will retain future earnings for the development,
operation, and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to shareholders will
therefore be limited to the increase, if any, of our share price, which may or may not occur.
Risks Relating to Our Incorporation and Location in Israel
Our headquarters, substantially all of research and development activities and other significant operations are located in Israel and, therefore, our results may
be adversely affected by political, economic and military instability in Israel.
Our headquarters and principal research and development facilities are located in Israel. In addition, a large number of our key employees and certain directors are
residents of Israel. Accordingly, political, economic and military conditions in Israel may directly affect our business. Since the establishment of the State of Israel
in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries. In recent years, these have included hostilities between Israel
and Hezbollah in Lebanon and Hamas in the Gaza strip, both of which resulted in rockets being fired into Israel causing casualties and disruption of economic
activities. In addition, Israel faces threats from more distant neighbors, including, in particular, Iran. Our commercial insurance does not cover losses that may
occur as a result of an event associated with the security situation in the Middle East. In addition, the Israeli government’s commitment to covering the
reinstatement value of direct damages caused by terrorist attacks or acts of war, could be eliminated or may not be sufficient to compensate us fully for damages
incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect
our operations and results of operations.
Further, our operations could be disrupted by the obligations of personnel to perform military service. As of December 31, 2018, we had 429 employees based in
Israel, certain of which may be called upon to perform up to 54 days in each three year period (and in the case of non-officer commanders or officers, up to 70 or
84 days, respectively, in each three year period) of military reserve duty until they reach the age of 40 (and in some cases, depending on their specific military
profession up to 45 or even 49 years of age) and, in certain emergency circumstances, may be called to immediate and unlimited active duty. Our operations could
be disrupted by the absence of a significant number of employees related to military service, which could materially adversely affect our business and results of
operations.
Several countries, principally in the Middle East, restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on
doing business with Israel and Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by
activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more
widespread, may adversely impact our ability to sell our products. Any hostilities involving Israel or any interruption or curtailment of trade between Israel and its
present trading partners, or a significant downturn in the economic or financial condition of Israel, could adversely affect our business, financial condition and
results of operations. We may also be targeted by cyber terrorists specifically because we are an Israeli company.
27
�The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could
increase our costs and taxes.
We were granted Approved Enterprise status under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law. We elected
the alternative benefits program, pursuant to which income derived from the Approved Enterprise program is tax-exempt for two years and enjoys a reduced tax
rate of 10.0% to 25.0% for up to a total of eight years, subject to an adjustment based on the percentage of foreign investors’ ownership. We were also eligible for
certain tax benefits provided to Benefited Enterprises under the Investment Law. In March 2013, we notified the Israel Tax Authority that we apply the new tax
Preferred Enterprise regime under the Investment Law instead of our Approved Enterprise and Benefited Enterprise. Accordingly, we are eligible for certain tax
benefits provided to Preferred Enterprises under the Investment Law. If we do not meet the conditions stipulated in the Investment Law and the regulations
promulgated thereunder, as amended, for the Preferred Enterprise, any of the associated tax benefits may be canceled, and we would be required to repay the
amount of such benefits, in whole or in part, including interest and CPI linkage (or other monetary penalties). Starting from 2017, we are eligible for the
Technological Preferred Enterprise regime, a sub-category of the Preferred Enterprise regime, which grants enhanced tax benefits to enterprises with significant
research and development activities. Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or
discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates which would harm our financial condition and results of operation.
Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion under
future Israeli tax benefit regimes. See “Item 5. Operating and Financial Review and Prospects—Operating Results—Israeli Tax Considerations and Government
Programs—Law for the Encouragement of Capital Investments, 5719-1959.”
We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees.
We enter into assignment-of-invention agreements with our employees pursuant to which such individuals agree to assign to us all rights to any inventions created
in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our employees during the course
of their employment by us. Under the Israeli Patent Law, 5727-1967, inventions conceived by an employee during the scope of his or her employment with a
company are regarded as “service inventions” which belong to the employer, absent a specific agreement between the employee and employer giving the employee
service invention rights. Although our employees have agreed to assign to us service invention rights, as a result of uncertainty under Israeli law with respect to
service invention rights and the efficacy of related waivers, including with respect to remuneration and its extent, we may face claims demanding remuneration in
consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or
former employees, or be forced to litigate such claims, which could negatively affect our business.
Provisions of Israeli law and our articles of association may delay, prevent or otherwise impede a merger with or an acquisition of us, even when the terms of
such a transaction are favorable to us and our shareholders.
Our articles of association contain certain provisions that may delay or prevent a change of control. These provisions include that our directors (other than external
directors, if applicable) are elected on a staggered basis, and therefore a potential acquirer cannot readily replace our entire board of directors at a single annual
general shareholder meeting. In addition, Israeli corporate law regulates acquisitions of shares through tender offers and mergers, requires special approvals for
transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to such types of transactions. See “Item 10.B.
Articles of Association—Acquisitions under Israeli Law” for additional information.
Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax
treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as
U.S. tax law. With respect to mergers involving an exchange of shares, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral
contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales
and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax
deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These provisions of Israeli law
and our articles of association could have the effect of delaying or preventing a change in control in us and may make it more difficult for a third-party to acquire
us, even if doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for our ordinary shares.
28
�It may be difficult to enforce a judgment of a U.S. court against us, our officers and directors or the Israeli auditors named in this annual report in Israel or
the United States, to assert U.S. securities laws claims in Israel or to serve process on our officers and directors and these auditors.
We are incorporated in Israel. The majority of our directors and executive officers, and the Israeli auditors listed in this annual report reside outside of the United
States, and most of our assets and most of the assets of these persons are located outside of the United States. Therefore, a judgment obtained against us, or any of
these persons, including a judgment based on the civil liability provisions of the U.S. federal securities laws, may not be collectible in the United States and may
not be enforced by an Israeli court. It also may be difficult for you to effect service of process on these persons in the United States or to assert U.S. securities law
claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws reasoning that Israel is
not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not
U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact by expert witnesses, which can
be a time consuming and costly process. Certain matters of the procedure will also be governed by Israeli law. There is little binding case law in Israel that
addresses the matters described above. As a result of the difficulty associated with enforcing a judgment against us in Israel, you may not be able to collect any
damages awarded by either a U.S. or foreign court.
Your rights and responsibilities as a shareholder are, and will continue to be, governed by Israeli law which differs in some material respects from the rights
and responsibilities of shareholders of U.S. corporations.
The rights and responsibilities of the holders of our ordinary shares are governed by our articles of association and by Israeli law. These rights and responsibilities
differ in some material respects from the rights and responsibilities of shareholders in U.S. corporations. In particular, a shareholder of an Israeli company has a
duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards the company and other shareholders, and to
refrain from abusing its power in the company, including, among other things, in voting at a general meeting of shareholders on matters such as amendments to a
company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder
approval. In addition, shareholders have a general duty to refrain from discriminating against other shareholders and a shareholder who is aware that it possesses
the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or chief executive officer in the company has a
duty of fairness toward the company with regard to such vote or appointment. There is limited case law available to assist us in understanding the nature of this
duty or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares
that are not typically imposed on shareholders of U.S. corporations. See “Item 6.C. Board Practices — Approval of Related Party Transactions under Israeli Law—
Fiduciary Duties of Directors and Executive Officers.”
29
�ITEM 4. INFORMATION ON THE COMPANY
A.
History and Development of the Company
Our History
CyberArk Software Ltd. was founded in 1999 with the vision of protecting high-value business data and pioneered our Digital Vault technology, which is the
foundation of our primary platform. That same year, we began offering our first product, the Sensitive Information Management Solution (previously called the
Sensitive Document Vault), which provides a secure platform through which our customers’ employees can share sensitive files. We believe our early innovation
in vaulting technology enabled us to evolve into a company that provides a comprehensive security solution built for privileged access management. In 2005, we
introduced our Privileged Access Security Solution, which has become our leading offering and reflects our emphasis on protecting privileged access across an
organization. In September 2014, we listed our ordinary shares on NASDAQ. In 2015, we acquired Viewfinity, a provider of Windows least privilege management
and application control software, as well as Cybertinel, a cybersecurity company specializing in cyber threat detection technology. In May 2017, we acquired
Conjur Inc., a provider of DevOps security software, and in March 2018, we acquired Vaultive, Ltd., a cloud security provider. Based on our continued innovation,
today we are the leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and
throughout the DevOps pipeline.
We are a company limited by shares organized under the laws of the State of Israel. We are registered with the Israeli Registrar of Companies. Our registration
number is 51-229164-2. Our principal executive offices are located at 9 Hapsagot St., Park Ofer B, POB 3143, Petach-Tikva, 4951040, Israel, and our telephone
number is +972 (3) 918-0000. Our website address is www.cyberark.com. Information contained on, or that can be accessed through, our website is not part of this
annual report and is not incorporated by reference herein. We have included our website address in this annual report solely for informational purposes. Our SEC
filings are available to you on the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information statements, and other information
regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not incorporated by reference herein.
Our agent for service of process in the United States is CyberArk Software, Inc., located at 60 Wells Avenue, Newton, MA 02459, and our telephone number is
(617) 965-1544.
Principal Capital Expenditures
Our cash capital expenditures for fiscal years 2016, 2017 and 2018 amounted to $2.8 million, $6.8 million and $8.6 million, respectively. Capital expenditures
consist primarily of investments in leasehold improvements for our office space and the purchase of furniture, computers and related equipment. We anticipate our
capital expenditures in fiscal year 2019 to be in a range of $6 million to $8 million. We anticipate our capital expenditures in 2019 will be financed with cash on
hand and cash provided by operating activities.
B.
Business Overview
We are the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and
throughout the DevOps pipeline. Our software solutions are focused on protecting privileged accounts, credentials and secrets, which are consistently sought-after
by cyber attackers to accomplish their goals. Privileged accounts are pervasive and act as the “keys to the IT kingdom,” providing complete access to, and control
of, IT infrastructure (whether located on-premises or in the cloud), applications, DevOps tools, and critical business data. In the hands of an external attacker or
malicious insider, privileged credentials allow attackers to take control of and disrupt an organization’s IT environment and industrial control systems, steal
confidential information and commit financial fraud. Our comprehensive solutions proactively protect credentials, isolate and monitor sessions, detect and respond
to privileged threats, provide secrets management for commercial off the shelf applications and applications built using DevOps methodologies, and enforce
privileged access security on the endpoint. Our customers use our innovative solutions to introduce a critical security layer to protect against, detect and respond to
cyber attacks before they strike vital systems, compromise sensitive data and disrupt business operations.
30
�Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber attacks. The challenge this presents is
intensified by the growing adoption of modern technologies such as cloud computing, new container and micro-service-based cloud native application architectures
leveraging DevOps methodologies, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with
significantly larger attack surfaces. Organizations have historically relied upon perimeter-based threat protection solutions such as network and web security tools
as the predominant defense against cyber attacks, yet these traditional solutions have a limited ability to stop today’s advanced threats. Many organizations are still
in the early stages of adapting their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their
network perimeter has been or will be breached. They are therefore increasingly implementing privileged access management as a new layer of protection to
disrupt attacks against their on-premises and cloud-based assets before they result in the loss of confidential information or other serious damage. Regulators are
also mandating rigorous compliance with new laws that call for heavy fines for not protecting the security and privacy of customer’s personally identifiable
information.
We believe that the implementation of a privileged access security solution is the most critical component of an effective security strategy. Privileged accounts,
credentials and secrets represent some of the most vulnerable aspects of an organization’s IT infrastructure. Privileged accounts are used by system administrators,
third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, container, operating
system, database, application and endpoint. Due to the broad access and control they provide, privileged access exploitation has become a critical stage of the cyber
attack lifecycle. The typical cyber attack involves an attacker effecting an initial breach, escalating privileges to access target systems, moving laterally through the
IT infrastructure to identify valuable targets, and exfiltrating, or stealing, the desired information.
Our solutions can be deployed in traditional on-premises data centers, public, private or hybrid cloud environments. Our innovative software solutions are the
result of 20 years of research and expertise, combined with valuable knowledge we have gained from working with our diverse population of customers and from
our acquisitions of Viewfinity, Cybertinel, Conjur, and Vaultive.
The CyberArk Privileged Access Security solution provides the most comprehensive approach to securing privileged credentials on-premises and in the cloud,
from every endpoint and application, and throughout the DevOps pipeline. The Core Privileged Access Security offering provides risk-based credential protection,
session isolation and monitoring to detect and prevent attacks involving privileged access. This solution can be extended with least privilege control for Linux,
Unix, and Windows servers as well as domain control protection. CyberArk also provides application credential and DevOps secrets management with Application
Access Manager and protection of privilege on endpoints with Endpoint Privilege Manager. CyberArk supports standard deployment methodologies (on-premises,
hybrid, and in the cloud) with multiple licensing options including perpetual as well as subscription licensing available for each of these deployments. In addition,
CyberArk Privilege Cloud is offered as a SaaS deployment and Endpoint Privilege Manager is available for on-premises and SaaS deployments.
Every product in the CyberArk Privileged Access Security solution is stand-alone and can be managed independently while still sharing resources and data from
common infrastructure, and integrates out of the box with over 100 types of IT assets.
At the core of the infrastructure are an isolated vault server, a unified policy engine, a discovery engine and layers of security that provide scalability, reliability
and unmatched security for privileged accounts, credentials and secrets.
Our
solution complements other vendors’ IT, security and cloud solutions in two significant ways. First, through enhancing the security of these solutions by
reducing the misuse potential of privileged accounts used by or incorporated within these solutions and second, through the sharing of valuable information
between the solutions, for improved detection, protection and response in the event of a cyber attack.
In April 2016, we announced the launch of the C 3 Alliance, CyberArk’s global technology partner program, which brings together enterprise software, IT
Security and services providers to build on the power of privileged access security to better protect customers from cyber threats. The program establishes a
product integration foundation with our C 3 Alliance technology partners for the benefit of our mutual customers. We launched the CyberArk Marketplace in April
2018 to provide a trusted platform for customers to easily find and deploy integrations from the C 3 Alliance, partners, and community members.
31
�As of December 31, 2018, we had more than 4,450 customers, including more than 50% of the Fortune 500 companies and more than 30% of the Global 2000
companies. We define a customer to include a distinct entity, division or business unit of a company. Our customers include leading organizations in a diverse set
of industries, including financial services, manufacturing, insurance, healthcare, energy and utilities, transportation, retail, technology and telecommunications, as
well as government agencies. We sell our solutions through a high touch hybrid model that includes direct sales, channel sales, managed security service providers,
as well as advisory firm partners. This provides us with significant opportunities to grow our current customer base. Further, the relationships developed with our
channel and advisory firms allow us to benefit from their global reach and maintain close relationships with our customers. Additionally, we continue to enhance
our product offerings and go-to-market strategy by establishing technology alliances within the IT infrastructure and security vendor ecosystem.
Industry Background
The continuous string of targeted, damaging breaches executed by both external attackers and malicious insiders, along with an increase in the attack surface due to
the growing complexity and distributed nature of IT environments, have made it extremely challenging for enterprises and government agencies around the world
to protect sensitive information and infrastructure. These challenges, along with the increasing amount of data security regulations, are driving the need for security
solutions that provide a critical layer of IT security and complement traditional threat protection technologies by protecting privileged accounts, credentials and
secrets.
Our Solutions
Our solutions secure organizations’ high-value data and critical IT assets by providing proactive protection against external and internal cyber threats and enabling
real-time detection and neutralization of attacks involving privileged access.
Our solutions consist of Core Privileged Access Security for risk-based credential security and session management with advanced add-on options for least
privilege server and domain controller protection. Customers can also purchase Application Access Manager for secrets management for applications, tools,
containers and DevOps, and Endpoint Privilege Manager for least privilege and credential theft protection for workstations. Application Access Manager is a new
offering introduced in early 2019 that combines the former Application Identity Manager and Conjur Enterprise. Conjur continues to be available to developers as
open source software. CyberArk offers least privilege and credential theft protection for workstations with Endpoint Privilege Manager. These solutions leverage a
common technology platform that includes our secure Digital Vault, Web Management Interface, Master Policy Engine and Discovery Engine. We also offer over
100 certified joint solutions with leading cloud, security, and IT management providers via our C 3 Alliance program.
32
�Core Privileged Access Security
CyberArk’s Core Privileged Access Security offering includes risk-based credential security and session management to protect against attacks involving
privileged access. This offering includes CyberArk’s industry leading Enterprise Password Vault for credential protection; Privileged Session Manager for session
management; and Privileged Threat Analytics to detect and proactively respond to privileged access threats. We began selling these three products together as Core
Privileged Access Security starting in January 2018. CyberArk’s Core Privileged Access Security can be deployed in an on-premises data center, in a hybrid cloud
or a public cloud environment either as a perpetual or a term based license. In addition, Core Privilege Access Security is available as a SaaS solution with the
CyberArk Privilege Cloud. CyberArk Privilege Cloud is designed for commercial customers and includes credential protection and session management.
The Core Privileged Access Security solution secures and rotates passwords, credentials, and SSH keys to prevent the malicious use of privileged access by
external attackers and malicious insiders. The solution manages, secures, and automatically rotates privileged credentials based on an organization’s security
policies; and enforces granular access controls and workflows to protect who can access which credentials and when. Automated processes reduce the time it takes
to manually track and update privileged credentials to meet audit and compliance standards.
The solution also
secures, isolates, controls and monitors privileged user sessions to critical Unix, Linux, and Windows-based systems, databases, virtual
machines, network devices, mainframes, websites, SaaS applications, cloud platforms, DevOps tools and more. It provides a single-access control point, helps
prevent malware from jumping to a target system through the isolation of end users, and records every keystroke and mouse click for continuous monitoring.
Detailed session recordings and the ability to search, locate, and alert on sensitive events without having to filter through logs simplifies compliance audits and
accelerates forensic investigations. Real-time monitoring helps provide continuous protection for privileged access as well as automatic suspension and termination
of privileged sessions if any activity presents a high-level of risk to the organization. The solution provides full two-way integration with third-party SIEM
solutions with automated alerting on anomalous activity. It also provides Active Directory (AD) Bridge capabilities that enable organizations to centrally manage
Unix users and accounts that are linked to AD through the CyberArk platform. Native access to supported targets simplifies adoption by end users while enabling
organizations to maintain a strong security posture. With the acquisition of Vaultive in March 2018 and the launch of Privileged Session Manager for Cloud in
October 2018, CyberArk now offers native access for web-based applications, including support for leading cloud platforms, PaaS providers, SaaS, and social
media applications.
Lastly,
the Core Privileged Access Security offering enables organizations to detect, alert and respond to anomalous privileged activity indicating an in-progress
attack. The solution collects a targeted set of data from multiple sources, including the CyberArk Digital Vault, SIEM and the network. A combination of machine
learning, behavioral analysis, and statistical and deterministic algorithms enables organizations to detect indications of compromise early in the attack lifecycle by
identifying malicious privileged access activity across on-premises and cloud environments.
The Core Privileged Access Security offering can be extended to secure least privilege on Linux, Unix, and Windows servers and protect domain controllers.
Least
Privilege
Server
Protection.
The CyberArk Core Privileged Access Security offering allows privileged users to use administrative commands from their
native Linux/Unix and Windows sessions while eliminating unneeded root access or admin rights. This solution provides unified and correlated logging of all
super user activity linking it to a personal username while providing the freedom needed to perform job functions. Granular access control is enforced while
continuously monitoring all administrative commands executed by super users based on their role and task.
Domain
Controller
Protection.
CyberArk offers an ultra-light weight Windows agent that performs network behavior analytics to detect a range of potential threats
including suspected credential theft, lateral movement and privilege escalation on domain controllers. It provides the ability to enforce granular controls for least
privilege and application control on domain controllers and to detect a variety of in-progress Kerberos attacks including Golden Ticket, Overpass-the-Hash and
Privilege Attribute Certificate (PAC) manipulation.
33
�Application Access Manager
CyberArk offers privileged access, credential and secrets management for applications with Application Access Manager. The offerings can be used to secure
credentials in commercial off-the-shelf applications as well as applications built on containers and micro-services using DevOps methodologies. Application
Access Manager incorporates the capabilities previously provided by Application Identity Manager and Conjur Enterprise, and was first made available in 2019.
For commercial off-the-shelf applications, Application Access Manager can be used to eliminate hard-coded application scripts and credentials without requiring
code changes while meeting enterprise requirements for performance and availability. Application Access Manager supports a broad range of commercial off-the-
shelf applications including application servers, IT management software, security applications such as vulnerability scanners, and Robotic Process Automation
tools on variety of platforms from z/OS to Linux and Windows.
For cloud native applications built using DevOps methodologies, Application Access Manager manages secrets and credentials used by non-human users including
DevOps and PaaS tools, micro-services and containers. Application Access Manager is based on a distributed, high availability architecture that is architected for
dynamic and elastic cloud environments. Application Access Manager integrates with CyberArk’s Enterprise Password Vault, DevOps tools such as Ansible, Chef,
Jenkins and Puppet, PaaS platforms such as Red Hat OpenShift and Pivotal Cloud Foundry and container orchestration platforms such as Kubernetes.
Endpoint Protection
Endpoint
Privilege
Manager.
CyberArk Endpoint Privilege Manager secures privileges on the endpoint (Windows and Mac desktops) and helps contain attacks
early in their lifecycle. It enables revocation of local administrator rights, while minimizing impact on user productivity, by seamlessly elevating privileges for
authorized applications or tasks. Application control, with automatic policy creation, allows organizations to prevent malicious applications from executing, and
runs unknown applications in a restricted mode. This, combined with credential theft protection, helps prevent malware such as ransomware from gaining a
foothold and contains attacks on the endpoint. CyberArk Endpoint Privilege Manager is available through on-premises and SaaS deployments.
Our Services
Maintenance and Support
Our customers typically purchase one year or, to a lesser extent, three years, of software maintenance and support, in conjunction with their initial purchase of
perpetual licenses for our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods. These two alternative
maintenance and support periods are common in the software industry. Customers pay for each alternative in full at the beginning of their terms. The substantial
majority of our contracts sold are for a one-year term. For example, for the years 2016 through 2018 approximately 85% of the renewal contracts were for a one
year term.
Our global customer support organization has expertise in our software and how it interacts with complex IT environments. When sales are made to customers
directly, we typically also provide any necessary maintenance and support pursuant to a maintenance and support contract directly with the customer. When sales
are made through channels, the channel partner (primarily in the EMEA and Asia Pacific and Japan regions) typically provides the first and second level support,
and we typically provide third level support if the issue cannot be resolved by the channel partner.
Our maintenance and support program provides customers the right to software bug repairs, the latest system enhancements and updates on an if-and-when
available basis during the maintenance period, and access to our technical support services. Our technical support services are provided via our online support
center, which enables customers to submit new support queries and monitor the status of open and past queries. Our online support system also provides customers
with access to our CyberArk Knowledge Base, an online user-driven information repository that provides customers the ability to address their own queries.
Additionally, we offer email and telephone support during business hours to customers that purchase a standard support package and 24/7 availability to customers
that purchase our 24/7 support package.
34
�Professional Services
Our products are designed to allow customers to download, install and deploy them on their own. CyberArk solutions are highly configurable and many customers
will select either one of our many trained channel partners or our CyberArk Security Services team to provide expert professional services. Our Security Services
team can be contracted to assist customers in planning, installing and configuring our solution to meet the needs of their security and IT environment, and provide
technical account management services. Our Security Services team provides ongoing consulting services regarding best practices in privileged access security,
and recommended ways to implement our solutions to meet specific customer requirements. Additionally, they share best practices associated with privileged
access security to educate customers and partners on such best practices through virtual classroom, live face-to-face, or self-paced classes.
Our Technology
Our comprehensive solutions rely on a set of proprietary technologies that provide a high level of security, scalability and reliability. The core technologies
included in our solutions are as follows.
Shared Technology Platform . Our shared technology platform is the foundation of the CyberArk Privileged Access Security Solution and includes our secure
Digital Vault, Web Management Interface, Master Policy Engine and Discovery Engine. Our Digital Vault is an encrypted server that only responds to preset vault
protocols to promote security throughout an organization’s network. CyberArk solutions use the Digital Vault to safely store, audit and manage passwords,
privileged credentials and secrets, policy information and privileged account session data. Our proprietary vault protocol technology enables distributed
deployments across global networks for central management and auditing while providing enterprise-wide global coverage. Our Web Management Interface
provides a single, user-friendly interface for customers to set, manage and monitor privileged access security policies across an entire organization in a matter of
minutes while allowing for granular level exceptions to meet the organization’s specific operational needs. Organizations can also leverage REST APIs to automate
privileged access security tasks and quickly integrate CyberArk solutions with existing security, operations and DevOps tools. Our Master Policy Engine and
Discovery Engine enable organizations to understand the scope of privileged access risk and help ensure that all privileged activity is accounted for by
automatically discovering new privileged accounts or changes to existing accounts.
Secure Digital Vault Technology. Our proprietary Digital Vault technology provides a highly secure, isolated environment, independent of other software, and is
engineered with multiple layers of security. Our Digital Vault provides a data encryption mechanism that eliminates the need for encryption key management by
the end user, while each object in our Digital Vault is encrypted with its own unique encryption key. To ensure security throughout the network, our Digital Vault
communicates within an organization’s network and over the internet through a proprietary and highly protected Vault Protocol, enabling an organization to
implement the centrally managed Privileged Access Security Solution with products located in multiple datacenters and geographic locations. Our Digital Vault
provides an additional level of protection by preventing the vault administrator from accessing or discovering protected data stored within it. In addition, our
Digital Vault database is embedded, isolated and self-managed as part of our Digital Vault software, thereby blocking database administrator access to our Digital
Vault database to further eliminate threats. Our Privileged Access Security Solution’s additional products use the highly secured Digital Vault to safely store, audit
and manage passwords, privileged credentials, policy information and privileged access session data.
Sophisticated Threat Analytics Algorithms . Our team of cyber experts and development engineers has developed proprietary algorithms that are at the core of
our privileged analytics and threat detection solution. These algorithms were developed using our deep understanding of cybersecurity and cyber attack techniques,
together with over a decade of rich experience in analyzing privileged access activities. Our solution uses these proprietary algorithms to construct a behavioral
profile for privileged users within an organization and continuously updates the profile based on normal changes in behavior. Once a behavioral profile is
established, the threat analytics algorithms provide the ability to look for deviations from that profile in order to identify anomalies in user behavior. It then scores
each individual anomaly and determines the level of threat based on the correlation of such anomalous events. Additionally, agents can be deployed to analyze and
to detect Kerberos-based attacks against domain controllers in real-time. These attacks are particularly dangerous since they enable attackers to gain unrestricted
access and control to the entire IT infrastructure. Alerts with full details of the incident, including the probability of malicious intent, can be raised immediately,
allowing an organization’s incident response team to review the potential threat and take action when necessary.
35
�Strong Application Authentication and Credential Management. The Application Access Manager architecture allows an organization to eliminate hard-coded
application credentials, such as passwords and encryption keys, from applications and scripts. Our secure, proprietary technology permits authentication of an
application during run-time, based on any combination of the application’s signature, executable path or IP address, and operating system user. Following
application authentication, the authenticated application uses a secure application programming interface, or API, to request privileged account credentials during
run-time and, based on the application permissions in our Privileged Access Security Solution, up-to-date credentials are provided to the application. To ensure
business continuity, and high availability and performance even within complex and distributed network environments, our advanced product architecture provides
a secure local credentials cache on the application server, eliminating the dependency on network availability and traffic during a run-time application credential
request. Our proprietary architecture provides even higher value in application server environments, allowing an organization to eliminate application credentials
without the need to perform any code changes or impacting application availability.
Privileged Session Recording and Controls. Our innovative privileged session recording and control mechanisms provide the ability to isolate an organization’s IT
systems from end-user desktops, while monitoring and recording the privileged session activities. Our proprietary architecture provides a highly secure, proxy-
based solution that does not require agent installation on the target systems and provides a single-access control point to the target systems. The architecture blocks
direct communication between an end-user’s desktop and a target system, thus preventing potential malware on the desktop from infiltrating the target system. This
architecture further ensures that privileged credentials will remain protected and will not be exposed to the end-user or reach the desktop. CyberArk session
monitoring solutions support native connectivity to Windows and other graphical platforms via native RDP tools, and Linux/Unix using native SSH tools.
Additionally, following the acquisition of Vaultive the solution provides native access to SaaS applications, cloud consoles, DevOps tools, social media platforms
and more. Native access not only streamlines the connection process and workflow, but more importantly it unifies and enforces organizational security policy
across disparate targets. Comprehensive recording capabilities provide the ability to record every keystroke and mouse click on the privileged session, and also
provide DVR-like recordings with search, locate and alert capabilities. Risk scoring can be applied to each recorded session, automating the review of all
privileged sessions and enabling auditors to prioritize and deprioritize workloads based on risk.
Strong Endpoint Security. Following the acquisition of Viewfinity, Inc. in 2015, we began offering endpoint agent technology, which provides policy-based
privilege management, application control and credential theft protection capabilities. The agent is able to detect privileged commands, and application installation
or invocation on the endpoint, and to validate whether it is permissible by the organization’s security policy, otherwise blocking the operation or allowing it to run
in a restricted mode (via application whitelisting, blacklisting and greylisting). Having users operate in a least privilege mode together with our agent-based
technology effectively reduces the attack surface that attackers or malware can exploit. The solution leverages third party threat and reputation information to
enrich the policy and black-list definitions to further strengthen controls and block bad or malicious applications based on such security intelligence.
Our Customers
As of December 31, 2018, we had more than 4,450 customers, including more than 50% of the Fortune 500 companies and more than 30% of the Global 2000
companies. Our customers include leading organizations in a diverse set of industries, including financial services, manufacturing, insurance, healthcare, energy
and utilities, transportation, retail, technology and telecommunications, as well as government agencies.
Our business is not dependent on any particular customer. No customer in 2016, 2017 and 2018 and no channel partner in 2017 and 2018 accounted for more than
10% of our revenues. In 2016, our largest channel partner accounted for approximately 12.1% of our revenues. Our diverse global footprint is evidenced by the fact
that in 2018, we generated 54.7% of our revenues from customers in the United States, 32.7% from the EMEA region and 12.6% from the rest of the world,
including countries in North and South America other than the United States and countries in the Asia Pacific region.
36
�Sales and Marketing
Sales
We believe that our hybrid sales model, which combines the leverage of high touch, channel sales with the account control of direct sales, has played an important
role in the growth of our customer base to date. We maintain a highly trained sales force that is responsible for developing and closing new business, the
management of relationships with our channel partners and the support and expansion of relationships with existing customers. Our sales organization is organized
by geographic regions, consisting of the Americas, EMEA and Asia Pacific and Japan regions. As of December 31, 2018, our global network of channel partners
consisted of more than 400 resellers, distributors and managed service providers. Our channel partners generally complement our sales efforts by helping identify
potential sales targets, maintaining relationships with certain customers and introducing new products to existing customers and offering post-sale professional
services and technical support. In 2018, we generated approximately 35% of our revenues from direct sales from our field offices located throughout the world.
Approximately 50% of our sales in the United States are direct while the substantial majority of our sales in the EMEA region and the rest of the world are through
channel partners. We work with many global systems integration partners and several leading regional security value added resellers, such as Optiv Security Inc.,
Computacenter PLC, Orange S.A. Business Services (Orange Cyberdefense), Atos SE, M.Tech, NCC Group, Guidepoint Security LLC, Netpoleon Solutions, and
Edvance. These companies were each among our top 15 channel partners in 2017 and 2018 by revenues and we have derived a meaningful amount of revenues
from sales to each of them during the last two years. Further, we work with advisory firms such as Deloitte and KPMG in marketing our solutions and providing
implementation services to our customers.
Our sales cycle varies by size of the customer, the number of products purchased and the complexity of the customer’s IT infrastructure, ranging from several
weeks for incremental sales to existing customers to many months for sales to new customers or large deployments. To support our broadly dispersed global
channel and customer base, as of December 31, 2018, we had sales personnel in 35 countries. We plan to continue investing in our sales organization to support
both the growth of our channel partners and our direct sales organization.
Marketing
Our marketing strategy is focused on building our brand strength, communicating the benefits of our solutions, developing leads and increasing sales to existing
customers. We market ourselves as the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the
enterprise, in the cloud and throughout the DevOps pipeline. We execute our strategy by leveraging a combination of internal marketing professionals and a
network of channel partners to communicate the value proposition and differentiation for our products, generating qualified leads for our sales force and channel
partners. Our marketing efforts also include public relations in multiple regions and extensive content development available through our website. We are focused
on ongoing thought-leadership campaigns to reinforce our positioning as the privileged access security leader. Our marketing team is expanding its efforts by
investing in analytics-driven lead development, stronger global coordination, quick response to current events and proactive and consistent communication with
market analysts.
Research and Development
Continued investment in research and development is critical to our business. Our research and development efforts are focused primarily on improving and
continuing to enhance existing products and services, as well as developing new products, features and functionality to meet market needs. We believe the timely
development of new products and capabilities is essential to maintaining our competitive position. We regularly release new versions of our software which
incorporate new features and enhancements to existing ones. We also maintain a dedicated CyberArk Labs team that researches reported advanced cyber attacks,
the attackers’ techniques and post-exploit methods that lead to new security development initiatives for our products, and provides thought-leadership on new
product capabilities and targeted attack mitigation.
As of December 31, 2018, we had 287 employees focused on research and development. We conduct our research and development activities primarily in Israel.
We believe this provides us with access to world class engineering talent. Our research and development expenses were $34.6 million, $42.4 million, and $57.1
million in 2016, 2017 and 2018, respectively.
37
�Intellectual Property
We rely on a combination of patent, trademark, copyright and trade secret laws, confidentiality procedures and contractual provisions to protect our technology and
the related intellectual property.
As of December 31, 2018, we had 34 issued patents in the United States, and 41 pending U.S. patent applications. We also had 3 issued patents and 20 applications
pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications.
The inventions for which we have sought patent protection relate to current and future elements of our products and technology. The following list of products
identifies some of those with patent-protected features but other products may also be protected by one or more patents: Digital Vault, Discovery & Audit tool,
Privileged Threat Analytics, Privileged Session Manager, Endpoint Privilege Manager and Application Access Manager.
We generally enter into confidentiality agreements with our employees, consultants, service providers, resellers and customers and generally limit internal and
external access to, and distribution of, our proprietary information and proprietary technology through certain procedural safeguards. These agreements and
measures may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the
event of unauthorized use or disclosure of our intellectual property or technology.
Our industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual
property rights. In particular, leading companies in the security industry have extensive patent portfolios. As our market position continues to grow, we believe that
competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that
competitors or third parties will claim that our products infringe their proprietary rights. From time to time, third parties have asserted and may assert their patent,
copyright, trademark and other intellectual property rights against us, our channel partners, users or customers, whom our standard license and other agreements
may obligate us to indemnify against such claims under certain circumstances. Successful claims of infringement or misappropriation by a third party could
prevent us from developing, distributing, licensing, using certain products, performing certain services or could require us to pay substantial damages (including,
for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed
copyrights), royalties or other fees. Such claims also could require us to expend additional development resources to attempt to redesign our products or services or
otherwise to develop non-infringing technology; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary
technologies or intellectual property rights; and to indemnify our customers and partners (and parties associated with them). Even if third parties may offer a
license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could
cause our business, results of operations or financial condition to be materially and adversely affected.
Competition
The IT security market in which we operate is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and
services, and evolving security threats. We compete with a multitude of companies that offer a broad array of IT security products that employ different approaches
and delivery models to address these evolving threats.
Our current and potential future competitors include BeyondTrust Corporation, One Identity LLC, Thycotic Software Ltd., Microsoft Corporation, Broadcom Inc.
(which acquired CA Technologies) and Oracle Corporation in the access and identity management market, some of which may offer solutions at lower price
points. Further, we may face competition due to changes in the manner that organizations utilize IT assets and the security solutions applied to them, such as the
provision of privileged account security functionalities as part of public cloud providers’ infrastructure offerings, or cloud-based identity management solutions.
Limited IT budgets may also result in competition with providers of other advanced threat protection solutions such as McAfee, LLC, Palo Alto Networks, Splunk
Inc., and Symantec Corporation. We also may compete, to a certain extent, with vendors that offer products or services in adjacent or complementary markets to
privileged account security, including identity management vendors and cloud platform providers such as Amazon Web Services, Google Cloud Platform, and
Microsoft Azure.
The principal competitive factors in our market include:
•
the breadth and completeness of a security solution;
38
�•
•
•
•
•
•
•
•
•
•
•
reliability and effectiveness in protecting, detecting and responding to cyber attacks;
analytics and accountability at an individual user level;
ability of customers to achieve and maintain compliance with compliance standards and audit requirements;
strength of sale and marketing efforts, including advisory firms and channel partner relationships;
global reach and customer base;
scalability and ease of integration with an organization’s existing IT infrastructure and security investments;
brand awareness and reputation;
innovation and thought leadership;
quality of customer support and professional services;
speed at which a solution can be deployed; and
price of a solution and cost of maintenance and professional services.
We believe we compete favorably with our competitors on the basis of these factors. However, some of our current and potential future competitors may enjoy
potential competitive advantages, such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial,
technical and other resources.
Properties
Our corporate headquarters are located in Petach Tikva, Israel in an office consisting of approximately 111,341 square feet to which we moved in September 2017.
The current lease expires in June 2022 with an extension option for two successive one year periods. Our U.S. headquarters are located in Newton, Massachusetts
in an office consisting of approximately 32,463 square feet. The lease expires in June 2026 with an extension option for two successive five year periods. We
maintain additional offices in the U.K. and Singapore along with regional sales offices in France, Germany, Australia, Japan, Italy, Netherlands, Spain and Turkey
and a second research and development office in Israel of approximately 3,660 square feet following the acquisition of Vaultive . We believe that our facilities are
sufficient to meet our current needs and that if we require additional space to accommodate our growth we will be able to obtain additional facilities on
commercially reasonable terms.
Internal Cybersecurity
As we provide privileged access security products, we are sensitive as to the possibility of cyber attacks and data theft, since a breach of our system could provide
data information regarding not only us, but potentially regarding the customers that our solutions protect. Further, we may be targeted by cyber terrorists because
we are an Israeli company. We are also aware of the impact of an actual or perceived breach of our network may have on the market perception of our products and
services and potential liability.
We are focused on implementing new technologies and solutions to assist in prevention of potential and attempted cyber attacks, as well as protective measures
and contingency plans in the event of an existing attack. We have made certain updates to our IT infrastructure to enhance our ability to prevent and respond to
such threats and we routinely test the infrastructure for vulnerabilities.
We conduct periodic trainings for our employees in this respect on phishing, malware and other cybersecurity risks and we have mechanisms in place designed to
ensure prompt internal reporting of potential or actual cybersecurity breaches. Finally, our agreements with third parties also typically contain provisions that
reduce or limit our exposure to liability.
Legal Proceedings
See “Item 8.A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal Proceedings.”
39
�C.
Organizational Structure
The legal name of our company is CyberArk Software Ltd. and we are organized under the laws of the State of Israel.
The following table sets forth our key subsidiaries all of which are 100% owned directly or indirectly by CyberArk Software Ltd.:
Name of Subsidiary
CyberArk Software, Inc.
Cyber-Ark Software (UK) Limited
CyberArk Software (Singapore) PTE. LTD.
Cyber-Ark Software (DACH) GmbH
CyberArk Software Italy S.r.l.
CyberArk Software (France) SARL
CyberArk Software (Netherlands) B.V.
CyberArk Software (Australia) Pty Ltd.
CyberArk Software (Japan) K.K.
CyberArk Software Canada Inc.
CyberArk USA Engineering, LP
Place of Incorporation
Delaware, United States
United Kingdom
Singapore
Germany
Italy
France
Netherlands
Australia
Japan
Canada
Delaware, United States
D.
Property, Plants and Equipment
See “Item 4.B.—Business Overview—Property” for a discussion of property, plants and equipment.
ITEM 4A. UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 5.
OPERATING AND FINANCIAL REVIEW AND PROSPECTS
Company Overview
We are a global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and
throughout the DevOps pipeline. Our software solutions are focused on protecting privileged accounts, credentials and secrets, which are consistently sought-after
by cyber attackers to accomplish their goals. Privileged accounts are pervasive and act as the “keys to the IT kingdom” providing complete access to, and control
of, IT infrastructure (whether located on-premises or in the cloud), applications, DevOps tools, and critical business data. In the hands of an external attacker or
malicious insider, privileged credentials allow attackers to take control of and disrupt an organization’s IT environment and industrial control systems, steal
confidential information and commit financial fraud. Our comprehensive solutions provide risk-based credential and session management to detect and protect
against attacks involving privileged access, secure secrets used by applications, and enforce privileged access security on the endpoint. Our customers use our
innovative solutions to introduce a critical security layer to protect against, detect and respond to cyber attacks before they strike vital systems, compromise
sensitive data and disrupt business operations.
We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent
requested by customers. Our license revenues consist primarily of revenues from sales of our Core Privileged Access Security Solution. Our customers typically
purchase one year and, to a lesser extent, three years, of maintenance and support in conjunction with their initial purchase of perpetual licenses for our products.
Thereafter, they can renew such maintenance and support for additional one or three-year periods.
40
�We have experienced significant growth over the last several years, as evidenced by a compound annual growth rate in revenues of 25.9% from 2016 to 2018. We
have also increased our number of employees and subcontractors from 823 as of December 31, 2016 to 1,146 as of December 31, 2018. We intend to continue to
execute on our strategy of growing our business to meet the needs of our customers and to pursue opportunities in new and existing verticals, geographies and
products. We intend to continue to invest in the development of our sales and marketing teams, with a particular focus on expanding our channel partnerships,
targeting new customers, creating technology partnerships and solidifying relationships with existing customers. We also plan to continue to invest in research and
development in order to continue to develop technology to protect modern enterprises from privileged access security risk from hybrid to cloud-native
environments
During the years ended December 31, 2016, 2017 and 2018, our revenues were $216.6 million, $261.7 million and $343.2 million, respectively, representing year-
over-year growth of 20.8% and 31.1% in 2017 and 2018, respectively, and with maintenance and professional services comprising 43.6% and 43.9% of our
revenues in 2017 and 2018, respectively. Our net income for the years ended December 31, 2016, 2017 and 2018 was $28.1 million, $16.0 million and $47.1
million, respectively.
Key Financial Metrics
We monitor several key financial metrics to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts and
assess operational efficiencies. The key financial metrics that we monitor are as follows:
Revenues
Gross profit
Non-GAAP gross profit(1)
Operating income
Non-GAAP operating income(1)
Net income
Non-GAAP net income(1)
Net cash provided by operating activities
Total deferred revenues (as of period-end)
2016
Year ended December 31,
2017
(in thousands)
2018
$
216,613 $
261,701 $
343,199
186,462
189,268
219,853
226,355
294,738
303,651
35,956
58,014
28,124
45,245
56,310
73,506
20,326
51,850
16,015
41,895
47,292
90,460
47,072
76,523
80,737
105,235
130,125
149,534
(1) For a reconciliation of non-GAAP gross profit, non-GAAP operating income to operating income and of non-GAAP net income to net income, the most
directly comparable GAAP measures, see “Item 3.A. Selected Financial Data.”
Revenues.
We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the
extent requested by customers. We review our revenues generally to assess the overall health of our business and our license revenues in particular to assess the
adoption of our software and our growth in the markets we serve.
We consider our license revenues to be particularly important in assessing our results of operations because license fees impact both our short-term and long-term
revenues. License purchases, whether by new customers or due to expansion by existing customers, impact our revenues favorably in the short-term because we
recognize substantially all license fees immediately upon delivery. License purchases further contribute significantly to our revenues in the long term because the
size of our maintenance and support contracts is directly related to our licenses revenues, but revenues from maintenance and support contracts are recognized on a
straight-line basis over the term of the related contract. This fact, coupled with the high renewal rate for our maintenance and support contracts, means that a
meaningful portion of the revenues we report each period are recognized from deferred revenues generated by maintenance and support contracts entered into
during previous quarters.
41
�The amount that a customer pays for a license can vary from a few thousand dollars to many millions of dollars depending on its scope. We generally license our
products on a price per user or price per server basis; however, our license agreements with a small number of our largest customers do not contain any limit on the
number of users or servers in recognition of the size of the overall agreement. We also license certain of our products based on the number of concurrent sessions
monitored or endpoints secured. As a result, we do not track, and are unable to track, the amount of license revenues we generate on per user or per server basis.
We do, however, maintain internal price guidelines for different size transactions and, since our cost of license revenues is negligible, we generate incremental
profit from every license. Although we are focused on growing our customer base, our revenues are a function of both the size of initial sales to new customers and
the size of upsells or cross sells to existing customers. We seek to increase the number of large transactions that we enter into because they better leverage our
operating expense base, and particularly our sales and marketing expenses, and also generate larger maintenance and support contracts to drive future revenues and
margins.
Because the size of our maintenance and support contracts is directly related to our licenses revenues and because the rates that we charge for professional services
fluctuate very little, the drivers of changes in these sources of revenues have to date been volume-based. Historically, there has been little fluctuation in price when
we renew a contract for maintenance and support or for professional services. While the demand for professional services is expected to increase as our customers
and license base grow, we expect that our channel partners will increase the amount of such services that they provide. Therefore, while we expect an increase in
the dollar amount of our professional services revenue, we do not expect our professional services revenues to increase materially as a percentage of total revenues.
See “—Components of Statements of Operations—Revenues” for more information.
Non-GAAP
Gross
Profit
, non-GAAP
Operating
Income
and
Non-GAAP
Net
Income.
Non-GAAP gross profit, Non-GAAP operating income and non-GAAP net
income are non-GAAP financial measures. We define non-GAAP gross profit, non-GAAP operating income and non-GAAP net income as gross profit, operating
income and net income, respectively, which each exclude (i) share-based compensation expense and (ii) amortization of intangible assets related to acquisitions.
Non-GAAP operating income also excludes (i) expenses related to acquisitions, and (ii) expenses related to facility exit and transitions costs. Non-GAAP net
income also excludes (i) tax effects related to the non-GAAP adjustments set forth above, (ii) tax effects related to the impact to our deferred tax assets as a result
of the Tax Act and (iii) intra-entity intellectual property transfer tax effects.
We believe that providing non-GAAP gross profit, non-GAAP operating income and non-GAAP net income that exclude, as appropriate, share-based
compensation expense, expenses related to acquisitions, amortization of intangible assets related to acquisitions, the tax effects related to these non-GAAP
adjustments, intra-entity intellectual property transfer tax effects and the tax effects related to the impact to our deferred tax assets as a result of the Tax Act allows
for more meaningful comparisons between our financial results from period to period. Share-based compensation expense has been, and will continue to be a
significant recurring expense in our business and an important part of the compensation we provide to employees for the foreseeable future. Share-based
compensation expense has varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s
non-cash expense. We also believe that expenses related to our acquisitions, amortization of intangible assets related to acquisitions, facility exit and transitions
costs, intra-entity intellectual property transfer tax effects and the impact of the Tax Act, do not reflect the performance of our core business and would impact
period-to-period comparability. Each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating
our own financial results over different periods of time. In particular, these financial measures reflect our operating expenses, the largest of which is currently sales
and marketing. Accordingly, we assess the effectiveness of our sales and marketing efforts in part by considering whether increases in such expenditures are
reflected in increased revenues and increased non-GAAP operating income and non-GAAP net income. The material factors driving changes in these financial
measures are discussed under the subheading “—Comparison of Period to Period Results of Operations.” As well as under “Item 3.A. Selected Financial Data.”
Net
Cash
Provided
by
Operating
Activities.
We monitor net cash provided by operating activities as a measure of our overall business performance. Our net cash
provided by operating activities is driven in large part by net income and from up-front payments for maintenance and support contracts and to a lesser extent
professional services. Monitoring net cash provided by operating activities enables us to analyze our financial performance as it includes our deferred revenues and
removes the non-cash effects of certain items such as depreciation, amortization and share-based compensation expense, thereby allowing us to better understand
and manage the cash needs of our business. The material factors driving changes in our net cash provided by operating activities are discussed under “—Liquidity
and Capital Resources.”
42
�Total
Deferred
Revenues.
Our total deferred revenues consist of amounts that have been collected but that have not yet been recognized as revenues because they
do not meet the applicable criteria. The substantial portion of our deferred revenues consists of the unrecognized portion of upfront payments associated with
maintenance and support contracts. We monitor our total deferred revenues because it represents a significant portion of revenues to be recognized in future
periods. Substantially all of the increase in our total deferred revenues has been from growth in our maintenance and support contracts which, in turn, is driven by
growth of our license revenues. The material factors driving changes in our license revenues are discussed under “—Comparison of Period to Period Results of
Operations.”
A.
Operating Results
The
following
discussion
and
analysis
should
be
read
in
conjunction
with
the
section
titled
“Item
3.A.
Selected
Financial
Data”
of
this
annual
report
and
our
consolidated
financial
statements
and
the
related
notes
contained
elsewhere
in
this
annual
report.
This
discussion
and
analysis
may
contain
forward-looking
statements
based
upon
current
expectations
that
involve
risks
and
uncertainties.
Our
actual
results
may
differ
materially
from
those
anticipated
in
these
forward-
looking
statements
as
a
result
of
various
factors,
including
those
set
forth
in
“Item
3.D.
Risk
Factors”
of
this
annual
report.
Our
financial
statements
have
been
prepared
in
accordance
with
U.S.
GAAP.
Components of Statements of Operations
Revenues
Our revenues consist of the following:
•
License
Revenues.
License revenues are generated primarily from sales of licenses for our Privileged Access Security, Application Access Manager and
Endpoint Privilege Manager solutions. The substantial majority of our license revenues has been from sales of our Privileged Access Security solution.
Customers can purchase our standard Core Privileged Access Security solution which provides risk-based credential security and session management
with advanced add-on options for least privilege server protection and domain controller protection. Customers can also purchase Application Access
Manager for secrets management for all application types, including DevOps, and Endpoint Privilege Manager for least privilege and credential theft
protection for workstations. The standard Core Privileged Access Security solution is licensed per privileged user or per server; the add-on advanced
options for least privilege server protection and domain controller protection are licensed by target system. Endpoint Privilege Manager is also licensed by
system. Application Access Manager has two different licensing approaches based on deployment model. The first model is licensed by agent for
mission-critical applications like application servers that require the highest levels of performance and availability. The second model is agentless for
more dynamic cloud native applications; for this model, Application Access Manager is licensed by calling system for smaller configurations and is
licensed by site/region for larger installations. We also generate a small amount of our license revenues through sales of Sensitive Information
Management solution, our first product to market, licensed by the permitted number of users of the software.
• Maintenance
and
Professional
Services
Revenues
. Maintenance revenues are generated from maintenance and support contracts purchased by our
customers in order to gain access to the latest software enhancements and updates on an ‘if and when available’ basis and to telephone and email technical
support. We also offer professional services focused on both deployment and training our customers to fully leverage the use of our products.
43
�Geographic
Breakdown
of
Revenues
The United States is our biggest market, with the balance of our revenues generated from the EMEA region and the rest of the world, including Canada, Central
and South America, as well as the Asia Pacific and Japan region. The following table sets forth the geographic breakdown of our revenues by region for the periods
indicated:
United States
EMEA
Rest of World
Amount
2016
% of Revenues
Year ended December 31,
2017
% of Revenues
Amount
Amount
2018
% of Revenues
$
125,749
68,094
22,770
58.1% $
31.4%
10.5%
(in thousands)
145,453
81,778
34,470
55.6% $
31.2%
13.2%
187,704
112,086
43,409
54.7%
32.7%
12.6%
Total revenues
$
216,613
100.0% $
261,701
100.0% $
343,199
100.0%
Cost of Revenues
Our total cost of revenues consists of the following:
•
•
Cost
of
License
Revenues.
Cost of license revenues consists primarily of amortization of intangible assets, costs incurred by third-party software vendors and
shipping costs associated with delivery of our software. We expect the absolute cost of license revenues to increase as our license revenues increase.
Cost
of
Maintenance
and
Professional
Services
Revenues.
Cost of maintenance and professional services revenues primarily consists of personnel costs for our
global customer support and professional services organization. Such costs consist of salaries, benefits, bonuses, share-based compensation and
subcontractors’ fees. We expect the absolute cost of maintenance and professional services revenues to increase as our customer base grows and as we hire
additional professional services and technical support personnel.
Gross Profit and Gross Margin
Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin has historically
fluctuated slightly from period to period as a result of changes in the mix of license revenues and maintenance and professional services revenues and we expect
this pattern to continue.
Operating Expenses
Our operating expenses are classified into three categories: research and development, sales and marketing and general and administrative. For each category, the
largest component is personnel costs, which consists of salaries, employee benefits (including commissions and bonuses) and share-based compensation expense.
Operating expenses also include allocated overhead costs for facilities as well as depreciation and amortization. Allocated costs for facilities primarily consist of
rent and office maintenance and utilities. We expect personnel and all allocated costs to continue to increase in absolute dollars as we hire new employees and add
facilities to continue to grow our business.
Research
and
Development.
Research and development expenses consist primarily of personnel costs attributable to our research and development personnel and
consultants as well as allocated overhead costs, amortization and depreciation. We continue to expect that our research and development expenses will continue to
increase in absolute dollars and at least in line with our revenue growth rate as we continue to grow our research and development headcount to further strengthen
our technology platform and invest in the development of both existing and new products.
Sales
and
Marketing.
Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including
variable compensation, as well as marketing and business development costs, product certifications, travel expenses, allocated overhead costs, depreciation and
amortization of intangibles assets. We expect that sales and marketing expenses will continue to increase in absolute dollars and at least in line with our revenue
growth rate as we plan to expand our sales and marketing efforts globally. We continue to expect sales and marketing expenses will remain our largest category of
operating expenses.
44
�General
and
Administrative.
General and administrative expenses consist primarily of personnel costs for our executive, finance, human resources, legal and
administrative personnel. General and administrative expenses also include external legal, accounting and other professional service fees. We continue to expect
that general and administrative expense will increase in dollars and at least in line with our revenue growth rate as we grow and expand our operations and operate
as a public company, including higher corporate insurance, investor relations and accounting expenses, and the additional costs relating to our ongoing regulatory
compliance efforts.
Financial Income (Expenses), Net
Financial income (expenses), net consists of interest income, foreign currency exchange gains or losses and foreign exchange forward transactions expenses.
Interest income consists of interest earned on our cash, cash equivalents, short and long-term bank deposits and marketable securities. We expect interest income to
vary depending on our average investment balances and market interest rates during each reporting period. Foreign currency exchange changes reflect gains or
losses related to transactions denominated in currencies other than the U.S. dollar.
Taxes on Income
The standard corporate tax rate in Israel is currently 23.0%, and was 25.0% and 24.0% for 2016 and 2017, respectively.
As discussed in greater detail below under “Israeli Tax Considerations and Government Programs”, we have been entitled for various tax benefits under the
Investment Law. Under the Investment Law, our tax rate to be paid with respect to our eligible Israeli taxable income under these benefits programs is 16.0% for
2016 and 12.0% for 2017 onwards.
Under the Investment Law and other Israeli legislation, we are entitled to certain additional tax benefits, including accelerated deduction of research and
development expenses, accelerated depreciation and amortization rates for tax purposes on certain intangible assets and deduction of public offering expenses in
three equal annual installments.
Our non-Israeli subsidiaries are taxed according to the tax laws in their respective jurisdictions of organization. Due to our multi-jurisdictional operations, we apply
significant judgment to determine our consolidated income tax position.
45
�Comparison of Period to Period Results of Operations
The following table sets forth our results of operations in dollars and as a percentage of revenues for the periods indicated:
2016
Year ended December 31,
2017
2018(1)
Amount
% of
Revenues
Amount
% of
Revenues
Amount
% of
Revenues
($ in thousands)
Revenues:
License
Maintenance and professional services
$
131,530
85,083
60.7% $
39.3
147,640
114,061
56.4% $
43.6
192,514
150,685
56.1%
43.9
Total revenues
216,613
100.0
261,701
100.0
343,199
100.0
Cost of revenues:
License
Maintenance and professional services
Total cost of revenues
Gross profit
Operating expenses:
Research and development
Sales and marketing
General and administrative
Total operating expenses
Operating income
Financial income, net
Income before taxes on income
Taxes on income
4,726
25,425
30,151
186,462
34,614
93,775
22,117
150,506
35,956
245
36,201
(8,077)
2.2
11.7
13.9
86.1
16.0
43.3
10.2
69.5
16.6
0.1
16.7
(3.7)
7,911
33,937
41,848
219,853
42,389
126,739
30,399
199,527
20,326
4,103
24,429
(8,414)
3.0
13.0
16.0
84.0
16.2
48.4
11.6
76.2
7.8
1.5
9.3
(3.2)
10,526
37,935
48,461
294,738
57,112
148,290
42,044
247,446
47,292
4,551
51,843
(4,771)
3.1
11.0
14.1
85.9
16.6
43.2
12.3
72.1
13.8
1.3
15.1
(1.4)
Net income
$
28,124
13.0% $
16,015
6.1% $
47,072
13.7%
(1)
On January 1, 2018, we adopted ASC No. 606 using the modified retrospective method. Results for reporting periods beginning after January 1, 2018 are
presented under ASC No. 606, while prior period results are not adjusted and continue to be reported in accordance with historic accounting under ASC
No. 605. See Note 2(n) to our consolidated financial statements included elsewhere in this report for further information.
46
�Year Ended December 31, 2017 Compared to Year Ended December 31, 2018
Revenues
Revenues:
2017
Amount
% of
Revenues
Year ended December 31,
2018
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
License
Maintenance and professional services
$
147,640
114,061
56.4% $
43.6
192,514
150,685
56.1% $
43.9
44,874
36,624
Total revenues
$
261,701
100.0% $
343,199
100.0% $
81,498
30.4%
32.1
31.1%
Revenues increased by $81.5 million, or 31.1%, from $261.7 million in 2017 to $343.2 million in 2018. This increase was due to increased sales of our solutions
driving growth in both our license revenues and our maintenance and professional services revenues. The increase in revenues includes a benefit of $5.2 million
following the adoption of ASC No. 606. See Note 2(n) to our consolidated financial statement included elsewhere in this report for further information. Revenues
growth was largest in the United States, where revenues increased by $42.3 million and in EMEA with an increases of $30.3 million compared to $8.9 million in
the rest of the world. The significant increase in revenues from the United States and EMEA primarily resulted from a higher volume of deals including large
transactions of greater than $1.0 million each that together accounted for $40.4 million. Multiple large transactions or even a single large transaction in a specific
period could materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from
approximately 3,650 as of December 31, 2017 to more than 4,450 as of December 31, 2018.
License revenues increased by $44.9 million, or 30.4%, from $147.6 million in 2017 to $192.5 million in 2018. In 2018, approximately 60% of license revenues
were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from
increased sales of our Core Privileged Access Security as well as strong growth from Endpoint Privilege Manager and Application Access Manager.
Maintenance and professional services revenues increased by $36.6 million, or 32.1%, from $114.1 million in 2017 to $150.7 million in 2018. Maintenance
revenues increased by $31.1 million from $92.9 million in 2017 to $124.0 million in 2018, with renewals accounting for approximately $10.7 million and initial
maintenance contracts for approximately $20.4 million, respectively, of this increase. Professional services revenues increased by $5.5 million from $21.2 million
in 2017 to $26.7 million in 2018 primarily due to the provision of more services to customers.
Cost of Revenues and Gross Profit
2017
Amount
% of
Revenues
Year ended December 31,
2018
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
Cost of revenues:
License
Maintenance and professional services
Total cost of revenues
Gross profit
$
$
$
7,911
33,937
3.0% $
13.0
10,526
37,935
3.1% $
11.0
2,615
3,998
41,848
16.0% $
48,461
14.1% $
6,613
33.1%
11.8
15.8%
219,853
84.0% $
294,738
85.9% $
74,885
34.1%
Cost of license revenues increased by $2.6 million, or 33.1%, from $7.9 million in 2017 to $10.5 million in 2018. The increase in cost of license revenues was
driven primarily from amortization of intangible assets.
47
�Cost of maintenance and professional services revenues increased by $4.0 million, or 11.8%, from $33.9 million in 2017 to $37.9 million in 2018. The increase in
cost of maintenance and professional services revenues was driven primarily by a $4.6 million increase in personnel costs and related expenses and a $0.3 million
increase in facility costs offset by a $1.4 million decrease in the use of third party contractors for services. O ur technical support and professional services
headcount grew from 188 at the end of 2017 to 214 at the end of 2018.
Gross profit increased by $74.9 million, or 34.1%, from $219.9 million in 2017 to approximately $294.8 million in 2018. Gross margins increased from 84.0% in
2017 to 85.9% in 2018. This was driven by our revenue growth outpacing the growth of our cost of revenue as well as higher utilization of our professional
services team.
Operating Expenses
2017
Amount
% of
Revenues
Year ended December 31,
2018
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
Operating expenses:
Research and development
Sales and marketing
General and administrative
$
42,389
126,739
30,399
16.2% $
48.4
11.6
57,112
148,290
42,044
16.6% $
43.2
12.3
14,723
21,551
11,645
Total operating expenses
$
199,527
76.2% $
247,446
72.1% $
47,919
34.7%
17.0
38.3
24.0%
Research
and
Development.
Research and development expenses increased by $14.7 million, or 34.7%, from $42.4 million in 2017 to $57.1 million in 2018. This
increase was primarily attributable to a $13.5 million increase in personnel costs and related expenses, as we increased our research and development team
headcount from 250 at the end of 2017 to 287 at the end of 2018 to support continued investment in our future product and service offerings. The increase was also
attributable to a $0.8 million increase related to facility costs.
Sales
and
Marketing.
Sales and marketing expenses increased by $21.6 million, or 17.0%, from $126.7 million in 2017 to $148.3 million in 2018. This increase
was primarily attributable to an $18.0 million increase in personnel costs and related expenses due to increased headcount in all regions to expand our sales and
marketing organization. The increase in personnel costs and related expenses was net of a benefit due to deferred contract costs of $12.8 million following the
adoption of ASC No. 606. See Note 2(n) to our consolidated financial statements included elsewhere in this report for further information. The increase was also
attributable to a $2.1 million increase in expenses related to our marketing programs and a $0.7 million increase in facility costs. Our sales and marketing
headcount grew from 491 at the end of 2017 to 541 at the end of 2018.
General
and
Administrative
. General and administrative expenses increased by $11.6 million, or 38.3%, from $30.4 million in 2017 to $42.0 million in 2018. This
increase was primarily attributable to an increase of $9.0 million in personnel costs and related expenses due to increased headcount coupled with a $0.9 million
increase in services fees due to external legal counsels, accounting and insurance costs and a $0.7 million increase in facility costs. Our General and administrative
headcount grew from 86 at the end of 2017 to 104 at the end of 2018.
Financial
Income
(Expenses),
Net
. Financial income (expenses), net changed by $0.5 million from $4.1 million of income in 2017 to $4.6 million of income in
2018. This change resulted primarily from an increase of $3.2 million in interest income from investments in marketable securities and short and long-term bank
deposits offset by a $2.8 million loss from foreign currency exchange differences.
Taxes
on
Income
. Taxes on income decreased from $8.4 million in 2017 to $4.8 million in 2018. Our effective tax rate was 34.4% in 2017 and 9.2% in 2018. The
higher effective tax rate in 2017 in comparison to 2018 was mainly attributed to a $6.5 million tax expense from adjustment to our deferred tax assets as a result of
the Tax Act.
48
�Year Ended December 31, 2016 Compared to Year Ended December 31, 2017
Revenues
Revenues:
2016
Amount
% of
Revenues
Year ended December 31,
2017
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
License
Maintenance and professional services
$
131,530
85,083
60.7% $
39.3
147,640
114,061
56.4% $
43.6
16,110
28,978
Total revenues
$
216,613
100.0% $
261,701
100.0% $
45,088
12.2%
34.1
20.8%
Revenues increased by $45.1 million, or 20.8%, from $216.6 million in 2016 to $261.7 million in 2017. This increase was due to increased sales of our solutions.
This increase was also driven by growth in both our license revenues and our maintenance and professional services revenues. This growth was most pronounced
in the United States, where revenues increased by $19.7 million and in EMEA with an increases of $13.7 million compared to $11.7 million in the rest of the
world. The significant increase in revenues from the United States and EMEA primarily resulted from a higher volume of deals including large transactions of
greater than $1.0 million each that together accounted for $36.6 million. Multiple large transactions or even a single large transaction in a specific period could
materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 3,100 as of
December 31, 2016 to approximately 3,650 as of December 31, 2017.
License revenues increased by $16.1 million, or 12.2%, from $131.5 million in 2016 to $147.6 million in 2017. In 2017, approximately 60% of license revenues
were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from
increased sales of our Privileged Access Security solution, driven by increased demand for our Enterprise Password Vault and Privileged Session Manager as well
as strong growth from Endpoint Privilege Manager and Application Identity Manager.
Maintenance and professional services revenues increased by $29.0 million, or 34.1%, from $85.1 million in 2016 to $114.1 million in 2017. Maintenance
revenues increased by $23.5 million from $69.4 million in 2016 to $92.9 million in 2017, with renewals accounting for approximately $17.0 million and initial
maintenance contracts for approximately $6.5 million, respectively, of this increase. Professional services revenues increased by $5.5 million from $15.7 million in
2016 to $21.2 million in 2017 primarily due to the provision of more services to customers.
Cost of Revenues and Gross Profit
2016
Amount
% of
Revenues
Year ended December 31,
2017
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
Cost of revenues:
License
Maintenance and professional services
Total cost of revenues
Gross profit
$
$
$
4,726
25,425
2.2% $
11.7
7,911
33,937
3.0% $
13.0
3,185
8,512
30,151
13.9% $
41,848
16.0% $
11,697
67.4%
33.5
38.8%
186,462
86.1% $
219,853
84.0% $
33,391
17.9%
49
�Cost of license revenues increased by $3.2 million, or 67.4%, from $4.7 million in 2016 to $7.9 million in 2017. The increase in cost of license revenues was
driven primarily from amortization of intangible assets.
Cost of maintenance and professional services revenues increased by $8.5 million, or 33.5%, from $25.4 million in 2016 to $33.9 million in 2017. The increase in
cost of maintenance and professional services revenues was driven primarily by a $6.2 million increase in personnel costs and related expenses as our technical
support and professional services headcount grew from 166 at the end of 2016 to 188 at the end of 2017. The increase was also attributable to a $1.1 million
increase related to third party consultants.
Gross profit increased by $33.4 million, or 17.9%, from $186.5 million in 2016 to $219.9 million in 2017. Gross margins decreased from 86.1% in 2016 to 84.0%
in 2017. This was driven by an increase in expenses for amortization of intangible assets from our acquisitions as well as planned increases in expenses for third
party software and an increase in the use of third party contractors for services.
Operating Expenses
2016
Amount
% of
Revenues
Year ended December 31,
2017
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
Operating expenses:
Research and development
Sales and marketing
General and administrative
$
34,614
93,775
22,117
16.0% $
43.3
10.2
42,389
126,739
30,399
16.2% $
48.4
11.6
7,775
32,964
8,282
Total operating expenses
$
150,506
69.5% $
199,527
76.2% $
49,021
22.5%
35.2
37.4
32.6%
Research
and
Development.
Research and development expenses increased by $7.8 million, or 22.5%, from $34.6 million in 2016 to $42.4 million in 2017. This
increase was primarily attributable to a $0.6 million increase in subcontractor and consultant expenses and a $7.3 million increase in personnel costs and related
expenses, as we increased our research and development team headcount from 205 at the end of 2016 to 250 at the end of 2017 to support continued investment in
our future product and service offerings. The increase was also attributable to a $0.7 million increase related to overhead cost offset by a $2.0 million decrease in
amortization of intangible assets from our acquisitions.
Sales
and
Marketing.
Sales and marketing expenses increased by $32.9 million, or 35.2%, from $93.8 million in 2016 to $126.7 million in 2017. This increase was
primarily attributable to a $25.9 million increase in personnel costs and related expenses due to increased headcount in all regions to expand our sales and
marketing organization coupled with a $3.5 million increase in expenses related to our marketing programs, $2.0 million increase in travel and related expenses
and a $0.5 million increase in facility costs. Our sales and marketing headcount grew from 377 at the end of 2016 to 491 at the end of 2017.
General
and
Administrative
. General and administrative expenses increased by $8.3 million, or 37.4%, from $22.1 million in 2016 to $30.4 million in 2017. This
increase was primarily attributable to an increase of $4.2 million in personnel costs and related expenses due to increased headcount coupled with a $2.0 million
increase in services fees due to consultants, external counsel, accounting and other professionals.
50
�Financial
Income
(Expenses),
Net
. Financial income (expenses), net changed by $3.9 million from $0.2 million of income in 2016 to $4.1 million of income in
2017. This change resulted primarily from an increase of $1.1 million in interest income from investments in marketable securities and short and long-term bank
deposits and from an increase of $2.7 million due to gains from foreign currency exchange.
Taxes
on
Income
. Taxes on income increased from $8.1 million in 2016 to $8.4 million in 2017. Our effective tax rate was 22.3% in 2016 and 34.4% in 2017. The
higher effective tax rate in 2017 in comparison to 2016 is mainly attributed to a $6.5 million tax expense from adjustment to our deferred tax assets as a result of
the new Tax Act partially offset by the stock based compensation benefit recognized as a result of the adoption of Accounting Standards Update No. 2016-09.
Application of Critical Accounting Policies and Estimates
Our accounting policies and their effect on our financial condition and results of operations are more fully described in our consolidated financial statements
included elsewhere in this annual report. We have prepared our financial statements in conformity with U.S. GAAP, which requires management to make estimates
and assumptions that in certain circumstances affect the reported amounts of assets and liabilities, revenues and expenses and disclosure of contingent assets and
liabilities. These estimates are prepared using our best judgment, after considering past and current events and economic conditions. While management believes
the factors evaluated provide a meaningful basis for establishing and applying sound accounting policies, management cannot guarantee that the estimates will
always be consistent with actual results. In addition, certain information relied upon by us in preparing such estimates includes internally generated financial and
operating information, external market information, when available, and when necessary, information obtained from consultations with third-parties. Actual results
could differ from these estimates and could have a material adverse effect on our reported results. See “Item 3.D. Risk Factors” for a discussion of the possible
risks which may affect these estimates.
We believe that the accounting policies discussed below are critical to our financial results and to the understanding of our past and future performance, as these
policies relate to the more significant areas involving management’s estimates and assumptions. We consider an accounting estimate to be critical if: (1) it requires
us to make assumptions because information was not available at the time or it included matters that were highly uncertain at the time we were making our
estimate; and (2) changes in the estimate could have a material impact on our financial condition or results of operations.
Revenue Recognition
We generate revenues mainly from licensing the rights to use our software products and maintenance professional services. We sell our products through our direct
sales force and indirectly through resellers. Payment is typically due within 30 to 90 calendar days of the invoice date.
We recognize revenues in accordance with ASC No. 606. As such, we identify a contract with a customer, identify the performance obligations in the contract,
determine the transaction price, allocate the transaction price to each performance obligation in the contract and recognize revenues when (or as) we satisfy a
performance obligation.
We enter into contracts that can include combinations of products and services, which are generally capable of being distinct and accounted for as separate
performance obligations and may include an option to provide professional services. The license is distinct upon delivery as the customer can derive the economic
benefit of the software without any professional services, updates or technical support.
The transaction price is determined based on the consideration to which we will be entitled in exchange for transferring goods or services to the customer. We do
not grant a right of return to our customers.
In instances of contracts which revenue recognition differs from the timing of invoicing, we determined that those contracts generally do not include a significant
financing component. The primary purpose of the invoicing terms is to provide customers with simplified and predictable ways of purchasing our products and
services, not to receive or provide financing.
51
�We allocate the transaction price to each performance obligation based on its relative standalone selling price out of the total consideration of the contract. For
maintenance, we determine the standalone selling price s based on the price at which we separately sell a renewal contract. For professional services, we determine
the standalone selling prices based on the prices at which we separately sell those services. For software licenses, we determine the standalone selling prices by
taking into account available information such as historical selling prices, geographic location, and our price list and discount policy.
Software license revenues, perpetual or term based, are recognized at the point of time when the license is made available for download by the customer.
Maintenance revenues are recognized ratably, on a straight-line basis over the term of the related contract, which is generally one to three years. Professional
services revenues consist mostly of time and material services which are recognized as the services are performed.
Deferred revenue includes unearned amounts received under maintenance and support contracts, professional services and amounts received from customers for
licenses that do not meet the revenue recognition criteria as of the balance sheet date. Deferred revenues are recognized as (or when) we perform under the
contract.
Deferred Contract Costs
We pay sales commissions to sales and marketing and certain management personnel based on their attainment of certain predetermined sales goals. Sales
commissions are considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions paid for initial contracts, which are not
commensurate with sales commissions paid for renewal contracts, are capitalized and amortized over an expected period of benefit. Based on our technology,
customer contracts and other factors, we have determined the expected period of benefit to be approximately five years. Sales commissions on initial contracts,
which are commensurate with sales commissions paid for renewal contracts, are capitalized and amortized correspondingly to the recognized revenue of the related
initial contracts. Sales commissions for renewal contracts are capitalized and amortized on a straight line basis over the related contractual renewal period.
Amortization expense of these costs are included in sales and marketing expenses.
On January 1, 2018, we adopted ASU No. 606 using the modified retrospective method. Results for reporting periods beginning after January 1, 2018 are presented
under ASC No. 606, while prior period results are not adjusted and continue to be reported in accordance with historic accounting under prior guidance. The most
significant impact of the new standard relates to the way we account for term license arrangements and costs to obtain customer contracts. Specifically, under the
historic revenue standard, ASC No. 605, we recognize both the term license and maintenance revenues ratably over the contract period whereas under the current
revenue standard, term license revenues are recognized upfront, upon delivery, and the associated maintenance revenues are recognized over the contract period. In
addition, we also implemented the guidance in ASC No. 340-40, "Other Assets and Deferred Costs." Under the historic accounting policy, sales commissions were
expensed as incurred. The current standard requires the capitalization of all incremental costs that we incur to obtain a contract with a customer that it would not
have incurred if the contract had not been obtained, provided we expects to recover the costs. For further information see Note 2(n) to our consolidated financial
statements included elsewhere in this report for further information.
Derivative instruments
ASC No. 815, “Derivative and Hedging”, requires companies to recognize all of their derivative instruments as either assets or liabilities on the balance sheet at
fair value. For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument, based upon
the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.
For derivative instruments that are designated and qualify as a cash flow hedge (i.e., hedging the exposure to variability in expected future cash flows that is
attributable to a particular risk), the effective portion of the gain or loss on the derivative instrument is reported as a component of other comprehensive income and
reclassified into earnings in the same period or periods during which the hedged transaction affects earnings. The remaining gain or loss on the derivative
instrument in excess of the cumulative change in the present value of future cash flows of the hedged item, if any, is recognized in current earnings during the
period of change.
To hedge against the risk of changes in cash flows resulting from foreign currency salary payments during the year, we have instituted a foreign currency cash flow
hedging program. We hedge a portion of our forecasted expenses denominated in NIS. These forward and option contracts are designated as cash flow hedges, as
defined by ASC 815, and are all effective, as their critical terms match underlying transactions being hedged.
52
�In addition to the derivatives that are designated as hedges as discussed above, we also enter into certain foreign exchange forward transactions to economically
hedge certain account receivables in Euros and GBP. Gains and losses related to such derivative instruments are recorded in financial income (expenses), net.
Share-Based Compensation
Option
Valuations
Under U.S. GAAP, we account for share-based compensation for employees in accordance with the provisions of the FASB’s ASC Topic 718 “Compensation—
Stock Based Compensation,” or ASC 718, which requires us to measure the cost of options based on the fair value of the award on the grant date.
We selected the Black-Scholes-Merton option pricing model as the most appropriate method for determining the estimated fair value of options. The resulting cost
of an equity incentive award is recognized as an expense over the requisite service period of the award, which is usually the vesting period. We recognize
compensation expense over the vesting period using the straight-line method and classify these amounts in the consolidated financial statements based on the
department to which the related employee reports.
The determination of the grant date fair value of options using the Black-Scholes-Merton option pricing model is affected by estimates and assumptions regarding
a number of complex and subjective variables. These variables include the expected volatility of our share price over the expected term of the options, share option
exercise, risk-free interest rates and expected dividends, which are estimated as follows:
•
•
•
•
Expected
Term
. The expected term of options granted represents the period of time that options granted are expected to be outstanding, and is
determined based on the simplified method in accordance with ASC No. 718-10-S99-1, (SAB No. 110), as adequate historical experience is not
available to provide a reasonable estimate;
Volatility.
The expected share price volatility was based on the historical equity volatility of our ordinary shares as well as comparable companies
that are publicly traded;
Risk-free
Rate.
The risk-free interest rate is based on the yield from U.S. Treasury zero-coupon bonds with a term equivalent to the contractual life of
the options; and
Dividend
Yield.
We have never declared or paid any cash dividends and do not presently plan to pay cash dividends in the foreseeable future.
Consequently, we used an expected dividend yield of zero.
Goodwill and other Intangible Assets
Goodwill and certain other purchased intangible assets have been recorded in our financial statements as a result of acquisitions. Goodwill represents excess of the
purchase price in a business combination over the fair value of identifiable tangible and intangible assets acquired of businesses acquired. Goodwill is not
amortized, but rather is subject to an impairment test.
ASC No. 350, “Intangible—Goodwill and other” requires goodwill to be tested for impairment at least annually and, in certain circumstances, between annual
tests. The accounting guidance gives the option to perform a qualitative assessment to determine whether further impairment testing is necessary. The qualitative
assessment considers events and circumstances that might indicate that a reporting unit’s fair value is less than its carrying amount. If it is determined, as a result of
the qualitative assessment, that it is more likely than not that the fair value of a reporting unit is less than its carrying amount, a quantitative test is performed. We
operate as one reporting unit. Therefore, goodwill is tested for impairment by comparing the fair value of the reporting unit with its carrying value. We elect to
perform an annual impairment test of goodwill as of October 1 of each year, or more frequently if impairment indicators are present.
For the years ended December 31, 2016, 2017 and 2018, no impairment losses were identified.
Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated useful lives of the
respective assets which range from two to eleven years. Acquired customer relationship and backlog are amortized over their estimated useful lives in proportion to
the economic benefits realized. Other intangible assets consist primarily of technology are amortized over their estimated useful lives on a straight-line basis.
53
�Income Taxes
We account for income taxes in accordance with ASC No. 740-10, “Income Taxes” (“ASC No. 740-10”). ASC No. 740-10 prescribes the use of the asset and
liability method whereby deferred tax asset and liability account balances are determined based on temporary differences between financial reporting and tax bases
of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. We provide a
valuation allowance, if necessary, to reduce deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred
tax assets will not be realized.
We established reserves for uncertain tax positions based on the evaluation of whether or not the Company's uncertain tax position is “more likely than not” to be
sustained upon examination based on its technical merits. We record interest and penalties pertaining to its uncertain tax positions in the financial statements as
income tax expense.
Legal Contingencies
From time to time we become involved in legal proceedings or be subject to claims arising in the ordinary course of our business. Such matters are subject to many
uncertainties and outcomes are not predictable with assurance. We accrue for contingencies when the loss is probable and can reasonably estimate the amount of
any such loss.
Israeli Tax Considerations and Government Programs
The following is a brief summary of the material Israeli tax laws applicable to us, and certain Israeli Government programs that benefit us. To the extent that the
discussion is based on new tax legislation that has not yet been subject to judicial or administrative interpretation, we cannot assure you that the appropriate tax
authorities or the courts will accept the views expressed in this discussion. The discussion below is subject to change, including due to amendments under Israeli
law or changes to the applicable judicial or administrative interpretations of Israeli law, which could affect the tax consequences described below.
General Corporate Tax Structure in Israel
The standard corporate tax rate in Israel is currently 23.0%, and was 25.0% and 24.0% for 2016 and 2017, respectively. However, the effective tax rate payable by
a company that derives income from an Approved Enterprise, a Benefited Enterprise or a Preferred Enterprise (as discussed below) may be considerably less.
Capital gains derived by an Israeli company are generally subject to tax at the prevailing ordinary corporate tax rate.
Tax Benefits and Grants for Research and Development
Israeli tax law allows, under certain conditions, a tax deduction for research and development expenditures, including capital expenditures, for the year in which
they are incurred if:
•
•
•
the expenditures are approved by the relevant Israeli government ministry, determined by the field of research;
the research and development is for the promotion or development of the company; and
the research and development is carried out by or on behalf of the company seeking the deduction.
However, the amount of such deductible expenses shall be reduced by the sum of any funds received through government grants for the finance of such scientific
research and development projects. Expenditures not so approved are deductible over a three-year period from the first year that the expenditures were made if the
research or development is for the promotion or development of the company.
Law for the Encouragement of Industry (Taxes), 5729-1969
The Law for the Encouragement of Industry (Taxes), 5729-1969, generally referred to as the Industry Encouragement Law, provides several tax benefits for
“Industrial Companies”.
54
�The Industry Encouragement Law defines an “Industrial Company” as an Israeli resident company which was incorporated in Israel, of which 90% or more of its
income in any tax year, other than income from certain government loans, is derived from an “Industrial Enterprise” owned by it and located in Israel. An
“Industrial Enterprise” is defined as an enterprise whose principal activity in a given tax year is industrial production.
The following tax benefits, among others, are available to Industrial Companies:
•
•
•
deduction of the cost of purchased know-how, patents and rights to use a patent and know-how which are used for the development or promotion of
the Industrial Enterprise, over an eight-year period commencing on the year in which such rights were first exercised;
under limited conditions, an election to file consolidated tax returns together with Israeli Industrial Companies controlled by it; and
expenses related to a public offering are deductible in equal amounts over three years commencing on the year of offering.
Eligibility for benefits under the Industry Encouragement Law is not contingent upon the approval of any governmental authority. We believe that we qualify as an
Industrial Company within the meaning of the Industry Encouragement Law. The Israel Tax Authority may determine that we do not qualify as an Industrial
Company, which could entail our loss of the benefits that relate to this status. There can be no assurance that we will continue to qualify as an Industrial Company
or that the benefits described above will be available in the future.
Law for the Encouragement of Capital Investments, 5719-1959
The Law for the Encouragement of Capital Investments, 5719-1959, generally referred to as the Investment Law, provides certain incentives for capital
investments in production facilities (or other eligible assets) by “Industrial Enterprises” (as defined under the Investment Law).
The Investment Law was significantly amended effective April 1, 2005, or the 2005 Amendment, further amended as of January 1, 2011, or the 2011 Amendment,
and further amended as of January 1, 2017, or the 2017 Amendment. Pursuant to the 2005 Amendment, tax benefits granted in accordance with the provisions of
the Investment Law prior to its revision by the 2005 Amendment remain in force but any benefits granted subsequently are subject to the provisions of the 2005
Amendment. Similarly, the 2011 Amendment introduced new benefits to replace those granted in accordance with the provisions of the Investment Law in effect
prior to the 2011 Amendment. However, companies entitled to benefits under the Investment Law as in effect prior to January 1, 2011 were entitled to choose to
continue to enjoy such benefits, provided that certain conditions are met, or elect instead, irrevocably, to forego such benefits and have the benefits of the 2011
Amendment apply. The 2017 Amendment introduces new benefits for Technological Enterprises which meet certain conditions, alongside the existing tax benefits.
Tax Benefits Prior to the 2005 Amendment
An investment program that is implemented in accordance with the provisions of the Investment Law prior to the 2005 Amendment, referred to as an “Approved
Enterprise”, is entitled to certain benefits. A company that wished to receive benefits as an Approved Enterprise must have received approval from the Israeli
Authority for Investments and Development of the Industry and Economy, or the Investment Center. Each certificate of approval for an Approved Enterprise
relates to a specific investment program, delineated both by the financial scope of the investment, including sources of funds, and by the physical characteristics of
the facility or other assets.
In general, an Approved Enterprise is entitled to receive a cash grant from the Government of Israel or an alternative package of tax benefits, known as the
alternative benefits track. The tax benefits available under any certificate of approval relate only to taxable income attributable to the specific program and are
contingent upon meeting the criteria set out in such certificate. Income derived from activity that is not integral to the activity of the Approved Enterprise will not
enjoy tax benefits.
55
�The tax benefits under the alternative benefits track include an exemption from corporate tax on undistributed income which was generated from an Approved
Enterprise for between two and ten years from the first year of taxable income, depending on the geographic location of the Approved Enterprise facility within
Israel, and the taxation of income generated from an Approved Enterprise at a reduced corporate tax rate of between 10% to 25% for the remainder of the benefits
period, depending on the level of foreign investment in the company in each year, as detailed below. The benefits commence on the date in which that taxable
income is first earned. The benefits period under Approved Enterprise status is limited to 12 years from the year in which the production commenced (as
determined by the Investment Center), or 14 years from the year of receipt of the approval as an Approved Enterprise, whichever ends earlier. If a company has
more than one Approved Enterprise program or if only a portion of its capital investments are approved, its effective tax rates is the result of a weighted
combination of the applicable tax rates. The entitlement to the above benefits is subject to fulfillment of certain conditions, according to the law and related
regulations.
In addition, a company that has an Approved Enterprise program is eligible for further tax benefits if it qualifies as a Foreign Investors’ Company, or an FIC,
which is a company with a level of foreign investment, as defined in the Investment Law, of more than 25%. The level of foreign investment is measured as the
percentage of rights in the company (in terms of shares, rights to profits, voting and appointment of directors), and of combined share and loan capital, that are
owned, directly or indirectly, by persons who are not residents of Israel. The determination as to whether a company qualifies as an FIC is made on an annual basis.
A company that qualifies as an FIC and has an Approved Enterprise program is eligible for an extension of the period during which it is entitled to tax benefits
under its Approved Enterprise status (so that the benefits period may be up to ten years) and for further tax benefits if the level of foreign investment is 49% or
more. If a company that has an Approved Enterprise program is a wholly owned subsidiary of another company, then the percentage of foreign investments is
determined based on the percentage of foreign investment in the parent company. As specified above, depending on the geographic location of the Approved
Enterprise within Israel, income derived from the Approved Enterprise program may be exempt from tax on its undistributed income for a period of between two to
ten years, and will be subject to a reduced corporate tax rate for the remainder of the benefits period. The tax rate for the remainder of the benefits period will be
25%, unless the level of foreign investment is at least 49% (20% if the foreign investment is 49% or more but less than 74%; 15% if 74% or more but less than
90%; and 10% if 90% or more).
If a company elects the alternative benefits track and subsequently distributes a dividend out of income derived by its Approved Enterprise during the tax
exemption period it will be subject to corporate tax in respect of the amount of the distributed dividend (grossed-up to reflect the pre-tax income that it would have
had to earn in order to distribute the dividend) at the corporate tax rate which would have been otherwise applicable if such income had not been tax-exempted
under the alternative benefits track. This rate generally ranges from 10% to 25%, depending on the level of foreign investment in the company in each year, as
explained above. In addition, dividends paid out of income attributed to an Approved Enterprise (or out of dividends received from a company whose income is
attributed to an Approved Enterprise) are generally subject to withholding tax at source at the rate of 15% or such lower rate as may be provided in an applicable
tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). The 15% tax rate is limited to
dividends and distributions out of income derived during the benefits period and actually paid at any time up to 12 years thereafter. After this period, the
withholding tax is applied at a rate of up to 30%, or at the lower rate under an applicable tax treaty (subject to the receipt in advance of a valid certificate from the
Israel Tax Authority allowing for a reduced tax rate). In the case of an FIC, the 12-year limitation on reduced withholding tax on dividends does not apply.
The benefits available to an Approved Enterprise are subject to the continued fulfillment of conditions stipulated in the Investment Law and its regulations and the
criteria in the specific certificate of approval, as described above. If a company does not meet these conditions, it would be required to refund the amount of tax
benefits, adjusted to the Israeli consumer price index, and interest, or other monetary penalties.
Tax Benefits Subsequent to the 2005 Amendment
The 2005 Amendment applies to new investment programs commencing after 2004, but does not apply to investment programs approved prior to April 1, 2005.
The 2005 Amendment provides that terms and benefits included in any certificate of approval that was granted before the 2005 Amendment became effective
(April 1, 2005) will remain subject to the provisions of the Investment Law as in effect on the date of such approval. Pursuant to the 2005 Amendment, the
Investment Center will continue to grant Approved Enterprise status to qualifying investments. The 2005 Amendment, however, limits the scope of enterprises that
may be approved by the Investment Center by setting criteria for the approval of a facility as an Approved Enterprise.
56
�An enterprise that qualifies under the new provisions is referred to as a “Benefited Enterprise”, rather than “Approved Enterprise”. The 2005 Amendment provides
that a certificate of approval from the Investment Center will only be necessary for receiving cash grants. As a result, it was no longer necessary for a company to
obtain the advance approval of the Investment Center in order to receive the tax benefits previously available under the alternative benefits track. Rather, a
company may claim the tax benefits offered by the Investment Law directly in its tax returns, provided that its facilities meet the criteria for tax benefits set forth in
the 2005 Amendment. A company that has a Benefited Enterprise may, at its discretion, approach the Israel Tax Authority for a pre-ruling confirming that it is in
compliance with the provisions of the Investment Law.
Tax benefits are available under the 2005 Amendment to production facilities (or other eligible facilities) which are generally required to derive more than 25% of
their business income from export to specific markets with a population of at least 14 million in 2012 (such export criteria will further be increased in the future by
1.4% per annum).
The extent of the tax benefits available under the 2005 Amendment to qualifying income of a Benefited Enterprise depends on, among other things, the geographic
location in Israel of the Benefited Enterprise. The location will also determine the period for which tax benefits are available. Such tax benefits include an
exemption from corporate tax on undistributed income generated by the Benefited Enterprise for a period of between two to ten years, depending on the geographic
location of the Benefited Enterprise in Israel, and a reduced corporate tax rate of between 10% to 25% for the remainder of the benefits period, depending on the
level of foreign investment in the company in each year, as explained above. The benefits period is limited to 12 or 14 years from the year the company first chose
to have the tax benefits apply, depending on the location of the company.
A company qualifying for tax benefits under the 2005 Amendment which pays a dividend out of income derived by its Benefited Enterprise during the tax
exemption period will be subject to corporate tax in respect of the amount of the dividend distributed (grossed-up to reflect the pre-tax income that it would have
had to earn in order to distribute the dividend) at the corporate tax rate which would have otherwise been applicable. Dividends paid out of income attributed to a
Benefited Enterprise (or out of dividends received from a company whose income is attributed to a Benefited Enterprise) are generally subject to withholding tax at
source at the rate of 15% or at a lower rate as may be provided in an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax
Authority allowing for a reduced tax rate). The reduced rate of 15% is limited to dividends and distributions out of income attributed to a Beneficiary Enterprise
during the benefits period and actually paid at any time up to 12 years thereafter except with respect to an FIC, in which case the 12-year limit does not apply.
The benefits available to a Benefited Enterprise are subject to the continued fulfillment of conditions stipulated in the Investment Law and its regulations. If a
company does not meet these conditions, it would be required to refund the amount of tax benefits, adjusted to the Israeli consumer price index, and interest, or
other monetary penalties.
Tax Benefits under the 2011 Amendment
The 2011 Amendment canceled the availability of the benefits granted to companies in accordance with the provisions of the Investment Law prior to 2011 and,
instead, introduced new benefits for income generated by a “Preferred Company” through its “Preferred Enterprise” (as such terms are defined in the Investment
Law) as of January 1, 2011. The definition of a Preferred Company includes a company incorporated in Israel that is not wholly owned by a governmental entity,
and that has, among other things, Preferred Enterprise status and is controlled and managed from Israel. Pursuant to the 2011 Amendment, a Preferred Company is
entitled to a reduced corporate tax rate of 15% with respect to its preferred income derived by its Preferred Enterprise in 2011 and 2012, unless the Preferred
Enterprise is located in a specified development zone, in which case the rate will be 10%. Such corporate tax rate was reduced from 15% and 10%, respectively, to
12.5% and 7%, respectively in 2013, and then increased to 16% and 9%, respectively, in 2014 until 2016. Pursuant to the 2017 Amendment, in 2017 and thereafter,
the corporate tax rate for Preferred Enterprise which is located in a specified development zone was decreased to 7.5%, while the reduced corporate tax rate for
other development zones remains 16%. Income derived by a Preferred Company from a ‘Special Preferred Enterprise’ (as such term is defined in the Investment
Law) could be entitled, under certain conditions and limitations, to further reduced tax rates.
Dividends paid out of preferred income attributed to a Preferred Enterprise are generally subject to withholding tax at the rate of 20% or such lower rate as may be
provided in an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). However,
if such dividends are paid to an Israeli company, no tax is required to be withheld (although, if such dividends are subsequently distributed to individuals or a non-
Israeli company, withholding tax at a rate of 20% or such lower rate as may be provided in an applicable tax treaty will apply). In 2017-2019, dividends paid out of
preferred income attributed to a Special Preferred Enterprise, directly to a foreign parent company, are subject to withholding tax at source at the rate of 5%
(temporary provisions).
57
�The 2011 Amendment also provided transitional provisions to address companies already enjoying existing tax benefits under the Investment Law. These
transitional provisions provide, among other things, that unless an irrevocable request is made to apply the provisions of the Investment Law as amended in 2011
with respect to income to be derived as of January 1, 2011: (i) the terms and benefits included in any certificate of approval that was granted to an Approved
Enterprise which chose to receive grants before the 2011 Amendment became effective will remain subject to the provisions of the Investment Law as in effect on
the date of such approval, and subject to certain other conditions; (ii) the terms and benefits included in any certificate of approval that was granted to an Approved
Enterprise which had participated in an alternative benefits track before the 2011 Amendment became effective will remain subject to the provisions of the
Investment Law as in effect on the date of such approval, provided that certain conditions are met; and (iii) a Benefited Enterprise can elect to continue to benefit
from the benefits provided to it before the 2011 Amendment became effective, provided that certain conditions are met.
From time to time, the Israeli Government has discussed reducing the benefits available to companies under the Investment Law. The termination or substantial
reduction of any of the benefits available under the Investment Law could materially increase our tax liabilities.
We applied the new benefits under the 2011 Amendment instead of the benefits provided to our Approved Enterprise and Benefited Enterprise as of 2013 tax year
onwards.
New Tax Benefits under the 2017 Amendment.
The 2017 Amendment was enacted as part of the Economic Efficiency Law that was published on December 29, 2016, and is effective as of January 1, 2017. The
2017 Amendment provides new tax benefits for two types of “Technology Enterprises”, as described below, and is in addition to the other existing tax beneficial
programs under the Investment Law.
The 2017 Amendment provides that a technology company satisfying certain conditions will qualify as a “Preferred Technology Enterprise” and will thereby enjoy
a reduced corporate tax rate of 12% on income that qualifies as “Preferred Technology Income” which is generally generated by “Benefited Intangible Assets”, as
defined in the Investment Law. The tax rate is further reduced to 7.5% for a Preferred Technology Enterprise located in development Zone A. In addition, a
Preferred Technology Enterprise will enjoy a reduced corporate tax rate of 12% on capital gain derived from the sale of certain “Benefitted Intangible Assets” (as
defined in the Investment Law) to a related foreign company if the Benefitted Intangible Assets were acquired from a foreign company on or after January 1, 2017
for at least NIS 200 million, and the sale receives prior approval from the National Authority for Technological Innovation, or NATI.
The 2017 Amendment further provides that a technology company satisfying certain conditions will qualify as a “Special Preferred Technology Enterprise” and
will thereby enjoy a reduced corporate tax rate of 6% on “Preferred Technology Income” regardless of the company’s geographic location within Israel. In
addition, a Special Preferred Technology Enterprise will enjoy a reduced corporate tax rate of 6% on capital gain derived from the sale of certain “Benefitted
Intangible Assets” to a related foreign company if the Benefitted Intangible Assets were either developed by an Israeli company or acquired from a foreign
company on or after January 1, 2017, and the sale received prior approval from NATI. A Special Preferred Technology Enterprise that acquires Benefitted
Intangible Assets from a foreign company for more than NIS 500 million will be eligible for these benefits for at least ten years, subject to certain approvals as
specified in the Investment Law.
Dividends distributed by a Preferred Technology Enterprise or a Special Preferred Technology Enterprise, paid out of Preferred Technology Income, are generally
subject to withholding tax at source at the rate of 20% or such lower rate as may be provided in an applicable tax treaty (subject to the receipt in advance of a valid
certificate from the Israel Tax Authority allowing for a reduced tax rate). However, if such dividends are paid to an Israeli company, no tax is required to be
withheld. If such divided are distributed to a foreign company and other conditions are met, the withholding tax rate will be 4%.
We have examined the impact of the 2017 Amendment and the degree to which we will qualify as a Preferred Technology Enterprise and have elected to adopt it
as of 2017 onwards.
58
�Recently Issued Accounting Pronouncements
See Note 2(z) and Note 2(aa) to our consolidated financial statements included elsewhere in this annual report for information regarding recent accounting
standards issued.
B.
Liquidity and Capital Resources
We fund our operations with cash generated from operating activities. We have also raised capital through the sale of equity securities in public offerings and to a
lesser extent, through exercised options. Our primary current uses of our cash are ongoing operating expenses and capital expenditures.
As of December 31, 2018, we had $451.2 million of cash, cash equivalents, short-term bank deposits and marketable securities. This compared with cash, cash
equivalents, short-term bank deposits and marketable securities of $330.3 million and $295.5 million as of December 31, 2017 and 2016, respectively. We believe
that our existing cash, cash equivalents, marketable securities and short-term bank deposits will be sufficient to fund our operations and capital expenditures for at
least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and
marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of
introductions of new software products and enhancements to existing software products and the continuing market acceptance of our software offerings.
The following table presents the major components of net cash flows for the periods presented:
Net cash provided by operating activities
Net cash used in investing activities
Net cash provided by financing activities
2016
Year Ended December 31,
2017
($ in thousands)
2018
$
56,310 $
(122,233)
3,969
80,737 $
(94,996)
2,624
130,125
(48,743)
17,980
A substantial source of our net cash provided by operating activities is our deferred revenues, which is included on our consolidated balance sheet as a liability.
The majority of our deferred revenues consist of the unrecognized portion of upfront payments associated with maintenance and professional services, with the
remainder consisting of payments for licenses that could not yet be recognized. We assess our liquidity, in part, through an analysis of our short and long term
deferred revenues that have not yet been recognized as revenues together with our other sources of liquidity. Deferred revenues for licenses are recognized when
all applicable revenue criteria are met. Revenues from maintenance and support contracts are recognized ratably on a straight line basis over the term of the related
contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. Thus, since we frequently
recognize revenues in subsequent periods to when certain payments may be received, an increase in deferred revenues adds to the liquidity of our operations.
Net Cash Provided by Operating Activities
Our cash flows historically have reflected our net income coupled with changes in our non-cash working capital. During the year ended December 31, 2018,
operating activities provided $130.1 million in cash as a result of $47.1 million of net income, adjusted by $36.0 million of non-cash charges related to share-based
compensation expenses, $10.1 million related to depreciation and amortization expenses, a $6.1 million net increase from other long-term assets and liabilities and
change of $37.9 million in non-cash working capital, offset by a $7.1 million increase in deferred tax assets.
The change of $37.9 million in non-cash working capital was due to a $28.9 million increase in short term deferred revenues, an increase of $6.9 million in
employees and payroll accruals and a net decrease of $5.2 million in other current assets, offset by an increase of $3.1 million in trade receivables. Our days’ sales
outstanding, DSO, was 52 days for the year ended December 31, 2018.
59
�During the year ended December 31, 2017, operating activities provided $80.7 million in cash as a result of $16.0 million of net income, adjusted by $25.2 million
of non-cash charges related to share-based compensation expenses, $7.9 million related to depreciation and amortization expenses, a $14.9 million increase in long
term deferred revenues, a $5.9 million decrease in deferred tax assets and change of $11.0 million in non-cash working capital offset by a $0.2 million net increase
from other long-term assets and liabilities.
The change of $11.0 million in non-cash working capital was due to a $16.9 million increase in short-term deferred revenues, a $3.0 million increase in accrued
expenses and other current liabilities, an increase of $6.3 million in employees and payroll accruals offset by an increase of $15.2 million in other current assets.
Our DSO was 63 days for the year ended December 31, 2017
During the year ended December 31, 2016, operating activities provided $56.3 million in cash as a result of $28.1 million of net income, adjusted by $17.5 million
of non-cash charges related to share-based compensation expenses, $6.5 million related to depreciation and amortization expenses, a $6.1 million increase in long
term deferred revenues and a $0.5 million net increase from other long-term assets and liabilities, offset by both an increase of $1.1 million in deferred tax assets
and change of $1.3 million in non-cash working capital.
The change of $1.3 million in non-cash working capital was due to a $13.0 million increase in short-term deferred revenues, a $2.4 million decrease in accrued
expenses and other current liabilities, an increase of $2.6 million in employees and payroll accruals and an increase of $14.5 million in other current assets. Our
DSO was 56 days for the year ended December 31, 2016.
Net Cash Used in Investing Activities
Investing activities have consisted primarily of investment in, and proceeds from, short-term and long-term deposits, investment in, and proceeds from marketable
securities, acquisitions and purchase of property and equipment.
Net cash used in investing activities was $122.2 million, $95.0 million and $48.7 million for the years ended December 31, 2016, 2017 and 2018, respectively.
The decrease of $46.3 million in net cash used in investing activities in 2018 was due to a net decrease of $25.3 million in investments in short and long term
deposits and marketable securities and a decrease of $22.9 million in payments for business acquisitions, net of cash acquired, offset by capital expenditures of
$1.9 million to support our growth during the period including hardware, software, office equipment and leasehold improvements.
The decrease of $27.2 million in net cash used in investing activities in 2017 was due to an increase of $72.5 million in proceeds from short and long term deposits
and marketable securities, offset by an increase of $41.3 million in payments for business acquisitions, net of cash acquired, and capital expenditures of $4.0
million to support our growth during the period including hardware, software, office equipment and leasehold improvements.
Net Cash Provided by Financing Activities
Our financing activities have consisted of proceeds from the issuance and sale of our securities, excess tax benefit from stock-based compensation and proceeds
from the exercise of share options. Net cash provided by financing activities was $4.0 million, $2.6 million and $18.0 million for the years ended December 31,
2016, 2017 and 2018, respectively. Net cash provided by financing activities was attributable to an increase in proceeds from exercise of stock options granted to
employees.
C.
Research and Development, Patents and Licenses, etc.
We conduct our research and development activities primarily in Israel. As of December 31, 2018, our research and development department included 287
employees and contractors. In 2018, research and development costs accounted for 16.6% of our total revenues.
We employ a strategy of seeking patent protection for some of our technologies. As of December 31, 2018, we have obtained 37 issued patents for certain of our
technologies in various jurisdictions, including the United States and have 61 pending patent applications that were filed in various jurisdictions, including the
United States. No patent or patent application is material to the overall conduct of our business.
60
�For a description of our research and development policies, see “Item 4.B. Business Overview—Research and Development.”
D.
Trend Information
Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties, demands, commitments or events since January 1, 2018 that
are reasonably likely to have a material adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed financial
information to be not necessarily indicative of future operating results or financial condition.
E. Off-Balance Sheet Arrangements
We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities,
which includes special purposes entities and other structured finance entities.
F. Contractual Obligations
The following summarizes our contractual obligations as of December 31, 2018:
Total
Less than 1
year
1 – 3 years
3 – 5 years
More than 5
years
Operating lease obligations(1)
Uncertain tax obligations(2)
Severance pay(3)
$
30,972 $
1,993
5,597
5,512 $
—
—
11,328 $
—
—
10,369 $
—
—
3,763
—
—
Total
$
38,562 $
5,512 $
11,328 $
10,369 $
3,763
(1)
(2)
(3)
Operating lease obligations consist of our contractual rental expenses under operating leases of facilities and certain motor vehicles.
Consists of accruals for certain income tax positions under ASC 740 that are paid upon settlement, and for which we are unable to reasonably estimate the
ultimate amount and timing of settlement. See Note 11(l) to our consolidated financial statements included elsewhere in this annual report for further
information regarding our liability under ASC 740. Payment of these obligations would result from settlements with tax authorities. Due to the difficulty
in determining the timing of resolution of audits, these obligations are only presented in their total amount.
Severance pay relates to accrued severance obligations to our Israeli employees as required under Israeli labor laws. These obligations are payable only
upon the termination, retirement or death of the respective employee and may be reduced if the employee’s termination is voluntary. These obligations are
partially funded through accounts maintained with financial institutions and recognized as an asset on our balance sheet. As of December 31, 2018, $2.0
million is unfunded. See Note 2(l) to our consolidated financial statements included elsewhere in this report for further information.
61
�ITEM 6. DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES
A.
Directors and Senior Management
The following table sets forth the name, age and position of each of our executive officers and directors as of March 14, 2019:
Name
Executive
Officers
Ehud (Udi) Mokady
Joshua Siegel
Chen Bitan
Ronen (Ron) Zoran
Roy Adar
Donna Rahav
Directors
Gadi Tirosh(1)(3)(4)
Ron Gutler(1)(2)(3)(4)
Kim Perdikou(1)(2)(3)(4)
David Schaeffer(4)
Amnon Shoshani(2)(4)
François Auque(4)
Age
Position
50
55
49
44
47
40
52
61
61
62
55
62
Chairman of the Board and Chief Executive Officer and Founder
Chief Financial Officer
General Manager, EMEA, Asia Pacific and Japan
Chief Revenue Officer
Senior Vice President, Product Management
General Counsel, Corporate Secretary and Compliance Officer
Lead Independent Director
Director
Director
Director
Director
Director
(1)
(2)
(3)
(4)
Member of our compensation committee.
Member of our audit committee.
Member of our nominating and governance committee.
Independent director under the rules of NASDAQ.
Executive Officers
Ehud
(Udi)
Mokady
is one of our founders and serves as our Chief Executive Officer since 2005 and as chairman of the board since June 2016. He previously
served as our President from 2005 to 2016 and as our Chief Operating Officer from 1999 to 2005. Mr. Mokady has also served as a member of our board since
November 2004. Mr. Mokady serves as a member of the board of directors of Demisto, Inc. commencing in January 2018. From 1997 to 1999, Mr. Mokady served
as general counsel at Tadiran Spectralink Ltd., a producer of secure wireless communication systems. From 1986 to 1989, Mr. Mokady served in a military
intelligence unit in the Israel Defense Forces. Mr. Mokady was honored by a panel of independent judges with the New England EY Entrepreneur Of The Year™
2014 Award in the Technology Security category. Mr. Mokady holds a Bachelor of Laws (LL.B.) from Hebrew University in Jerusalem, Israel and a Master of
Science Management (MSM) from Boston University in Massachusetts.
62
�Joshua
Siegel
has served as our Chief Financial Officer since May 2011. Prior to joining CyberArk, Mr. Siegel served as Chief Financial Officer for Voltaire Ltd.,
a provider of InfiniBand and Ethernet connectivity solutions, from December 2005 to February 2011, and as Director of Finance and then Vice President of
Finance from April 2002 to December 2005. Voltaire completed an initial public offering and listing on NASDAQ in 2007 and was acquired by Mellanox
Technologies, Ltd. in 2011. From 2000 to 2002, he was Vice President of Finance at KereniX Networks Ltd., a terabit routing and transport system company. From
1995 to 2000, Mr. Siegel served in various positions at Lucent Technologies Networks Ltd. (formerly Lannet Ltd.). From 1990 to 1995, he served in various
positions at SLM Corporation (Sallie Mae—Student Loan Marketing Association). Mr. Siegel holds a Bachelor of Arts in economics and an MBA with a
concentration in finance from the University of Michigan in Ann Arbor.
Chen
Bitan
has served as our General Manager of EMEA, Asia Pacific and Japan since 2005 and as Head of Research & Development since 1999. From March
1998 to April 1999, Mr. Bitan worked as Project Manager for Amdocs Software Ltd., leading the development of billing and customer care systems for
telecommunications providers. From 1995 to 1998, he worked for Magic Software Enterprises Ltd. as Research and Development Group Manager leading the
development of their 4GL products for the Asia Pacific market. From 1988 to 1995, Mr. Bitan served in a software engineering unit in the Israel Defense Forces
(IDF) in various research and development roles, finally leading the programming education department as Department Manager at the Computer Studies
Academy (Mamram). Mr. Bitan holds a Bachelor of Science in computer science and political science from Bar-Ilan University in Ramat-Gan, Israel.
Ronen
(Ron)
Zoran
has served as our Chief Revenue Officer since August 2017. He previously served as our Vice President of Americas Sales since 2015 to 2017
and has worked at CyberArk since our founding in 1999. Mr. Zoran has held several sales leadership positions at the company, including Vice President of North
America Sales from July 2013 to December 2014, Regional Director and Senior Director of Channels from January 2005 to June 2013, as well as research and
development positions, such as R&D Group Manager and Director of Technical Services. From 1993 to 1999, Mr. Zoran served as an Officer and R&D Group
Manager at the Technological Computer Center of the Israeli Defense Forces. He holds an MBA from Northeastern University and a Bachelor of Arts in computer
science from Bar-Ilan University, Israel.
Roy
Adar
has served as our Senior Vice President of Product Management since 2015 and previously served as our Vice President of Product Management from
2006 to 2015. Prior to joining CyberArk, Mr. Adar held the position of Product Manager at NICE Systems Ltd., an Israeli software company, from 2002 through
2005. From 1997 to 2001, he worked at Integrity Systems, Inc., an Israeli IT integrator, in several roles, including development group manager, technical
consultant and product manager. Mr. Adar holds an MBA from the Kellogg School of Management at Northwestern University in Illinois and a Bachelor of Arts in
computer science from Open University in Tel Aviv, Israel.
Donna
Rahav
has served as our General Counsel, Corporate Secretary and Compliance Officer since 2014. Prior to joining CyberArk, Ms. Rahav served as
Deputy General Counsel at Allot Communications Ltd. (NASDAQ and TASE: ALLT), a global provider of bandwidth management solutions, from 2011 to 2014.
From 2009 to 2011 she served as Legal Counsel at Alvarion Ltd. (NASDAQ and TASE: ALVR), and from 2008 to 2009 she served in similar capacity at
MediaMind Technologies, Inc. (formerly Eyeblaster, Inc.; NASDAQ: MDMD). Prior to that, from 2004 to 2006 she was an associate at an Israeli law firm
specializing in technology transactions. Ms. Rahav holds a Bachelor of Laws from Tel Aviv University in Israel, and a Master of Laws from Tel Aviv University in
collaboration with University of California, Berkeley, an executive program focused on corporate and commercial law.
Directors
Gadi
Tirosh
has served as a member of our board of directors since June 2011, as chairman of the board between July 2013 and June 2016 and as lead independent
director since July 2016. Since 2018, Mr. Tirosh has served as Venture Partner at Jerusalem Venture Partners, an Israeli venture capital firm that focuses, among
other things, on cybersecurity companies and operates the JVP Cyber Labs incubator. From 2005 to 2018, he served as Managing Partner at Jerusalem Venture
Partners. From 1999 to 2005, he served as Corporate Vice President of Product Marketing and as a member of the executive committee for NDS Group Ltd.
(NASDAQ: NNDS) later acquired by Cisco Systems, Inc. a provider of end-to-end software solutions to the pay-television industry, including content protection
and video security. Mr. Tirosh holds a Bachelor of Science in computer science and mathematics and an Executive MBA from the Hebrew University in
Jerusalem, Israel.
63
�Ron
Gutler
has served as a member of our board of directors since July 2014 and served as an external director under the Companies Law between July 2014 and
May 2016. From August 2012 through January 2018, Mr. Gutler served as chairman of the board of the College of Management Academic Studies in Israel. From
May 2002 through February 2013, Mr. Gutler served as the Chairman of NICE Systems Ltd., a public company specializing in voice recording, data security, and
surveillance. Between 2000 and 2011, Mr. Gutler served as the Chairman of G.J.E. 121 Promoting Investment Ltd., a real estate company. Between 2000 and
2002, Mr. Gutler managed the Blue Border Horizon Fund, a global macro fund. Mr. Gutler is a former Managing Director and a Partner of Bankers Trust
Company, which is currently part of Deutsche Bank. He also established and headed the Israeli office of Bankers Trust. Mr. Gutler is currently a director of
Wix.com Ltd. (NASDAQ: WIX), Psagot Investment House, Psagot Securities and Hapoalim Securities USA (HSU) and the Chairman of the Board of Psagot
Market Making. Mr. Gutler holds a Bachelor of Arts in economics and international relations and an MBA, both from the Hebrew University in Jerusalem, Israel.
Kim
Perdikou
has served as a member of our board of directors since July 2014 and served as an external director under the Companies Law between July 2014
and May 2016. Ms. Perdikou serves as Chairman of REBBL Inc., which she joined in June 2014, a private beverage company delivering taste, function and
nutrition. Ms. Perdikou serves on the board of Trunomi, LTD a private fintech startup, based in Bermuda, from June 2018. Ms. Perdikou served as the Juniper
Networks, Inc. (NYSE: JNPR) board observer on two of Juniper’s portfolio companies from January 2013 to July 2014. From 2010 to August 2013, Ms. Perdikou
served as the Executive Vice President for the Office of the Chief Executive Officer at Juniper Networks, Inc. Before that she served as the Executive Vice
President and General Manager of Infrastructure Products Group and as Chief Information Officer at Juniper Networks, Inc. from 2006 to 2010 and from August
2000 to January 2006, respectively. Ms. Perdikou served as a Managing Member of CloudScale Capital Partners, which she joined in August 2017 until August
2018. Ms. Perdikou served on the board of directors and audit committee of Lam Research Corporation (NASDAQ: LRCX), a major provider of wafer fabrication
equipment and services, from May 2011 to November 2012. Ms. Perdikou served in leadership positions at Women.com, Readers Digest, Knight Ridder, and Dun
& Bradstreet. Ms. Perdikou holds a Bachelor of Science degree in computing science with operational research from Paisley University (now the West of Scotland
University) in Paisley, Scotland, a Post-Graduate degree in education from Jordanhill College in Glasgow, Scotland and a Master’s of Science in information
systems from Pace University in New York, the United States.
David
Schaeffer
has served as a member of our board of directors since May 2014. Mr. Schaeffer has served as the Chairman, Chief Executive Officer and
President of Cogent Communications, Inc. (NASDAQ: CCOI), an internet service provider based in the United States that is listed on NASDAQ, since he founded
the company in August 1999. Mr. Schaeffer was the founder of Pathnet, Inc., a broadband telecommunications provider, where he served as Chief Executive
Officer from 1995 until 1997 and as Chairman from 1997 until 1999. Mr. Schaeffer holds a Bachelor of Science in physics from the University of Maryland, the
United States.
Amnon
Shoshani
has served as a member of our board of directors since November 2009. Since February 1995, Mr. Shoshani has served as the Founder and
Managing Partner of Cabaret Holdings Ltd. and, since March 1999, he has also served as Managing Partner of Cabaret Security Ltd., Cabaret Holdings Ltd. and
ArbaOne Inc. ventures activities where he had a lead role in managing the group’s portfolio companies. Within that role, since 2018, Mr. Shoshani has served as
the President and Chairman of the Board of Smartech-The Industry Pivot Ltd., a company that provides game changing technologies to the industrial world.
Between 2005 and 2018, he served as CEO and Chairman of the Board of Smartech-The Industry Pivot Ltd. (then TIP-The Industry Pivot Ltd.). From 1994 to
April 2005, Mr. Shoshani owned a Tel-Aviv boutique law firm engaged in entrepreneurship, traditional industries and high tech, which he founded. Mr. Shoshani
holds an LL.B. from Tel Aviv University, Israel.
Francois
Auque
has served as a member of our board of directors since February 2019. Mr. Auque serves as an observer on the board of Rexel SA from October
2018. Mr. Auque served as the General Partner and Chairman of the Investment Committee of Airbus Ventures, the venture capital arm of Airbus between 2016
and 2018. From 2000 to 2016, Mr. Auque headed the Airbus space division as a member of Airbus Group’s Executive Committee. Between 1991 and 2000, Mr.
Auque served as Chief Financial Officer of Aerospatiale (then Aerospatiale-Matra), one of the three founding firms of the European Aeronautic Defense and Space
Company (EADS), Europe’s largest aerospace company (currently Airbus). Mr. Auque holds a Master’s Degree in Finance from Ecole des Hautes Etudes
Commercials in Paris, France, a Bachelor of Arts Degree in Public Administration from the Paris Institute of Political Studies in Paris, France, and is a graduate in
economics from Ecole Nationale d’ Administration in Paris, France.
64
�B.
Compensation
Compensation of Directors and Executive Officers
The aggregate compensation expensed, including share-based compensation and other compensation expensed by us and our subsidiaries, to our directors and
executive officers with respect to the year ended December 31, 2018 was $16.4 million. This amount includes approximately $0.5 million set aside or accrued to
provide pension, severance, retirement, or similar benefits.
The table below sets forth the compensation paid to our five most highly compensated office holders (as defined in the Companies Law and described under
“Board Practices— Disclosure of Compensation of Executive Officers” below) during or with respect to the year ended December 31, 2018. We refer to the five
individuals for whom disclosure is provided herein as our “Covered Executives.”
For purposes of the table and the summary below, “compensation” includes base salary, bonuses, equity-based compensation, retirement or termination payments,
and any benefits or perquisites such as car, phone and social benefits, as well as any undertaking to provide such compensation in the future.
Summary Compensation Table
Information Regarding the Covered Executive(1)
Name and Principal Position(2)
Ehud (Udi) Mokady, Chairman of the Board & CEO
Joshua Siegel, Chief Financial Officer
Ronen (Ron) Zoran, Chief Revenue Officer
Chen Bitan, General Manager, EMEA, Asia Pacific and Japan
Marianne Budnik, Chief Marketing Officer
Base
Salary
Benefits and
Perquisites
(3)
Variable
Compensation
(4)
$
375,000 $
322,650
300,000
259,245
250,000
145,378 $
93,985
83,503
82,800
41,696
Equity-Based
Compensation
(5)
5,494,159
2,211,945
1,298,445
873,722
896,162
662,779 $
364,499
374,376
213,641
140,571
(1)
(2)
(3)
(4)
(5)
In accordance with Israeli law, all amounts reported in the table are in terms of cost to our company, as recorded in our financial statements for the year
ended December 31, 2018.
All current officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were
converted into U.S. dollars at the average conversion rate for the year ended December 31, 2018.
Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include,
to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car
allowance, medical insurances and benefits, risk insurances (such as life, disability and accident insurances), convalescence pay, payments for social
security, tax gross-up payments and other benefits and perquisites consistent with our guidelines, regardless of whether such amounts have actually been
paid to the executive.
Amounts reported in this column refer to Variable Compensation such as earned commission, incentive and bonus payments as recorded in our financial
statements for the year ended December 31, 2018.
Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2018 with respect to equity-
based compensation, reflecting also equity awards made in previous years which have vested during the current year. Assumptions and key variables used
in the calculation of such amounts are described in paragraph c of Note 10 to our audited consolidated financial statements, which are included in this
annual report.
65
�Employment Agreements with Executive Officers
We have entered into written employment agreements with all of our executive officers. Most of these agreements contain provisions regarding non-competition
and all of these agreements contain provisions regarding confidentiality of information and ownership of inventions. The non-competition provision applies for a
period that is generally 12 months following termination of employment. The enforceability of covenants not to compete in Israel, the United States and the United
Kingdom is subject to limitations. In addition, we are required to provide one to six months’ notice prior to terminating the employment of our executive officers,
other than in the case of a termination for cause.
Directors’ Service Contracts
Other than with respect to Ehud (Udi) Mokady, our Chairman of the Board and Chief Executive Officer, there are no arrangements or understandings between us,
on the one hand, and any of our directors, on the other hand, providing for benefits upon termination of their service as directors of our company, except that
directors are permitted to exercise vested options for one year following the termination of their service.
Equity Incentive Plans
2014 Share Incentive Plan
The 2014 Share Incentive Plan, or the 2014 SIP, was adopted by our board of directors and became effective on June 10, 2014. The 2014 SIP was approved by our
shareholders on July 10, 2014. The 2014 SIP provides for the grant of options, restricted shares, restricted share units and other share-based awards to our
employees, directors, officers, consultants, advisors and any other person providing services to us or our affiliates, under varying tax regimes. The maximum
aggregate number of shares that may be issued pursuant to awards under this 2014 SIP is the sum of (a) 422,000 shares plus (b) an increase of 1,220,054 shares as
of January 1, 2015 plus (c) on January 1 of each calendar year commencing in 2016, a number of shares equal to the lesser of: (i) an amount determined by our
board of directors, if so determined prior to the January 1 of the calendar year in which the increase will occur, (ii) 4% of the total number of shares outstanding on
December 31 of the immediately preceding calendar year, and (iii) 4,000,000 shares. Additionally, any share underlying an award that is cancelled or terminated or
forfeited for any reason without having been exercised will automatically be available for grant under the 2014 SIP. As of December 31, 2018, 3,024,726 ordinary
shares underlying share-based awards were outstanding under the 2014 SIP and 1,279,921 ordinary shares were reserved for future grant under the 2014 SIP. On
January 1, 2019, the aggregate number of ordinary shares reserved for issuance under the 2014 SIP was increased by 1,300,000 shares. Either our board, or a
committee established by our board, administers the 2014 SIP, and the board may, at any time, suspend, terminate, modify, or amend the 2014 SIP retroactively or
prospectively.
The board or the committee may grant awards intended to qualify as an incentive stock option, non-qualified stock option, Israeli Income Tax Ordinance Section
102 award, Section 3(9) award, or other designations under other regimes. Other than with respect to incentive stock options, governed by the specific exercise
price provisions of the 2014 SIP, the exercise price of any award will be determined by the committee or the board (as applicable). Unless otherwise stated in the
applicable award agreement, option awards under the 2014 SIP expire ten years after their grant date. Upon termination of the employment or service of a grantee,
any unvested awards will be forfeited on the termination date. Upon termination by reason of death, disability or retirement, all of the grantee’s vested awards may
be exercised at any time within one year after such death or disability or within three months following retirement. Upon termination for “cause” (as defined in the
2014 SIP), all awards granted to such grantee (whether vested or not) will be forfeited on the termination date. Upon termination for any other reason all vested and
exercisable awards at the time of termination may, unless earlier terminated in accordance with their terms, be exercised within up to three months after the
termination date (or such different period as the committee will prescribe).
66
�The committee and the board may grant restricted shares under the 2014 SIP. If a grantee’s employment or service to the company or any affiliate thereof
terminates for any reason prior to the vesting of such grantee’s restricted shares, any unvested shares will be forfeited by such grantee. The committee and the
board may also grant restricted share units, or RSUs, performance share units, or PSUs and other awards under the 2014 SIP, including shares, cash, cash and
shares, other share units, share appreciation rights, and/or the opportunity to purchase our shares in connection with our public offerings.
In order to comply with the provisions of Section 102, all awards to Israeli grantees must be held in trust for the benefit of the relevant grantee for the requisite
period prescribed by the Ordinance.
Upon a “Change in Control” event (as defined in the 2014 SIP), any award then outstanding will be assumed or substituted by us or the successor corporation or by
any affiliate thereof, as determined by the committee. Regardless of whether or not awards are assumed or substituted, the committee may: (1) provide for grantees
to have the right to exercise their awards or otherwise for the accelerated vesting of the unvested underlying shares, under such terms as the committee will
determine, including the cancellation of all unexercised awards (whether vested or unvested) upon or immediately prior to the closing of the Change in Control;
and/or (2) provide for the cancellation of each outstanding and unexercised award at or immediately prior to the closing of the Change in Control, and payment to
the grantees of an amount in cash, our shares, the acquirer or of a corporation or other business entity which is a party to the Change in Control or other property,
as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee.
Awards under the 2014 SIP are not transferable other than by will or by the laws of descent and distribution or to a grantee’s designated beneficiary, unless, in the
case of awards other than incentive stock options, otherwise determined by our committee or under the 2014 SIP. Awards may be granted from time to time
pursuant to the 2014 SIP, within a period of ten years from the effective date of the 2014 SIP, which period may be extended by our board.
2011 Share Incentive Plan
The 2011 Share Incentive Plan, or the 2011 SIP, was adopted by our board of directors and became effective on July 14, 2011. The 2011 SIP was approved by our
shareholders on December 20, 2011. Any share underlying an award that is cancelled or terminated or forfeited for any reason without having been exercised will
automatically be available for grant under the 2014 SIP. As of December 31, 2018, 166,434 options to purchase ordinary shares remained outstanding under the
2011 SIP.
No new awards may be granted under the 2011 SIP.
Either our board or a committee established by our board administers the 2011 SIP. Option awards to purchase our ordinary shares that were granted under the
2011 SIP are designated in the applicable award agreement as an incentive stock option, non-qualified stock option, Section 102 award (with such designation to
include the relevant tax track), Section 3(i) award, or other designations under other regimes. All awards granted under the 2011 SIP have vested. Upon termination
of employment or service of a grantee, any unvested options are forfeited on the termination date. Upon termination by reason of death, disability or retirement, all
of the grantee’s vested options may be exercised at any time within one year after such death or disability or within three months following retirement. Upon
termination for cause (as defined in the 2011 SIP), all options granted to such grantee (whether vested or not) are forfeited on the termination date. Upon
termination for any other reason all vested and exercisable options at the time of termination may, unless earlier terminated in accordance with their terms, be
exercised within up to 90 days after the termination date.
In the event of certain merger or sale events (as specified in the 2011 SIP), any award then outstanding will be assumed or an equivalent award will be substituted
by such successor corporation under substantially the same terms as such award. If such awards are not assumed or substituted by an equivalent award, then the
committee may (i) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of such awards, under such terms and
conditions as the committee will determine; and/or (ii) provide for the cancellation of each outstanding award at the closing of such transaction, and payment to the
grantees of an amount in cash as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the
committee.
Awards under the 2011 SIP are not transferable other than by will or by the laws of descent and distribution, unless otherwise determined by the board or under the
2011 SIP, and generally expire ten years following the grant date. The 2011 SIP will terminate on the tenth anniversary of the effective date, other than with
respect to those awards outstanding under the 2011 SIP at the time of termination.
67
�2001 Stock Option Plan and 2001 Section 102 Stock Option Plan
The 2001 Stock Option Plan, or the 2001 SOP, and the 2001 Section 102 Stock Option Plan, as amended on March 5, 2003, or the 2001 Section 102 SOP were
adopted by our board of directors and became effective on March 27, 2001. The 2001 SOP and the 2001 Section 102 SOP were approved by our shareholders on
March 22, 2002. If an option granted under the 2001 SOP expires or terminates for any reason without having been exercised in full, the unpurchased shares
subject to such option will be available for subsequent grants under the 2014 SIP. If an employee’s rights in any options under the 2001 Section 102 SOP do not
vest, such options may be reissued under the 2014 SIP. As of December 31, 2018, a total of 7,070 options to purchase ordinary shares remained outstanding under
the 2001 SOP and the 2001 Section 102 SOP. The 2001 SOP and the 2001 Section 102 SOP terminated on March 27, 2011, other than with respect to those awards
outstanding under the 2001 SOP and the 2001 Section 102 SOP at the time of such termination. No new awards may be granted under the 2001 SOP or the 2001
Section 102 SOP.
The 2001 SOP and the 2001 Section 102 SOP are administered by a committee appointed by the board, which may amend outstanding option agreements with the
affected grantee’s consent. Pursuant to the May 30, 2013 board resolution, the respective term of the options that were granted by us to certain employees of the
company and of our UK subsidiary was extended from 10 years to 15 years.
The terms of the options granted under the 2001 SOP and the 2001 Section 102 SOP are generally set forth in the applicable award agreement; however, an
incentive stock option may be exercised for at least three months following termination of a grantee’s employment (or for one year following a termination due to
the grantee’s death or disability). Upon certain acquisitions and similar events (as specified in the 2001 SOP and the 2001 Section 102 SOP), the board will take
any one or more of the following actions with respect of the then outstanding options: (i) provide that such options shall be assumed, or equivalent options will be
substituted, by the acquiring or succeeding corporation (or an affiliate thereof), (ii) upon written notice to the grantees, provide that all the then-unexercised options
will become exercisable in full as of a specified time prior to the acquisition event and will terminate immediately prior to the consummation of such acquisition
event, (iii) upon a merger under the terms of which holders of our outstanding ordinary shares will receive upon consummation thereof a cash payment for each
share surrendered in the merger, make or provide for a cash payment to the grantees equal to a formula provided in the 2001 SOP, or (iv) upon written notice to the
grantees, provide that all the then vested and unvested outstanding options will terminate immediately prior to the consummation of such acquisition event, and to
the extent the vested options will have not been exercised prior to the acquisition event, all such options will become null and void at the consummation of such
acquisition event.
Awards under the 2001 SOP and 2001 Section 102 SOP are generally not transferable other than by will or by the laws of descent and distribution, unless
otherwise determined by the board.
C.
Board Practices
Board of Directors
Under the Companies Law, the management of our business is vested in our board of directors. Our board of directors may exercise all powers and may take all
actions that are not specifically granted to our shareholders or to management. Our executive officers are responsible for our day-to-day management and have
individual responsibilities established by our board of directors. Our Chief Executive Officer is appointed by, and serves at the discretion of, our board of directors,
subject to the employment agreement that we have entered into with him. All other executive officers are also appointed by our board of directors, and are subject
to the terms of any applicable employment agreements that we may enter into with them.
We comply with the rule of NASDAQ that requires a majority of our directors to be independent as defined under NASDAQ corporate governance rules. Our
board of directors has determined that all of our directors, other than our Chief Executive Officer, are independent under such rules. Under our articles of
association, our directors serve for a period of three years pursuant to the staggered board provisions of our articles of association. Under our articles of association,
our board of directors must consist of at least four and not more than nine directors. Our board of directors currently consists of seven directors.
68
�Pursuant to our articles of association, our directors are divided into three classes with staggered three-year terms. Each class of directors consists, as nearly as
possible, of one-third of the total number of directors constituting the entire board of directors. At each annual general meeting of our shareholders, the election or
re-election of directors following the expiration of the term of office of the directors of that class of directors is for a term of office that expires on the third annual
general meeting following such election or re-election, such that at each annual general meeting, the term of office of only one class of directors will expire. Each
director will hold office until the annual general meeting of our shareholders in which his or her term expires, unless he or she is removed by a vote of 65% of the
total voting power of our shareholders at a general meeting of our shareholders or upon the occurrence of certain events, in accordance with the Companies Law
and our articles of association.
Our directors are divided among the three classes as follows:
(i) the Class I directors are Ehud (Udi) Mokady and David Schaeffer, and their term expires at the annual general meeting of shareholders to be held in 2021 at the
time their successors are elected and qualified;
(ii) the Class II directors, are Gadi Tirosh and Amnon Shoshani, and their term expires at the annual general meeting of shareholders to be held in 2019 at the time
their successors are elected and qualified; and
(iii) the Class III directors are Ron Gutler, Kim Perdikou and François Auque, and their term expires at the annual general meeting of shareholders to be held in
2020 at the time their successors are elected and qualified.
In addition, our articles of association allow our board of directors to appoint directors, create new directorships or fill vacancies on our board of directors up to the
maximum number of directors permitted under our articles of association. In case of an appointment by our board of directors to fill a vacancy on our board of
directors due to a director no longer serving, the term of office shall be equal to the remaining period of the term of office of the director(s) whose office(s) have
been vacated, and in case of a new appointment where the number of directors serving is less than the maximum number stated in our articles of association, our
board of directors shall determine at the time of appointment the class to which the new director shall be assigned.
Under the Companies Law and our articles of association, nominations for directors may be made by any shareholder(s) holding together at least 1% of our
outstanding voting power. However, any such shareholder may make such a nomination only if a written notice of such shareholder’s intent to make such
nomination has been timely and duly given to our Secretary (or, if we have no Secretary, our Chief Executive Officer), as set forth in our articles of association.
Any such notice must include certain information regarding the proposing shareholder and the proposed director nominee, the consent of the proposed director
nominee(s) to serve as our director(s) if elected and a declaration signed by the proposed director nominee(s) as required by under the Companies Law and that all
of the information that is required to be provided to us in connection with such election under the Companies Law and under our articles of association has been
provided.
Under the Companies Law, our board of directors must determine the minimum number of directors who are required to have accounting and financial expertise. A
director with accounting and financial expertise is a director who, due to his or her education, experience and skills, possesses an expertise in, and an understanding
of, financial and accounting matters and financial statements, such that he or she is able to understand the financial statements of the company and initiate a
discussion about the presentation of financial data.
In determining the number of directors required to have such expertise, a board of directors must consider, among other things, the type and size of the company
and the scope and complexity of its operations. Our board of directors has determined that the minimum number of directors of our company who are required to
have accounting and financial expertise is one.
Our board of directors has determined that each of Ron Gutler and Kim Perdikou possesses accounting and financial expertise as defined under the Companies
Law.
External Directors
Under the Companies Law, companies incorporated under the laws of the State of Israel that are public companies, including companies with shares listed on
NASDAQ, are required to appoint at least two external directors.
69
�Pursuant to regulations enacted under the Companies Law, the board of directors of a public company whose shares are listed on certain non-Israeli stock
exchanges, including NASDAQ, that do not have a controlling shareholder (as such term is defined in the Companies Law), may, subject to certain conditions,
elect to “opt-out” of the requirements of the Companies Law regarding the election of external directors and to the composition of the audit committee and
compensation committee, provided that the company complies with the requirements as to director independence and audit committee and compensation
committee composition applicable to companies that are incorporated in the jurisdiction in which its stock exchange is located. In May 2016, our board of directors
elected to opt-out of the Companies Law requirements to appoint external directors and related Companies Law rules concerning the composition of the audit
committee and compensation committee.
The foregoing exemptions will continue to be available to us so long as: (i) we do not have a “controlling shareholder” (as such term is defined under the
Companies Law), (ii) our shares are traded on a U.S. stock exchange, including NASDAQ, and (iii) we comply with NASDAQ listing rules applicable to domestic
U.S. companies. If in the future we were to have a controlling shareholder, we would again be required to comply with the requirements relating to external
directors and composition of the audit committee and compensation committee.
Under the Securities Law 1968-5728, or the Securities Law, and the Companies Law, the term “controlling shareholder” means a shareholder with the ability to
direct the activities of the company, other than by virtue of being an office holder. A shareholder is presumed to be a controlling shareholder if the shareholder
holds 50% or more of the voting rights in a company or has the right to appoint the majority of the directors of the company or its general manager. For the purpose
of approving transactions with controlling shareholders, the term “controlling shareholder” also includes any shareholder that holds 25% or more of the voting
rights of the company if no other shareholder holds more than 50% of the voting rights in the company.
Lead Independent Director
Mr. Mokady has been our CEO since 2005, and following approval by our shareholders at the June 2016 annual shareholder meeting, has held that post in addition
to serving as our Chairman since 2016, for the maximum period permitted under the Companies Law. As approved by our shareholders at the June 2016 annual
shareholder meeting, for so long as the positions of the Chief Executive Officer and Chairman of the Board are combined, the non-executive board members will
select a Lead Independent Director from among the independent directors of the board, who has served a minimum of one year as a director. If at any meeting of
the board the Lead Independent Director is not present, as the Lead Independent Director for the purpose and duration of such meeting will act, in the following
order, the Chairman of the Audit Committee, Chairman of the Compensation Committee, or an independent member of the board appointed by a majority of the
independent members of the board present. The authorities and responsibilities of the Lead Independent Director include, but are not limited to, the following:
•
•
•
•
•
•
•
•
•
providing leadership to the board if circumstances arise in which the Chairman of the Board may be, or may be perceived to be, in conflict, and
responding to any reported conflicts of interest, or potential conflicts of interest, arising for any director;
presiding as chairman of the meeting at all meetings of the board at which the Chairman of the Board is not present, including executive sessions of
the independent members of the board;
serving as liaison between the Chairman of the Board and the independent members of the board;
approving meeting agendas for the board;
approving information sent to the board;
approving meeting schedules to assure that there is sufficient time for discussion of all agenda items;
having the authority to call meetings of the independent members of the board;
if requested by a major shareholder, ensuring that he or she is available for consultation and direct communication; and
performing such other duties as the board may from time to time delegate to assist the board in the fulfillment of its duties.
70
�Audit Committee
Under the Companies Law, the board of directors of a public company must appoint an audit committee. Our audit committee consists of three independent
directors, Ron Gutler (Chairperson), Kim Perdikou, and Amnon Shoshani.
Audit Committee Composition
Under NASDAQ corporate governance rules, we are required to maintain an audit committee consisting of at least three independent directors, each of whom is
financially literate and one of whom has accounting or related financial management expertise.
All members of our audit committee meet the requirements for financial literacy under the applicable rules and regulations of the SEC and NASDAQ corporate
governance rules. Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by SEC rules and have
the requisite financial experience as defined by NASDAQ corporate governance rules.
Each of the members of the audit committee is “independent” as such term is defined in Rule 10A-3(b)(1) under the Exchange Act, which is different from the
general test for independence of board members and members of other committees.
Audit Committee Role
Our board of directors has an audit committee charter that sets forth the responsibilities of the audit committee consistent with the rules of the SEC and the listing
requirements of NASDAQ, as well as the requirements for such committee under the Companies Law. The responsibilities of the audit committee under the audit
committee charter include, among others, the following:
•
•
•
•
•
•
•
•
•
overseeing of our accounting and financial reporting process and the audits of our financial statements, the effectiveness of our internal control over
financial reporting and making such reports as may be required of an audit committee under the rules and regulations promulgated under the
Exchange Act;
retaining and terminating our independent registered public accounting firm subject to the approval of our board of directors and, in the case of
retention, of our shareholders and recommending the terms of audit and non-audit services provided by the independent registered public accounting
firm for pre-approval by our board of directors and related fees and terms;
establishing systems of internal control over financial reporting, including communication and implementation thereof and the assessment of the
internal controls in accordance with the Sarbanes-Oxley Act, and any attestation by the independent registered public accounting firm;
determining whether there are deficiencies in the business management practices of our company, including in consultation with our internal auditor
or the independent registered public accounting firm, and making recommendations to the board of directors to improve such practices;
determining whether to approve certain related party transactions (see “Item 6.C. Board Practices —Approval of Related Party Transactions under
Israeli Law”);
recommending to the board of directors the retention and termination of our internal auditor, and determining the internal auditor's fees and other
terms of engagement, in accordance with the Companies Law;
approving the working plan proposed by the internal auditor and reviewing and discussing the work of the internal auditor on a quarterly basis;
establishing procedures for the handling of employees’ complaints as to the deficiencies in the management of our business and the protection to be
provided to such employees; and
performing such other duties consistent with the audit committee charter, our governing documents, stock exchange rules and applicable law that
may be requested by the board of directors from time to time, including discussing guidelines and policies to govern the process by which the
company undertakes risk assessment and management in sensitive areas.
71
�Compensation Committee
Under the Companies Law, the board of directors of any public company must appoint a compensation committee. Our compensation committee consists of three
independent directors, Kim Perdikou (Chairperson), Gadi Tirosh and Ron Gutler.
Compensation Committee Composition
Under NASDAQ corporate governance rules, we are required to maintain a compensation committee consisting of at least two independent directors. Each current
member of the compensation committee is required to be independent under NASDAQ rules relating to compensation committee members, which are different
from the general test for independence of board and committee members. Each of the members of our compensation committee satisfies those requirements.
Compensation Policy pursuant to the Israeli Companies Law
The duties of the compensation committee include the recommendation to the company’s board of directors of a policy regarding the terms of engagement of office
holders, as such term is defined under the Companies Law, to which we refer as a compensation policy. That compensation policy must be adopted by the
company’s board of directors, after considering the recommendations of the compensation committee, and must be brought for approval by the company’s
shareholders at least once every three years, which approval requires a Special Approval for Compensation (as defined below under “—Approval of Related Party
Transactions under Israeli Law— Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions”).
Under special circumstances, the board of directors may approve the compensation policy despite the objection of the shareholders on the condition that the
compensation committee and then the board of directors decide, on the basis of detailed grounds and after discussing again the compensation policy, that approval
of the compensation policy, despite the objection of the meeting of shareholders, is for the benefit of the company.
The compensation policy must serve as the basis for decisions concerning the financial terms of employment or engagement of office holders, including
exculpation, insurance, indemnification or any monetary payment, obligation of payment or other benefit in respect of employment or engagement. The
compensation policy must be determined and later re-evaluated according to certain factors, including the advancement of the company’s objectives, business plan
and its long-term strategy andcreation of appropriate incentives for office holders , while considering , among other things, the company’s risk management policy,
the size and the nature of its operations and with respect to variable compensation, the contribution of the office holder towards the achievement of the company’s
long-term goals and the maximization of its profits, all with a long-term objective and according to the position of the office holder . The compensation policy
must include certain principles, such as: a link between variable compensation and long-term performance, which variable compensation shall, other than with
respect to office holders who report to the CEO, be primarily based on measurable criteria; the relationship between variable and fixed compensation; and the
minimum holding or vesting period for variable, equity-based compensation. The compensation committee is responsible for (a) recommending the compensation
policy to a company’s board of directors for its approval (and subsequent approval by our shareholders) and (b) duties related to the compensation policy and to the
compensation of company’s office holders (as described below). Accordingly, following the recommendation of our compensation committee, on November 12,
2014 and December 18, 2014, our board of directors and shareholders, respectively, approved our compensation policy.
Compensation Committee Role
Our board of directors has adopted a compensation committee charter that sets forth the responsibilities of the compensation committee. The responsibilities of the
committee set forth in its charter and the Companies Law include, among others, the following:
•
recommending to the board of directors for its approval a compensation policy and subsequently reviewing it from time to time, assessing its
implementation and recommending periodic updates, whether a new compensation policy should be adopted or an existing compensation policy
should continue in effect;
72
�•
•
•
reviewing, evaluating and making recommendations regarding the terms of office, compensation and benefits for our office holders, including the
non-employee directors, taking into account our compensation policy;
exempting certain compensation arrangements from the requirement to obtain shareholder approval under the Companies Law (including with
respect to the Chief Executive Officer); and
reviewing and the granting of equity-based awards pursuant to our equity incentive plans to the extent such authority is delegated to the
compensation committee by our board of directors and the reserving of additional shares for issuance thereunder.
Nominating and Governance Committee
Our nominating and governance committee consists of three independent directors, Gadi Tirosh (Chairperson), Kim Perdikou and Ron Gutler.
Nominating and Governance Committee Role
Our board of directors has a nominating and governance committee charter that sets forth the responsibilities of the nominating and governance committee, which
include:
•
•
•
•
•
•
overseeing and assisting our board of directors in reviewing and recommending nominees for election as directors and as members of the committees
of the board of directors;
establishing procedures for, and administering the performance of the members of our board and its committees;
evaluating and making recommendations to our board of directors regarding the termination of membership of directors;
reviewing, evaluating and making recommendations regarding management succession and development;
reviewing and making recommendations to our board of directors regarding board member qualifications, composition and structure and the nature
and duties of the committees and qualifications of committee members; and
establishing and maintaining effective corporate governance policies and practices, including, but not limited to, developing and recommending to
our board of directors a set of corporate governance guidelines applicable to our company.
Disclosure of Compensation of Executive Officers
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, including the
requirement applicable to certain domestic issuers that do not qualify as emerging growth companies to disclose on an individual, rather than an aggregate, basis,
the compensation of our named executive officers as defined in Item 402 of Regulation S-K. Nevertheless, the Companies Law requires that we disclose the annual
compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis. Under the Companies Law
regulations, this disclosure is required to be included in the annual proxy statement for our annual meeting of shareholders each year, which we will furnish to the
SEC under cover of a Report of Foreign Private Issuer on Form 6-K. Because of that disclosure requirement under Israeli law, we are also including such
information in this annual report, pursuant to the disclosure requirements of Form 20-F.
For additional information, see “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”
73
�Compensation of Directors
Under the Companies Law, compensation of directors requires the approval described below under “Approval of Related Party Transactions under Israeli Law -
Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions.”
The directors are also entitled to be paid reasonable travel, hotel and other expenses expended by them in attending board meetings and performing their functions
as directors of the company, all of which is to be determined by the board of directors.
For additional information, see “Item 6.B. Compensation—Compensation of Directors and Executive Officers.”
Internal Auditor
Under the Companies Law, the board of directors of an Israeli public company must appoint an internal auditor recommended by the audit committee. An internal
auditor may not be:
•
•
•
•
a person (or a relative of a person) who holds more than 5% of the company’s outstanding shares or voting rights;
a person (or a relative of a person) who has the power to appoint a director or the general manager of the company;
an office holder (including a director) of the company (or a relative thereof); or
a member of the company’s independent accounting firm, or anyone on his or her behalf.
The role of the internal auditor is to examine, among other things, our compliance with applicable law and orderly business procedures. The audit committee is
required to oversee the activities and to assess the performance of the internal auditor as well as to review the internal auditor’s work plan. Chaikin, Cohen,
Rubin & Co. serves as our internal auditor.
Approval of Related Party Transactions under Israeli Law
Fiduciary Duties of Directors and Executive Officers
The Companies Law codifies the fiduciary duties that office holders owe to a company. The term “office holder” is defined under the Companies Law as a general
manager, chief business manager, deputy general manager, vice general manager, any other person assuming the responsibilities of any of these positions
(regardless of that person’s title), a director and any other manager directly subordinate to the general manager.
An office holder’s fiduciary duties consist of a duty of care and a duty of loyalty. The duty of care requires an office holder to act with the level of care with which
a reasonable office holder in the same position would have acted under the same circumstances. The duty of loyalty requires that an office holder act in good faith
and in the best interests of the company.
The duty of care includes a duty to use reasonable means to obtain:
•
•
information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position; and
all other important information pertaining to any such action.
The duty of loyalty includes a duty to:
•
•
•
•
refrain from any conflict of interest between the performance of his or her duties to the company and his or her duties or personal affairs;
refrain from any action which competes with the company’s business;
refrain from exploiting any business opportunity of the company in order to receive a personal gain for himself or herself or others; and
disclose to the company any information or documents relating to the company’s affairs which the office holder received as a result of his or her
position as an office holder.
74
�We may approve an act specified above that would otherwise constitute a breach of the duty of loyalty of an office holder, provided, that the office holder acted in
good faith, the act or its approval does not harm the company, and the office holder discloses his or her personal interest, including any related material information
or document, a sufficient time before the approval of such act. Any such approval is subject to the terms of the Companies Law, setting forth, among other things,
the organs of the company entitled to provide such approval, and the methods of obtaining such approval.
Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions
The Companies Law requires that an office holder promptly disclose to the board of directors any personal interest that he or she may be aware of and all related
material information or documents concerning any existing or proposed transaction with the company. An interested office holder’s disclosure must be made
promptly and in any event no later than the first meeting of the board of directors in which the transaction is considered.
Under the Companies Law, a “personal interest” includes an interest of any person in an act or transaction of a company, including a personal interest of such
person’s relative or of a corporate body in which such person or a relative of such person is a 5% or greater shareholder, director or general manager, or in which
he or she has the right to appoint at least one director or the general manager, but excluding a personal interest stemming from one’s ownership of shares in the
company. A personal interest furthermore includes the personal interest of a person for whom the office holder holds a voting proxy or the personal interest of the
office holder with respect to his or her vote on behalf of a person for whom he or she holds a proxy even if such shareholder has no personal interest in the matter.
An office holder is not, however, obliged to disclose a personal interest if it derives solely from the personal interest of his or her relative in a transaction that is not
considered an extraordinary transaction. Under the Companies Law, an extraordinary transaction is defined as any of the following:
•
•
•
a transaction other than in the ordinary course of business;
a transaction that is not on market terms; or
a transaction that may have a material impact on a company’s profitability, assets or liabilities.
If it is determined that an office holder has a personal interest in a transaction, approval by the board of directors (and, in certain circumstances, of its applicable
committee) is required for the transaction, unless the company’s articles of association provide for a different method of approval. Further, so long as an office
holder has disclosed his or her personal interest in a transaction and acted in good faith and the transaction or action does not harm the company’s best interests, the
board of directors may approve an action by the office holder that would otherwise be deemed a breach of duty of loyalty.
The compensation of, or an undertaking to indemnify or insure, an office holder requires approval first by the company’s compensation committee, then by the
company’s board of directors, and, if such compensation arrangement or an undertaking to indemnify or insure is that of a director, the approval of the shareholders
by an ordinary majority. If such compensation arrangement or an undertaking to indemnify or insure is inconsistent with the company’s stated compensation policy
then such arrangement is subject to the approval of a majority vote of the shares present and voting at a shareholders meeting, provided that either, which we refer
to as the Special Approval for Compensation:
(a) such majority includes at least a majority of the shares held by all shareholders who do not have a personal interest in such compensation arrangement
and are not controlling shareholders, excluding abstentions; or
(b) the total number of shares of shareholders who do not have a personal interest in the compensation arrangement and who vote against the arrangement
does not exceed 2% of the company’s aggregate voting rights.
Generally, a person who has a personal interest in a matter which is considered at a meeting of the board of directors or the audit committee may not be present at
such a meeting or vote on that matter unless the chairman of the relevant committee or board of directors (as applicable) determines that he or she should be
present in order to present the transaction that is subject to approval, in which case such person may do so but may not vote on the matter. If a majority of the
members of the audit committee or the board of directors (as applicable) has a personal interest in the approval of a transaction, then all directors may participate in
discussions of the audit committee or the board of directors (as applicable) on such transaction and the voting on approval thereof. However, in the event that a
majority of the members of the board has a personal interest in a transaction, shareholder approval is also required for such transaction.
75
�Disclosure of Personal Interests of Controlling Shareholders and Approval of Certain Transactions
We currently do not have a controlling shareholder. If in the future we would have a controlling shareholder, disclosure requirements regarding personal interests
will apply and shareholder approval (meeting a special majority requirement) will be required with respect to transactions specified in the Companies Law
involving the controlling shareholder, parties having certain relationships with the controlling shareholder and certain other specific transactions. In such cases, the
votes of a controlling shareholder and certain parties associated with it would be excluded for purposes of special majority voting requirements. Additionally, the
Companies Law provides a different, broader definition of a controlling shareholder with respect to the provisions pertaining to the approval of related party
transactions.
Shareholder Duties
Pursuant to the Companies Law, a shareholder has a duty to act in good faith and in a customary manner toward the company and other shareholders and to refrain
from abusing his or her power in the company, including, among other things, in voting at a general meeting and at shareholder class meetings with respect to the
following matters:
•
•
•
•
an amendment to the company’s articles of association;
an increase of the company’s authorized share capital;
a merger; or
the approval of related party transactions and acts of office holders that require shareholder approval.
In addition, a shareholder also has a general duty to refrain from discriminating against other shareholders.
In addition, certain shareholders have a duty of fairness toward the company. These shareholders include any controlling shareholder, any shareholder who knows
that he or she has the power to determine the outcome of a shareholder vote and any shareholder who has the power to appoint or to prevent the appointment of an
office holder of the company or other power towards the company. The Companies Law does not define the substance of the duty of fairness, except to state that
the remedies generally available upon a breach of contract will also apply in the event of a breach of the duty to act with fairness.
Exculpation, Insurance and Indemnification of Directors and Officers
Under the Companies Law, a company may not exculpate an office holder from liability for a breach of the duty of loyalty. An Israeli company may exculpate an
office holder in advance from liability to the company, in whole or in part, for damages caused to the company as a result of a breach of duty of care but only if a
provision authorizing such exculpation is included in its articles of association. Our articles of association include such a provision. The company may not
exculpate in advance a director from liability arising out of a prohibited dividend or distribution to shareholders.
Under the Companies Law and the Securities Law, a company may indemnify an office holder in respect of the following liabilities, payments and expenses
incurred for acts performed by him or her as an office holder, either pursuant to an undertaking made in advance of an event or following an event, provided its
articles of association include a provision authorizing such indemnification:
•
a monetary liability incurred by or imposed on him or her in favor of another person pursuant to a judgment, including a settlement or arbitrator’s
award approved by a court. However, if an undertaking to indemnify an office holder with respect to such liability is provided in advance, then such
undertaking must be limited to certain events which, in the opinion of the board of directors, can be foreseen based on the company’s activities when
the undertaking to indemnify is given, and to an amount or according to criteria determined by the board of directors as reasonable under the
circumstances, and such undertaking shall detail the foreseen events and described above amount or criteria;
76
�•
•
•
reasonable litigation expenses, including reasonable attorneys’ fees, incurred by the office holder (1) as a result of an investigation or proceeding
instituted against him or her by an authority authorized to conduct such investigation or proceeding, provided that (i) no indictment was filed against
such office holder as a result of such investigation or proceeding; and (ii) no financial liability was imposed upon him or her as a substitute for the
criminal proceeding as a result of such investigation or proceeding or, if such financial liability was imposed, it was imposed with respect to an
offense that does not require proof of criminal intent; or (2) in connection with a monetary sanction or liability imposed on him or her in favor of an
injured party in certain Administrative proceedings;
expenses incurred by an office holder in connection with Administrative proceedings instituted against such office holder, or certain compensation
payments made to an injured party imposed on an office holder by Administrative proceedings, including reasonable litigation expenses and
reasonable attorneys’ fees; and
reasonable litigation expenses, including attorneys’ fees, incurred by the office holder or imposed by a court in proceedings instituted against him or
her by the company, on its behalf, or by a third party, or in connection with criminal proceedings in which the office holder was acquitted, or as a
result of a conviction for an offense that does not require proof of criminal intent.
Under the Companies Law and the Securities Law, a company may insure an office holder against the following liabilities incurred for acts performed by him or
her as an office holder if and to the extent provided in the company’s articles of association:
•
•
•
•
•
a breach of duty of care to the company or to a third party, to the extent such a breach arises out of the negligent conduct of the office holder;
a breach of the duty of loyalty to the company, provided that the office holder acted in good faith and had a reasonable basis to believe that the act
would not harm the company;
a monetary liability imposed on the office holder in favor of a third party;
a monetary liability imposed on the office holder in favor of an injured party in certain Administrative proceedings; and
expenses incurred by an office holder in connection with certain Administrative proceedings, including reasonable litigation expenses and reasonable
attorneys’ fees.
Under the Companies Law, a company may not indemnify, exculpate or insure an office holder against any of the following:
•
•
•
•
a breach of the duty of loyalty, except for indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the
office holder acted in good faith and had a reasonable basis to believe that the act would not prejudice the company;
a breach of duty of care committed intentionally or recklessly, excluding a breach arising out of the negligent conduct of the office holder;
an act or omission committed with intent to derive illegal personal benefit; or
a civil or criminal fine, monetary sanction or forfeit levied against the office holder.
Under the Companies Law, exculpation, indemnification and insurance of office holders in a public company must be approved by the compensation committee
and the board of directors and, with respect to certain office holders or under certain circumstances, also by the shareholders. See “Item 6.C. Board Practices—
Approval of Related Party Transactions under Israeli Law.”
77
�We have entered into indemnification agreements with our office holders to exculpate, indemnify and insure our office holders to the fullest extent permitted or to
be permitted by our articles of association and applicable law (including without limitation), the Companies Law, the Securities Law and the Israeli Restrictive
Trade Practices Law, 5758-1988. We have obtained director and officer liability insurance for the benefit of our office holders and intend to continue to maintain
such insurance as deemed adequate and to the extent permitted by the Companies Law.
D.
Employees
As of December 31, 2018, we had 1,146 employees and subcontractors with 429 located in Israel, 415 in the United States, 81 in the United Kingdom and 221
across 32 other countries. The following table shows the breakdown of our global workforce of employees and subcontractors by category of activity as of the
dates indicated:
Department
Sales and marketing
Research and development
Services and support
General and administrative
Total
2016
As of December 31,
2017
2018
377
205
166
75
491
250
188
86
541
287
214
104
823
1,015
1,146
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing
employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws
and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an
employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration.
Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all
employees, which cover potential severance pay obligations.
None of our employees work under any collective bargaining agreements, except for our employees in Italy who work under the national collective bargaining
agreement for trade and commerce sector ( CCNL
Commercio
) which affects matters such as length of working, annual holidays entitlement, sick leave, travel
expenses and pension rights, and our employees in France who work under the collective bargaining agreement for offices of technical studies, offices of
consulting engineers and consulting firms ( SYNTEC
CBA
).
Extension orders issued by the Israeli Ministry of Economy and Industry (formerly the Israeli Ministry of Industry, Trade and Labor) apply to our employees in
Israel and affect matters such as cost of living adjustments to salaries, length of working hours and week, recuperation pay, travel expenses, and pension rights. We
have never experienced labor-related work stoppages or strikes and believe that our relations with our employees are satisfactory.
E. Share Ownership
For information regarding the share ownership of our directors and executive officers, please refer to “Item 6.B. Compensation” and “Item 7.A. Major
Shareholders.”
78
�ITEM 7.
MAJOR SHAREHOLDERS AND RELATED PARTY TRANSACTIONS
A. Major Shareholders
The following table sets forth information with respect to the beneficial ownership of our shares as of February 28, 2019 by:
•
•
•
each person or entity known by us to own beneficially 5% or more of our outstanding shares;
each of our directors and executive officers individually; and
all of our executive officers and directors as a group.
The beneficial ownership of ordinary shares is determined in accordance with the rules of the SEC and generally includes any ordinary shares over which a person
exercises sole or shared voting or investment power, or the right to receive the economic benefit of ownership. For purposes of the table below, we deem shares
subject to equity-based awards that are currently exercisable or exercisable within 60 days of February 28, 2019, to be outstanding and to be beneficially owned by
the person holding the equity-based awards for the purposes of computing the percentage ownership of that person but we do not treat them as outstanding for the
purpose of computing the percentage ownership of any other person. The percentage of shares beneficially owned is based on 37,194,054 ordinary shares
outstanding as of February 28, 2019.
As of February 28, 2019, we had 10 holders of record of our ordinary shares in the United States, including Cede & Co., the nominee of The Depository Trust
Company. These shareholders held in the aggregate 37,190,287 of our outstanding ordinary shares, or 99.9% of our outstanding ordinary shares as of February 28,
2019. The number of record holders in the United States is not representative of the number of beneficial holders nor is it representative of where such beneficial
holders are resident since many of these ordinary shares were held by brokers or other nominees.
All of our shareholders, including the shareholders listed below, have the same voting rights attached to their ordinary shares. See “Item 10.B. Memorandum and
Articles of Association.” None of our principal shareholders or our directors and executive officers have different or special voting rights with respect to their
ordinary shares. Unless otherwise noted below, each shareholder’s address is CyberArk Software Ltd. 9 Hapsagot St., Park Ofer B, POB 3143, Petach-Tikva,
4951040, Israel.
79
�A description of any material relationship that our principal shareholders have had with us or any of our predecessors or affiliates since January 1, 2018 is included
under “Item 7.B. Related Party Transactions.”
Name of Beneficial Owner
Principal Shareholders (1)
Executive Officers and Directors
Ehud (Udi) Mokady(2)
Joshua Siegel
Chen Bitan
Ronen (Ron) Zoran
Roy Adar
Donna Rahav
Gadi Tirosh
Ron Gutler
Kim Perdikou
David Schaeffer
Amnon Shoshani
Francois Auque
All executive officers and directors as a group (12 persons)
Shares
Beneficially
Owned
Number
%
413,113
*
*
*
*
*
*
*
*
*
*
*
896,380
1.11%
*
*
*
*
*
*
*
*
*
*
*
2.41%
*
Less than 1%.
(1)
Certain shareholders that reported greater than 5% beneficial ownership on a Schedule 13G filed with respect to their share ownership as of
December 31, 2018 have not been included in the table as their percentage ownership is less than 5% based on the number of shares outstanding
as of February 28, 2019.
(2)
Mr. Mokady’s shares include 3,000 shares held in trust for family members over which Mr. Mokady is the beneficial owner.
Significant Changes
Based on a Schedule 13G/A filed with the SEC on February 14, 2019, as of December 31, 2018, Eminence Capital, LP and certain of its affiliates and subsidiaries
no longer beneficially owned any of our ordinary shares.
B. Related Party Transactions
Our policy is to enter into transactions with related parties on terms that, on the whole, are no more favorable, or no less favorable, than those available from
unaffiliated third parties. Based on our experience in the business sectors in which we operate and the terms of our transactions with unaffiliated third parties, we
believe that all of the transactions described below met this policy standard at the time they occurred.
80
�The following is a description of material transactions, or series of related material transactions, since January 1, 2018, to which we were or will be a party and in
which the other parties included or will include our directors, executive officers, holders of more than 10% of our voting securities or any member of the
immediate family of any of the foregoing persons.
Registration Rights
Our investor rights agreement entitles our shareholders to certain registration rights. None of our shareholder are currently entitled to registration rights.
Agreements with Directors and Officers
Employment
and
Related
Agreements
. We have entered into written employment agreements with each of our executive officers. These agreements provide for
notice periods of varying duration for termination of the agreement by us or by the relevant executive officer, during which time the executive officer will continue
to receive base salary and benefits. These agreements also contain customary provisions regarding confidentiality of information and ownership of inventions.
Equity
Awards
. Since our inception we have granted options to purchase, and restricted share units underlying, our ordinary shares to our officers and certain of
our directors. Such award agreements contain acceleration provisions upon certain merger, acquisition, or change of control transactions. We describe our option
plans under “Item 6.B. Compensation—Equity Incentive Plans” and the equity-based compensation received by certain of our executive officers in “Item 6.B.
Compensation—Compensation of Directors and Executive Officers.” If the relationship between us and an executive officer, or a director, is terminated, except for
cause (as defined in the various option plan agreements), all options that are vested will remain exercisable for ninety days after such termination in the case of our
executive officers, or one year in the case of our directors.
Exculpation,
Indemnification
and
Insurance.
Our articles of association permit us to exculpate, indemnify and insure certain of our office holders to the fullest
extent permitted by Israeli law. We have entered into agreements with certain of our office holders, including our directors, exculpating them from a breach of their
duty of care to us to the fullest extent permitted by law and undertaking to indemnify them to the fullest extent permitted by law, subject to certain exceptions,
including with respect to liabilities resulting from our initial public offering to the extent that these liabilities are not covered by insurance. See “Item 6.C. Board
Practices—Exculpation, Insurance and Indemnification of Directors and Officers.”
C. Interests of Experts and Counsel
Not applicable.
ITE M 8. FINANCIAL INFORMATION
A. Consolidated Statements and Other Financial Information
Consolidated Financial Statements
We have appended as part of this annual report our consolidated financial statements starting at page F-1.
Legal Proceedings
From time to time we are involved in legal proceedings or become subject to claims arising in our ordinary course of business. Such matters are generally subject
to many uncertainties and outcomes are not predictable with assurance. We accrue for contingencies when the loss is probable and we can reasonably estimate the
amount of any such loss. Except as set forth below, we are currently not a party to any material legal or administrative proceedings for which an appropriate
accrual has not been made, and we are not aware of any pending or threatened material legal or administrative proceedings against us.
On April 25, 2017, a complaint was filed against us, in a U.S. court, alleging breach of contract in connection with a sale made to one of our customers, seeking
damages in the amount of $0.8 million plus recovery of certain implementation and replacement costs allegedly incurred by it. On October 31, 2018, the parties
entered into a settlement agreement, which was approved by the U.S. court on November 2, 2018, formally dismissing this complaint.
81
�Dividend Policy
We have never declared or paid any cash dividends on our ordinary shares. We do not anticipate paying any cash dividends in the foreseeable future. We currently
intend to retain future earnings, if any, to finance operations and expand our business. Our board of directors has sole discretion whether to pay dividends. If our
board of directors decides to pay dividends, the form, frequency and amount will depend upon our future operations and earnings, capital requirements and surplus,
general financial condition, contractual restrictions and other factors that our directors may deem relevant. The distribution of dividends may also be limited by
Israeli law, which permits the distribution of dividends only out of retained earnings or otherwise upon the permission of an Israeli court.
B. Significant Changes
No significant changes have occurred since December 31, 2018, except as otherwise disclosed in this annual report.
IT EM 9. THE OFFER AND LISTING
A. Offer and Listing Details
Our ordinary shares have been quoted on NASDAQ under the symbol “CYBR” since September 24, 2014. Prior to that date, there was no public trading market for
our ordinary shares. Our IPO was priced at $16.00 per share on September 24, 2014.
B. Plan of Distribution
Not applicable.
C. Markets
See “—Listing Details” above.
D. Selling Shareholders
Not applicable.
E. Dilution
Not applicable.
F. Expenses of the Issue
Not applicable.
ITE M 10. ADDITIONAL INFORMATION
A. Share Capital
Not applicable.
B. Memorandum and Articles of Association
Certain information related to our articles of association and memorandum of association is disclosed in our Registration Statement on Form F-1, as amended
(Registration No. 333-204516), and is incorporated by reference.
Registration
Number
and
Purposes
of
the
Company
. Our registration number with the Israeli Registrar of Companies is 51-229164-2. Our purpose, as set forth in
article 3 of our articles of association, is to engage in any lawful activity.
Voting
Rights
and
Conversion
. All ordinary shares have identical voting and other rights in all respects.
Transfer
of
Shares
. Our fully paid ordinary shares are issued in registered form and may be freely transferred under our articles of association, unless the transfer
is restricted or prohibited by another instrument, applicable law or the rules of a stock exchange on which the shares are listed for trade. The ownership or voting of
our ordinary shares by non-residents of Israel is not restricted in any way by our articles of association or the laws of the State of Israel, except for ownership by
nationals of some countries that are, or have been, in a state of war with Israel.
82
�Election
of
Directors
. Our ordinary shares do not have cumulative voting rights for the election of directors. As a result, the holders of a majority of the voting
power represented at a shareholders meeting have the power to elect all of our directors.
Under our articles of association, our board of directors must consist of not less than four but no more than nine directors, as may be fixed from time to time by our
board of directors . Pursuant to our articles of association, the vote required to appoint a director is a simple majority vote of holders of our voting shares,
participating and voting at the relevant meeting. In addition, our directors are divided into three classes that are each elected at the third annual general meeting of
our shareholders, in a staggered fashion (such that one class is elected each annual general meeting), and serve on our board of directors unless they are removed
by a vote of 65% of the total voting power of our shareholders at a general meeting of our shareholders or upon the occurrence of certain events, in accordance
with the Companies Law and our articles of association. In addition, our articles of association allow our board of directors to fill vacancies on the board of
directors or to appoint new directors up to the maximum number of directors permitted under our articles of association. Such directors serve for a term of office
equal to the remaining period of the term of office of the directors(s) whose office(s) have been vacated or in the case of new directors, for a term of office
according to the class to which such director was assigned upon appointment. See “Item 6.C. Board Practices—External Directors” for a description of the
exemption from the requirements under the Companies Law to appoint external directors.
Dividend
and
Liquidation
Rights
. We may declare a dividend to be paid to the holders of our ordinary shares in proportion to their respective shareholdings. Under
the Companies Law, dividend distributions are determined by the board of directors and do not require the approval of the shareholders of a company unless the
company’s articles of association provide otherwise. Our articles of association do not require shareholder approval of a dividend distribution and provide that
dividend distributions may be determined by our board of directors.
Pursuant to the Companies Law, the distribution amount is limited to the greater of retained earnings or earnings generated over the previous two years, according
to our then last reviewed or audited financial statements, provided that the date of the financial statements is not more than six months prior to the date of the
distribution. In the event that we do not have retained earnings or earnings generated over the two most recent years, we may seek the approval of the Israeli court
in order to distribute a dividend. In each case, we are only permitted to distribute a dividend if our board of directors and the court, if applicable, determines that
there is no reasonable concern that payment of the dividend will prevent us from satisfying our existing and foreseeable obligations as they become due.
In the event of our liquidation, after satisfaction of liabilities to creditors, our assets will be distributed to the holders of our ordinary shares in proportion to their
shareholdings. This right, as well as the right to receive dividends, may be affected by the grant of preferential dividend or distribution rights to the holders of a
class of shares with preferential rights that may be authorized in the future.
Exchange
Controls
. There are currently no Israeli currency control restrictions on remittances of dividends on our ordinary shares, proceeds from the sale of the
shares or interest or other payments to non-residents of Israel, except for shareholders who are subjects of countries that are, or have been, in a state of war with
Israel.
Shareholder
Meetings
. Under Israeli law, we are required to hold an annual general meeting of our shareholders once every calendar year that must be held no
later than 15 months after the date of the previous annual general meeting. All meetings other than the annual general meeting of shareholders are referred to in our
articles of association as special general meetings. Our board of directors may call special general meetings whenever it sees fit, at such time and place, within or
outside of Israel, as it may determine. In addition, the Companies Law provides that our board of directors is required to convene a special general meeting upon
the written request of (i) any two of our directors or one-quarter of the members of our board of directors or (ii) one or more shareholders holding, in the aggregate,
either (a) 5% or more of our outstanding issued shares and 1% of our outstanding voting power or (b) 5% or more of our outstanding voting power.
83
�Subject to the provisions of the Companies Law and the regulations promulgated thereunder, shareholders entitled to participate and vote at general meetings are
the shareholders of record on a date to be decided by the board of directors, which may be between four and 40 days prior to the date of the meeting. Furthermore,
the Companies Law requires that resolutions regarding the following matters must be passed at a general meeting of our shareholders:
•
•
•
•
•
•
amendments to our articles of association;
appointment or termination of our auditors;
approval of certain related party transactions;
increases or reductions of our authorized share capital;
certain merger transactions; and
the exercise of our board of director’s powers by a general meeting, if our board of directors is unable to exercise its powers and the exercise of any
of its powers is required for our proper management.
The Companies Law requires that notice of any annual general meeting or special general meeting be provided to shareholders at least 21 days prior to the meeting
and if the agenda of the meeting includes the appointment or removal of directors, the approval of transactions with office holders or interested or related parties,
or an approval of a merger, notice must be provided at least 35 days prior to the meeting.
Under the Companies Law, shareholders of a public company are not permitted to take action via written consent in lieu of a meeting.
Voting Rights
Quorum
requirements.
Pursuant to our articles of association, holders of our ordinary shares have one vote for each ordinary share held on all matters submitted to
a vote before the shareholders at a general meeting. As a foreign private issuer, the quorum required for our general meetings of shareholders consists of at least
two shareholders present in person or by proxy who hold or represent between them at least 25% of the total outstanding voting rights. A meeting adjourned for
lack of a quorum is generally adjourned to the same day in the following week at the same time and place, to such time and date if so specified in the notice of the
meeting, or to such time and date as the chairman of the general meeting shall determine (which may be earlier or later than the forgoing dates). At the reconvened
meeting, any one shareholder present in person or by proxy shall constitute a lawful quorum, generally, regardless of the number of shares held by such
shareholder unless the meeting was convened pursuant to a shareholders request as permitted under the Companies Law, in such case, the quorum shall be one or
more shareholder, present in person or by proxy, and holding the number of shares required under the Companies Law for making such requisition.
Vote
Requirements.
Our articles of association provide that all resolutions of our shareholders require a simple majority vote, unless otherwise required by the
Companies Law or by our articles of association. Under our articles of association, the alteration of the rights, privileges, preferences or obligations of any class of
our shares requires the ordinary majority vote of all classes of shares voting together as a single class at a shareholder meeting. Our articles of association also
require that the removal of any director from office (other than external directors) or the amendment of the provisions of our articles of association relating to our
staggered board requires the vote of 65% of the total voting power of our shareholders. Another exception to the simple majority vote requirement is a resolution
for the voluntary winding up, or an approval of a scheme of arrangement or reorganization, of the company pursuant to Section 350 of the Companies Law, which
requires the approval of holders of 75% of the voting rights represented at the meeting, in person, by proxy or by voting deed and voting on the resolution.
Access
to
Corporate
Records.
Under the Companies Law, shareholders are provided access to: minutes of our general meetings; our shareholders register and
principal shareholders register, articles of association and annual financial statements, certain other documents as provided in the Companies Law, and any
document that we are required by law to file publicly with the Israeli Companies Registrar or the Israel Securities Authority. In addition, shareholders may request
to be provided with any document related to an action or transaction requiring shareholder approval under the related party transaction provisions of the Companies
Law. We may deny this request if we believe it has not been made in good faith or if such denial is necessary to protect our interest or protect a trade secret or
patent.
84
�Acquisitions under Israeli Law
Full
Tender
Offer.
A person wishing to acquire shares of an Israeli public company and who would as a result hold over 90% of the target company’s issued and
outstanding share capital or that of a certain class of shares is required by the Companies Law to make a tender offer to all of the company’s shareholders or the
shareholders who hold shares of the relevant class for the purchase of all of the issued and outstanding shares of the company or of the same class, as applicable.
If the shareholders who do not accept the offer hold less than 5% of the issued and outstanding share capital of the company or of the applicable class of shares,
and more than half of the shareholders who do not have a personal interest in the offer accept the offer, all of the shares that the acquirer offered to purchase will be
transferred to the acquirer by operation of law. However, a tender offer will also be accepted if the shareholders who do not accept the offer hold less than 2% of
the issued and outstanding share capital of the company or of the applicable class of shares.
If the tender offer was not accepted, the acquirer may not acquire shares of the company that will increase its holdings to more than 90% of the company’s issued
and outstanding share capital or of the applicable class from shareholders who accepted the tender offer.
Special
Tender
Offer
. The Companies Law provides that an acquisition of shares of an Israeli public company must be made by means of a special tender offer if
as a result of the acquisition the purchaser would become a holder of 25% or more of the voting rights in the company. This requirement does not apply if there is
already another holder of at least 25% of the voting rights in the company. Similarly, the Companies Law provides that an acquisition of shares in a public
company must be made by means of a special tender offer if as a result of the acquisition the purchaser would become a holder of more than 45% of the voting
rights in the company, if there is no other shareholder of the company who holds more than 45% of the voting rights in the company, subject to certain exceptions.
These requirements do not apply if the acquisition occurs in the context of a private placement approved by the general meeting as a private offering whose
purpose is to give the acquirer at least 25% or 45% or more, as the case may be.
A special tender offer may be consummated only if (i) at least 5% of the voting power attached to the company’s outstanding shares will be acquired by the offeror
and (ii) the special tender offer is accepted by a majority of the votes of those offerees who gave notice of their position in respect of the offer; in counting the
votes of offerees, the votes of a holder of control in the offeror, a person who has personal interest in acceptance of the special tender offer, holders of 25% or more
of the voting rights in the company or anyone on their behalf, including their relatives and entities controlled by them, will not be taken into account.
Merger
. The Companies Law permits merger transactions if approved by each party’s board of directors and, unless certain requirements described under the
Companies Law are met, by a majority vote of each party’s shareholders.
For purposes of the shareholder vote, unless a court rules otherwise, the merger will not be deemed approved if a majority of the votes of shares represented at the
shareholders meeting that are held by parties other than the other party to the merger, or by any person (or group of persons acting in concert) who holds (or hold,
as the case may be) 25% or more of the voting rights or the right to appoint 25% or more of the directors of the other party, vote against the merger. If, however,
the merger involves a merger with a company’s own controlling shareholder or if the controlling shareholder has a personal interest in the merger, then the merger
is instead subject to the same special majority approval that governs all extraordinary transactions with controlling shareholders (as described under “Management
—Approval of Related Party Transactions under Israeli Law—Disclosure of personal interests of controlling shareholders and approval of certain transactions”).
If the transaction would have been approved by the shareholders of a merging company but for the separate approval of each class or the exclusion of the votes of
certain shareholders as provided above, a court may still approve the merger upon the request of holders of at least 25% of the voting rights of a company, if the
court holds that the merger is fair and reasonable, taking into account the value of the parties to the merger and the consideration offered to the shareholders of the
company.
Upon the request of a creditor of either party to the proposed merger, the court may delay or prevent the merger if it concludes that there exists a reasonable
concern that, as a result of the merger, the surviving company will be unable to satisfy the obligations of the merging entities, and may further give instructions to
secure the rights of creditors.
85
�In addition, a merger may not be consummated unless at least 50 days have passed from the date on which a proposal for approval of the merger was filed by each
party with the Israeli Registrar of Companies and at least 30 days have passed from the date on which the merger was approved by the shareholders of each party.
Anti-takeover Measures under Israeli Law
The Companies Law allows us to create and issue shares having rights different from those attached to our ordinary shares, including shares providing certain
preferred rights with respect to voting, distributions or other matters and shares having preemptive rights. No preferred shares are authorized under our articles of
association. In the future, if we do authorize, create and issue a specific class of preferred shares, such class of shares, depending on the specific rights that may be
attached to it, may have the ability to frustrate or prevent a takeover or otherwise prevent our shareholders from realizing a potential premium over the market
value of their ordinary shares. The authorization and designation of a class of preferred shares will require an amendment to our articles of association, which
requires the prior approval of the holders of a majority of the voting power attaching to our issued and outstanding shares at a general meeting. The convening of
the meeting, the shareholders entitled to participate and the majority vote required to be obtained at such a meeting will be subject to the requirements set forth in
the Companies Law as described above in “—Voting Rights.”
Transfer Agent and Registrar
The transfer agent and registrar for our ordinary shares is American Stock Transfer & Trust Company, LLC. Its address is 6201 15th Avenue, Brooklyn, New York
11219, and its telephone number is (800) 937-5449.
Listing
Our ordinary shares are listed on NASDAQ under the symbol “CYBR.”
C. Material Contracts
For a description of the registration rights that we granted under our Fourth Amended Investor Rights Agreement, please refer to “Item 7.B. Related Party
Transaction—Registration Rights.”
For a description of our leases, see Item 4.B.—Business Overview—Properties.
D. Exchange Controls
In 1998, Israeli currency control regulations were liberalized significantly, so that Israeli residents generally may freely deal in foreign currency and foreign assets,
and non-residents may freely deal in Israeli currency and Israeli assets. There are currently no Israeli currency control restrictions on remittances of dividends on
the ordinary shares or the proceeds from the sale of the shares provided that all taxes were paid or withheld; however, legislation remains in effect pursuant to
which currency controls can be imposed by administrative action at any time.
Non-residents of Israel may freely hold and trade our securities. Neither our articles of association nor the laws of the State of Israel restrict in any way the
ownership or voting of ordinary shares by non-residents, except that such restrictions may exist with respect to citizens of countries which are in a state of war with
Israel. Israeli residents are allowed to purchase our ordinary shares.
E. Taxation
Certain Israeli Tax Consequences
The following description is not intended to constitute a complete analysis of all tax consequences relating to the acquisition, ownership and disposition of our
ordinary shares. You should consult your own tax advisor concerning the tax consequences of your particular situation, as well as any tax consequences that may
arise under the laws of any state, local, foreign or other taxing jurisdiction. This summary does not discuss all of the aspects of Israeli tax law that may be relevant
to a particular investor in light of his or her personal investment circumstances or to some types of investors subject to special treatment under Israeli law.
Examples of such investors include residents of Israel or traders in securities who are subject to special tax regimes not covered in this discussion.
86
�Capital Gains Taxes Applicable to Non-Israeli Resident Shareholders
A non-Israeli resident who derives capital gains from the sale of shares in an Israeli resident company that were purchased after the company was listed for trading
on a stock exchange outside of Israel should be exempt from Israeli tax so long as the shares were not held through a permanent establishment that the non-resident
maintains in Israel and that such shareholders are not subject to the Israeli Income Tax Law (Inflationary Adjustments) 5745-1985. However, non-Israeli
corporations will not be entitled to the foregoing exemption if Israeli residents: (i) have a controlling interest of more than 25% in such non-Israeli corporation or
(ii) are the beneficiaries of, or are entitled to, 25% or more of the revenues or profits of such non-Israeli corporation, whether directly or indirectly. Such exemption
is not applicable to a person whose gains from selling or otherwise disposing of the shares are deemed to be a business income.
Additionally, a sale of shares by a non-Israeli resident (either an individual or a corporation) may be exempt from Israeli capital gains tax under the provisions of
an applicable tax treaty. For example, under the Convention between the United States and the Government of the State of Israel with respect to income taxes ( the
“United States-Israel Tax Treaty”), the disposition of shares by a shareholder who (i) is a U.S. resident (for purposes of the treaty), (ii) holds the shares as a capital
asset, and (iii) is entitled to claim the benefits afforded to such person by the treaty, is generally exempt from Israeli capital gains tax. Such exemption will not
apply if: (i) the capital gain arising from the disposition can be attributed to a permanent establishment of the shareholder which is maintained in Israel; (ii) the
shareholder holds, directly or indirectly, shares representing 10% or more of the voting capital during any part of the 12-month period preceding such sale,
exchange or disposition, subject to certain conditions; or (iii) such U.S. resident is an individual and was present in Israel for a period or periods aggregating to
183 days or more during the relevant taxable year. In such case, the sale, exchange or disposition of our ordinary shares would be subject to Israeli tax, to the
extent applicable; however, under the United States-Israel Tax Treaty, a U.S. resident would be permitted to claim a credit for such taxes against the U.S. federal
income tax imposed with respect to such sale, exchange or disposition, subject to the limitations under U.S. law applicable to foreign tax credits. The
United States-Israel Tax Treaty does not relate to U.S. state or local taxes.
In some instances where our shareholders may be liable for Israeli tax on the sale of their ordinary shares, the payment of the consideration may be subject to the
withholding of Israeli tax at source. Shareholders may be required to demonstrate that they are exempt from tax on their capital gains in order to avoid withholding
at source at the time of sale. Specifically, in transactions involving a sale of all of the shares of an Israeli resident company, in the form of a merger or otherwise,
the Israel Tax Authority may require from shareholders who are not liable for Israeli tax to sign declarations in forms specified by this authority or to apply for and
obtain a specific withholding tax certificate of exemption from the Israel Tax Authority to confirm their status as non-Israeli resident, and, in the absence of such
declarations or exemptions, may require the purchaser of the shares to withhold taxes at source.
Taxation of Non-Israeli Shareholders on Receipt of Dividends
Non-Israeli residents (either an individual or a corporation) are generally subject to Israeli income tax on the receipt of dividends paid on our ordinary shares at the
rate of 25%, unless relief is provided in a treaty between Israel and the shareholder’s country of residence. With respect to a person who is a “substantial
shareholder” at the time of receiving the dividend or on any time during the preceding twelve months, the applicable tax rate is 30%. A “substantial shareholder” is
generally a person who alone or together with such person’s relative or another person who collaborates with such person on a permanent basis, holds, directly or
indirectly, at least 10% of any of the “means of control” of the corporation. “Means of control” generally include the right to vote, receive profits, nominate a
director or an executive officer, receive assets upon liquidation, or order someone who holds any of the aforesaid rights how to act, regardless of the source of such
right. Such dividends paid to non-Israeli residents are generally subject to Israeli withholding tax at a rate of 25% so long as the shares are registered with a
Nominee Company (whether the recipient is a substantial shareholder or not), unless a reduced tax rate is provided under an applicable tax treaty, provided that a
certificate from the Israel Tax Authority allowing for a reduced withholding tax rate is obtained in advance. However, a distribution of dividends to non-Israeli
residents is subject to withholding tax at source at a rate of 15% if the dividend is distributed from income attributed to an Approved Enterprise or a Benefited
Enterprise or 20% if the dividend is distributed from income attributed to a Preferred Enterprise (including Technological Preferred Enterprise), unless a reduced
tax rate is provided under an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax
rate). Under the United States-Israel Tax Treaty, the maximum rate of tax withheld at source in Israel on dividends paid to a holder of our ordinary shares who is a
U.S. resident (for purposes of the United States-Israel Tax Treaty) is 25%. However, the maximum rate of withholding tax on dividends, not generated from an
Approved Enterprise or Benefited Enterprise, that are paid to a United States corporation holding 10% or more of the outstanding voting capital throughout the tax
year in which the dividend is distributed as well as during the previous tax year, is 12.5%, provided that no more than 25% of the gross income for such preceding
year consists of certain types of dividends and interest. Notwithstanding the foregoing, a distribution of dividends to non-Israeli residents is subject to withholding
tax at source at a rate of 15% if the dividend is distributed from income attributed to an Approved Enterprise or a Benefited Enterprise for such U.S. corporation
shareholder, provided that the condition related to our gross income for the previous year (as set forth in the previous sentence) is met. We cannot assure you that
in the event we declare a dividend we will designate the income out of which the dividend is paid in a manner that will reduce shareholders’ tax liability.
87
�If the dividend is attributable partly to income derived from an Approved Enterprise, Benefited Enterprise or Preferred Enterprise, and partly to other sources of
income, the withholding rate will be a blended rate reflecting the relative portions of the two types of income. U.S. residents who are subject to Israeli withholding
tax on a dividend may be entitled to a credit or deduction for United States federal income tax purposes in the amount of the taxes withheld, subject to detailed
rules contained in U.S. tax legislation.
Excess Tax
Individuals who are subject to tax in Israel (whether any such individual is an Israeli resident or non-Israeli resident) are also subject to an additional tax at the rate
of 2% on annual taxable income exceeding NIS 803,520 in 2016 (and as of 2017, the additional tax will be at a rate of 3% on annual income exceeding NIS
640,000) which amount is linked to the annual change in the Israeli consumer price index, including, but not limited to, dividends, interest and capital gain (NIS
641,880 for 2018).
Estate and Gift Tax
Israeli law presently does not impose estate or gift taxes.
Certain United States Federal Income Tax Consequences
The following is a description of certain United States federal income tax consequences relating to the acquisition, ownership and disposition of our ordinary
shares by a U.S. Holder (as defined below). This description addresses only the United States federal income tax consequences to U.S. Holders that hold such
ordinary shares as capital assets within the meaning of Section 1221 of the Internal Revenue Code of 1986, as amended (the “Code”). This description does not
address tax considerations applicable to U.S. Holders that may be subject to special tax rules, including, without limitation:
•
•
•
•
•
•
•
•
•
•
banks, financial institutions or insurance companies;
real estate investment trusts, regulated investment companies or grantor trusts;
brokers, dealers or traders in securities, commodities or currencies;
tax-exempt entities or organizations, including an “individual retirement account” or “Roth IRA” as defined in Section 408 or 408A of the Code,
respectively;
certain former citizens or long-term residents of the United States;
persons that receive our ordinary shares as compensation for the performance of services;
persons that hold our ordinary shares as part of a “hedging,” “integrated” or “conversion” transaction or as a position in a “straddle” for United
States federal income tax purposes;
persons subject to special tax accounting as a result of any item of gross income with respect to the ordinary shares being taken into account in an
applicable financial statement;
partnerships (including entities classified as partnerships for United States federal income tax purposes) or other pass-through entities, or indirect
holders that hold our shares through such an entity;
S corporations;
88
�•
•
holders whose “functional currency” is not the U.S. Dollar; or
holders that own directly, indirectly or through attribution 10.0% or more of the voting power or value of our shares.
Moreover, this description does not address the United States federal estate, gift or alternative minimum tax consequences, or any state, local or non-U.S. tax
consequences, of the acquisition, ownership and disposition of our ordinary shares.
This description is based on the Code, existing, proposed and temporary United States Treasury Regulations and judicial and administrative interpretations thereof,
in each case as in effect and available on the date hereof. All of the foregoing is subject to change, which change could apply retroactively and could affect the tax
consequences described below. There can be no assurances that the U.S. Internal Revenue Service, or IRS, will not take a different position concerning the tax
consequences of the ownership and disposition of our ordinary shares or that such a position would not be sustained. Holders should consult their own tax advisors
concerning the U.S. federal, state, local and foreign tax consequences of acquiring, owning and disposing of our ordinary shares in their particular circumstances.
For purposes of this description, a “U.S. Holder” is a beneficial owner of our ordinary shares that, for United States federal income tax purposes, is:
•
•
•
•
a citizen or individual resident of the United States;
a corporation (or other entity treated as a corporation for United States federal income tax purposes) created or organized in or under the laws of the
United States or any state thereof, including the District of Columbia;
an estate the income of which is subject to United States federal income taxation regardless of its source; or
a trust if such trust has validly elected to be treated as a United States person for United States federal income tax purposes or if (1) a court within
the United States is able to exercise primary supervision over its administration and (2) one or more United States persons have the authority to
control all of the substantial decisions of such trust.
If a partnership (or any other entity or arrangement treated as a partnership for United States federal income tax purposes) holds our ordinary shares, the tax
treatment of a partner in such partnership will generally depend on the status of the partner and the activities of the partnership. Such a partner or partnership
should consult its tax advisor as to the particular United States federal income tax consequences of acquiring, owning and disposing of our ordinary shares in its
particular circumstance.
You should consult your tax advisor with respect to the United States federal, state, local and foreign tax consequences of acquiring, owning and
disposing of our ordinary shares.
Distributions
Subject to the discussion below under “Passive Foreign Investment Company Considerations,” if you are a U.S. Holder, the gross amount of any distribution made
to you with respect to our ordinary shares before reduction for any Israeli taxes withheld therefrom, other than certain distributions, if any, of our ordinary shares
distributed pro rata to all our shareholders, generally will be includible in your income as dividend income on the date on which the dividends are actually or
constructively received, to the extent such distribution is paid out of our current or accumulated earnings and profits as determined under United States federal
income tax principles. To the extent that the amount of any distribution by us exceeds our current and accumulated earnings and profits as determined under United
States federal income tax principles, it will be treated first as a tax‑free return of your adjusted tax basis in our ordinary shares and thereafter as capital gain.
However, we do not expect to maintain calculations of our earnings and profits under United States federal income tax principles. Therefore, if you are a U.S.
Holder you should expect that the entire amount of any distribution generally will be reported as dividend income to you. Subject to applicable limitations,
dividends paid to certain non-corporate U.S. Holders may qualify for the preferential rates of taxation with respect to dividends on ordinary shares if certain
requirements, including stock holding period requirements, are satisfied by the recipient and we are eligible for the benefits of the United States-Israel Tax Treaty.
However, such dividends will not be eligible for the dividends received deduction generally allowed to corporate U.S. Holders.
89
�Subject to certain conditions and limitations, Israeli tax withheld on dividends may be, at your election, either deducted from your taxable income or credited
against your United States federal income tax liability. If you are a U.S. Holder, dividends paid to you with respect to our ordinary shares will generally be treated
as foreign source income, which may be relevant in calculating your foreign tax credit limitation. However, for periods in which we are a “United Stated-owned
foreign corporation,” a portion of dividends (generally attributable to earnings and profits from source within the United States) paid by us may be treated as U.S.
source solely for purposes of the foreign tax credit. We would be treated as a United States-owned foreign corporation if 50% or more of the total value or total
voting power of our stock is owned, directly, indirectly or by attribution, by United States persons. To the extent any portion of our dividends is treated as U.S.
source income pursuant to this rule, the ability of a U.S. Holder to claim a foreign tax credit for any Israeli withholding taxes payable in respect of our dividends
may be limited. A U.S. Holder entitled to benefits under the United States-Israel Tax Treaty may, however, elect to treat any dividends as foreign source income
for foreign tax credit purposes if the dividend income is separated from other income items for purposes of calculating the U.S. Holder’s foreign tax credit. U.S.
Holders should consult their own tax advisors about the impact of, and any exception available to, the special sourcing rule described in this paragraph, and the
desirability of making, and the method of making, such an election.
The limitation on foreign taxes eligible for credit is calculated separately with respect to specific classes of income. For this purpose, dividends that we distribute
generally should constitute “passive category income” for this purpose. A foreign tax credit for foreign taxes imposed on distributions may be denied if you do not
satisfy certain minimum holding period requirements. The rules relating to the determination of the foreign tax credit are complex, and you should consult your tax
advisor to determine whether and to what extent you will be entitled to this credit.
Sale, Exchange or Other Taxable Disposition of Ordinary Shares
Subject to the discussion below under “Passive Foreign Investment Company Considerations,” if you are a U.S. Holder, you generally will recognize gain or loss
on the sale, exchange or other taxable disposition of our ordinary shares equal to the difference between the amount realized on such sale, exchange or other
taxable disposition and your adjusted tax basis in our ordinary shares, and such gain or loss will be capital gain or loss. The adjusted tax basis in an ordinary share
generally will be equal to the cost of such ordinary share. If you are a non-corporate U.S. Holder, capital gain from the sale, exchange or other taxable disposition
of ordinary shares is generally eligible for a preferential rate of taxation applicable to capital gains, if your holding period for such ordinary shares exceeds one
year (i.e., such gain is long-term capital gain). The deductibility of capital losses for United States federal income tax purposes is subject to limitations under the
Code. Any such gain or loss that a U.S. Holder recognizes generally will be treated as U.S. source income or loss for foreign tax credit limitation purposes.
Passive Foreign Investment Company Considerations
If we were to be classified as a “passive foreign investment company,” or PFIC, in any taxable year, a U.S. Holder would be subject to special rules generally
intended to reduce or eliminate any benefits from the deferral of U.S. federal income tax that a U.S. Holder could derive from investing in a non-U.S. company that
does not distribute all of its earnings on a current basis.
A non-U.S. corporation will be classified as a PFIC for federal income tax purposes in any taxable year in which, after applying certain look-through rules with
respect to the income and assets of subsidiaries, either:
•
•
at least 75% of its gross income is “passive income”; or
at least 50% of the average quarterly value of its total gross assets (which may be measured in part by the market value of our ordinary shares,
which is subject to change) is attributable to assets that produce “passive income” or are held for the production of passive income.
Passive income for this purpose generally includes dividends, interest, royalties, rents, gains from commodities and securities transactions and the excess of gains
over losses from the disposition of assets which produce passive income. If a non-U.S. corporation owns directly or indirectly at least 25% by value of the stock of
another corporation, the non-U.S. corporation is treated for purposes of the PFIC tests as owning its proportionate share of the assets of the other corporation and as
receiving directly its proportionate share of the other corporation’s income. If we are classified as a PFIC in any year with respect to which a U.S. Holder owns our
ordinary shares, we will continue to be treated as a PFIC with respect to such U.S. Holder in all succeeding years during which the U.S. Holder owns our ordinary
shares, regardless of whether we continue to meet the tests described above.
90
�Based on our market capitalization and the composition of our gross income and the fair market value of our assets, and the nature of our business, we believe that
we should not be classified as a PFIC for the taxable year ended December 31, 2018. Because PFIC status is determined annually and requires a factual
determination that depends on, among other things, the composition of our income, assets and activities for the entire taxable year, it is not possible to determine
whether we will be characterized as a PFIC for the current taxable year, or for any subsequent year, until we finalize our financial statements for that year.
Furthermore, because the value of our gross assets is likely to be determined in large part by reference to our market capitalization, a decline in the value of our
ordinary shares may result in our becoming a PFIC. Accordingly, there can be no assurance that we will not be considered a PFIC for any taxable year.
Under certain attribution rules, if we are considered a PFIC, U.S. Holders may be deemed to own their proportionate share of our PFIC subsidiaries, such
subsidiaries referred to as “lower-tier PFICs,” and will be subject to U.S. federal income tax in the manner discussed below on (1) a distribution to us on the shares
of a “lower-tier PFIC” and (2) a disposition by us of shares of a “lower-tier PFIC,” both as if the holder directly held the shares of such “lower-tier PFIC.”
If we are considered a PFIC for any taxable year during which a U.S. Holder holds (or, as discussed in the previous paragraph, is deemed to hold) its ordinary
shares, such holder will be subject to adverse U.S. federal income tax rules. In general, if a U.S. Holder disposes of shares of a PFIC (including an indirect
disposition or a constructive disposition of shares of a “lower-tier PFIC”), gain recognized or deemed recognized by such holder would be allocated ratably over
such holder’s holding period for the shares. The amounts allocated to the taxable year of disposition and to years before the entity became a PFIC, if any, would be
treated as ordinary income.
The amount allocated to each other taxable year would be subject to tax at the highest rate in effect for such taxable year for individuals or corporations, as
appropriate, and an interest charge would be imposed on the tax attributable to such allocated amounts. Further, any distribution in respect of shares of a PFIC (or a
distribution by a lower-tier PFIC to its shareholders that is deemed to be received by a U.S. Holder) in excess of 125% of the average of the annual distributions on
such shares received or deemed to be received during the preceding three years or the U.S. Holder’s holding period, whichever is shorter, would be subject to
taxation in the manner described above. In addition, dividend distributions made to you will not qualify for the preferential rates of taxation applicable to long-term
capital gains discussed above under “Distributions.”
Where a company that is a PFIC meets certain reporting requirements, a U.S. Holder can avoid certain adverse PFIC consequences described above by making a
“qualified electing fund”, or QEF, election to be taxed currently on its proportionate share of the PFIC’s ordinary income and net capital gains. However, we do not
intend to prepare or provide the information that would enable U.S. Holders to make a qualified electing fund election.
If we are a PFIC and our ordinary shares are “regularly traded” on a “qualified exchange,” a U.S. Holder may make a mark-to-market election with respect to our
ordinary shares (but not the shares of any lower-tier PFICs), which may help mitigate the adverse tax consequences resulting from our PFIC status (but not that of
any lower-tier PFICs). Our ordinary shares will be treated as “regularly traded” in any calendar year in which more than a de minimis quantity of the ordinary
shares are traded on a qualified exchange on at least 15 days during each calendar quarter (subject to the rule that trades that have as one of their principal purposes
the meeting of the trading requirement are disregarded). NASDAQ is a qualified exchange for this purpose and, consequently, if the ordinary shares are regularly
traded, the mark-to-market election will be available to a U.S. Holder; however, there can be no assurance that trading volumes will be sufficient to permit a mark-
to-market election. In addition, because a mark-to-market election with respect to us does not apply to any equity interests in “lower-tier PFICs” that we own, a
U.S. Holder generally will continue to be subject to the PFIC rules with respect to its indirect interest in any investments held by us that are treated as equity
interests in a PFIC for U.S. federal income tax purposes.
91
�If a U.S. Holder makes the mark-to-market election, for each year in which we are a PFIC, the holder will generally include as ordinary income the excess, if any,
of the fair market value of ordinary shares at the end of the taxable year over their adjusted tax basis, and will be permitted an ordinary loss in respect of the excess,
if any, of the adjusted tax basis of our ordinary shares over their fair market value at the end of the taxable year (but only to the extent of the net amount of
previously included income as a result of the mark-to-market election). A U.S. Holder that makes a valid mark-to-market election will not include mark-to-market
gain or loss in income for any taxable year that we are not classified as a PFIC (although cessation of our status as a PFIC will not terminate the mark-to-market
election). Thus, if we are classified as a PFIC in a taxable year after a year in which we are not classified as a PFIC, the U.S. Holder’s original election (unless
revoked or terminated) continues to apply and the U.S. Holder must include any mark-to-market gain or loss in such year. If a U.S. Holder makes the election, the
holder’s tax basis in our ordinary shares will be adjusted to reflect any such income or loss amounts. Any gain recognized on a sale or other disposition of our
ordinary shares will be treated as ordinary income. Any losses recognized on a sale or other disposition of our ordinary shares will be treated as ordinary loss to the
extent of any net mark-to-market gains for prior years. U.S. Holders should consult their own tax advisors regarding the availability and consequences of making a
mark-to-market election in their particular circumstances. In particular, U.S. Holders should consider carefully the impact of a mark-to-market election with
respect to our ordinary shares if we have “lower-tier PFICs” for which such election is not available. Once made, the mark-to-market election cannot be revoked
without the consent of the IRS unless our ordinary shares cease to be “regularly traded.”
If a U.S. Holder owns ordinary shares during any year in which we are a PFIC, the U.S. Holder generally will be required to file an IRS Form 8621 (Information
Return by a Shareholder of a Passive Foreign Investment Company or Qualified Electing Fund) with respect to the company (regardless of whether a QEF or
mark-to-market election is made), generally with the U.S. Holder’s federal income tax return for that year. If our company were a PFIC for a given taxable year,
then you should consult your tax advisor concerning your annual filing requirements.
U.S. Holders should consult their tax advisors regarding whether we are a PFIC and the potential application of the PFIC rules.
Medicare Tax
Certain U.S. Holders that are individuals, estates or trusts are subject to a 3.8% tax on all or a portion of their “net investment income,” which may include all or a
portion of their dividend income and net gains from the disposition of ordinary shares. Each U.S. Holder that is an individual, estate or trust is urged to consult its
tax advisors regarding the applicability of the Medicare tax to its income and gains in respect of its investment in our ordinary shares.
Backup Withholding Tax and Information Reporting Requirements
United States backup withholding tax and information reporting requirements may apply to certain payments to certain holders of stock. Information reporting
generally will apply to payments of dividends on, and to proceeds from the sale or redemption of, our ordinary shares made within the United States, or by a
United States payor or United States middleman, to a holder of our ordinary shares, other than an exempt recipient (including a payee that is not a United States
person that provides an appropriate certification and certain other persons). A payor will be required to withhold backup withholding tax from any payments of
dividends on, or the proceeds from the sale or redemption of, ordinary shares within the United States, or by a United States payor or United States middleman, to a
holder, other than an exempt recipient, if such holder fails to furnish its correct taxpayer identification number or otherwise fails to comply with, or establish an
exemption from, such backup withholding tax requirements. Any amounts withheld under the backup withholding rules will be allowed as a credit against the
beneficial owner’s United States federal income tax liability, if any, and any excess amounts withheld under the backup withholding rules may be refunded,
provided that the required information is timely furnished to the IRS.
Foreign Asset Reporting
Certain U.S. Holders who are individuals or certain other non-corporate entities may be required to report information relating to an interest in our ordinary shares,
subject to certain exceptions (including an exception for shares held in accounts maintained by U.S. financial institutions) by filing IRS Form 8938 (Statement of
Specified Foreign Financial Assets) with their federal income tax return. U.S. Holders are urged to consult their tax advisors regarding their information reporting
obligations, if any, with respect to their ownership and disposition of our ordinary shares.
The above description is not intended to constitute a complete analysis of all tax consequences relating to acquisition, ownership and disposition of our
ordinary shares. You should consult your tax advisor concerning the tax consequences of your particular situation.
92
�F. Dividends and Paying Agents
Not applicable.
G. Statement by Experts
Not applicable.
H. Documents on Display
We are subject to the informational requirements of the Exchange Act that are applicable to foreign private issuers, and under those requirements file reports with
the SEC. Those other reports or other information may be inspected without charge at the locations described above. As a foreign private issuer, we are exempt
from the rules under the Exchange Act related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders will be
exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the
Exchange Act to file annual, quarterly and current reports and financial statements with the SEC as frequently or as promptly as United States companies whose
securities are registered under the Exchange Act. However, we will file with the SEC, within 120 days after the end of each subsequent fiscal year, or such
applicable time as required by the SEC, an annual report on Form 20-F containing financial statements audited by an independent registered public accounting
firm, and will submit to the SEC reports on Form 6-K containing unaudited quarterly financial information.
Our filings with the SEC are also available to the public through the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information
statements and other information regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not
incorporated by reference herein.
I. Subsidiary Information
Not applicable.
ITEM 1 1. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
We are exposed to a variety of risks, including foreign currency exchange fluctuations, changes in interest rates and inflation. We regularly assess currency,
interest rate and inflation risks to minimize any adverse effects on our business as a result of those factors.
Foreign Currency Risk
Our results of operations and cash flows are affected by fluctuations due to changes in foreign currency exchange rates. In 2018, the majority of our revenues were
denominated in U.S. dollars and the remainder in other currencies, primarily euros and British pounds sterling. In 2018, the majority of our cost of revenues and
operating expenses were denominated in U.S. dollars and NIS and the remainder in other currencies, primarily euros and British pounds sterling. Our foreign
currency-denominated expenses consist primarily of personnel, marketing programs, rent and other overhead costs. Since a significant portion of our expenses is
incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar could adversely impact our operating
income. In addition, since the portion of our revenues generated in euros and British pounds sterling is greater than our expenses incurred in euros and British
pounds sterling, respectively, any depreciation of the euro or British pounds sterling relative to the U.S. dollar would adversely impact our operating income.
The following table presents information about the changes in the exchange rates of the NIS against the U.S. dollar:
Period
2018
2017
2016
93
Change in
Average
Exchange
Rate of the NIS
Against the U.S.
dollar (%)
(0.1)
(6.3)
(1.1)
�The figures above represent the change in the average exchange rate in the given period compared to the average exchange rate in the immediately preceding
period. Negative figures represent depreciation of the U.S. dollar compared to the NIS. A 10% strengthening or weakening in the value of the NIS against the
U.S. dollar would have decreased or increased, respectively, our operating income by approximately $6.0 million in 2018. We estimate that a 10% strengthening or
weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our operating income by approximately $3.4 million in
2018. We estimate that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would have increased or decreased,
respectively, our operating income by approximately $0.6 million in 2018. These estimates of the impact of fluctuations in currency exchange rates on our historic
results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising
our revenues and expenses may change.
For purposes of our consolidated financial statements, monetary assets and liabilities in local currency are translated at the rate of exchange to the U.S. dollar on
the balance sheet date and local currency revenues and expenses are translated at the exchange rate at the date of the transaction or the average exchange rate
during the reporting period.
In addition , starting January 1, 2019, in accordance with a new lease accounting standard, we are required to present a significant NIS linked liability related to our
operational leases in Israel.
To protect against the increase in value of forecasted foreign currency cash flow resulting from expenses paid in NIS during the year, we have instituted a foreign
currency cash flow hedging program. We hedge portions of the anticipated payroll of our Israeli employees in NIS for a period of one to twelve months with
forward contracts and other derivative instruments. In addition, from time to time we enter into foreign exchange forward transactions to economically hedge a
portion of account receivables in Euros and British pounds sterling. We do not use derivative financial instruments for speculative or trading purposes.
Interest Rate Risk
The primary objectives of our investment activities are to preserve principal, support liquidity requirements, and maximize income without significantly increasing
risk. Our investments are subject to market risk due to changes in interest rates, which may affect our interest income and fair market value of our investments.
To minimize this risk, we maintain our portfolio of cash, cash equivalents and short and long-term investments in a variety of securities, including money market
funds, U.S. government and agency securities, and corporate debt securities. We do not believe that a 10% increase or decrease in interest rates would have a
material impact on our operating results, cash flows or the fair value of our portfolio.
Other Market Risks
We do not believe that we have any material exposure to inflationary risks.
ITEM 1 2. DESCRIPTION OF SECURITIES OTHER THAN EQUITY SECURITIES
Not applicable.
94
�ITE M 13. DEFAULTS, DIVIDEND ARREARAGES AND DELINQUENCIES
PART II
None.
ITE M 14.
MATERIAL MODIFICATIONS TO THE RIGHTS OF SECURITY HOLDERS AND USE OF PROCEEDS
None.
ITE M 15. CONTROLS AND PROCEDURES
Disclosure controls and procedures
Our Chief Executive Officer and Chief Financial Officer, after evaluating the effectiveness of our disclosure controls and procedures (as defined in Rule 13a-15(e)
and 15d-15(e) of the Exchange Act) as of December 31, 2018, have concluded that, based on such evaluation, as of such date, our disclosure controls and
procedures were effective such that information required to be disclosed by us in reports that we file or submit under the Exchange Act is accumulated and
communicated to our management, including our Chief Executive Officer and Chief Financial Officer, to allow timely decisions regarding required disclosure and
is recorded, processed, summarized and reported within the time periods specified by the SEC’s rules and forms.
Management annual report on internal control over financial reporting and attestation report of the registered public accounting firm
Our management, under the supervision of our Chief Executive Officer and Chief Financial Officer, is responsible for establishing and maintaining adequate
internal control over financial reporting as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act. Our internal control over financial reporting is a
process to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in
accordance with generally accepted accounting principles. Our internal control over financial reporting includes those policies and procedures that:
•
•
•
pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of our assets;
provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally
accepted accounting principles, and that our receipts and expenditures are being made only in accordance with authorizations of our management
and directors; and
provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of our assets that could have a
material effect on the financial statements.
Our management assessed the effectiveness of internal control over financial reporting as of December 31, 2018 based on the criteria established in “Internal
Control-Integrated Framework (2013)” published by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment,
management has concluded that our internal control over financial reporting was effective as of December 31, 2018.
Our independent registered public accounting firm, Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, has audited the consolidated financial
statements included in this annual report on Form 20-F, and as part of its audit, has issued its audit report on the effectiveness of our internal control over financial
reporting as of December 31, 2018. The report of Kost Forer Gabbay & Kasierer is included with our consolidated financial statements included elsewhere in this
annual report and is incorporated herein by reference .
Changes in internal control over financial reporting
There were no changes in our internal control over financial reporting (as such term is defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) that
occurred during the period covered by this annual report that have materially affected, or that are reasonably likely to materially affect, our internal control over
financial reporting.
95
�ITE M 16A. AUDIT COMMITTEE FINANCIAL EXPERT
Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by the SEC rules, have the requisite
financial experience as defined by NASDAQ corporate governance rules and are “independent” as such term is defined in Rule 10A-3(b)(1) under the Exchange
Act.
ITE M 16B. CODE OF ETHICS
We have adopted a corporate code of business conduct applicable to our executive officers, directors and all other employees. A copy of the code of conduct is
delivered to every employee of CyberArk Software Ltd. and all of its subsidiaries, and is available to investors and members of the public on our website at
http://investors.cyberark.com or by contacting our investor relations department. The corporate code of business conduct includes our code of ethics which is
applicable to our chief executive officer, our chief financial officer and all other senior financial officers. Pursuant to Item 16B of Form 20-F, if a waiver or
amendment of the code of conduct (including the code of ethics) applies to our chief executive officer, chief financial officer or other persons performing similar
functions and relates to standards promoting any of the values described in Item 16B(b) of Form 20-F, we will disclose such waiver or amendment on our website
within five business days following the date of amendment or waiver in accordance with the requirements of Instruction 4 to such Item 16B. We granted no
waivers under our code in 2018.
ITE M 16C. PRINCIPAL ACCOUNTANT FEES AND SERVICES
Principal Accountant Fees and Services
We have recorded the following fees for professional services rendered by Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, an independent
registered public accounting firm, for the years ended December 31, 2017 and 2018:
Audit Fees
Audit-Related Fees
Tax Fees
All Other Fees
Total
$
2017
2018
(in thousands)
559 $
130
179
7
559
240
227
-
$
875 $
1,026
“Audit fees” are the aggregate fees billed for the audit of our annual financial statements. This category also includes services that generally the independent
accountant provides, such as consents and assistance with and review of documents filed with the SEC.
“Audit-related fees” are the aggregate fees billed for assurance and related services that are reasonably related to the performance of the audit and are not reported
under audit fees. These fees primarily include accounting consultations regarding the accounting treatment of matters that occur in the regular course of business,
implications of new accounting pronouncements and other accounting issues that occur from time to time.
“Tax fees” include fees for professional services rendered by our independent registered public accounting firm for tax compliance and tax advice on actual or
contemplated transactions.
“All other fees” include fees for services rendered by our independent registered public accounting firm with respect to government incentives and other matters.
Our audit committee has adopted a pre-approval policy for the engagement of our independent accountant to perform certain audit and non-audit services. Pursuant
to this policy, which is designed to assure that such engagements do not impair the independence of our auditors, the audit committee pre-approves each type of
audit, audit-related, tax and other permitted service. The audit committee has delegated the pre-approval authority with respect to audit, audit-related, tax and
permitted non-audit services up to a maximum of $25,000 to its chairperson and may in the future delegate such authority to one or more additional members of the
audit committee, provided that all decisions by that member to pre-approve any such services must be subsequently reported, for informational purposes only, to
the full audit committee. All audit and non-audit services provided by our auditors in 2018 were approved in accordance with our policy.
96
�ITEM 16 D. EXEMPTIONS FROM THE LISTING STANDARDS FOR AUDIT COMMITTEES
Not applicable.
ITEM 16 E.
PURCHASES OF EQUITY SECURITIES BY THE ISSUER AND AFFILIATED PURCHASERS
Not applicable.
ITEM 16 F. CHANGE IN REGISTRANT’S CERTIFYING ACCOUNTANT
Not applicable.
ITEM 16 G. CORPORATE GOVERNANCE
As a foreign private issuer, we are permitted to comply with Israeli corporate governance practices instead of certain of NASDAQ Listing Rules, provided that we
disclose those NASDAQ Listing Rules with which we do not comply and the equivalent Israeli requirements that we follow instead. We currently rely on this
“foreign private issuer exemption” as follows:
Quorum
requirement.
As permitted under the Companies Law, pursuant to our articles of association, the quorum required for an ordinary meeting of shareholders
consists of at least two shareholders present in person or by proxy who hold or represent between them at least 25% of the voting power of our shares (and, with
respect to an adjourned meeting, generally one or more shareholders who hold or represent any number of shares), instead of 33 1/3% of the issued share capital
provided under NASDAQ Listing Rule 5260(c).
Distribution
of
Annual
and
Interim
Reports
. Unlike NASDAQ Listing Rule 5250(d), which requires listed issuers to make annual reports on Form 20-F available
to shareholders in one of a number of specific manners, Israeli law does not require us to distribute such reports directly to shareholders, and the generally accepted
business practice in Israel is not to distribute such reports to shareholders but to make such reports available through a public website. In addition, we will make
our annual report on Form 20-F containing audited financial statements available to our shareholders at our offices (in addition to a public website). Otherwise, we
comply with NASDAQ corporate governance rules requiring that listed companies have a majority of independent directors and maintain audit, compensation and
nominating committees composed entirely of independent directors.
ITE M 16H. MINE SAFETY DISCLOSURE
Not applicable.
ITEM 1 7. FINANCIAL STATEMENTS
Not applicable.
ITE M 18. FINANCIAL STATEMENTS
See pages F-2 through F-43 of this annual report.
PART III
97
�ITE M 19. EXHIBITS
The following are filed as exhibits hereto:
Exhibit No.
Description
INDEX OF EXHIBITS
1.1
2.1
2.2
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
Amended and Restated Articles of Association of the Registrant (incorporated by reference to Exhibit 1.1 to the Registrant’s Annual Report
on Form 20-F for the year ended December 31, 2017)
Specimen share certificate (incorporated by reference to Exhibit 4.1 to the Registrant’s Registration Statement on Form F-1, as amended
(Registration No. 333-196991))
Fourth Amended Investor Rights Agreement, dated July 10, 2014, by and among the Registrant and the other parties thereto (incorporated by
reference to Exhibit 10.1 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
Form of Indemnification Agreement (incorporated by reference to Exhibit 10.2 to the Registrant’s Registration Statement on Form F-1, as
amended (Registration No. 333-196991))
Office Lease Agreement, dated October 28, 2013, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to
Exhibit 10.4 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
First Amendment of Lease, dated October 23, 2014, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference
to Exhibit 10.6 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-202329))
Letter Agreement, dated June 28, 2018 between CyberArk Software, Inc. and Wells 60 Realty LLC
Summary of Office Lease Agreement, dated February 26, 2015, between the Registrant and Azorei Mallal Industries Ltd., as amended on
April 7, 2016 and December 26, 2018 ∞
Second Amendment of Lease, dated February 27, 2018 between CyberArk Software, Inc. and Wells 60 Realty LLC (incorporated by
reference to Exhibit 4.4 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2017)
2001 Stock Option Plan (incorporated by reference to Exhibit 10.5 to the Registrant’s Registration Statement on Form F-1, as amended
(Registration No. 333-196991))
Section 102 2001 Stock Option Plan (incorporated by reference to Exhibit 10.6 to the Registrant’s Registration Statement on Form F-1, as
amended (Registration No. 333-196991))
First Amendment to Section 102 2001 Stock Option Plan (incorporated by reference to Exhibit 10.7 to the Registrant’s Registration
Statement on Form F-1, as amended (Registration No. 333-196991))
2011 Share Incentive Plan (incorporated by reference to Exhibit 10.8 to the Registrant’s Registration Statement on Form F-1, as amended
(Registration No. 333-196991))
CyberArk Software Ltd. 2014 Share Incentive Plan, as amended (incorporated by reference to Exhibit 4.10 to the Registrant’s Annual Report
on Form 20-F for the year ended December 31, 2015)
CyberArk Executive Compensation Policy (incorporated by reference to Appendix A of Exhibit 99.1 to the Registrant’s Report of Foreign
Private Issuer on Form 6-K filed with the SEC on November 20, 2014)
8.1
List of subsidiaries of the Registrant
98
�12.1
12.2
13.1
13.2
15.1
Certification of Principal Executive Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications)
Certification of Principal Financial Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications)
Certification of Principal Executive Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith
Certification of Principal Financial Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith
Consent of Kost Forer Gabbay & Kasierer (a member of Ernst & Young Global)
101.INS
XBRL Document
101.SCH
XBRL Taxonomy Extension Schema Document
101.CAL
XBRL Taxonomy Extension Calculation Linkbase Document
101.DEF
XBRL Taxonomy Definition Linkbase Document
101.LAB
XBRL Taxonomy Extension Label Linkbase Document
101.PRE
XBRL Taxonomy Extension Presentation Linkbase Document
∞ English summary of original Hebrew document
99
�The registrant hereby certifies that it meets all of the requirements for filing on Form 20-F and that it has duly caused and authorized the undersigned to sign this
annual report on its behalf.
SIGNATURES
Date: March 14, 2019
CyberArk Software Ltd.
By: /s/ Ehud Mokady
Ehud Mokady
Chairman of the Board &
Chief Executive Officer
100
�CYBERARK SOFTWARE LTD.
CONSOLIDATED FINANCIAL STATEMENTS
AS OF DECEMBER 31, 2018
INDEX
Reports of Independent Registered Public Accounting Firm
Consolidated Balance Sheets
Consolidated Statements of Comprehensive Income
Statements of Changes in Shareholders' Equity
Consolidated Statements of Cash Flows
Notes to Consolidated Financial Statements
Page
F-2 – F3
F-4 – F-5
F-6
F-7
F-8 - F- 9
F-10 – F-43
�Kost Forer Gabbay & Kasierer
144A Menachem Begin Road, Building
A
Tel-Aviv 6492102, Israel
Tel: +972-3-6232525
Fax: +972-3-5622555
ey.com
Report of Independent Registered Public Accounting Firm
To the Shareholders and Board of Directors of CyberArk Software Ltd.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of CyberArk Software Ltd. (the Company) as of December 31, 2017 and 2018, the related
consolidated statements of comprehensive income, shareholders' equity and cash flows for each of the three years in the period ended December 31, 2018, and the
related notes (collectively referred to as the "consolidated financial statements"). In our opinion, the consolidated financial statements present fairly, in all material
respects, the financial position of the Company at December 31, 2017 and 2018, and the results of its operations and its cash flows for each of the three years in the
period ended December 31, 2018, in conformity with U.S. generally accepted accounting principles.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's
internal control over financial reporting as of December 31, 2018, based on criteria established in Internal Control-Integrated Framework issued by the Committee
of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated March 14, 2019 expressed an unqualified opinion thereon.
Adoption of ASU No. 2014-09
As discussed in Note 2 to the consolidated financial statements, the Company changed its method of accounting for revenue in 2018 due to the adoption of
Accounting Standards Update (ASU) No. 2014-09, Revenue from Contracts with Customers (Topic 606), and the related amendments.
Basis for Opinion
These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company's financial
statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in
accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to
assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such
procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the
accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe
that our audits provide a reasonable basis for our opinion.
/s/ KOST FORER GABBAY & KASIERER
A Member of Ernst & Young Global
We have served as the Company`s auditor since 2000.
Tel-Aviv, Israel
March 14, 2019
F - 2
�Kost Forer Gabbay & Kasierer
144A Menachem Begin Road, Building
A
Tel-Aviv 6492102, Israel
Tel: +972-3-6232525
Fax: +972-3-5622555
ey.com
Report of Independent Registered Public Accounting Firm
To the Shareholders and Board of Directors of CyberArk Software Ltd.
Opinion on Internal Control over Financial Reporting
We have audited CyberArk Software Ltd.'s internal control over financial reporting as of December 31, 2018, based on criteria established in Internal
Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In
our opinion, CyberArk Software Ltd. (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31,
2018, based on the COSO criteria.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated
balance sheets of the Company as of December 31, 2017 and 2018, the related consolidated statements of comprehensive income, shareholders' equity and cash
flows for each of the three years in the period ended December 31, 2018, and the related notes and our report dated March 14, 2019 expressed an unqualified
opinion thereon.
Basis for Opinion
The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of
internal control over financial reporting included in the accompanying Management's Annual Report on Internal Control over Financial Reporting. Our
responsibility is to express an opinion on the Company's internal control over financial reporting based on our audit. We are a public accounting firm registered
with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and
regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether effective internal control over financial reporting was maintained in all material respects.
Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and
evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary
in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting
and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over
financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the
transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of
financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in
accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of
unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of
effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with
the policies or procedures may deteriorate.
/s/ KOST FORER GABBAY & KASIERER
A Member of Ernst & Young Global
Tel-Aviv, Israel
March 14, 2019
F - 3
�CONSOLIDATED BALANCE SHEETS
U.S. dollars in thousands
ASSETS
CURRENT ASSETS:
Cash and cash equivalents
Short-term bank deposits
Marketable securities
Trade receivables (net of allowance for doubtful debt accounts of $113 and $ 38 at December 31, 2017 and 2018,
$
respectively)
Prepaid expenses and other current assets
Total current assets
LONG-TERM ASSETS:
Property and equipment, net
Intangible assets, net
Goodwill
Marketable securities
Prepaid expenses and other long-term assets
Deferred tax assets
Tota l long-term assets
TOTAL ASSETS
The accompanying notes are an integral part of the consolidated financial statements.
F - 4
CYBERARK SOFTWARE LTD.
December 31,
2017
2018
161,261 $
107,647
34,025
45,315
7,407
260,636
106,399
59,948
48,431
6,349
355,655
481,763
9,230
15,664
69,217
27,407
6,060
19,343
15,120
14,732
82,400
24,261
31,863
23,481
146,921
191,857
$
502,576 $
673,620
�CONSOLIDATED BALANCE SHEETS
U.S. dollars in thousands (except share and per share data)
LIABILITIES AND SHAREHOLDERS' EQUITY
CURRENT LIABILITIES:
Trade payables
Employees and payroll accruals
Accrued expenses and other current liabilities
Deferred revenues
Total current liabilities
LONG-TERM LIABILITIES:
Deferred revenues
Other long-term liabilities
Total long-term liabilities
TOTAL LIABILITIES
COMMITMENTS AND CONTINGENCIES
SHAREHOLDERS' EQUITY:
Ordinary shares of NIS 0.01 par value – Authorized: 250,000,000 shares at December 31, 2017 and 2018; Issued and
outstanding: 35,274,888 shares and 36,838,523 shares at December 31, 2017 and 2018, respectively
Additional paid-in capital
Accumulated other comprehensive income (loss)
Retained earnings
Total shareholders' equity
CYBERARK SOFTWARE LTD.
December 31,
2017
2018
$
1,960 $
25,253
10,209
66,986
4,924
32,853
13,271
92,375
104,408
143,423
38,249
5,954
57,159
6,268
44,203
63,427
148,611
206,850
91
249,874
107
103,893
95
303,900
(939)
163,714
353,965
466,770
TOTAL LIABILITIES AND SHAREHOLDERS' EQUITY
$
502,576 $
673,620
The accompanying notes are an integral part of the consolidated financial statements.
F - 5
�CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME
U.S. dollars in thousands (except per share data)
Revenues:
License
Maintenance and professional services
Cost of revenues:
License
Maintenance and professional services
Gross profit
Operating expenses:
Research and development
Sales and marketing
General and administrative
Total operating expenses
Operating income
Financial income, net
Income before taxes on income
Taxes on income
Net income
Basic net income per ordinary share
Diluted net income per ordinary share
Other comprehensive income (loss)
Change in unrealized losses on marketable securities:
Unrealized loss arising during the year
Change in unrealized gain on cash flow hedges:
Unrealized gain (loss) arising during the year
Loss (gain) reclassified into earnings
Other comprehensive income (loss), net of taxes of $16, $(41) and $143 for the years 2016, 2017 and
2018, respectively
CYBERARK SOFTWARE LTD.
Year ended
December 31,
2017
2016
2018
$
131,530 $
85,083
147,640 $
114,061
192,514
150,685
216,613
261,701
343,199
4,726
25,425
7,911
33,937
10,526
37,935
30,151
41,848
48,461
186,462
219,853
294,738
34,614
93,775
22,117
42,389
126,739
30,399
57,112
148,290
42,044
150,506
199,527
247,446
35,956
245
36,201
(8,077)
20,326
4,103
24,429
(8,414)
47,292
4,551
51,843
(4,771)
28,124 $
16,015 $
47,072
0.83 $
0.78 $
0.46 $
0.44 $
1.30
1.27
$
$
$
(141)
(141)
249
(190)
59
(29)
(29)
1,470
(1,159)
311
(43)
(43)
(2,469)
1,466
(1,003)
(82)
282
(1,046)
Total comprehensive income
$
28,042 $
16,297 $
46,026
The accompanying notes are an integral part of the consolidated financial statements.
F - 6
�CYBERARK SOFTWARE LTD.
STATEMENTS OF CHANGES IN SHAREHOLDERS' EQUITY
U.S. dollars in thousands (except share data)
Ordinary shares
Additional
Shares
Amount
paid-in
capital
Accumulated
other
comprehensive
income (loss)
Retained
Total
shareholders'
earnings
equity
Balance as of January 1, 2016
33,289,839 $
86 $
200,107 $
(93) $
46,570 $
246,670
Exercise of options and vested RSUs
granted to employees
Other comprehensive loss, net of tax
Share-based compensation
Tax benefit related to share-based
compensation
Net income
960,751
-
-
-
-
2
-
-
-
-
2,501
-
17,535
1,466
-
-
(82)
-
-
-
-
-
-
-
28,124
2,503
(82)
17,535
1,466
28,124
Balance as of December 31, 2016
34,250,590 $
88 $
221,609 $
(175) $
74,694 $
296,216
Cumulative effect adjustment resulting from
adoption of new accounting
pronouncements
Exercise of options and vested RSUs granted
to employees
Other comprehensive income, net of tax
Share-based compensation
Net income
-
1,024,298
-
-
-
-
3
-
-
-
376
-
13,184
13,560
2,621
-
25,268
-
-
282
-
-
-
-
-
16,015
2,624
282
25,268
16,015
Balance as of December 31, 2017
35,274,888 $
91 $
249,874 $
107 $
103,893 $
353,965
Cumulative effect adjustment resulting from
adoption of new accounting
pronouncements (see Note 2z)
Exercise of options and vested RSUs granted
to employees
Other comprehensive loss, net of tax
Share-based compensation
Net income
-
1,563,635
-
-
-
-
4
-
-
-
-
-
12,749
12,749
18,035
-
35,991
-
-
(1,046)
-
-
-
-
-
47,072
18,039
(1,046)
35,991
47,072
Balance as of December 31, 2018
36,838,523 $
95 $
303,900 $
(939) $
163,714 $
466,770
The accompanying notes are an integral part of the consolidated financial statements.
F - 7
�CONSOLIDATED STATEMENTS OF CASH FLOWS
U.S. dollars in thousands
Cash flows from operating activities :
Net income
Adjustments to reconcile net income to net cash provided by operating activities:
Depreciation and amortization
Share-based compensation
Amortization of premium, net of accretion of discount on marketable securities
Tax benefit related to share-based compensation
Deferred income taxes, net
Increase in trade receivables
Increase in prepaid expenses and other current and long-term assets
Increase (decrease) in trade payables
Increase in short-term and long-term deferred revenues
Increase in employees and payroll accruals
Increase (decrease) in accrued expenses and other current and long-term liabilities
CYBERARK SOFTWARE LTD.
Year ended
December 31,
2017
2016
2018
$
28,124 $
16,015 $
47,072
6,488
17,535
275
(1,466)
(1,130)
(12,920)
(1,587)
(177)
19,117
2,610
(559)
7,856
25,237
382
-
5,856
(11,631)
(3,638)
(1,288)
31,729
6,316
3,903
10,078
35,964
293
-
(7,056)
(3,116)
(11,893)
1,955
47,818
6,896
2,114
Net cash provided by operating activities
56,310
80,737
130,125
Cash flows from investing activities :
Proceeds from (investment in) short and long-term deposits
Investment in marketable securities
Proceeds from maturities of marketable securities
Purchase of property and equipment
Payments for business acquisitions, net of cash acquired (Schedule A)
(83,312)
(40,433)
4,307
(2,795)
-
(20,661)
(43,604)
17,355
(6,757)
(41,329)
1,600
(61,118)
37,838
(8,613)
(18,450)
Net cash used in investing activities
(122,233)
(94,996)
(48,743)
Cash flows from financing activities :
Tax benefit related to share-based compensation
Proceeds from exercise of stock options
Net cash provided by financing activities
Increase (decrease) in cash, cash equivalents and restricted cash
Cash, cash equivalents and restricted cash at the beginning of the year
1,466
2,503
-
2,624
-
17,980
3,969
2,624
17,980
(61,954)
236,110
(11,635)
174,156
99,362
162,521
Cash, cash equivalents and restricted cash at the end of the year
$
174,156 $
162,521 $
261,883
Non-cash activities :
Purchase of property and equipment on credit
$
683 $
981 $
1,613
Supplemental disclosure of cash flow activities :
Cash paid during the year for taxes, net
$
10,577 $
3,371 $
6,375
The accompanying notes are an integral part of the consolidated financial statements.
F - 8
�CONSOLIDATED STATEMENTS OF CASH FLOWS
U.S. dollars in thousands
Schedule A - Payments for businesses acquired (See note 1b.)
Estimated fair value of assets acquired and liabilities assumed at the date of Conjur's acquisition was as follows:
CYBERARK SOFTWARE LTD.
Working capital, net (excluding $379 of cash and cash equivalents acquired)
Property and equipment
Goodwill
Other intangible assets
Deferred taxes, net
Estimated fair value of assets acquired and liabilities assumed at the date of Vaultive's acquisition was as follows:
Working capital, net (excluding $21 of cash and cash equivalents acquired)
Property and equipment
Goodwill
Other intangible assets
Deferred taxes, net
The accompanying notes are an integral part of the consolidated financial statements.
F - 9
Year ended
December
31,
2017
$
(451)
12
34,072
6,888
808
$
41,329
Year ended
December
31,
2018
$
(996)
83
13,183
5,424
756
$
18,450
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 1:
GENERAL
CYBERARK SOFTWARE LTD.
a.
CyberArk Software Ltd. (together with its subsidiaries, the " Company " ) is an Israeli company that develops, markets and sells software-
based security solutions and services. The Company's solutions and services enable organizations to safeguard and monitor their privileged
accounts, which are those accounts within an organization that have access to the organization's high value assets and are located across its IT
infrastructure. The Company's software provides customers with the ability to protect, detect, monitor and control access to privileged
accounts in order to break the lifecycle of a targeted cyber-attack before it can cause damage to an organization.
b.
In May 2017, the Company acquired all of the share capital of Conjur, Inc. ("Conjur") for total gross consideration of $41,708. Conjur is a
provider of DevOps security software. The Company expensed the related acquisition costs of $686 in general and administrative expenses.
In March 2018, the Company acquired all of the share capital of Vaultive, Ltd. ("Vaultive") for total gross consideration of $18,471. Vaultive
specializes in privileged account security in cloud environments. The Company expensed the related acquisition costs of $268 in general and
administrative expenses. Pro forma results of operations have not been presented because the acquisition was not material to the Company's
results of operations.
c.
Unaudited pro forma results of operations:
The following table presents unaudited pro forma revenue, net income and basic and diluted net income per ordinary share for periods
presented assuming the acquisition of Conjur occurred on January 1, 2016. The pro forma information is not necessarily indicative of the
results of operations, which actually would have occurred had the acquisition been consummated on that date, nor does it purport to represent
the results of operations for future periods:
Conjur:
Pro forma revenue
Pro forma net income
Basic net income per ordinary share
Diluted net income per ordinary share
F - 10
December 31,
2016
2017
(Unaudited)
$
$
$
$
217,570 $
23,705 $
0.70 $
0.66 $
262,169
13,985
0.40
0.39
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES
CYBERARK SOFTWARE LTD.
The consolidated financial statements have been prepared in accordance with U.S. generally accepted accounting principles ( " U.S. GAAP ") .
a.
Use of estimates:
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates, judgments and assumptions
that affect the amounts reported in the consolidated financial statements and accompanying notes. The Company evaluates on an ongoing
basis its assumptions, including those related to contingent liabilities, income tax uncertainties, deferred taxes, share-based compensation and
the value of intangible assets and goodwill, as well as the determination of standalone selling prices in revenue transactions with multiple
performance obligations and the estimated period of benefit for deferred contract costs. The Company's management believes that the
estimates, judgment and assumptions used are reasonable based upon information available at the time they are made. These estimates,
judgments and assumptions can affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the
dates of the consolidated financial statements, and the reported amounts of revenue and expenses during the reporting periods. Actual results
could differ from those estimates .
b.
Principles of consolidation:
The consolidated financial statements include the financial statements of CyberArk Software Ltd. and its wholly-owned subsidiaries. All
intercompany transactions and balances have been eliminated upon consolidation.
c.
Financial statements in U.S. dollars:
A majority of the Company's revenues are generated in U.S. dollars. In addition, the equity investments were in U.S. dollars and a substantial
portion of the Company's costs are incurred in U.S. dollars. The Company's management believes that the U.S. dollar is the currency of the
primary economic environment in which the Company and each of its subsidiaries operates. Thus, the functional and reporting currency of
the Company is the U.S. dollar.
Accordingly, monetary accounts maintained in currencies other than the U.S. dollar are re-measured into U.S. dollars in accordance with
Statement of the Accounting Standard Codification ( " ASC " ) No. 830 " Foreign Currency Matters. " All transaction gains and losses of the
re-measured monetary balance sheet items are reflected in the statement of comprehensive income as financial income or expenses, as
appropriate.
d.
Cash and cash equivalents:
Cash equivalents are short-term highly liquid deposits that are readily convertible to cash with original maturities of three months or less, at
the date acquired.
F - 11
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
e. Short-term bank deposits:
CYBERARK SOFTWARE LTD.
Short-term bank deposits are deposits with maturities of up to one year. As of December 31, 2017 and 2018, the Company's bank deposits are
denominated in U.S. dollars and New Israeli Shekels ( " NIS") and bear yearly interest at weighted average deposits rates of 1.69% and
2.92%, respectively. Short-term bank deposits are presented at their cost, including accrued interest. A portion of these deposits is used as
security for the rental of premises and for the Company's hedging activities.
f. Investments in marketable securities:
The Company accounts for investments in debt marketable securities in accordance with ASC No. 320, " Investments - Debt and Equity
Securities. " The Company's management determines the appropriate classification of its investments in marketable securities at the time of
purchase and re-evaluates such determinations at each balance sheet date. The Company classifies all of its marketable securities as available-
for-sale. Available-for-sale securities are carried at fair value, with the unrealized gains and losses, net of tax, reported in accumulated other
comprehensive income (loss) in shareholders' equity. Realized gains and losses on sale of marketable securities are included in financial
income (expenses), net and are derived using the specific identification method for determining the cost of securities sold. The amortized cost
of marketable securities is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization together with
interest on securities is included in financial income (expenses), net.
The Company's securities are reviewed for impairment in accordance with ASC No. 320-10-35. If such assets are considered to be impaired,
the impairment charge is recognized in earnings when a decline in the fair value of its investments below the cost basis is judged to be Other-
Than-Temporary Impairment (OTTI). Factors considered in making such a determination include the duration and severity of the impairment,
the reason for the decline in value, the potential recovery period and the Company's intent to sell, including whether it is more likely than not
that the Company will be required to sell the investment before recovery of cost basis. Based on the above factors, the Company concluded
that unrealized losses on its available-for-sale securities for the years ended December 31, 2016, 2017 and 2018 were not OTTI.
g.
Property and equipment:
Property and equipment are stated at cost, net of accumulated depreciation. Depreciation is calculated using the straight-line method over the
estimated useful lives of the assets at the following annual rates:
Computers, software and related equipment
Office furniture and equipment
Leasehold improvements
F - 12
%
16 – 33
7 – 20
Over the shorter of the related lease
period or the life of the asset
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
h.
Long-lived assets:
CYBERARK SOFTWARE LTD.
The long-lived assets of the Company are reviewed for impairment in accordance with ASC No. 360, " Property, Plant and Equipment " ,
whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. The recoverability of
assets to be held and used is measured by a comparison of the carrying amount of an asset to the future undiscounted cash flows expected to
be generated by the assets. If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which
the carrying amount of the assets exceeds the fair value of the assets. During the years ended December 31, 2016, 2017 and 2018, no
impairment losses have been identified.
i.
Business combination:
The Company accounts for its business acquisitions in accordance with ASC No. 805, " Business Combinations. " The Company uses its best
estimates and assumptions as part of the purchase price allocation process to value assets acquired and liabilities assumed at the business
combination date. The total purchase price allocated to the tangible and intangible assets acquired is assigned based on the fair values as of
the date of the acquisition. Goodwill generated from the business combinations is primarily attributable to synergies between the Company
and acquired companies` respective products and services.
j.
Goodwill and other intangible assets:
Goodwill and certain other purchased intangible assets have been recorded in the Company's financial statements as a result of acquisitions.
Goodwill represents excess of the purchase price in a business combination over the fair value of identifiable tangible and intangible assets
acquired of businesses acquired. Goodwill is not amortized, but rather is subject to an impairment test.
ASC No. 350, "Intangible—Goodwill and other" requires goodwill to be tested for impairment at least annually and, in certain circumstances,
between annual tests. The accounting guidance gives the option to perform a qualitative assessment to determine whether further impairment
testing is necessary. The qualitative assessment considers events and circumstances that might indicate that a reporting unit’s fair value is less
than its carrying amount. If it is determined, as a result of the qualitative assessment, that it is more likely than not that the fair value of a
reporting unit is less than its carrying amount, a quantitative test is performed. The Company operates as one reporting unit. Therefore,
goodwill is tested for impairment by comparing the fair value of the reporting unit with its carrying value. The Company elects to perform an
annual impairment test of goodwill as of October 1 of each year, or more frequently if impairment indicators are present.
For the years ended December 31, 2016, 2017 and 2018, no impairment losses were identified.
F - 13
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated
useful lives of the respective assets which range from two to eleven years. Acquired customer relationship and backlog are amortized over
their estimated useful lives in proportion to the economic benefits realized. Other intangible assets, consist primarily of technology, are
amortized over their estimated useful lives on a straight-line basis.
k.
Derivative instruments:
ASC No. 815, " Derivative and Hedging, " requires companies to recognize all of their derivative instruments as either assets or liabilities on
the balance sheet at fair value.
For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument,
based upon the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.
For derivative instruments that are designated and qualify as a cash flow hedge (i.e., hedging the exposure to variability in expected future
cash flows that is attributable to a particular risk), the effective portion of the gain or loss on the derivative instrument is reported as a
component of other comprehensive income and reclassified into earnings in the same period or periods during which the hedged transaction
affects earnings. The remaining gain or loss on the derivative instrument in excess of the cumulative change in the present value of future
cash flows of the hedged item, if any, is recognized in current earnings during the period of change.
To hedge against the risk of changes in cash flows resulting from foreign currency salary payments during the year, the Company has
instituted a foreign currency cash flow hedging program. The Company hedges portions of its forecasted expenses denominated in NIS.
These forward and option contracts are designated as cash flow hedges, as defined by ASC No. 815, and are all effective, as their critical
terms match underlying transactions being hedged.
As of December 31, 2017 and 2018, the amount recorded in accumulated other comprehensive income (loss) from the Company's currency
forward and option transactions was $277, net of tax of $38 and ($727), net of tax of ($99), respectively. At December 31, 2018, the notional
amounts of foreign exchange forward contracts into which the Company entered were $33,988. The foreign exchange forward contracts will
expire by November 2019. The fair value of derivative instruments assets balances as of December 31, 2017 and 2018, totaled $315 and $10,
respectively. The fair value of derivative instruments liabilities balances as of December 31, 2017 and 2018, totaled $0 and $836,
respectively.
F - 14
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
In addition to the derivatives that are designated as hedges as discussed above, the Company enters into certain foreign exchange forward
transactions to economically hedge certain account receivables in Euros and GBP. Gains and losses related to such derivative instruments
are recorded in financial income (expenses), net. As of December 31, 2018, the notional amounts of foreign exchange forward contracts into
which the Company entered were $12,081. The foreign exchange forward contracts will expire by October 2019. The fair value of derivative
instruments assets balances as of December 31, 2017 and 2018, totaled $0 and $1,004, respectively. The fair value of derivative instruments
liabilities balances as of December 31, 2017 and 2018 totaled $683 and $0, respectively.
For the years ended December 31, 2016, 2017 and 2018, the Company recorded financial income (expenses), net from hedging transactions
of $270, $(796) and $977, respectively.
l.
Severance pay:
The Israeli Severance Pay Law, 1963 ( " Severance Pay Law " ), specifies that employees are entitled to severance payment, following the
termination of their employment. Under the Severance Pay Law, the severance payment is calculated as one month salary for each year of
employment, or a portion thereof.
The majority of the Company's liability for severance pay is covered by the provisions of Section 14 of the Severance Pay Law ( " Section 14
" ). Under Section 14, employees are entitled to monthly deposits, at a rate of 8.33% of their monthly salary, made on behalf of the employee
with insurance companies. Payments in accordance with Section 14 release the Company from any future severance payments in respect of
those employees. As a result, the Company does not recognize any liability for severance pay due to these employees and the deposits under
Section 14 are not recorded as an asset in the Company's balance sheet.
For the Company's employees in Israel who are not subject to Section 14, the Company calculated the liability for severance pay pursuant to
the Severance Pay Law based on the most recent salary of these employees multiplied by the number of years of employment as of the
balance sheet date. The Company's liability for these employees is fully provided for via monthly deposits with severance pay funds,
insurance policies and accruals. The value of these deposits is recorded as an asset on the Company's balance sheet under prepaid expenses
and other long-term assets. Severance expense for the years ended December 31, 2016, 2017 and 2018, amounted to $2,503, $2,707 and
$3,326, respectively.
m. U.S. defined contribution plan:
The U.S. subsidiary has a 401(k) defined contribution plan covering certain full time and part time employees in the U.S., excluding leased
employees and contractors. All eligible employees may elect to contribute up to an annual maximum, of the lesser of 100% of their annual
compensation to the plan through salary deferrals, subject to Internal Revenue Service limits, but not greater than $18.5 per year (for certain
employees over 50 years of age the maximum contribution is $24.5 per year).
F - 15
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
The U.S. subsidiary matches amounts equal to 100% of the first 3% of the employee's compensation that they contribute to the defined
contribution plan and 50% of the next 2% of their compensation that they contribute to the defined contribution plan with a limit of $11 per
year. For the years ended December 31, 2016, 2017 and 2018, the U.S. subsidiary recorded expenses for matching contributions of $1,259,
$1,677 and $2,171, respectively.
n. Revenue Recognition:
The Company generates revenues mainly from licensing the rights to use its software products, maintenance and professional services. The
Company sells its products through its direct sales force and indirectly through resellers. Payment is typically due within 30 to 90 calendar
days of the invoice date.
The Company recognizes revenues in accordance with ASC No. 606, "Revenue from Contracts with Customers" ( " ASC No. 606 " ). As
such, the Company identifies a contract with a customer, identifies the performance obligations in the contract, determines the transaction
price, allocates the transaction price to each performance obligation in the contract and recognizes revenues when (or as) the Company
satisfies a performance obligation.
The Company enters into contracts that can include combinations of products and services, which are generally capable of being distinct and
accounted for as separate performance obligations and may include an option to provide professional services. The license is distinct upon
delivery as the customer can derive the economic benefit of the software without any professional services, updates or technical support.
The transaction price is determined based on the consideration to which the Company will be entitled in exchange for transferring goods or
services to the customer. The Company does not grant a right of return to its customers.
In instances of contracts which revenue recognition differs from the timing of invoicing, the Company determined that those contracts
generally do not include a significant financing component. The primary purpose of the invoicing terms is to provide customers with
simplified and predictable ways of purchasing the Company's products and services, not to receive or provide financing.
The Company allocates the transaction price to each performance obligation based on its relative standalone selling price out of the total
consideration of the contract. For maintenance, the Company determines the standalone selling price based on the price at which the
Company separately sells a renewal contract. For professional services, the Company determines the standalone selling prices based on the
prices at which the Company separately sells those services. For software licenses, the Company determines the standalone selling prices by
taking into account available information such as historical selling prices, geographic location, and the Company's price list and discount
policy.
F - 16
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
Software license revenues, perpetual or term based, are recognized at the point of time when the license is made available for download by
the customer. Maintenance revenues are recognized ratably, on a straight-line basis over the term of the related contract, which is generally
one to three years. Professional services revenues consist mostly of time and material services which are recognized as the services are
performed.
Deferred revenue includes unearned amounts received under maintenance and support contracts, professional services and amounts received
from customers for licenses that do not meet the revenue recognition criteria as of the balance sheet date. Deferred revenues are recognized as
(or when) the Company performs under the contract. The amount of revenues recognized in the period that was included in the adjusted
opening deferred revenues balance was $61,829 for the year ended December 31, 2018.
For information regarding disaggregated revenues, please refer to Note 14 below.
Adoption Date Impact
The cumulative impact of applying the new guidance to all contracts with customers that were not substantially completed as of January 1,
2018 was recorded as an adjustment to retained earnings as of the adoption date. For further information see Note 2z. Select condensed
consolidated balance sheet line items, which reflect the adoption of ASC No. 606, are as follows:
ASSETS:
Trade receivables
Prepaid expenses and other current assets
Prepaid expenses and other long-term assets
Deferred tax assets
LIABILITIES AND SHAREHOLDERS' EQUITY
Deferred revenues - current liabilities
Other long-term liabilities
Deferred revenues - long term liabilities
Retained earnings
F - 17
As reported
on December
31, 2017
Impact of
adoption
As adjusted
on
January 1,
2018
$
$
45,315 $
7,407
6,060
19,343
66,986
5,954
38,249
103,893 $
769 $
3,297
9,928
(2,575)
(1,511)
1,419
(1,238)
12,749 $
46,084
10,704
15,988
16,768
65,475
7,373
37,011
116,642
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
Current Period Impact:
Select condensed consolidated balance sheet line items, which reflect the adoption of ASC No. 606, are as follows:
CYBERARK SOFTWARE LTD.
ASSETS:
Trade receivables
Prepaid expenses and other current assets
Prepaid expenses and other long-term assets
Deferred tax assets
LIABILITIES AND SHAREHOLDERS' EQUITY
Accrued expenses and other current liabilities
Deferred revenues - current liabilities
Other long-term liabilities
Deferred revenues - long term liabilities
Retained earnings
As of December 31, 2018
As reported Adjustments
Under ASC
No. 605
$
$
48,431 $
6,349
31,863
23,481
13,271
92,375
6,268
57,159
163,714 $
(1,149) $
(389)
(26,269)
4,585
(3,305)
2,308
(184)
3,977
(26,018) $
47,282
5,960
5,594
28,066
9,966
94,683
6,084
61,136
137,696
Select condensed consolidated statement of operations line items, which reflect the adoption of ASC No. 606, are as follows:
Revenue:
License
Maintenance and professional services
Operating expenses:
Sales and marketing
Taxes on income
Net income
Basic net income per ordinary share
Diluted net income per ordinary share
F - 18
As of December 31, 2018
As reported Adjustments
Under ASC
No. 605
$
192,514 $
150,685
(5,169) $
241
187,345
150,926
148,290
12,760
161,050
(4,771)
47,072
1.30 $
1.27 $
4,419
(13,269)
(0.37) $
(0.36) $
(352)
33,803
0.93
0.91
$
$
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
Select condensed consolidated statement of cash flows line items, which reflect the adoption of ASC No. 606, are as follows:
CYBERARK SOFTWARE LTD.
Cash flows from operating activities:
Net income
Adjustments to reconcile net income to net cash provided by operating activities:
Deferred income taxes, net
Increase in trade receivables
Decrease (increase) in prepaid expenses and other current and long-term assets
Increase (decrease) in accrued expenses and other current and long-term liabilities
Increase in short-term and long-term deferred revenues
Net cash provided by operating activities
Remaining Performance Obligations:
Year Ended December 31, 2018
As reported Adjustments
Under ASC
No. 605
$
47,072 $
(13,269) $
33,803
(7,056)
(3,116)
(11,893)
2,114
47,818
130,125 $
(2,010)
380
14,668
(3,305)
3,536
- $
(9,066)
(2,736)
2,775
(1,191)
51,354
130,125
$
Transaction price allocated to remaining performance obligations represents non-cancelable contracts that have not yet been recognized,
which includes deferred revenue and amounts not yet received that will be recognized as revenue in future periods.
The aggregate amount of the transaction price allocated to remaining performance obligations was $234 million as of December 31, 2018.
The Company expects to recognize approximately 60% in 2019 from remaining performance obligations as of December 31, 2018 and the
remainder thereafter.
o. Deferred contract costs:
The Company pays sales commissions to sales and marketing and certain management personnel based on their attainment of certain
predetermined sales goals. Sales commissions are considered incremental and recoverable costs of obtaining a contract with a customer. Sales
commissions paid for initial contracts, which are not commensurate with sales commissions paid for renewal contracts, are capitalized and
amortized over an expected period of benefit. Based on its technology, customer contracts and other factors, the Company has determined the
expected period of benefit to be approximately five years. Sales commissions on initial contracts, which are commensurate with sales
commissions paid for renewal contracts, are capitalized and amortized correspondingly to the recognized revenue of the related initial
contracts. Sales commissions for renewal contracts are capitalized and amortized on a straight line basis over the related contractual renewal
period. Amortization expense of these costs are included in sales and marketing expenses .
For the year ended December 31, 2018, the amortization of deferred contract costs was $27,807.
F - 19
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
As of December 31, 2018, the Company presented deferred contract costs from contracts which are less than 12 months of $389 in prepaid
expenses and other current assets and deferred contract costs in respect of contracts which are greater than 12 months of $25,595 in prepaid
expenses and other long-term assets.
p.
Research and development costs:
Research and development costs are charged to the statements of comprehensive income as incurred. ASC No. 985-20, " Software - Costs of
Software to Be Sold, Leased, or Marketed, " requires capitalization of certain software development costs subsequent to the establishment of
technological feasibility.
Based on the Company's product development process, technological feasibility is established upon completion of a working model. Costs
incurred by the Company between completion of the working model and the point at which the product is ready for general release, have
been insignificant. Therefore, all research and development costs are expensed as incurred.
q.
Internal use software:
The Company capitalizes qualifying costs incurred during the application development stage related to software developed for internal-use
that supports the Company with its ongoing operations. These costs are capitalized based on qualifying criteria. Such costs are amortized over
the software's estimated life of three to five years. Costs incurred to develop software applications consist of (a) certain external direct costs
of materials and services incurred in developing or obtaining internal-use computer software, and (b) payroll and payroll-related costs for
employees who are directly associated with, and who devote time to, the project.
r.
Marketing expenses:
Marketing expenses consist primarily of marketing campaigns and tradeshows. Marketing expenses are charged to the statement of
comprehensive income, as incurred. Marketing expenses for the years ended December 31, 2016, 2017 and 2018, amounted to $10,622,
$14,106 and $16,171, respectively.
s.
Share-based compensation:
The Company accounts for share-based compensation in accordance with ASC No. 718, " Compensation - Stock Compensation " ( " ASC
No. 718 " ). ASC No. 718 requires companies to estimate the fair value of equity-based payment awards on the date of grant using an option-
pricing model. The value of the portion of the award is recognized as an expense over the requisite service periods in the Company's
consolidated statements of comprehensive income.
F - 20
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
The Company recognizes compensation expenses for the value of its awards granted based on the straight-line method over the requisite
service period of each of the awards.
The Company has selected the Black-Scholes-Merton option-pricing model as the most appropriate fair value method for its option awards.
The fair value of restricted stock units ("RSU") and performance stock units ("PSU") is based on the closing market value of the underlying
shares at the date of grant.
The option-pricing model requires a number of assumptions, of which the most significant are the expected share price volatility and the
expected option term.
t.
Income taxes:
The Company accounts for income taxes in accordance with ASC No. 740-10, "Income Taxes" ("ASC No. 740-10"). ASC No. 740-10
prescribes the use of the asset and liability method whereby deferred tax asset and liability account balances are determined based on
temporary differences between financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws
that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance, if necessary, to reduce
deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred tax assets will not be
realized.
The Company established reserves for uncertain tax positions based on the evaluation of whether or not the Company's uncertain tax position
is "more likely than not" to be sustained upon examination based on its technical merits. The Company records interest and penalties
pertaining to its uncertain tax positions in the financial statements as income tax expense.
u.
Basic and diluted net income per share:
Basic net income per ordinary share is computed by dividing net income for each reporting period by the weighted-average number of
ordinary shares outstanding during each year. Diluted net income per ordinary share is computed by dividing net income for each reporting
period by the weighted average number of ordinary shares outstanding during the period, plus dilutive potential ordinary shares considered
outstanding during the period, in accordance with ASC No. 260-10 "Earnings Per Share".
The total weighted average number of shares related to outstanding options, RSUs and PSUs that have been excluded from the calculation of
diluted net income per ordinary share was 1,381,114, 1,880,018 and 1,175,311 for the years ended December 31, 2016, 2017 and 2018,
respectively.
F - 21
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
v.
Comprehensive income (loss):
CYBERARK SOFTWARE LTD.
The Company accounts for comprehensive income (loss) in accordance with ASC No. 220, " Comprehensive Income." This statement
establishes standards for the reporting and display of comprehensive income (loss) and its components in a full set of general purpose
financial statements. Comprehensive income (loss) generally represents all changes in shareholders' equity during the period, except changes
resulting from investments by, or distributions to, shareholders.
w.
Concentration of credit risks:
Financial instruments that potentially subject the Company to concentrations of credit risk consist principally of cash and cash equivalents,
short-term bank deposits, marketable securities, trade receivables, severance pay funds and derivative instruments.
The majority of the Company's cash and cash equivalents and short-term bank deposits are invested with major banks in Israel and the United
States. Such investments in the United States are primarily in excess of insured limits and are not insured in other jurisdictions. Generally,
these investments may be redeemed upon demand and the Company believes that the financial institutions that hold Company's cash deposits
are financially sound and, accordingly, bear minimal risk.
The Company's marketable securities consist of investments, which are highly rated by credit agencies, in government, corporate and
government sponsored enterprises debentures. The Company's investment policy limits the amount that the Company may invest in any one
type of investment or issuer, in order to reduce credit risk concentrations.
The trade receivables of the Company are mainly derived from sales to diverse set of customers located primarily in the United States,
Europe and Asia. The Company performs ongoing credit evaluations of its customers and, to date, has not experienced any significant losses.
The Company has entered into forward contracts with major banks in Israel to protect against the risk of changes in exchange rates. The
derivative instruments hedge a portion of the Company's non-dollar currency exposure.
x.
Fair value of financial instruments:
The estimated fair value of financial instruments has been determined by the Company using available market information and valuation
methodologies. Considerable judgment is required in estimating fair values. Accordingly, the estimates may not be indicative of the amounts
the Company could realize in a current market exchange.
The following methods and assumptions were used by the Company in estimating the fair value of their financial instruments:
F - 22
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
The carrying values of cash and cash equivalents, short-term bank deposits, trade receivables, prepaid expenses and other current assets, trade
payables, employees and payroll accruals and accrued expenses and other current liabilities approximate their fair values due to the short-
term maturities of these instruments.
The Company applies ASC No. 820, " Fair Value Measurements and Disclosures " ( " ASC No. 820 " ), with respect to fair value
measurements of all financial assets and liabilities.
The fair value of foreign currency contracts (used for hedging purposes) is estimated by obtaining current quotes from banks and third party
valuations.
Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly
transaction between market participants at the measurement date. As such, fair value is a market-based measurement that should be
determined based on assumptions that market participants would use in pricing an asset or a liability. A three-tier fair value hierarchy is
established as a basis for considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:
Level 1 -
Inputs are unadjusted quoted prices in active markets for identical assets or liabilities that can be accessed at the measurement
date.
Level 2 -
Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or
liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments.
Level 3 -
Inputs are unobservable inputs based on the Company's own assumptions used to measure assets and liabilities at fair value.
The inputs require significant management judgment or estimation.
The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when
measuring fair value.
In accordance with ASC No. 820, the Company measures its foreign currency derivative instruments, at fair value using the market approach
valuation technique. Foreign currency derivative contracts as detailed in note 2.k are classified within Level 2 value hierarchy, as the
valuation inputs are based on quoted prices and market observable data of similar instruments.
F - 23
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
y.
Legal contingencies:
CYBERARK SOFTWARE LTD.
From time to time, the Company becomes involved in legal proceedings or is subject to claims arising in its ordinary course of business. Such
matters are generally subject to many uncertainties and outcomes are not predictable with assurance. The Company accrues for contingencies
when the loss is probable and it can reasonably estimate the amount of any such loss. The Company is currently not a party to any material
legal or administrative proceedings and is not aware of any material pending or threatened material legal or administrative proceedings
against the Company.
z.
Recently adopted accounting pronouncements:
In May 2014, the Financial Accounting Standards Board ("FASB") issued Accounting Standards Update ("ASU") 2014-09, Revenue from
Contracts with Customers Topic 606, an updated standard on revenue recognition and issued subsequent amendments to the initial guidance
in March 2016, April 2016, May 2016 and December 2016 within ASU 2016-08, 2016-10, 2016-12 and 2016-20, respectively. The core
principle of the new standard is for companies to recognize revenue to depict the transfer of goods and services to customers in amounts that
reflect the consideration to which the company expects to be entitled in exchange for those goods and services. In addition, the new standard
requires expanded disclosures. The Company adopted the standard effective January 1, 2018 using the modified retrospective method. Results
from reporting periods beginning after January 1, 2018 are presented under ASC No. 606, while prior period amounts have not been adjusted
and continue to be reported in accordance with the historic accounting under Revenue Recognition Topic 605 ("ASC No. 605").
The most significant impact of the new standard relates to the way the Company accounts for term license arrangements and costs to obtain
customer contracts. Specifically, under ASC No. 605, the Company recognizes both the term license and maintenance revenues ratably over
the contract period whereas under the current revenue standard, term license revenues are recognized upfront, upon delivery, and the
associated maintenance revenues are recognized over the contract period. In addition, the Company also implemented the guidance in ASC
No. 340-40, "Other Assets and Deferred Costs." Under the historic accounting policy, sales commissions were expensed as incurred. The
current standard requires the capitalization of all incremental costs that the Company incurs to obtain a contract with a customer that it would
not have incurred if the contract had not been obtained, provided the Company expects to recover the costs. For further information see Note
2n and Note 2o.
F - 24
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
In November 2016, the FASB issued ASU 2016-18, "Statement of Cash Flows (Topic 230): Restricted Cash," which requires companies to
include amounts generally described as restricted cash and restricted cash equivalents in cash and cash equivalents when reconciling
beginning-of-period and end-of-period total amounts shown on the statement of cash flows. The Company retrospectively adopted ASU
2016-18 on January 1, 2018 and accordingly included restricted cash with cash and cash equivalents when reconciling the beginning-of-
period and end-of-period total amounts shown on the consolidated statement of cash flows. Prior to adoption of this new guidance, the
Company reported changes in restricted cash as cash flows from investing activities.
As a result of the adoption of ASU 2016-18, the Company adjusted the previously reported consolidated statement of cash flows for the years
ended December 31, 2016 and 2017 as follows:
Year ended
December 31, 2017
As
previously
reported Adjustments As Adjusted
Investment in short and long-term deposits
Net cash used in investing activities
Decrease in cash, cash equivalents and restricted cash
Cash, cash equivalents and restricted cash at the beginning of the year
$
(20,722) $
(95,057)
(11,696)
172,957
61 $
61
61
1,199
(20,661)
(94,996)
(11,635)
174,156
Cash, cash equivalents and restricted cash at the end of the year
$
161,261 $
1,260 $
162,521
Year ended
December 31, 2016
As
previously
reported Adjustments As Adjusted
Investment in short and long-term deposits
Net cash used in investing activities
Decrease in cash, cash equivalents and restricted cash
Cash, cash equivalents and restricted cash at the beginning of the year
$
(82,940) $
(121,861)
(61,582)
234,539
(372) $
(372)
(372)
1,571
(83,312)
(122,233)
(61,954)
236,110
Cash, cash equivalents and restricted cash at the end of the year
$
172,957 $
1,199 $
174,156
Amounts in As Adjusted column include cash, cash equivalents and restricted cash as required. Amounts in the As Previously Reported
column reflect only cash and cash equivalents.
F - 25
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
In January 2017, FASB issued ASU 2017-01, Business Combinations (Topic 805) Clarifying the Definition of Business. ASU 2017-01
clarifies the definition of a business with the objective of adding guidance to assist entities with evaluating whether transactions should be
accounted for as acquisitions (or disposals) of assets or businesses. The update to the standard is effective for interim and annual periods
beginning after December 15, 2017, and applied prospectively. The Company adopted the standard beginning January 1, 2018. The standard
did not have a material impact on the consolidated financial statements.
aa.
Recently issued accounting standards:
In February 2016, the FASB issued ASU 2016-02. ASU 2016-02 changes the current lease accounting standard by requiring the recognition
of lease assets and lease liabilities for all leases, including those currently classified as operating leases. The guidance establishes a right-of-
use model ("ROU") that requires a lessee to recognize a ROU asset and lease liability on the balance sheets for all leases. The guidance is
effective for the interim and annual periods beginning on or after December 15, 2018, and the Company will adopt the standard on January 1,
2019. A modified retrospective transition approach is required, applying the new standard to all leases existing at the date of initial
application. The standard provides a number of optional practical expedients in transition. The Company elected to use the effective date as
the date of initial application and to adopt the 'package of practical expedients', which permits it not to reassess under the new standard its
prior conclusions about lease identification, lease classification and initial direct costs. To adopt this new standard, the Company has
implemented changes to its existing systems and processes in conjunction with a review of existing vendor agreements.
The Company expects adoption of the standard to have a material impact on its consolidated balance sheets which will result in the
recognition of ROU assets and lease liabilities of approximately $27 million to $33 million at January 1, 2019. The most significant impact
from recognition of ROU assets and lease liabilities relates to office premises. The Company's financial income (expenses), net will be
impacted by the revaluation of the lease liabilities in non- USD denominated currencies.
In June 2016, the FASB Issued ASU 2016-13, Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on
Financial Instruments. The new standard requires financial assets measured at amortized cost to be presented at the net amount expected to be
collected, through an allowance for credit losses that is deducted from the amortized cost basis. The standard will be effective for the
Company beginning January 1, 2020, with early adoption permitted. The Company is evaluating the impact of adopting this new accounting
guidance on its consolidated financial statements .
F - 26
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
In January 2017, the FASB issued ASU 2017-04, simplifying the Test for Goodwill Impairment (Topic 350). This standard eliminates Step 2
from the goodwill impairment test, instead requiring an entity to recognize a goodwill impairment charge for the amount by which the
goodwill carrying amount exceeds the reporting unit's fair value. This guidance is effective for interim and annual goodwill impairment tests
in fiscal years beginning after December 15, 2019 with early adoption permitted. This guidance must be applied on a prospective basis. The
Company is currently evaluating the potential effect of the guidance on its consolidated financial statements.
In August 2017, the FASB issued ASU 2017-12, "Targeted Improvements to Accounting for Hedging Activities." The standard better aligns
an entity's hedging activities and financial reporting for hedging relationships through changes to both the designation and measurement
guidance for qualifying hedging relationships and the presentation of hedge results in the financial statements. The standard will
prospectively make hedge accounting easier to apply to hedging activities and also enhances disclosure requirements for how hedge
transactions are reflected in the financial statements when hedge accounting is elected. The standard is effective for fiscal years beginning
after December 15, 2018, with early adoption permitted. The Company is evaluating the impact of adopting this new accounting guidance on
its consolidated financial statements.
In August 2018, the FASB issued ASU 2018-15, "Intangibles – Goodwill and Other – Internal-Use Software (Subtopic 350-40): Customer's
Accounting for Implementation Costs Incurred in a Cloud Computing Arrangement That Is a Service Contract." The new standard requires
capitalization of the implementation costs incurred in a cloud computing arrangement that is a service contract, with the requirements for
capitalization costs incurred to develop or obtain internal-use software. Capitalized implementation costs will be required to be amortized
over the term of the arrangement, beginning when the module or component of the cloud computing arrangement that is a service contract is
ready for its intended use. The standard will be effective for the Company beginning January 1, 2020, with early adoption permitted. The
Company is evaluating the impact of adopting this new accounting guidance on its consolidated financial statements .
ab.
Reclassification
Certain comparative figures have been reclassified to conform to the current year presentation.
F - 27
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 3: MARKETABLE SECURITIES
CYBERARK SOFTWARE LTD.
The following tables summarize the amortized cost, unrealized gains and losses, and fair value of available-for-sale marketable securities as of
December 31, 2017 and 2018:
Corporate debentures
U.S. Agencies debentures
Total
December 31, 2017
Amortized
cost
Gross
unrealized
losses *)
Gross
unrealized gains Fair value
$
58,321 $
3,311
(175) $
(31)
6 $
-
58,152
3,280
$
61,632 $
(206) $
6 $
61,432
*) Out of the unrealized losses, an amount of $84 has been in a continuous unrealized loss position for twelve months or longer.
Corporate debentures
U.S. Agencies debentures
Total
December 31, 2018
Gross
unrealized
losses *)
Gross
unrealized
gains
Amortized
cost
$
77,758 $
6,692
(228) $
(23)
Fair value
8 $
2
77,538
6,671
$
84,450 $
(251) $
10 $
84,209
*) Out of the unrealized losses, an amount of $149 has been in a continuous unrealized loss position for twelve months or longer.
The following table summarizes the amortized cost and fair value of available-for-sale marketable securities as of December 31, 2017 and 2018, by
contractual years-to maturity:
December 31,
2017
2018
Amortized
cost
Fair value
Amortized
cost
Fair value
Due within one year
Due between one and four years
$
34,082 $
27,550
34,025 $
27,407
60,062 $
24,388
59,948
24,261
$
61,632 $
61,432 $
84,450 $
84,209
F - 28
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 4: PREPAID EXPENSES AND OTHER CURRENT ASSETS
Prepaid expenses
Hedging transaction assets
Government authorities
Other current assets
NOTE 5: PROPERTY AND EQUIPMENT, NET
The composition of property and equipment is as follows:
Cost:
Computers, software and related equipment *)
Leasehold improvements
Office furniture and equipment
Less - accumulated depreciation
Depreciated cost
CYBERARK SOFTWARE LTD.
December 31,
2017
2018
$
4,089 $
315
2,533
470
2,879
1,014
1,452
1,004
$
7,407 $
6,349
December 31,
2017
2018
$
9,149 $
3,200
2,167
12,976
6,148
4,213
14,516
23,337
5,286
8,217
$
9,230 $
15,120
*) For the years ended December 31, 2017 and 2018, the Company capitalized $1,027 and $1,391 including $31 and $27 of share-based
compensation costs, relating to its internal use software development, respectively.
Depreciation expense amounted to $1,965, $2,597 and $3,722 for the years ended December 31, 2016, 2017 and 2018, respectively.
NOTE 6: GOODWILL AND OTHER INTANGIBLE ASSETS, NET
Changes in the carrying amount of goodwill:
Balance as of beginning of the year
Goodwill acquired
Closing balance
F - 29
December 31,
2017
2018
$
35,145 $
34,072
69,217
13,183
$
69,217 $
82,400
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 6: GOODWILL AND OTHER INTANGIBLE ASSETS, NET (Cont.)
The composition of intangible assets is as follows:
Original amount:
Technology
Customer relationships
Other
Less - accumulated amortization
Intangible assets, net
CYBERARK SOFTWARE LTD.
December 31,
2017
2018
$
20,717 $
5,120
664
26,141
5,120
664
26,501
31,925
10,837
17,193
$
15,664 $
14,732
Amortization expense amounted to $4,523, $5,259 and $6,356 for the years ended December 31, 2016, 2017, and 2018, respectively.
The estimated future amortization expense of intangible assets as of December 31, 2018 is as follows:
2019
2020
2021
2022
2023
Thereafter
NOTE 7: ACCRUED EXPENSES AND OTHER CURRENT LIABILITIES
Government authorities
Accrued expenses
Unrecognized tax benefits
Hedging transaction liabilities
F - 30
$
5,590
3,821
2,740
1,808
390
383
$
14,732
December 31,
2017
2018
$
5,433 $
2,974
1,119
683
6,057
4,562
1,816
836
$
10,209 $
13,271
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 8:
COMMITMENTS AND CONTINGENT LIABILITIES
a.
Lease commitments:
The Company leases its facilities under various operating lease agreements, which expire through 2026 and also include renewal options. In
addition, the Company leases certain motor vehicles under certain car operating lease agreements which expire through 2021. The minimum
lease payments under operating leases as of December 31, 2018 are as follows:
CYBERARK SOFTWARE LTD.
2019
2020
2021
2022
2023
Thereafter
Lease of
premises
Lease of
motor vehicles
$
5,102 $
5,508
5,483
5,593
4,776
3,763
$
30,225 $
410
272
65
-
-
-
747
Total premises lease expense for the years ended December 31, 2016, 2017 and 2018 was $3,649, $4,760 and $6,128, respectively.
Total motor vehicle lease expense for the years ended December 31, 2016, 2017 and 2018 was $511, $544 and $527, respectively.
b.
Pledges and bank guarantees:
The Company pledged a bank deposit of $1,247, mainly in respect of an office lease agreement and hedging transactions. This balance is
presented as part of short-term bank deposits and other long-term assets.
The Company obtained bank guarantees of $936, primarily in connection with an office lease agreement.
F - 31
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 9:
FAIR VALUE MEASUREMENTS
The following tables present the fair value of money market funds and marketable securities for the years ended December 31, 2017 and 2018:
Cash equivalents:
Money market funds
Marketable securities:
Corporate debentures
U.S. Agencies debentures
Level 1
2017
Level 2
December 31,
Total
Level 1
2018
Level 2
Total
$
1,749 $
- $
1,749 $
335 $
- $
335
-
-
58,152
3,280
58,152
3,280
-
-
77,538
6,671
77,538
6,671
Total assets measured at fair value
$
1,749 $
61,432 $
63,181 $
335 $
84,209 $
84,544
NOTE 10:
SHAREHOLDERS' EQUITY
a.
Composition of share capital of the Company:
December 31,
2017
2018
Authorized
Issued and
outstanding Authorized
Issued and
outstanding
Number of shares
Ordinary shares of NIS 0.01 par value each
250,000,000
35,274,888 250,000,000 36,838,523
b.
Ordinary shares:
The ordinary shares of the Company confer upon the holders the right to receive notices of and to participate and vote in general meetings of
the Company, rights to receive dividends and rights to participate in distribution of assets upon liquidation.
c.
Share-based compensation:
Under the Company's 2014 share incentive plan (the "2014 Plan " ), options, RSUs, PSUs and other share-based awards may be granted to
employees, officers, non-employee consultants and directors of the Company.
Under the 2014 Plan, as of December 31, 2018, an aggregate number of 1,279,921 ordinary shares were reserved for future grant. Any share
underlying an award that is cancelled, terminated or forfeited for any reason without having been exercised will automatically be available for
grant under the 2014 Plan.
F - 32
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 10:
SHAREHOLDERS' EQUITY (Cont.)
CYBERARK SOFTWARE LTD.
The total share-based compensation expense related to all of the Company's equity-based awards, recognized for the years ended
December 31, 2016, 2017 and 2018 is comprised as follows:
Cost of revenues
Research and development
Sales and marketing
General and administrative
Year ended
December 31,
2017
2016
2018
$
1,386 $
4,660
5,765
5,724
2,289 $
6,110
8,642
8,196
3,350
7,922
12,708
11,984
Total share-based compensation expense
$
17,535 $
25,237 $
35,964
The total unrecognized compensation cost amounted to $90,274 as of December 31, 2018 and is expected to be recognized over a weighted
average period of 2.63 years.
d.
Options granted to employees:
A summary of the activity in options granted to employees for the year ended December 31, 2018 is as follows:
Amount
of
options
Weighted
average
exercise
price
Weighted
average
remaining
contractual
term
(in years)
Aggregate
intrinsic
value
Balance as of December 31, 2017
2,540,418 $
31.15
6.99 $
39,659
Granted
Exercised
Forfeited
209,500 $
(1,174,396) $
(98,912) $
58.93
15.36
49.87
Balance as of December 31, 2018
1,476,610 $
46.40
7 .30 $
40,968
Exercisable as of December 31, 2018
897,629 $
43.52
6.63 $
27,481
The computation of expected volatility is based on actual historical share price volatility of comparable companies and the Company's
historical equity volatility. The expected option term represents the period of time that options granted are expected to be outstanding. For
stock-option awards which were at the money when granted (plain vanilla stock-options), it is determined based on the simplified method in
accordance with SAB No. 110, as adequate historical experience is not available to provide a reasonable estimate. The simplified method will
continue to apply until enough historical experience is available to provide a reasonable estimate of the expected term. The Company has
historically not paid dividends and has no foreseeable plans to pay dividends and, therefore, uses an expected dividend yield of zero in the
option pricing model. The risk-free interest rate is based on the yield of U.S. treasury bonds with equivalent terms.
F - 33
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 10:
SHAREHOLDERS' EQUITY (Cont.)
The following table sets forth the parameters used in computation of the options compensation to employees for the years ended
December 31, 2016, 2017 and 2018:
CYBERARK SOFTWARE LTD.
Expected volatility
Expected dividends
Expected term (in years)
Risk free rate
Year ended
December 31,
2017
2018
45%-48% 47%-48%
0%
2016
45%
0%
5.25-6.10 5.25-6.25
1.30%-
1.70%
1.77%-
2.05%
0%
5.00-6.20
2.38%-
3.12%
A summary of options data for the years ended December 31, 2016, 2017 and 2018, is as follows:
Year ended
December 31,
2017
2016
2018
Weighted-average grant date fair value of options granted
Total intrinsic value of the options exercised
$
$
19.16 $
21.81 $
37,618 $
33,614 $
28.26
53,398
The aggregate intrinsic value is calculated as the difference between the per-share exercise price and the deemed fair value of an ordinary
share for each share subject to an option multiplied by the number of shares subject to options at the date of exercise.
The following tables summarize information about the Company's outstanding and exercisable options granted to employees as of
December 31, 2018:
Exercise price
Options outstanding
as of
December 31, 2018
Weighted average
remaining
contractual term
Options exercisable as
of December 31,
2018
Weighted average
remaining
contractual term
(years)
(years)
$
$
$
$
$
0.20 – 14.00
37.44 – 47.29
47.40 – 50.42
50.99 – 59.14
63.37 – 77.33
186,504
331,472
393,087
328,677
236,870
1,476,610
4.64
7.83
7.69
7.39
7.91
7.30
186,504
120,094
241,302
211,772
137,957
897,629
4.64
7.47
7.58
6.70
6.87
6.63
F - 34
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 10:
SHAREHOLDERS' EQUITY (Cont.)
e.
A summary of RSUs and PSUs activity for the year ended December 31, 2018 is as follows:
Unvested as of December 31, 2017
Granted
Vested
Forfeited
Unvested as of December 31, 2018
CYBERARK SOFTWARE LTD.
Amount
of
RSUs and
PSUs
Weighted
average
grant date
fair value
1,110,899 $
47.63
1,118,356 $
(389,239) $
(118,396) $
61.59
49.25
50.32
1,721,620 $
56.15
The total fair value of RSUs and PSUs vested (based on fair value of the Company's ordinary shares at vesting date) during the years ended
December 31, 2016, 2017 and 2018 was $5,981, $12,547 and $23,762 respectively.
NOTE 11: INCOME TAXES
CyberArk Software Ltd.'s subsidiaries are separately taxed under the domestic tax laws of the jurisdiction of incorporation of each entity.
a. Corporate tax in Israel:
Ordinary taxable income is subject to a corporate tax rate as follows: 2016 – 25%, 2017 – 24% and 2018 – 23%.
In December 2016, the Israeli Parliament approved the Economic Efficiency Law (Legislative Amendments for Applying the Economic
Policy for the 2017 and 2018 Budget Years), which reduces the corporate income tax rate to 24% effective from January 1, 2017 and to 23%
effective from January 1, 2018.
b.
Income before taxes on income is comprised as follows:
Domestic income
Foreign income (loss)
F - 35
Year ended
December 31,
2017
2016
2018
$
32,077 $
4,124
13,937 $
10,492
52,158
(315)
$
36,201 $
24,429 $
51,843
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
c.
Deferred income taxes:
Deferred taxes reflect the net tax effect of temporary differences between the carrying amounts of assets and liabilities for financial reporting
purposes and the amounts recorded for tax purposes. Significant components of the Company's deferred tax assets and liabilities are as
follows:
CYBERARK SOFTWARE LTD.
Deferred tax assets:
Carry-forwards losses and credits
Capital losses carry-forwards
Research and development expenses
Deferred revenues
Share-based compensation
Accruals and other
Deferred tax assets before valuation allowance
Less: Valuation allowance
Net deferred tax assets
Deferred tax liabilities:
Intangible assets
Property and equipment and other
Deferred tax liabilities
December 31,
2017
2018
$
$
11,703
90
1,448
4,316
4,347
1,183
16,069
47
1,351
3,132
5,922
1,524
23,087
28,045
90
1,647
$
22,997
$
26,398
$
$
$
3,096
558
2,621
474
3,654
$
3,095
As of December 31, 2018, approximately $20,098 of undistributed earnings held by the Company's foreign subsidiaries are designated as
indefinitely reinvested. If these earnings were repatriated to Israel, it would be subject to income taxes and to an adjustment for foreign tax
credits and foreign withholding taxes. Determination of the amount of unrecognized deferred tax liability related to these earnings is not
practicable.
d.
Income taxes are comprised as follows:
Current
Deferred
F - 36
Year ended
December 31,
2017
2016
2018
$
9,207 $
(1,130)
2,558 $
5,856
11,827
(7,056)
$
8,077 $
8,414 $
4,771
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
Domestic
Foreign
CYBERARK SOFTWARE LTD.
Year ended
December 31,
2017
2016
2018
$
4,906 $
3,171
3,033 $
5,381
8,359
(3,588)
$
8,077 $
8,414 $
4,771
e.
A reconciliation of the Company's theoretical income tax expense to actual income tax expense is as follows:
Income before income taxes
Statutory tax rate
Year ended
December 31,
2017
2016
2018
$
36,201
$
24,429
$
51,843
25.0%
24.0%
23.0%
Theoretical income tax expense
9,050
5,863
11,924
Excess tax benefits related to share-based compensation
Non-deductible expenses
Intra-entity intellectual property transfer
Unrecognized tax benefits
Foreign and preferred enterprise tax rates differential
Impact of Tax Cuts and Jobs Act of 2017
Other
-
2,569
-
81
(3,468)
-
(155)
(5,050)
2,081
-
645
(1,792)
6,492
175
(6,726)
3,011
1,768
697
(5,710)
-
(193)
Income tax expense
$
8,077
$
8,414
$
4,771
f.
Net operating loss carry-forwards:
As of December 31, 2018, the Company had net operating and capital tax losses, substantially derived from excess tax benefits from share
based payments, totaling approximately $50,690 and $219, respectively, out of which approximately $4,825 and $219 of losses, respectively,
were attributed to Israel and can be carried forward indefinitely and $45,865 and none, respectively, were attributed to the U.S. subsidiary.
Out of the operating losses attributed to the U.S. subsidiary, $38,707 were generated before January 1, 2018 and are subject to the 20-year
carryforward period ("pre-Tax Act losses"). The remaining $7,158 ("post-Tax Act losses") can be carried forward indefinitely but are
subject to the 80% taxable income limitation. Utilization of some of U.S. net operating losses are subject to annual limitation due to the "
change in ownership " provisions of the U.S. Internal Revenue Code and similar state provisions. The annual limitation may result in the
expiration of net operating losses before utilization.
F - 37
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
g.
Tax benefits under the Law for the Encouragement of Capital Investments, 1959:
CYBERARK SOFTWARE LTD.
The Company has been granted " Approved Enterprise " Status, under the above Law. The Company has elected the alternative benefits
program, waiver of grants in return for tax exemptions. Pursuant thereto, the income of the Company derived from the " Approved Enterprise
" program is tax-exempt for two years and will enjoy a reduced tax rate of 10%-25% for up to a total of eight years (subject to an adjustment
based upon the foreign investors' ownership of the Company).
The tax-exempt income attributable to the " Approved Enterprise " can be distributed to shareholders, without subjecting the Company to
taxes, only upon the complete liquidation of the Company. If these retained tax-exempt profits are distributed, they would be taxed at the
corporate tax rate applicable to such profits as if the Company had not elected the alternative tax benefits program (currently between 10% to
25% for an " Approved Enterprise " ).
On April 1, 2005, an amendment to the Investment Law came into effect ( " 2005 Amendment " ) and significantly changed the provisions of
the Investment Law. However, the Investment Law provides that terms and benefits included in any letter of approval already granted will
remain subject to the provisions of the law as they were on the date of such approval. Therefore, the Company's existing Approved Enterprise
will generally not be subject to the provisions of the 2005 Amendment and such an enterprise is a " Beneficiary Enterprise, " rather than the
previous terminology of Approved Enterprise.
As of December 31, 2018, approximately $13,569 was derived from tax exempt profits earned by the Company's " Approved Enterprises "
and " Beneficiary Enterprise. " The Company and its Board of Directors have determined that such tax-exempt income will not be distributed
as dividends and intends to reinvest the amount of its tax-exempt income earned by the Company. Accordingly, no provision for deferred
income taxes has been provided on income attributable to the Company's " Approved Enterprises " and " Beneficiary Enterprise " as such
income is essentially permanently reinvested.
If the Company's retained tax-exempt income is distributed, the income would be taxed at the applicable corporate tax rate as if it had not
elected the alternative tax benefits under the Investment Law and an income tax liability of up to $3,331 would be incurred as of December
31, 2018.
On December 29, 2010, the Knesset approved an additional amendment to the Law for the Encouragement of Capital Investments, 1959
("2010 Amendment"). According to the 2010 Amendment, a reduced uniform corporate tax rate for exporting industrial enterprises (over
25%) was established. The reduced tax rate will not be program dependent and will apply to the "Preferred Enterprise's" (as such term is
defined in the Investment Law) entire income. Pursuant to the 2010 Amendment, a "Preferred Enterprise" is entitled to a reduced corporate
tax rate of 15% in 2011 and 2012, unless the Preferred Enterprise is located in a specified development zone, in which case the rate will be
10%. Such corporate tax rate was determined to be 16% for 2014 until 2016.
F - 38
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
CYBERARK SOFTWARE LTD.
On March 2013, the Company notified the Israeli Tax Authorities that it had transferred from Beneficiary Enterprise status to Preferred
Enterprise status onwards.
Amendment to the Law for the Encouragement of Capital Investments, 1959 ("Amendment 73"):
In December 2016, the Israeli Knesset passed Amendment 73 to the Investment Law which included a number of changes to the Investments
Law regimes through regulations. approved on May 1, 2017 and that have come into effect from January 1, 2017.
Applicable benefits under the new regime include:
Introduction of a benefit regime for "Preferred Technology Enterprises," granting a 12% tax rate in central Israel - on income deriving from
Benefited Intellectual Property, subject to a number of conditions being fulfilled, including a minimal amount or ratio of annual R&D
expenditure and R&D employees, as well as having at least 25% of annual income derived from exports to large markets. Preferred
Technological Enterprise ("PTE") is defined as an enterprise which meets the aforementioned conditions and for which total consolidated
revenues of its parent company and all subsidiaries are less than NIS 10 billion.
A 12% capital gains tax rate on the sale of a preferred intangible asset to a foreign affiliated enterprise, provided that the asset was initially
purchased from a foreign resident at an amount of NIS 200 million or more.
A withholding tax rate of 20% for dividends paid from PTE income (with an exemption from such withholding tax applying to dividends
paid to an Israeli company). Such rate may be reduced to 4% on dividends paid to a foreign resident company, subject to certain conditions
regarding percentage of foreign ownership of the distributing entity.
The Company adopted the PTE since 2017 and believes it is eligible for its benefits.
h. Tax benefits under the Law for the Encouragement of Industry (Taxation), 1969:
Management believes that the Company currently qualifies as an "industrial company" under the above law and as such, is entitled to certain
tax benefits including accelerated depreciation, deduction of public offering expenses in three equal annual installments and amortization of
other intangible property rights for tax purposes.
F - 39
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
i.
Tax Benefits for Research and Development
CYBERARK SOFTWARE LTD.
Israeli tax law (section 20a to the Israeli Tax Ordinance) allows, under certain conditions, a tax deduction for research and development
expenses, including capital expenses, for the year in which they are paid. Such expenses must relate to scientific research in industry,
agriculture, transportation, or energy, and must be approved by the relevant Israeli government ministry, determined by the field of research.
Furthermore, the research and development must be for the promotion of the company's business and carried out by or on behalf of the
company seeking such tax deduction. However, the amount of such deductible expenses is reduced by the sum of any funds received through
government grants for the finance of such scientific research and development projects. As for expenses incurred in scientific research that is
not approved by the relevant Israeli government ministry, they will be deductible over a three-year period starting from the tax year in which
they are paid. The Company believes that it is eligible for the above mentioned benefit for the majority of its research and development
expenses.
j.
Tax Reform- United States of America
On December 22, 2017, the Tax Cuts and Jobs Act of 2017 ("Tax Act") was signed into law making significant changes to the Internal
Revenue Code of 1986, as amended ("Code"). Such changes include a reduction in the corporate tax rate and limitations on certain corporate
deductions and credits, among other changes. The changes include, but are not limited to:
Rate
Reduction
The Tax Act reduces the U.S. federal corporate income tax rate from 35% to 21% for tax years beginning after December 31, 2017. In
addition, the Tax Act makes certain changes to the depreciation rules and implements new limits on the deductibility of certain expenses and
deduction.
The Company recorded a reduction of its deferred tax assets as of December 31, 2017 of approximately $6.5 million.
Deemed
Repatriation
Transition
Tax
The Deemed Repatriation Transition Tax is a tax on previously untaxed accumulated and current earnings and profits ("E&P") of certain
foreign subsidiaries. To determine the amount of the Transition Tax, the Company must determine, in addition to other factors, the amount of
post-1986 E&P of its foreign subsidiaries, as well as the amount of non-U.S. income taxes paid on such earnings. The Company's US
subsidiary has one foreign subsidiary which impact of the Transition Tax is immaterial
F - 40
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
Tax
Deductibility
of
Executive
Compensation
CYBERARK SOFTWARE LTD.
Prior to the Tax Act being signed into law on December 22, 2017, Section 162(m) of the Code generally disallowed tax deductions for
publicly-held companies for compensation paid to certain of its executive officers who were "covered employees" under this rule in excess of
$1 million per officer in any year. Performance-based compensation was exempt from this deduction limitation if specific requirements set
forth in the Code and applicable Treasury Regulations were met.
The Tax Act repealed the exemption from Section 162(m)'s deduction limit for performance-based compensation, effective for the taxable
years after December 31, 2017. Accordingly, compensation paid to the Company's covered executive officers in excess of $1 million during
such taxable years will not be deductible unless such compensation qualifies for transition relief applicable to certain arrangements in place
as of November 2, 2017.
The SEC staff issued SAB 118 which allowed the Company to record provisional amounts during a measurement period of 12 months
following the Tax Act. During 2018, the Company completed the accounting treatment related to tax effects of the Tax Act and no material
differences were identified from the recorded provisional amounts.
k.
Tax assessments:
As of December 31, 2018, CyberArk Software Ltd.'s tax years until December 31, 2013 are subject to statutes of limitation effective in Israel.
As of that date, the U.K. subsidiary's tax years until December 31, 2014 are also subject to statutes of limitation effective in U.K. The U.S.
subsidiary's tax years ended from December 31, 2015 through 2018 are still open, as the statutes of limitation have not yet expired. For
companies acquired by the U.S. subsidiary, there are open loss years from 2008 through 2017.
l.
Unrecognized tax benefits:
A reconciliation of the opening and closing amounts of total unrecognized tax benefits is as follows:
Year ended
December 31,
2017
2018
Opening balance
Increase related to prior year tax positions
Decrease related to expiration of statutes of limitation s
Increase related to current year tax positions (including those related to acquisitions made during the year)
$
474 $
348
-
297
1,119
404
(353)
823
Closing balance
$
1,119 $
1,993
F - 41
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 11: INCOME TAXES (Cont.)
CYBERARK SOFTWARE LTD.
During the years ended December 31, 2016, 2017 and 2018, the Company recorded $18, $56 and $(38), respectively, for interest expense
(income) related to uncertain tax positions. As of December 31, 2017 and 2018, accrued interest was $103 and $65, respectively.
Although the Company believes that it has adequately provided for any reasonably foreseeable outcomes related to tax audits and settlement,
there is no assurance that the final tax outcome of its tax audits will not be different from that which is reflected in the Company's income tax
provisions. Such differences could have a material effect on the Company's income tax provision, cash flow from operating activities and net
income in the period in which such determination is made.
NOTE 12: FINANCIAL INCOME, NET
Bank charges
Exchange rate income (losses), net
Interest income
Financial income, net
NOTE 13: BASIC AND DILUTED NET INCOME PER SHARE
Year ended
December 31,
2017
2016
2018
$
(144) $
(969)
1,358
(158) $
1,735
2,526
(177)
(1,050)
5,778
$
245 $
4,103 $
4,551
Year ended
December 31,
2017
2016
2018
Numerator:
Net income available to shareholders of ordinary shares
$
28,124 $
16,015 $
47,072
Denominator:
Shares used in computing basic net income per ordinary shares
33,741,359
34,824,312
36,174,316
Year ended
December 31,
2017
2016
2018
Numerator:
Net income available to shareholders of ordinary shares
$
28,124 $
16,015 $
47,072
Denominator:
Shares used in computing diluted net income per ordinary shares
35,838,863
36,175,824
37,065,727
F - 42
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data)
NOTE 14: SEGMENTS, CUSTOMERS AND GEOGRAPHIC INFORMATION
a.
The Company applies ASC No. 280, " Segment Reporting." The Company operates in one reportable segment.
The total revenues are attributed to geographic areas based on the location of the Company's channel partners which are considered as end
customers, as well as direct customers of the Company.
b.
The following tables present total revenues for the years ended December 31, 2016, 2017 and 2018 and long-lived assets as of December 31,
2017 and 2018:
Revenues:
United States
Israel
United Kingdom
Europe, the Middle East and Africa *)
Other
Year ended
December 31,
2017
2016
2018
$
125,749 $
6,818
21,699
39,577
22,770
145,453 $
7,282
24,837
49,659
34,470
187,704
6,909
26,652
78,525
43,409
$
216,613 $
261,701 $
343,199
For the years ended December 31, 2017 and 2018, no single customer contributed more than 10% to the Company's total revenues. For the
year ended December 31, 2016, 12% of the Company's total revenues were derived from one channel partner.
Long-lived assets:
United States
Israel
United Kingdom
Europe, the Middle East and Africa *)
Other
*) Excluding United Kingdom and Israel
F - 43
December 31,
2017
2018
$
1,252 $
7,493
233
39
213
4,502
9,161
944
126
387
$
9,230 $
15,120
�WELLS 60 REALTY LLC
c/o lntrum Corp.
180 Wells Avenue, Suite 100
Newton, MA 02459
Exhibit 4.4
June 28, 2018
CyberArk Software, Inc.
60 Wells Avenue
Newton, MA 02459
Attention: Ehud Mokady, President and CEO
Suzy Peled-Spigelman, Vice President Finance, Americas
Re. Lease dated October 28, 2013 between Wells 60 Realty LLC ("Landlord") and CyberArk Software, Inc. ("Tenant") as affected by Second Amendment of
Lease dated as of February 27, 2018, including all documents referenced therein ("Second Amendment") between Landlord and Tenant (collectively, the
"Lease")
Dear Udi and Suzy:
This letter ("Letter Agreement") is to document the agreements reached between Landlord and Tenant relating to the Landlord's Work, the Term
Commencement Date, and the Rent Commencement Date with respect to the Additional Premises. Capitalized terms used in this Letter Agreement and not
otherwise defined shall have the meanings ascribed to such terms in the Second Amendment.
Accordingly, this Letter Agreement confirms that Landlord and Tenant have agreed as follows:
1.
2.
3.
The Term Commencement Date with respect to the Additional Premises shall be September 2, 2018.
The Rent Commencement Date with respect to the Additional Premises shall be December 10, 2018.
Pursuant to Section 10.8 of the Second Amendment, Landlord and Tenant have agreed that the total estimate of Excess Project Costs for the Landlord's
Work is One Million Seven Hundred Ten Thousand Five Hundred Forty-Four and 52/100 ($1,710,544.52) Dollars. Notwithstanding the provisions set
forth in Section 10.B., Landlord and, Tenant agree that the Excess Project Costs shall be paid as follows: One Million ($1,000,000.00) Dollars (the "Initial
Payment") shall be paid by Tenant directly to Landlord by wire transfer of immediately available funds, on or before June 26, 2018; and the balance of the
Excess Project Costs in the amount of Seven Hundred Ten Thousand Five Hundred Forty-Four and 52/100 ($710,544.52) Dollars (the "Escrowed Funds")
shall be paid to Seller's counsel, Bernkopf Goodman LLP ("Bernkopf”) on or before June 29, 2018, and shall be held by Bernkopf in its clients' funds
account, without interest, pursuant to the escrow agreement between the parties attached hereto, and shall be released directly to Landlord, without
condition, upon the earlier to occur of: (a) September 1, 2018; and (b) the date on which Bernkopf receives a letter from landlord certifying that the Initial
Payment has been used in full by Landlord in connection with Landlord's performance of Landlord's Work. The foregoing shall be the only conditions to
be satisfied for the release of the Escrowed Funds to Landlord.
�4.
With references to Section VIII of the Second Amendment , Landlord and Tenant acknowledge that the scope of the Tenant Improvements and Tenant's
Common Area Work has significantly expanded to include modifications to other portions of the Building common area, more specifically , the hallways,
lobbies, tenant’s suite entries and systems, utilities , and fixtures servicing those areas that service the Building (the " Additionally Impacted Common
Areas and Facilities " ) , in addition to the Wells Avenue Lobby as contemplated in the Second Amendment. Accordingly , it is understood that the
Common Area Restoration shall include returning those Addit i onally Impacted Common Areas and Facilities to a condition similar to that existing prior
to the construction of such expanded Tenant Common Area Work , including , without limitation , reconfiguring and re - demising the Building for multi
- tenant use for at least four (4) tenants (including glass tenant entries similar to those presently existing and common hallways) , restoring Building
systems , fixtures and utilities for multi-tenant occupancy , and providing access to the Building , common areas , and tenant spaces ; all of the foregoing
Common Area Restoration work using finishes and materials as required by said Section VIII. Notwithstanding the foregoing , the Common Area
Restoration Work shall not include the construction of new demising walls between tenant - to - tenant suites . Landlord shall provide a restoration plan to
document the multi - tenant reconfiguration , finish and fixture allowances and other Common Area Restoration work . Landlord and Tenant will work
together within the next twenty-one (21) days after the date hereof , to reach a resolut i on to provide Landlord with security for the cost of the expanded
Common Area Restoration work (an agreed upon letter of credit being an acceptable resolution) .
5.
Except as affected by this Letter Agreement , the Lease shall remain unmodified and in full force and effect, and is hereby ratified .
Please confirm your agreement with the foregoing by countersigning a copy of this Letter Agreement in the space indicated below .
Very truly yours,
/s/Wells 60 Realty LLC
/s/CyberArk Software, Inc.
�English summary of the office lease agreement dated February 26, 2015 entered by and between Azorei Mallal Industries Ltd. (the “Landlord” ) and CyberArk
Software Ltd. (the “Company” ), regarding the Company's office space in Petach-Tikva, Israel, as amended on April 7, 2016 and December 26, 2018 ( “Lease” ).
Exhibit 4.5
•
•
Subject Matter of the Lease : Unprotected tenancy lease of office and parking spaces for the purpose of conducting the Company's business. Premises
are located in Petach-Tikva, Israel.
Term of the Lease :
■
The term of the Lease is sixty (60) months commencing on July 1, 2017 other than with respect to the 1 st , 2 nd and 3 rd floors which commence
on later dates, with the Company's right for early termination after 36 months. The Company is given two options to extend the term of the Lease
of twelve (12) months each. Such options apply automatically unless the Company notifies the Landlord 180 days prior to the commencement of
each such option period that it does not wish to exercise the option.
■
The term of the Lease for all parking spaces, leased by the Company from time to time, is linked to the lease term of the main premises.
•
Premises Covered by the Lease :
■
Property – The Lease includes 10 floors, levels 1 to 10. The Company has a right of first refusal to lease the remaining 3 adjacent floors in the
Landlord’s other existing or future buildings that are located in the same office park.
■
Parking – The Company has the right to lease two hundred and forty (240) parking lots.
•
Rental Fees :
■
■
Property – The Company shall pay a monthly rental fee of 74 NIS (approximately US$18) per square meter (gross). For the first option period,
the monthly rental fees shall be increased by 5% compared to the monthly rental fee of the preceding period. All rental fees are exclusive of
VAT and index-linked to the Consumer Price Index published by the Central Bureau of Statistics (the “ Index ”); provided
that the rental fees
shall not be less than the nominal values listed above.
Parking – The monthly rental fee for the parking spaces currently leased by the Company is NIS 433 per parking space, in each case plus VAT
and Index-linked.
■ Management Fees – The management fees shall be paid on a cost plus 15% basis plus VAT and Index-linked.
■
Payment Terms – The rental fees shall be paid three months in advance. The Company has agreed to sign a direct debit with respect to the rental
and management fees. In the event the Company is over-charged, that extra amount shall be remitted to the Company within five business days.
•
Guarantees :
■ An autonomous un-conditional bank guarantee, for an amount representing three (3) months' rental fee plus VAT, to be extended from time to
time by the Company to remain in force for the entire term of Lease and for ninety (90) days thereafter.
•
Dispute Resolution :
■
Technical disputes raised regarding the Lease, shall be governed by an agreed-upon professional arbitrator (a civil engineer). Legal disputes
raised regarding the Lease, shall be governed by Israeli Court in Tel Aviv.
�•
Other Terms of the Lease :
■
■
The Company has a right to sub-lease the premises (or any portion thereof) and to sub-let to a substitute lessee, subject to the Landlord's prior
written consent. The Company may also transfer the Lease to an affiliate, subject to the Landlord's prior written consent.
Similar to other lease agreements, each party agrees to assume responsibility for any damage, injury or loss (bodily or otherwise) resulting from
any act, omission or negligence on its part, and with respect of the Company—relating to its use of the leased property.
•
The Lease further includes terms concerning the following matters:
■ Renovations – Generally, the Company may not perform any major renovations on the premises without prior written authorization from the
Landlord. Subject to such advance approval by the Landlord, the Company may invest certain amounts on renovations for which the Landlord
has agreed to reimburse the Company for a certain percentage of the costs.
■ Utilities – The Company is responsible for paying for water, power and telephone utility bills, in addition to any taxes or fees, tolls, levies,
property taxes and any other payments owed to governmental or local authorities relating to the property during the term of the Lease, unless
such fees are specifically designated for the property owner.
■ No Right of set-off – The parties have agreed that any amounts owed shall not be subject to a set-off right.
■
Termination of the Lease, vacating of premises and fixtures – Upon the termination or expiration of the Lease, the Company shall vacate the
premises from any person or object which is not owned by the Landlord and return it to the Landlord in an undamaged, usable state. The
Company has sole discretion to remove any fixtures, provided such removal does not damage the premises and provided that the Landlord will
have no duty to compensate the Company for fixtures which it decides to leave.
�List of Subsidiaries of CyberArk Software Ltd.
Exhibit 8.1
Name of Subsidiary
CyberArk Software, Inc.
Cyber-Ark Software (UK) Limited
CyberArk Software (Singapore) PTE. LTD.
Cyber-Ark Software (DACH) GmbH
CyberArk Software Italy S.r.l.
CyberArk Software (France) SARL
CyberArk Software (Netherlands) B.V.
CyberArk Software (Australia) Pty Ltd.
CyberArk Software (Japan) K.K.
CyberArk Software Canada Inc.
CyberArk USA Engineering LP
Place of Incorporation
Delaware, United States
United Kingdom
Singapore
Germany
Italy
France
Netherlands
Australia
Japan
Canada
Delaware, United States
�Exhibit 12.1
CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER PURSUANT TO
EXCHANGE ACT RULE 13A-14(A)/15D-14(A)
AS ADOPTED PURSUANT TO SECTION 302
OF THE SARBANES-OXLEY ACT OF 2002
I, Ehud Mokady, certify that:
1.
I have reviewed this Annual Report on Form 20-F of CyberArk Software Ltd. (the “company”);
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements
made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial
condition, results of operations and cash flows of the company as of, and for, the periods presented in this report;
4. The company's other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act
Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the company and
have:
a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to
ensure that material information relating to the company, including its consolidated subsidiaries, is made known to us by others within those
entities, particularly during the period in which this report is being prepared;
b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our
supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting principles;
c. Evaluated the effectiveness of the company's disclosure controls and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d. Disclosed in this report any change in the company's internal control over financial reporting that occurred during the period covered by the
annual report that has materially affected, or is reasonably likely to materially affect, the company's internal control over financial reporting; and
5. The company's other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the company's
auditors and the audit committee of the company's board of directors (or persons performing the equivalent functions):
a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably
likely to adversely affect the company's ability to record, process, summarize and report financial information; and
b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the company's internal control
over financial reporting.
/s/ Ehud Mokady
Ehud Mokady
Chairman of the Board & Chief Executive Officer
Date: March 14, 2019
�Exhibit 12.2
CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER PURSUANT TO
EXCHANGE ACT RULE 13A-14(A)/15D-14(A)
AS ADOPTED PURSUANT TO SECTION 302
OF THE SARBANES-OXLEY ACT OF 2002
I, Joshua Siegel, certify that:
1.
I have reviewed this Annual Report on Form 20-F of CyberArk Software Ltd. (the “company”);
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements
made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial
condition, results of operations and cash flows of the company as of, and for, the periods presented in this report;
4. The company’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act
Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the company and
have:
a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to
ensure that material information relating to the company, including its consolidated subsidiaries, is made known to us by others within those
entities, particularly during the period in which this report is being prepared;
b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our
supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting principles;
c. Evaluated the effectiveness of the company’s disclosure controls and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d. Disclosed in this report any change in the company’s internal control over financial reporting that occurred during the period covered by the
annual report that has materially affected, or is reasonably likely to materially affect, the company’s internal control over financial reporting; and
5. The company’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the company’s
auditors and the audit committee of the company’s board of directors (or persons performing the equivalent functions):
a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably
likely to adversely affect the company’s ability to record, process, summarize and report financial information; and
b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the company’s internal control
over financial reporting.
/s/ Joshua Siegel
Joshua Siegel
Chief Financial Officer
Date: March 14, 2019
�CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER PURSUANT TO
18 U.S.C. SECTION 1350
AS ADOPTED PURSUANT TO SECTION 906
OF THE SARBANES-OXLEY ACT OF 2002
Exhibit 13.1
In connection with the Annual Report of CyberArk Software Ltd. (the “Company”) on Form 20-F for the fiscal year ended December 31, 2018 as filed with the
Securities and Exchange Commission on the date hereof (the “Report”), I, Ehud Mokady, do certify, pursuant to 18 U.S.C. § 1350, as adopted pursuant to
Section 906 of the Sarbanes-Oxley Act of 2002, that to my knowledge:
(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
/s/ Ehud Mokady
Ehud Mokady
Chairman of the Board and Chief Executive Officer
Date: March 14, 2019
�CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER PURSUANT TO
18 U.S.C. SECTION 1350
AS ADOPTED PURSUANT TO SECTION 906
OF THE SARBANES-OXLEY ACT OF 2002
Exhibit 13.2
In connection with the Annual Report of CyberArk Software Ltd. (the “Company”) on Form 20-F for the fiscal year ended December 31, 2018 as filed with the
Securities and Exchange Commission on the date hereof (the “Report”), I, Joshua Siegel, do certify, pursuant to 18 U.S.C. § 1350, as adopted pursuant to
Section 906 of the Sarbanes-Oxley Act of 2002, that to my knowledge:
(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
/s/ Joshua Siegel
Joshua Siegel
Chief Financial Officer
Date: March 14, 2019
�CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
We hereby consent to the incorporation by reference in the Registration Statements on Form S-8 (Nos. 333-200367, 333-202850, 333-216755 and 333-223729) of
CyberArk Software Ltd. of our reports dated March 14, 2019 with respect to the consolidated financial statements of CyberArk Software Ltd. and its subsidiaries
and the effectiveness of internal control over financial reporting of CyberArk Software Ltd. and its subsidiaries included in this annual report on Form 20-F for the
year ended December 31, 2018.
Tel Aviv, Israel
March 14, 2019
/s/ KOST FORER GABBAY AND KASIERER
A member of Ernst & Young Global
Exhibit 15.1
�