UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 20-F
☐
☒
☐
☐
REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
OR
For the fiscal year ended December 31, 2020
OR
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
OR
SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
Commission file number 001-36625
CYBERARK SOFTWARE LTD.
(Exact name of Registrant as specified in its charter)
ISRAEL
(Jurisdiction of incorporation or organization)
9 Hapsagot St.
Park Ofer B, P.O. BOX 3143
Petach-Tikva 4951040, Israel
(Address of principal executive offices)
Donna Rahav
General Counsel and Compliance Officer
Telephone: +972 (3)918-0000
CyberArk Software Ltd.
9 Hapsagot St.
Park Ofer B, P.O. BOX 3143
Petach-Tikva 4951040, Israel
(Name, telephone, e-mail and/or facsimile number and address of company contact person)
Securities registered or to be registered pursuant to Section 12(b) of the Act:
Title of each class
Trading Symbol(s)
Name of each exchange on which registered
Ordinary shares, par value NIS 0.01 per share
CYBR
The Nasdaq Stock Market LLC
Securities registered or to be registered pursuant to Section 12(g) of the Act: None.
Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.
��Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As
of December 31, 2020, the registrant had outstanding 39,034,759 ordinary shares, par value NIS 0.01 per share.
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities
Exchange Act of 1934.
Yes ☒ No ☐
Yes ☐ No ☒
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the
preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the
past 90 days.
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation
S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).
Yes ☒ No ☐
Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer or an emerging growth company. See the
definitions of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer ☒
Accelerated filer ☐
Non-accelerated filer ☐
Emerging growth company ☐
If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use
the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over
financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit
report. ☒
Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:
U.S. GAAP ☒ International Financial Reporting Standards as issued by the
International Accounting Standards Board ☐
Other ☐
If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.
If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).
Item 17 ☐ Item 18 ☐
Yes ☐ No ☒
�CYBERARK SOFTWARE LTD.
FORM 20-F
ANNUAL REPORT FOR THE FISCAL YEAR ENDED DECEMBER 31, 2020
TABLE OF CONTENTS
Introduction
Special Note Regarding Forward-Looking Statements
Item 1.
Item 2.
Item 3.
Item 4.
Identity of Directors, Senior Management and Advisers
Offer Statistics and Expected Timetable
PART I
Key Information
Information on the Company
Item 4A.
Unresolved Staff Comments
Item 5.
Item 6.
Item 7.
Item 8.
Item 9.
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
Item 15.
Item 16A.
Item 16B.
Item 16C.
Item 16D.
Item 16E.
Item 16F.
Item 16G.
Item 16H.
Item 17.
Item 18.
Item 19.
Operating and Financial Review and Prospects
Directors, Senior Management and Employees
Major Shareholders and Related Party Transactions
Financial Information
The Offer and Listing
Additional Information
Quantitative and Qualitative Disclosures About Market Risk
Description of Securities Other Than Equity Securities
PART II
Defaults, Dividend Arrearages and Delinquencies
Material Modifications to the Rights of Security Holders and Use of Proceeds
Controls and Procedures
Audit Committee Financial Expert
Code of Ethics
Principal Accountant Fees and Services
Exemptions from the Listing Standards for Audit Committees
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
Change in Registrant’s Certifying Accountant
Corporate Governance
Mine Safety Disclosure
Financial Statements
Financial Statements
Exhibits
PART III
1
1
2
2
2
27
38
38
59
78
80
81
81
89
90
91
91
91
92
92
92
93
93
93
93
93
93
93
94
�INTRODUCTION
In this annual report, the terms “CyberArk,” “we,” “us,” “our” and “the company” refer to CyberArk Software Ltd. and its subsidiaries.
This annual report includes statistical, market and industry data and forecasts, that we obtained from publicly available information and independent industry
publications and reports that we believe to be reliable sources. These publicly available industry publications and reports generally state that they obtain their
information from sources that they believe to be reliable, but they do not guarantee the accuracy or completeness of the information. Although we believe that these
sources are reliable, we have not independently verified the information contained in such publications. Certain estimates and forecasts involve uncertainties and
risks and are subject to change based on various factors, including those discussed under the headings “Special Note Regarding Forward-Looking Statements” and
“Item 3.D. Risk Factors” in this annual report.
Throughout this annual report, we refer to various trademarks, service marks and trade names that we use in our business. The “CyberArk” design logo is the
property of CyberArk Software Ltd. CyberArk® is our registered trademark in the United States and many other countries. We have several other trademarks,
service marks and pending applications relating to our solutions. In particular, although we have omitted the “®” and “™” trademark designations in this annual
report from each reference to our Privileged Access Security Solution, Enterprise Password Vault, Privileged Session Manager, Privileged Threat Analytics,
CyberArk Privilege Cloud, Application Access Manager, Conjur, Endpoint Privilege Manager, On-Demand Privileges Manager, Secure Digital Vault, Web
Management Interface, Master Policy Engine and Discovery Engine, CyberArk DNA, Alero, Idaptive, Cloud Entitlements Manager and C3 Alliance, all rights to
such names and trademarks are nevertheless reserved. Other trademarks and service marks appearing in this annual report are the property of their respective
holders.
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
In addition to historical facts, this annual report contains forward-looking statements within the meaning of Section 27A of the U.S. Securities Act of 1933, as
amended, or the Securities Act, Section 21E of the U.S. Securities Exchange Act of 1934, as amended, or the Exchange Act, and the safe harbor provisions of the
U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to risks and uncertainties, and include information about
possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify
forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,”
“potential,” or the negative of these terms or other similar expressions. The forward-looking statements are based on our beliefs, assumptions and expectations of
future performance. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the
results, levels of activity, performance or achievements expressed or implied by the forward-looking statements, including, but not limited to:
•
•
•
•
•
•
•
•
•
•
•
changes to the drivers of our growth and our ability to adapt our solutions to IT security market demands;
our plan to begin actively transitioning our business to a recurring revenue model in 2021 and our ability to complete the transition in the time frame
expected;
our sales cycles and multiple pricing and delivery models may cause results to fluctuate;
difficulties predicting future financial results, including due to impacts from the COVID-19 pandemic;
unanticipated product vulnerabilities or cybersecurity breaches of our or our customers’ systems;
our ability to sell into existing and new customers and industry verticals;
the ability of our research and development efforts to successfully enhance and develop existing and new products and services;
the duration and scope of the COVID-19 pandemic and its impact on global and regional economies and the resulting effect on the demand for our
solutions and on our expected revenue growth rates and costs;
our ability to hire, retain and motivate qualified personnel;
our ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions;
our ability to expand our sales and marketing efforts and expand our channel partnerships across existing and new geographies;
1
�•
•
•
•
risks associated with our global sales and operations, such as changes in regulatory requirements or fluctuations in currency exchange rates;
our ability to adjust our operations in response to impacts from the COVID-19 pandemic;
additional capital expenditures beyond what we currently expect; and
any failure to retain our “foreign private issuer” status or the risk that we may be classified, for U.S. federal income tax purposes, as a “passive foreign
investment company.”
In addition, you should consider the risks provided under “Item 3.D. Risk Factors” in this annual report.
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking
statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking
statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason
after the date of this annual report, to conform these statements to actual results or to changes in our expectations.
ITEM 1.
IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS
Not applicable.
ITEM 2.
OFFER STATISTICS AND EXPECTED TIMETABLE
PART I
Not applicable.
ITEM 3.
KEY INFORMATION
A.
Selected Financial Data
Not applicable.
B.
Capitalization and Indebtedness
Not applicable.
C.
Reasons for the Offer and Use of Proceeds
Not applicable.
D.
Risk Factors
Risks Related to Our Business and Our Industry
The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape. If our solutions fail to adapt to market changes and
demands, sales may not continue to grow or may decline.
We offer identity security solutions that safeguard privileged accounts’ credentials and secrets, secure access across both human and non-human identities, and
manage entitlements to cloud environments. We operate in a rapidly evolving industry, focused on securing and providing access to organizations’ IT systems and
sensitive data.
Accelerated adoption of cloud and Software-as-a-Service (SaaS) and the expansion of remote workforce has led to a proliferation of privileged access in recent
years. Breaches of privileged accounts and access have become ubiquitous, yet overall IT security spending is spread across a wide variety of solutions and
strategies, including, for example, endpoint, network and cloud security, vulnerability management and identity and access management. Organizations continually
evaluate their security priorities and investments and may allocate their IT security budgets to other solutions and strategies and may not adopt or expand use of our
solutions. Organizations are also moving portions of their IT systems to be managed by third parties, primarily infrastructure, platform and application service
providers, and may rely on such providers’ internal security measures. If customers do not recognize the benefit of our solutions as a critical layer of an effective
security strategy, our revenues may decline, which could cause our share price to decrease in value.
2
�Security solutions such as ours, which aim to disrupt cyberattacks by insiders and external perpetrators that have penetrated an organization’s IT environment,
represent a security layer designed to respond to advanced threats and more rigorous compliance standards and audit requirements. However, advanced cyber
attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations’ sensitive data and technology assets,
including those of IT and cybersecurity providers, as demonstrated by the 2020 SolarWinds SUNBURST attack. We expect our customers, and thereby our
solutions, to face new and increasingly sophisticated methods of attack, particularly given the increasing complexity of IT and the proliferation of privileged access
across identities. We face significant challenges in ensuring that our solutions effectively identify and respond to sophisticated attacks while avoiding disruption to
our customers’ IT systems ongoing performance. As a result, we must continually modify and improve our products and services in response to market and
technology trends to ensure we are meeting market needs and continue providing valuable solutions that can be deployed in a variety of IT environments, including
cloud and hybrid.
We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop or acquire product enhancements or new
products or services to meet such needs or opportunities in a timely manner or at all. Even if we are able to anticipate, develop and commercially introduce new
products, such as our Cloud Entitlements Manager and our Identity Security offerings, and ongoing enhancements to our existing products, there can be no
assurance that such enhancements or new solutions will achieve widespread market acceptance. Delays in developing, completing or delivering new or enhanced
solutions could cause our offerings to be less competitive, impair customer acceptance of our solutions and result in delayed or reduced revenue and share price
decline.
We are actively transitioning our business to a recurring revenue model. If we fail to successfully manage our licensing and business model transition,
including not maintaining existing customers or sufficient renewal rates for maintenance and support and subscriptions, our operating results and share price
may be adversely affected.
We began actively transitioning our business to a recurring revenue model in January 2021. Our transition strategy addresses and leverages the significant shifts in
the global technology market in 2020, as well as recent years’ changes in IT environments such as the acceleration in the adoption of cloud environments, SaaS
applications, software automation tools and DevOps methodologies. Our transition aims at shifting our sales from perpetual licenses to subscriptions, for both SaaS
and on-premises offerings. Our strategy requires considerable investments in our go to market and research and development organizations and activities as well as
in our systems and adjustments in our operations, reporting and financial resources. We have no assurance that our investments and changes to our operations will
result in the desired growth in our subscription revenue. As we execute our strategy, we expect our perpetual license revenue and our operating margin to
significantly decline in the near term – before we are able to fully transition into a subscription model – and our maintenance service revenue to gradually decline
over the coming years. While we expect the majority of our existing customers to expand their deployment leveraging subscription offerings (whether on-premises
or SaaS), and new customers to purchase subscriptions at an increased rate, certain customers may still desire perpetual licenses and our transition may not occur
within our planned timeline.
With our transition to a recurring revenue model, we will become significantly more dependent on renewals to meet our total revenue and profitability targets. Our
renewal rate for maintenance contracts associated with perpetual license sales in each of the years ending December 31, 2019 and 2020 was approximately 90%.
We believe that our maintenance contracts related to our perpetual license business will continue to have strong renewal rates; however, customers may choose to
change licensing models from perpetual to subscription and while we expect to generate the same if not higher recurring revenue under a subscription there is a risk
that the customer lowers their annual contract value.
Customer subscription renewal rates may decline or fluctuate due to a number of factors, including offering pricing, implementation and adoption rate of our
solutions, reductions in customer spending levels or customer activity due to economic downturns or other market uncertainty, competitive offerings and customer
satisfaction. In addition, we, along with our service providers or channel partners, may not be able provide adequate services that are responsive, satisfy our
customers’ expectations and resolve issues that they encounter with our solutions. Even with adequate support, our customers are ultimately responsible for
effectively using our solutions and ensuring that their IT staff and other relevant users are properly trained in the use of our products and complementary security
products, methodologies and processes. As a result, customers may become dissatisfied with our products and decide not to renew, which may have a material and
adverse effect on our business and results of operations.
3
�We may face additional complications or risks in connection with our transition to a recurring revenue model, including the following:
•
•
•
•
•
•
•
our revenues may fluctuate as a result of variations in our booking mix from the different licensing and delivery models and the corresponding timing of
revenue recognition – ratably for SaaS subscriptions and the maintenance portion of on-premises subscriptions and upon delivery for perpetual licenses
and the license portion of on-premises subscriptions. For example, if our customers prefer to buy our solutions as a subscription at a greater rate than we
anticipate, our recognized revenues may lag our expectations and guidance;
our operating profitability, net income and cash flow from operating activities are expected to decline during the transition period as more revenues are
recognized ratably and due to an increase in annual invoicing. In addition, we continue to make significant short-term investments in our business and
operations to drive long-term growth;
our revenues and earnings may decline if our customers do not renew, or reduce the scope of, their subscriptions;
the introduction of new product offerings and solutions may result in longer sales cycles, lost opportunities or less predictable revenues if our new or
existing customers, prospects and partners are less receptive of such advancements (including a transition to SaaS in order to receive certain
functionalities) or require a longer period to assess and select the solutions appropriate to them;
the introduction of more SaaS offerings may require extended presale processes due to, among others, comprehensive product and security reviews and
requirements by customers, extensive contract negotiations and more stringent compliance and operational obligations (such as those related to data
protection);
our research and development teams may find it difficult to deliver functionality and drive innovation across multiple code bases on a timely basis; and
our sales force may struggle with selling multiple pricing, licensing and delivery models to customers, prospects and partners, which may extend sales
cycles, reduce the likelihood of sales closing, or lead to increased turnover rates and lower headcount.
Our quarterly results of operations may fluctuate for a variety of reasons. We may, as a result, fail to meet publicly announced financial guidance or other
expectations about our business, which could cause our ordinary shares to decline in value.
We offer new and existing customers multiple software pricing and delivery models and have begun actively transitioning our business to a recurring revenue
model in January 2021. It may be difficult to predict the mix of the perpetual and subscription bookings in any given quarter, which could impact our financial
results and cause us to fail to meet publicly announced financial guidance or other expectations. We recognize revenue differently based on the composition of the
selected offering. Specifically, we recognize revenue from perpetual licenses upon their delivery and the license portion of on-premises subscriptions upon the
commencement of the subscription period. We recognize revenue from SaaS subscriptions and from maintenance services for perpetual licenses or on-premises
subscription ratably over the period of the subscription or maintenance contract. This may cause trends in revenue recognition to lag those in sales, potentially
causing us to fall short of investor expectations for revenue even while meeting or exceeding periodic sales targets. Our active transition to a recurring revenue
model, starting in 2021, could reduce our overall revenue growth rates, operating margins and cash flow in the short term due to the ratable revenue recognition.
A meaningful portion of our quarterly revenues is generated through transactions of significant size, and purchases of our products and services often occur at the
end of each quarter. We also experience quarterly and annual seasonality in our sales, demonstrated by increased sales in the third month of each quarter relative to
the first two months and increased sales in the fourth quarter of each year. The timing in which SaaS deals close may further exacerbate the seasonality impact on
reported revenues due to the ratable recognition. In addition, our sales cycle can be intensively competitive and last several quarters from proof of concept to the
actual sale and initial delivery of our solutions to our customers. This sales cycle can be even longer, less predictable and more resource-intensive for larger sales,
or with customers implementing complex digital transformation strategies or facing a complex set of compliance and user requirements. Customers may also
require additional internal committee or executive approvals, extensive security reviews, longer product trial periods and prolonged contract negotiation before
making a final purchase, all of which may be exacerbated with the increased volume of SaaS transactions. A failure to close a large transaction in a particular
quarter may adversely impact our revenues in that quarter. Closing of an exceptionally large transaction in a certain quarter may disproportionately increase our
revenues in that quarter, which may make it more difficult for us to meet growth rate expectations of our investors in subsequent quarters. Furthermore, even if we
close a sale during a given quarter, we may be unable to recognize the revenues derived from such sale during the same period due to our revenue recognition
policy and our transition to a recurring revenue model. As a result of the foregoing factors, the timing of closing sales cycles and the resulting revenue from such
sales can be difficult to predict. In some cases, sales have occurred in a quarter that was either earlier than, or subsequent to, the anticipated quarter, and in some
cases, sale opportunities expected to close did not close at all.
4
�All of these factors impact our quarterly results and our ability to accurately predict them and may result in us missing our guidance or falling short of market
expectations regarding our results. If our financial results for a particular period do not meet our guidance or if we reduce our guidance for future periods or refrain
from providing guidance, the market price of our ordinary shares may decline.
In addition to fluctuations related to our transition to a recurring revenue model and sales cycles described above, our results of operations may continue to vary as
a result of a number of other factors, many of which may be outside of our control or difficult to predict, including:
•
•
•
•
•
•
•
•
•
•
•
•
our ability to attract new customers;
our ability to retain existing customers by and through renewals of maintenance services and subscriptions;
the amount and timing of our operating costs and cash collection, which may vary also as a result of fluctuations in foreign currency exchange rates or
changes in taxes or other applicable regulations (see “—We are exposed to fluctuations in currency exchange rates, which could negatively affect our
financial condition and results of operations”);
the rate our customers fully deploy their purchased licenses or subscriptions, and our ability to sell additional products and services to current customers;
effects from the COVID-19 pandemic or other public health crises, and the global economic changes caused by it (see “—The COVID-19 pandemic,
measures globally taken in response to it and the resulting economic environment have adversely affected, and may continue to adversely affect, our
business, financial condition, and results of operations”);
the ability of our support, service and customer success operations to keep pace with sales to new and existing customers and the expansion of our solution
portfolio and to satisfy customer demands for consultancy and professional services;
our ability to successfully expand our business globally;
the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the
information security market, including consolidation among our competitors;
introduction of new accounting pronouncements or changes in our accounting policies or practices;
changes in our pricing policies or those of our competitors;
changes in the growth rate of the information security market; and
the size and discretionary nature of our prospective and existing customers’ IT budgets.
Any of these factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These
fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any given period. Such failures may cause the
market price of our ordinary shares to substantially decrease.
5
�Our reputation and business could be harmed due to real or perceived vulnerabilities in our solutions or services or the failure of our customers or third parties
to correctly implement, manage and maintain our solutions, resulting in loss of customers, enforcement actions, lawsuits or financial losses.
Security products, solutions and services such as our own are complex in design and deployment and may contain errors that are potentially incapable of being
remediated or detected until after their deployment, if at all. Any errors, defects, or misconfigurations could cause our products or services to not meet
specifications, be vulnerable to security attacks or fail to secure networks, which could negatively impact customer operations and harm our business and
reputation. In particular, we may suffer significant liability as a result of litigation or regulatory enforcement, indemnity claims, adverse publicity and reputational
harm, including a downgrade in our industry leadership position by industry analysts, if our solutions or services are associated, or are believed to be associated
with, or fail to reasonably protect against, a significant breach or a breach at a high-profile customer, managed service provider network, or third-party system
utilized by us as part of our cloud-based security solution.
Several of our solutions are made available to our customers as SaaS. Delivering software as a service involves storage and transmission of customers’ proprietary
information, including personal data, related to their assets, employees and users. Security breaches, improper configuration or product defects in our SaaS
solutions, production and development environments (including those embedded in third-party technology used by our customers) could result in loss or alteration
of this data, unauthorized access to multiple customers’ data and compromise of our networks or our customers’ networks secured by our SaaS solutions. Any such
incident, whether or not caused by us, could result in significant liability for us and negative business repercussions.
False detection of threats (referred to as “false positives”), while typical in our industry, may reduce perception of the reliability of our solutions and may therefore
adversely impact market acceptance. Our customers’ businesses could be harmed if our solutions restrict legitimate privileged access by authorized personnel to IT
systems and applications by falsely identifying those users as attackers or otherwise unauthorized, resulting in significant liability for us and negative business
implications. False positives may also reduce perception of the reliability of our solutions and our company’s reputation and may therefore adversely impact our
market acceptance and leadership position.
Our solutions not only reinforce but also rely on the common security concept of placing multiple layers of security controls throughout an IT system. The failure
of our customers, channel partners, managed service providers or subcontractors to correctly implement or effectively manage and maintain our solutions and the
environments in which they are utilized, or to consistently implement and utilize generally accepted and comprehensive, multi-layered security measures and
processes in customer networks, may lessen the efficacy of our solutions. Our customers or our channel partners may also independently develop or change existing
application programming interfaces (APIs) that we provide to them for interfacing purposes in an incorrect or insecure manner. Such failures or actions may lead to
security breaches and data loss, which could result in a perception that our solutions or services failed and associated negative business implications. Further, our
failure to provide our customers and channel partners with adequate services or accurate product documentation related to the use, implementation and maintenance
of our solutions, could lead to claims against us.
Similarly, and as demonstrated by the 2020 SolarWinds SUNBURST attack, our failure to effectively deploy and maintain multiple layers of security controls and
processes to detect threats within our own resources and networks, such as development or customer-serving production environments, could lead to a breach or
exploitation of our products or services by threat actors. As a result, such threat actors may gain access to and breach our customers’ deployments and
environments (see “— If our internal IT network system, or those of third party service providers associated with us, is compromised by cyber attacks or other data
breaches, or by a critical system failure, our reputation, financial condition and operating results could be materially adversely affected.”).
An actual or perceived cyber attack, other security breach or theft of our customers’ data, regardless of whether the breach or theft is actually attributable to the
failure of our products, SaaS solutions or the services we provided in relation thereto, could adversely affect the market’s perception of the efficacy of our solutions
and our industry standing. Such circumstances could cause current or potential customers to look to our competitors for alternatives to our solutions and subject us
to negative media attention, lawsuits, regulatory investigations and other government inquiries, indemnity claims and financial losses, as well as the expenditure of
significant financial resources to, among other actions, analyze, correct or eliminate any vulnerabilities. Provisions in our agreements that attempt to limit our
liabilities towards our customers, channel partners and relevant third parties may not withstand legal challenges, and certain liabilities may not be limited or
capped. Additionally, any insurance coverage we have may not adequately cover all claims asserted against us or may cover only a portion of such claims. An
actual or perceived cyber attack could also cause us to suffer reputational harm, lose existing customers, or deter new and existing customers from purchasing or
implementing our products.
6
�We face intense competition from a wide variety of IT security vendors operating in different market segments and across diverse IT environments, which may
challenge our ability to maintain or improve our competitive position or to meet our planned growth rates.
The IT security market in which we operate is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and
services, and evolving security threats. We compete with a multitude of companies that offer a broad array of IT security products that employ different approaches
and delivery models to address these evolving threats.
Our current competitors in the Privileged Access Management market include BeyondTrust Corporation, NortonLifeLock, Inc. (acquired by Broadcom Inc.), One
Identity LLC and Thycotic Software Ltd., some of which may offer solutions at lower price points. Further, we may face competition due to changes in the manner
that organizations utilize IT assets and the security solutions applied to them, such as the provision of Privileged Access Management functionalities as part of
public cloud providers’ infrastructure offerings, or cloud-based identity management solutions. With the acquisition of Idaptive and our strategy to provide
customers with a comprehensive identity security portfolio, and our DevOps security solution, some of the functionality offered in our products may compete with
certain solutions in the market such as solutions from Okta Inc., Microsoft Corporation or HashiCorp, Inc. In addition, Limited IT budgets may also result in
competition with providers of other advanced threat protection solutions such as Palo Alto Networks, CrowdStrike Holdings, Inc. and NortonLifeLock, Inc.
We also may compete, to a certain extent, with vendors that offer products or services in adjacent or complementary markets to Privileged Access Management,
including identity management vendors and cloud platform providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. As the identity
and access and Privileged Access Management markets have matured significantly over recent years the entry barrier is now lower, and it is easier for competitors
to compete in the market. Some of our competitors are large companies and have wider technical and financial resources and broader customer bases used to bring
competitive solutions to the market. These companies may already have existing relationships as an established vendor for other product offerings, and certain
customers may prefer one single IT vendor for product security procurement than purchasing solely based on product performance. Such companies may use these
advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in
consideration for maintenance and services fees, which could result in increased market pressure to offer our solutions and services at lower prices. They may also
develop different products to compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities,
technologies, standards or client requirements or enjoy stronger sales and service capabilities in certain regions. Additionally, niche vendors are developing and
marketing lower cost solutions with limited Privileged Access Management functionality that may impact our ability to maintain premium market pricing.
Our competitors may enjoy potential competitive advantages over us, such as:
•
•
•
•
•
greater name recognition, a longer operating history and a larger customer base;
larger sales and marketing budgets and resources;
broader distribution and established relationships with channel partners, advisory firms and customers;
increased effectiveness in protecting, detecting and responding to cyber attacks;
greater or localized resources for customer support and provision of services;
7
�•
•
•
•
greater speed at which a solution can be deployed and implemented;
greater resources to make acquisitions;
larger intellectual property portfolios; and
greater financial, technical and other resources.
Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources
and capabilities. Current or potential competitors have been acquired and consolidated or may be acquired by third parties with greater resources in the future.
Similarly, we may also face increased competition following an acquisition of new lines of business that compete with providers of such technologies or from
security vendors or other companies in adjacent markets extending their solutions into privilege access management or identity and access management (as
relevant). As a result of such acquisitions, our current or potential competitors may be able to adapt more quickly to new technologies and customer needs, devote
greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities
more readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may
reduce the price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to
increased pricing pressure on our products and could cause the average sales prices for our products to decline. We may be at a competitive disadvantage to our
privately held competitors, as they may not face the same accounting, auditing and legal standards we do as a public company. Such privately held competitors may
face less public scrutiny than we do and may be less risk-averse than we are, and therefore may have greater operational flexibility.
Furthermore, an increasing number of independent industry analysts and researchers regularly evaluate, compare and publish reviews regarding the functionality of
IT security products, including ours. These reviews may significantly influence the market perception of our products, and our reputation and brand could be
harmed from negative reviews of our products or increasingly positive reviews of our competitors’ products, or if such reviews do not view us as a market leader.
In addition, other IT security technologies exist or could be developed in the future by current or future competitors, and our business could be materially and
adversely affected if such technologies are widely adopted. We may not be able to successfully anticipate or adapt to changing technology or customer
requirements on a timely basis, or at all. If we fail to keep up with technological changes or convince our customers and potential customers of the value of our
solutions, even in light of new technologies, our business, results of operations and financial condition could be materially and adversely affected.
If we are unable to acquire new customers or sell additional products and services to our existing customers, our future revenues and operating results will be
harmed.
Our success and continued growth will depend, in part, on our ability to acquire a sufficient number of new customers while maintaining and expanding our
revenues from existing customers, by renewing contracts for our solutions and selling incremental or new licenses or subscriptions or solutions to existing
customers. If we are unable to succeed in such efforts, we will likely be unable to fully transition into a subscription-based model or generate revenue growth at
desired rates. In addition, competition in the marketplace may lead us to acquire fewer new customers or result in us providing more favorable commercial terms to
new or existing customers. Macro-economic effects such as those related to COVID-19 may also affect our ability to maintain our customer base and expand it, and
the pandemic and its associated global response may also make establishing relationships and new supplier expertise among potential customers more challenging.
(see “-- The COVID-19 pandemic, measures globally taken in response to it and the resulting economic environment have adversely affected, and may continue to
adversely affect, our business, financial condition, and results of operations”). Further, the foregoing circumstances would have an even greater impact on our
business and operations in relation to sales of our Privileged Access Management (PAM) solution, which generates a majority of our revenue.
As we expand our market reach to gain new business, including entering the Access Management market and securing DevOps environments, we may experience
difficulties in gaining traction and raising awareness among potential customers regarding the critical role that our solutions play in securing their organizations or
establishing a market leadership position and industry analyst recognition, or may face more competitive pressure in such markets. As a result, it may be difficult
for us to add new customers to our customer base, retain our existing customers and generate increased growth from sales of these solutions.
8
�With our transition to a recurring revenue model, our sales, research and development, support and customer success teams may have difficulties selling,
supporting and maintaining multiple license models and code bases. These may lead to lower software sales, longer sales cycles, customer dissatisfaction, lower
renewal rates and a reduction in our ability to sell add-on business to customers or gain new customers. Further, as part of the natural lifecycle of our solutions, we
may determine that certain products will be reaching their end of development or end of life and will no longer be supported or receive updates and security
patches. Failure to effectively manage our product lifecycles could lead to existing customer dissatisfaction and contractual liabilities.
Further, any changes in compliance standards or audit requirements that reduce the priority for the types of controls, security, monitoring and analysis that our
solutions provide would adversely impact demand for our solutions. Additional factors that impact our ability to acquire new customers or sell additional products
and services to our existing customers include the consumption of their past purchases, the perceived need for IT security, the size of our prospective and existing
customers’ IT budgets, the utility and efficacy of our existing and new offerings, whether proven or perceived, changes in our pricing or licensing models that may
impact the size of new business transactions, a downgrade of our recognized industry leadership position by industry analysts and general economic conditions.
These factors may have a material negative impact on future revenues and operating results.
If our internal IT network system, or those of third party service providers associated with us, is compromised by cyber attacks or other data breaches, or by a
critical system failure, our reputation, financial condition and operating results could be materially adversely affected.
As we provide privileged account and identity security products, we are likely an attractive target for cyber attackers or other data thieves since a breach of our
system could provide information regarding not only us, but potentially regarding the customers that our solutions protect. Given the shift to the remote working
environment due to COVID-19, we and our customers are exposed to an expanded attack surface. Further, we may be targeted by cyber terrorists, sophisticated
criminal groups, or nation-state affiliated and supported actors because we are an Israeli company as well as a prominent security company.
From time to time we encounter intrusion incidents and attempts against our internal network systems, none of which to date has resulted in any material adverse
impact to our business or operations. Any such future attacks could materially adversely affect our business or results of operations. In addition, as our market
position continues to grow, specifically in the security industry, an increasing number of cyber attackers may focus on finding ways to penetrate our network
systems, which might eventually affect our products and services. For example, third parties may attempt to fraudulently induce employees or customers into
disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our internal networks, electronic
systems and/or physical facilities in order to gain access to our data or our customers’ data. Such attacks could result in significant damage to our market position
and lead to costly indemnity claims, litigation or regulatory action.
We may also be subject to information technology system failures or network disruptions caused by natural disasters, accidents, power disruptions,
telecommunications failures, acts of terrorism, security breaches, wars, computer viruses, or other events or disruptions. System redundancy and other continuity
measures may be ineffective or inadequate, and our business continuity and disaster recovery planning may not be sufficient for all eventualities. These events
could adversely affect our operations, reputation, financial condition and operating results.
Additionally, cyber attacks against our company may also be caused by breaches by our contractors, business partners, supply chain network, vendors and other
third parties associated with us, or due to human error by those acting on our behalf. We rely on third parties to operate critical functions of our business, including
hosting our SaaS products and supporting our customer relationship management and financial operation services (provided by our Enterprise Resource Planning
system). If these services are breached or become unavailable due to extended outages or interruptions or because they are no longer available on commercially
reasonable terms, our ability to manage our operations could be interrupted, our ability to provide maintenance and support services to our customers could be
impacted, our expenses could increase and our processes for managing sales of our products and services be impaired until equivalent services, if available, are
identified, obtained and integrated; all of which could materially harm our business.
9
�Because we are in the information security industry, an actual or perceived vulnerability, failure, disruption, or breach of our network or privileged account security
in our systems also could adversely affect the market perception of our products and services, or of our expertise in this field, as well as perception of us among
new and existing customers. Additionally, a significant security breach could subject us to potential liability, litigation and regulatory or other government action
(see “—The dynamic legal and regulatory environment around privacy, data protection, cross-border data flows, and cloud computing may limit the offering, use
and adoption of, or require modification of, our products and services, which could limit our ability to attract new customers and support our current customers, or
we could be subject to investigations, litigation, or enforcement actions alleging that we fail to comply with the regulatory requirements thus harming our operating
results and adversely affecting our business.”). We are unable to ensure that any limitations of liability provisions in our contracts with respect to our information
security operations or our product liability would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any
particular claim, or that we would be able to adequately recover damages from third parties associated with us, who were involved in a security incident.
Additionally, any insurance coverage we may have may not adequately cover any of these claims asserted against us or any related damage, or may cover only a
portion of such damages. If any of the foregoing were to occur, our business may suffer and our share price may be negatively impacted.
Our research and development efforts may not produce successful products or enhancements to our solutions that result in significant revenue or other
benefits in the near future, if at all.
We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position.
For example, in 2020, we increased our dedicated research and development personnel by 33% compared to 2019. However, investing in research and development
personnel, developing new products and enhancing existing products is expensive and time consuming. There is no assurance that such activities will successfully
result in significant new marketable products or enhancements to our products, including SaaS solutions, design improvements, cost savings, revenues or other
expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, we may
not be able to compete effectively, and our business and results of operations may be materially and adversely affected.
Our investment in product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:
•
•
•
•
•
•
•
•
delays in releasing product enhancements or new products;
failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;
inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers;
defects in our products, errors or failures of our solutions to secure and protect privileged accounts against existing and new types of attacks;
negative publicity about the performance or effectiveness of our products;
introduction or anticipated introduction of competing products by our competitors;
installation, configuration or usage errors by our customers; and
easing or changing of regulatory requirements related to security.
If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could
cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of
operations.
10
�The dynamic legal and regulatory environment around privacy, data protection, cross-border data flows, and cloud computing may limit the offering, use and
adoption of, or require modification of, our products and services, which could limit our ability to attract new customers and support our current customers, or
we could be subject to investigations, litigation, or enforcement actions alleging that we fail to comply with the regulatory requirements thus harming our
operating results and adversely affecting our business.
The legal and regulatory environment relating to the provision of services on the internet, including services such as ours, is increasing, as federal, state and foreign
governments continue to adopt, enact, and enforce new laws and regulations addressing cybersecurity, privacy, data protection and the collection, processing,
storage and use of personal information.
We are subject to diverse laws and regulations relating to data privacy, including but not limited to the EU General Data Protection Regulation 2016/679
(“GDPR”), the California Consumer Privacy Act (“CCPA”), the U.K. Data Protection Act 2018, national privacy laws of EU Member States and other laws
relating to privacy, data protection, and cloud computing. These laws are evolving rapidly, as exemplified by the recent passage by ballot initiative of the California
Privacy Rights Act in November 2020 (“CPRA”) and the prospect of a new European “ePrivacy Regulation” (to replace the existing “ePrivacy Directive,”
Directive 2002/58 on Privacy and Electronic Communications). Compliance with these laws, as well as efforts required to understand and interpret new legal
requirements, require us to expend significant capital and other resources. We could be found to not be in compliance with obligations, or suffer from adverse
interpretations of such legal requirements either as directly relating to our business or in the context of legal developments impacting our customers or other
businesses, which could impact our ability to offer our products or services, impact operating results, or reduce demand for our products or services.
Compliance with privacy and data protection laws and contractual obligations may require changes in services, business practices, or internal systems resulting in
increased costs, lower revenue, reduced efficiency, or greater difficulty in competing with firms that are not subject these laws and regulations. For example, GDPR
imposes several stringent requirements for controllers and processors of personal data and increases our obligations including, for example, requiring robust
disclosures to individuals, establishing an individual data rights regime, setting timelines for data breach notifications, requiring detailed internal policies and
procedures and limiting retention periods. Ongoing compliance with these and other legal and contractual requirements may necessitate changes in services and
business practices, which may lead to the diversion of engineering resources from other projects.
As a company that focuses on identity security with a foundation in privilege access management, our customers may rely on our products and services as part of
their efforts comply with obligations under GDPR and other laws to implement and demonstrate their own security controls around access to personal and
confidential data. If our products or services are found insufficient to meet these standards in the context of an investigation into us or our customers, or we are
unable to engineer products that meet these standards, we could experience reduced demand for our products or services. There is also increased international
scrutiny, including by the EU, of cross-border transfers of data, including personal data between the EU and countries like the United States. Our work could be
impacted if legal mechanisms that permit such cross-border data transfers are challenged or restricted, or if cross-border data transfers are restricted between
jurisdictions entirely.
In addition, following the U.K.’s departure from the EU and the expiry of the Brexit transition period, the U.K. will cease to operate as an EU member state, and
data flows from the EU to the U.K. (and vice versa) may need additional safeguards, which could affect our operations in the U.K. and in EU countries. These and
other regulatory requirements around the privacy or cross-border transfer of personal data could restrict our ability to store and process data as part of our solutions,
or, in some cases, impact our ability to offer our solutions or services in certain jurisdictions.
The passage of the CPRA in November 2020 could result in additional uncertainty and additional measures on our behalf to come into compliance or demonstrate
compliance to our customers. Enactment of further privacy laws in the U.S., at the state or federal level, may require us to expend considerable resources to
comply, and could carry the potential for significant financial or reputational exposure to our business.
Claims that we or our service providers have breached our contractual obligations or failed to comply with applicable privacy and data protection laws, even if we
are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. In addition to litigation,
we could face regulatory investigations, negative market perception, potential loss of business, enforcement notices and/or fines (which, for example, under GDPR
can be up to four percent of global turnover for the preceding financial year or €20 million, whichever is higher).
11
�The COVID-19 pandemic, measures globally taken in response to it and the resulting economic environment have adversely affected, and may continue to
adversely affect, our business, financial condition, and results of operations.
The COVID-19 pandemic, its continuing effects, and the diverse measures taken in response by governments and businesses worldwide to contain its spread, have
placed constraints on the operations of businesses, decreased consumer mobility and activity, and caused significant global economic volatility. In light of the
uncertain and evolving nature of the pandemic and the economic environment, we have taken precautionary measures intended to reduce the risk of virus infection
to our employees and our customers and to address the uncertainty in our ability to execute on our operating plans. Such circumstances and uncertainties have
adversely affected and are likely to continue to adversely affect our business, workforce and results of operations, as well as that of our customers, suppliers and
partners globally. Our business has been affected in various ways, including our ability to engage with customers, hire new employees, a decrease in the size of our
perpetual license deals, lower revenue from new customers, and changes to customer purchase patterns and to our sales and marketing operations.
There is considerable uncertainty regarding the duration, scope and severity of the pandemic or its effects on us and our customers, channel partners, managed
service providers or subcontractors, which can result in extended customer sales cycles, reduced demand for our solutions, lower renewal rates, delayed spending
on our solutions, smaller deal sizes, lower revenue from new customers, impairment of our ability to collect accounts receivable, reduced payment frequencies, and
affect our employee productivity or availability. Any of the foregoing may have a material adverse impact on our business and results of operation.
If we are unable to hire, retain and motivate qualified personnel, our business will suffer.
Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Our inability to attract or retain qualified personnel or
delays in hiring required personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their
employment at any time. Competition for highly skilled personnel, specifically engineers for research and development positions, is often intense and results in
increasing wages, especially in Israel, where we are headquartered and most of our research and development positions are located, and where several large
multinational corporations have entered the market. We may struggle to retain employees, and due to our profile and market position, competitors actively seek to
hire skilled personnel away from us. Furthermore, from time to time, we have been subject to allegations that employees we have hired from competitors may have
been improperly solicited or divulged proprietary or other confidential information which could subject us to potential liability and litigation.
Prolonged economic uncertainties or downturns in certain regions or industries could materially adversely affect our business.
Our business depends on our current and prospective customers’ ability and willingness to invest money in IT security, which in turn is dependent upon their
overall economic health. Negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market
fluctuations, could cause a decrease in corporate spending on information security software. Other matters that influence consumer confidence and spending,
including COVID-19 and its reverberating economic consequences, could also negatively affect our customers’ spending on our products and services. In 2020, we
generated 53% of our revenues from the United States, 31% of our revenues from Europe, the Middle East and Africa and 16% from the rest of the world, which
includes countries from the Asia Pacific and Japan region, the Latin America region and Canada.
In addition, a significant portion of our revenue is generated from customers in the financial services industry, including banking and insurance. Negative economic
conditions may cause customers generally, and in that industry in particular, to reduce their IT spending. Customers may delay or cancel IT projects perceived to be
discretionary, choose to focus on in-house development efforts or seek to lower their costs by renegotiating subscription renewals or maintenance and support
agreements. Additionally, customers or channel partners may be more likely to make late payments in worsening economic conditions, which could lead to
increased collection efforts and require us to incur additional associated costs to collect expected revenues. If the economic conditions of the general economy or
industries in which we operate worsen from present levels, our results of operation could be adversely affected.
12
�We may fail to fully execute, integrate, or realize the benefits expected from acquisitions, which may require significant management attention, disrupt our
business, dilute shareholder value and adversely affect our results of operations.
As part of our business strategy and in order to remain competitive, we continue to evaluate acquiring or making investments in complementary companies,
products or technologies. We may not be able to find suitable acquisition candidates or complete such acquisitions on favorable terms. We may incur significant
expenses, divert employee and management time and attention from other business-related tasks and our organic strategy and incur other unanticipated
complications while engaging with potential target companies where no transaction is eventually completed. If we do complete acquisitions, we may not ultimately
strengthen our competitive position or achieve our goals or expected growth, and any acquisitions we complete could be viewed negatively by our customers,
analysts and investors. In addition, if we are unsuccessful at integrating our acquisitions, for example our May 2020 acquisition of Idaptive, including the
technologies associated with such acquisitions, or fail to fully attain the expected benefits of these acquisitions, our revenues and results of operations could be
adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully and may
experience a decline in our profitability as we incur expenses prior to fully realizing the benefits of the acquisition. We could expend significant cash and incur
acquisition related costs and other unanticipated liabilities associated with the acquisition. We may not successfully evaluate or utilize the acquired technology or
personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges and tax liabilities. Further, the issuance of equity
or securities convertible to equity to finance any such acquisitions could result in dilution to our shareholders and the issuance of debt could subject us to covenants
or other restrictions that would impede our ability to manage our operations. We could become subject to legal claims following an acquisition or fail to accurately
forecast the potential impact of any claims. Any of these issues could have a material adverse impact on our business and results of operations.
If we do not effectively expand, train and retain our sales and marketing personnel, we may be unable to achieve our transition to subscription model, acquire
new customers or sell additional products and services to existing customers, and our business will suffer.
We depend significantly on our sales force to attract new customers and expand sales to existing customers. We generate approximately 35% of our revenues from
direct sales and the remaining balance from indirect sales. As a result, our ability to grow our revenues depends in part on our success in recruiting, training and
retaining sufficient numbers of sales personnel to support our growth. The number of our sales and marketing personnel increased from 656 as of December 31,
2019 to 772 as of December 31, 2020. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in
achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration
of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. While we have been selling subscriptions
for a number of years, as we shift our sales from perpetual licenses to increasingly sell more SaaS and on-premises subscriptions, all of our sales and marketing
personnel will need to be extensively trained. We invest significant time and resources in training new sales force personnel to understand our solutions, pricing
and delivery models and growth strategy. Based on our past experience, it takes an average of approximately six to nine months before a new sales force member
operates at target performance levels. However, we may not be able to recruit at our anticipated rate or achieve or maintain our target performance levels with large
numbers of new sales personnel as quickly as we have done in the past. Our failure to timely hire the sufficient number of qualified sales force members and train
them to operate at target performance levels may materially and adversely impact our projected growth rate.
13
�We rely on channel partners to generate a significant portion of our revenue, market our solutions and provide necessary services to our customers. If we fail
to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions
will be limited, and our business, financial condition and results of operations will be harmed.
In addition to our direct sales force, we rely on our channel partners to market, sell, support and implement our solutions, particularly in Europe and the Asia
Pacific and Japan regions. We expect that sales through our channel partners will continue to account for a significant percentage of our revenue. In the year ended
December 31, 2020, we generated approximately 65% of our revenues from sales to channel partners such as distributors, systems integrators, value-added resellers
and managed security service providers, and we expect that channel partners will represent a substantial portion of our revenues for the foreseeable future. Further,
we cooperate with advisory firms in marketing our solutions and providing implementation services to our customers, in both direct and indirect sales. Our
agreements with channel partners are non-exclusive, meaning our partners may offer customers IT security products from other companies, including products that
compete with our solutions. If our channel partners do not effectively market and sell our solutions or choose to use greater efforts to market and sell their own
products and services or the products and services of our competitors, our ability to grow our business will be adversely affected. Our channel partners may cease
or de-emphasize the marketing of our solutions with limited or no notice and with little or no penalty. Further, new channel partners require training and may take
several months or more to achieve productivity. The loss of key channel partners, the inability to replace them or the failure to recruit additional channel partners
could materially and adversely affect our results of operations. Our reliance on channel partners could also subject us to lawsuits or reputational harm if, for
example, a channel partner misrepresents the functionality of our solutions to customers, fails to appropriately implement our solutions or violates applicable laws,
and may further result in termination of such partner’s agreement and potentially curb future revenues associated with this channel partner. Our ability to grow
revenues in the future will depend in part on our success in maintaining successful relationships with our channel partners and training our channel partners to
independently sell and install our solutions. If we are unable to maintain our relationships with channel partners or otherwise develop and expand our indirect sales
channel, or if our channel partners fail to perform, our business, financial condition and results of operations could be adversely affected.
A portion of our revenues is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive
pressures, administrative delays and additional approval requirements.
A portion of our revenues is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales
to government entities. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and
expense without any assurance that we will complete a sale, or imposing terms of sale which are less favorable than the prevailing market terms. Government
demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, funding reductions, government
shutdowns or delays, adversely affecting public sector demand for our products. The foregoing may be enhanced due to the effects of COVID-19. Additionally, for
purchases by the U.S. government, the government may require certain products to be manufactured or developed in the United States and other high cost locations,
and we may not manufacture or develop all products in locations that meet the requirements of the U.S. government. Finally, some government entities require
products such as ours to be certified by industry-approved security agencies as a pre-condition of purchasing them, such as the international Common Criteria
certification by the National Information Association Partnership (NIAP), which we have maintained since 2019. We have also initiated the process, and have
begun incurring costs, to obtain authorization from the Federal Risk and Authorization Management Program, or FedRAMP, for certain SaaS products. The grant
of such certifications depends on the then-current requirements of the certifying agency. We cannot be certain that any certificate will be granted or renewed or that
we will be able to satisfy the technological and other requirements to maintain certifications. The loss of any of our product certificates, or the failure to obtain new
ones, could cause us to suffer reputational harm, lose existing customers, or deter new and existing customers from purchasing our solutions, additional products or
our services.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
Our functional and reporting currency is the U.S. dollar. In 2020, the majority of our revenues were denominated in U.S. dollars and the remainder primarily in
euros and British pounds sterling. In 2020, the majority of our cost of revenues and operating expenses were denominated in U.S. dollars and New Israeli Shekels
(NIS) and the remainder primarily in euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, marketing
programs, rent and other overhead costs. Since the portion of our expenses generated in NIS and British pounds sterling is greater than our revenues in NIS and
British pounds sterling, respectively, any appreciation of the NIS or the British pounds sterling relative to the U.S. dollar could adversely impact our operating
income. In addition, since the portion of our revenues generated in euros is greater than our expenses incurred in euros, any depreciation of the euro relative to the
U.S. dollar would adversely impact our operating income. We estimate that a 10% strengthening or weakening in the value of the NIS against the U.S. dollar would
have decreased or increased, respectively, our operating income by approximately $9.2 million in 2020. We estimate that a 10% strengthening or weakening in the
value of the euro against the U.S. dollar would have increased or decreased, respectively, our operating income by approximately $3.2 million in 2020. We estimate
that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would have decreased or increased, respectively, our
operating income by approximately $0.4 million in 2020. These estimates of the impact of fluctuations in currency exchange rates on our historic results of
operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our
revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take hedging measures to reduce the potential
adverse impact from the appreciation or the depreciation of our non U.S. dollar-denominated operations, as appropriate. We expect that the majority of our
revenues will continue to be generated in U.S. dollars with the balance primarily in euros and British pounds sterling for the foreseeable future and that a significant
portion of our expenses will continue to be denominated in NIS, U.S. dollars, British pounds sterling and in euros. We cannot provide any assurances that our
hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations. In addition, we have monetary assets and
liabilities that are denominated in non-U.S. dollar currencies. For example, starting January 1, 2019, in accordance with a new lease accounting standard, we are
required to present a significant NIS linked liability related to our operational leases in Israel. As a result, significant exchange rate fluctuations could have a
negative effect on our net income. See “Item 11—Quantitative and Qualitative Disclosures About Market Risk—Foreign Currency Risk.”
14
�If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and
results of operations could be materially and adversely affected.
We generate a substantial portion of our revenues from our products and services that enable our customers to achieve and maintain compliance with certain
government regulations and industry standards, and we expect that to continue for the foreseeable future. Governments and other customers may require our
products to comply with certain privacy, security or other certifications and standards with respect to those solutions utilized by them as a control demonstrating
compliance with government regulations and industry standards. We have maintained the international Common Criteria certification by the National Information
Association Partnership (NIAP) since 2019, and a SOC 2 certification for multiple products. Additionally, we have maintained the ISO 27001 annual certification
since April 2017. We have also initiated the process, and have begun incurring costs, to obtain authorization from the Federal Risk and Authorization Management
Program (FedRAMP), for certain SaaS products. However, we are unable to guarantee that we will achieve FedRAMP authorization in a timely manner, or at all,
for any of our SaaS products. In the future, if our products are late in achieving or fail to achieve or maintain compliance with these certifications and standards, or
our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise
be at a competitive disadvantage, either of which would harm our business, results of operations, and financial condition.
Additionally, these industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses, including,
without limitation, updates to the Common Criteria for Information Technology Security Evaluation (CC). In addition, governments may also adopt new laws or
regulations, or make changes to existing laws or regulations, some of which may conflict with each other. This could impact whether our solutions enable our
customers to maintain compliance with such laws or regulations. If we are unable to adapt our solutions to changing government regulations and industry standards
in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to
products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them
less onerous, our customers may view compliance as less critical to their businesses and may be less willing to purchase our products and services. In either case,
our sales and financial results would suffer.
We are subject to a number of regulatory and geopolitical risks, associated with global sales and operations, which could materially affect our business.
We are a global company subject to varied and complex laws, regulations and customs. The application of these laws and regulations to our business is often
unclear, subject to interpretation and may at times conflict. Compliance with these laws and regulations may involve significant costs or require changes in our
business practices that result in reduced revenue and profitability. Furthermore, business practices in the global markets that we serve may differ from those in the
United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into
customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely
impacted. Further, there may be higher costs of doing business globally, including costs incurred in maintaining office space, securing adequate staffing and
localizing our contracts.
15
�Additionally, our global sales and operations are subject to a number of risks, including the following:
•
•
•
•
•
•
•
•
failure to fully comply with various, global data privacy laws (see “—The dynamic legal and regulatory environment around privacy, data protection,
cross-border data flows, and cloud computing may limit the offering, use and adoption of, or require modification of, our products and services, which
could limit our ability to attract new customers and support our current customers, or we could be subject to investigations, litigation, or enforcement
actions alleging that we fail to comply with the regulatory requirements thus harming our operating results and adversely affecting our business.”);
uncertainty of the economic, financial, regulatory, trade, tax and legal implications of the withdrawal of the U.K. from the European Union, or Brexit, and
how this could affect our business, both globally and specifically in Europe. Our U.K. subsidiary is the main entity for sales into Europe. In 2020, the
revenues generated by our U.K. subsidiary from the European Union countries (excluding the U.K.) accounted for 21% of our total global revenue. Our
London office is also our European headquarters and third largest office globally. In particular, the withdrawal from the European Union by the U.K.
could, among other potential outcomes, disrupt the free movement of goods, services and people between the U.K. and the European Union, create
recruiting and retention risks for us, and disrupt trade between the U.K. and the European Union and other countries, including by imposing greater costs,
restrictions and regulatory complexities on imports and exports between the U.K. and the European Union. In the event this disruption is particularly
severe, we may in the long-term be required to modify our corporate structure for sales into the European Union which may result in increased operational
and legal costs;
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (see “—We are exposed to fluctuations in
currency exchange rates, which could negatively affect our financial condition and results of operations”);
social, economic and political instability, terrorist attacks and security concerns in general, and any wide-spread viruses or epidemics, such as the recent
novel coronavirus outbreak;
greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;
compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act 2010;
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements by us or by our channel
partners or service providers that may impact financial results and result in restatements of, or irregularities in, financial statements;
Certain of our activities and products are subject to U.S., Israeli, and possibly other export and trade control and economic sanctions laws and regulations,
which may prohibit or restrict our ability to engage in business with certain countries and customers. If the applicable requirements related to export and
trade controls change or expand, if we change the encryption functionality in our products, or if we develop other products or export products from
additional jurisdictions, we may need to satisfy additional requirements or obtain specific licenses in order to continue to export our products in the same
global scope. Various countries also regulate the import or export of certain encryption products and other technologies and services and have enacted
laws that could limit our ability to distribute or implement our products in those countries. In addition, applicable export control and sanctions laws and
regulations may impact our ability to sell our products, directly or indirectly, to countries or territories that are the target of comprehensive sanctions, or to
prohibited parties. Despite our diligence and the contractual undertakings contained in our agreement with partners and customers, any prohibited export
could result in legal exposure, including penalties and/or government investigations, as well as reputational harm to us;
16
�•
•
•
greater risk of unexpected changes in regulatory practices and foreign legal requirements, including uncertain tax obligations and effective tax rates, which
may result in recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated
earnings in jurisdictions where we have higher statutory rates, changes in foreign currency exchange rates, or changes in the valuation of our deferred tax
assets and liabilities;
compliance with, and the uncertainty of, laws and regulations that apply to our areas of business, including corporate governance, anti-trust and
competition, local and regional employment (including cross-border travel), employee and third-party complaints, limitation of liability, conflicts of
interest, securities regulations and other regulatory requirements affecting trade, local tariffs, product localization and investment;
reduced or uncertain protection of intellectual property rights in some countries; and
• management communication and integration problems resulting from cultural and geographic dispersion.
These and other factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and
financial condition. Non-compliance could also result in fines, damages, or criminal sanctions against us, our officers or our employees, prohibitions on the conduct
of our business, and damage to our reputation.
We increasingly rely on third-party providers of cloud infrastructure services to deliver our SaaS Solutions to customers, and any disruption of or interference
with our use of these services could adversely affect our business.
Our SaaS solutions are hosted by third-party providers of cloud infrastructure services, or Cloud Service Providers, primarily Amazon Web Services (AWS). We
do not have control over the operations or the facilities of Cloud Service Providers that we use and Cloud Service Providers have also in the past experienced and
may in the future experience cyber attacks. If any of the services provided by the Cloud Service Providers fail or become unavailable due to extended outages,
cyber attacks interruptions or because they are no longer available on commercially reasonable terms or prices, we may be unable to deliver our committed uptime
under our service level agreements, our revenues could be reduced, our reputation could be damaged, we could be exposed to legal liability and incur additional
expenses, our ability to manage our finances could be interrupted and our processes for managing sales of our offerings and supporting our customers could be
impaired until equivalent services, if available, are identified, obtained and implemented, all of which could adversely affect our business, financial results and the
usage of our offerings. If we are unable to renew our agreements with our Cloud Service Providers on commercially reasonable terms, or an agreement is
prematurely terminated, or we need to add new Cloud Services Providers to increase capacity and uptime, we could experience interruptions, downtime, delays,
and additional expenses related to transferring to and providing support for these new platforms. Any of the above circumstances or events may harm our reputation
and brand, reduce the availability or usage of our platform and impair our ability to attract new users, any of which could adversely affect our business, financial
condition and results of operations.
Intellectual property claims may increase our costs or require us to cease selling certain products, which could adversely affect our financial condition and
results of operations.
The IT security industry is characterized by the existence of a large number of relevant patents and frequent claims and litigations regarding patent and other
intellectual property rights. Leading companies in the IT security industry have extensive patent portfolios. From time to time, third parties have asserted, and in the
future may assert, their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Furthermore, we may
be subject to indemnification obligations with respect to third-party intellectual property rights pursuant to our agreements with our customers and channel partners.
Such indemnification provisions are customary for our industry. Any claims of intellectual property infringement or misappropriation brought against us, our
partners or our customers, even those without merit, could be expensive and time-consuming to defend, may affect multiple parties, and divert management’s
attention. We cannot ensure that we will have the resources to defend against all such claims. Successful claims of infringement or misappropriation by a third
party against us or a third party that we indemnify could prevent us from distributing certain products or performing certain services or could require us to pay
substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to
have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to
infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or
otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary
technologies or intellectual property rights, and to indemnify our customers and channel partners (and parties associated with them). The failure to obtain a license
or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. Defending
against claims of infringement or being deemed to be infringing the intellectual property rights of others could harm our reputation, impair our ability to innovate,
develop, distribute and sell our current and planned products and services. If we were to violate the intellectual property rights of others, our business, financial
condition and results of operations may be adversely affected.
17
�If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, implementations could be delayed or cancelled, which
could harm our business.
Our products must effectively interoperate with our customers’ existing or future IT infrastructures, which often have different specifications, utilize multiple
protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the
existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify our
software so that our products will interoperate with our customers’ infrastructure and business processes. In addition, to stay competitive within certain markets, we
may be required to make software modifications in future releases to comply with new statutory or regulatory requirements. These issues could result in longer
sales cycles for our products and order cancellations, either of which could adversely affect our business, results of operations and financial condition.
If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.
The success of our business depends on our ability to protect our proprietary technology, brands and other intellectual property and to enforce our rights in that
intellectual property. We attempt to protect our intellectual property under patent, copyright, trademark and trade secret laws, and through a combination of
confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.
As of December 31, 2020, we had 84 issued patents in the United States, and 59 pending U.S. patent applications. We also had 37 issued patents and 25
applications pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications. We expect to file additional patent
applications in the future.
The process of obtaining patent protection is expensive and time-consuming, and we may not be able to complete all necessary or desirable patent applications at a
reasonable cost or in a timely manner all the way to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and
may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not be approved, that the scope of
our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and
that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. Finally, issuance of
a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and
service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential
inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to
develop such intellectual property), but we cannot be certain that we have adequately protected our rights in every such agreement or that we have executed an
agreement with every such party. Finally, in order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect
infringement and pursue infringement claims in certain circumstances in relevant jurisdictions. Litigating claims related to the enforcement of intellectual property
rights is very expensive and can be burdensome in terms of management time and resources. Any litigation related to intellectual rights or claims against us could
result in loss or compromise of our intellectual property rights or could subject us to significant liabilities. As a result, we may not be able to obtain adequate
protection or to effectively enforce our issued patents or other intellectual property rights.
18
�In addition to patents, we rely on trade secret rights, copyrights and other rights to protect our unpatented proprietary intellectual property and technology.
Unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade
secrets or other confidential information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel
partners, subcontractors and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain
procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide
an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot be certain that the steps taken by us will
prevent misappropriation of our intellectual property or technology or infringement of our intellectual property rights. In addition, the laws of some foreign
countries where we sell our products do not protect intellectual property rights and technology to the same extent as the laws of the United States, and these
countries may not enforce these laws as diligently as government agencies and private parties in the United States. If we are unable to protect our intellectual
property, we may find ourselves at a competitive disadvantage to others who do not incur the additional expense, time and effort to create the innovative products
nevertheless benefiting from such innovation due to misappropriation.
Our use of open source software, third-party software and other intellectual property may expose us to risks.
We integrate certain open source software components from third parties into our software, and we expect to continue to use open source software in the future.
Some open source software licenses require, among other things, that users who distribute or make available as a service, open source software with their own
software products, add appropriate copyright notices and disclaimers, publicly disclose all or part of the source code of the users’ developed software or make
available any derivative works of the open source code under open source license terms or at no cost. Our efforts to use the open source software in a manner
consistent with the relevant license terms that would not require us to disclose our proprietary code or license our proprietary software at no cost may not be
successful. We may face claims by third parties seeking to enforce the license terms applicable to such open source software, including by demanding the release of
our proprietary source code, or we may face termination of such licenses if the owner of the open source software asserts we are in breach of its license terms. In
addition, if the license terms for the open source code change or the license is terminated, we may be forced to re-engineer our software or incur additional costs. In
addition, open source software typically comes without warranties or indemnities from the owner, whereas we are expected to offer our customers both.
Accordingly, if there were technical problems with open source software that we used in our products, or if such open source software infringed third-party
intellectual property rights, we could have a warranty obligation or infringement indemnity obligation to our customer without a corresponding warranty or
indemnification obligation from the owner of the open source software. While we scan the open source software that we use in our products and patch any
discovered vulnerabilities, we have no assurance that they will be free from vulnerabilities or malicious code.
Further, some of our products and services include other software or intellectual property licensed from third parties, and we also use software and other intellectual
property licensed from third parties for our own business operations. This exposes us to risks over which we may have little or no control. For example, a licensor
may have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. There can be no
assurance that the licenses we use will be available on acceptable terms, if at all. In addition, a third party may assert that we or our customers are in breach of the
terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain
or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these
matters, could result in delays in releases of new products, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or
developed.
19
�Risks Related to Our Ordinary Shares
Our share price may be volatile, and our shareholders may lose all or part of their investment.
From January 2018 through January 2021, our ordinary shares have traded on the Nasdaq Global Select Market, or Nasdaq, at a price per share between a range of
$40.63 and $167.34. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, some
of which are beyond our control, including, but not limited to:
•
•
•
•
•
•
actual or anticipated fluctuations in our results of operations and the results of other similar companies;
variance in our financial performance from the expectations of market analysts;
announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;
changes in the prices of our products and services or in our pricing models;
our involvement in litigation;
our sale of ordinary shares or other securities in the future;
• market conditions in our industry;
•
•
•
•
•
•
changes in key personnel;
speculation in the press or the investment community;
the trading volume of our ordinary shares;
changes in the estimation of the future size and growth rate of our markets;
any merger and acquisition activities; and
general economic and market conditions.
The price of our ordinary shares could also be affected by possible sales of our ordinary shares by investors who view our Convertible Notes as a more attractive
means of equity participation in our company, and by hedging and arbitrage trading activity that such investors may engage in.
In addition, the stock markets have experienced price and volume fluctuations. Broad market and industry factors may materially harm the market price of our
ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class
action litigation has often been instituted against that company. If we were involved in any similar litigation, we could incur substantial costs and our
management’s attention and resources could be diverted, which could materially adversely affect our business.
If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and
trading volume could decline.
The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us, our business or our industry. If
any of the analysts who cover us or our business publish inaccurate or unfavorable research reports about us or our business, and in particular, if they downgrade
their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If these analysts cease coverage of our company, we could lose
visibility in the market for our ordinary shares, which in turn could cause our share price to decline. In addition, industry analysts often provide reviews of our
offerings, as well as those of our competitors, and perception of our offerings in the marketplace may be significantly influenced by these reviews. If these reviews
are negative, or less positive as compared to those of our competitors’ products and professional services or compared to prior reviews of our offerings, our brand
may be adversely affected.
Our business could be negatively affected as a result of the actions of activist shareholders, and such activism could impact the trading value of our securities.
In recent years, U.S. and non-U.S. companies listed on securities exchanges in the United States have been faced with governance-related demands from activist
shareholders, unsolicited tender offers and proxy contests. Although as a foreign private issuer we are not subject to U.S. proxy rules, responding to any action of
this type by activist shareholders could be costly and time-consuming, disrupting our operations and diverting the attention of management and our employees.
Such activities could interfere with our ability to execute our strategic plans. In addition, a proxy contest for the election of directors at our annual meeting would
require us to incur significant legal fees and proxy solicitation expenses and require significant time and attention by management and our board of directors. The
perceived uncertainties due to such actions of activist shareholders also could affect the market price of our securities.
20
�As a foreign private issuer whose ordinary shares are listed on Nasdaq, we may follow certain home country corporate governance practices instead of
otherwise applicable SEC and Nasdaq requirements such as Regulation FD or U.S. proxy rules and exemption from filing certain Exchange Act reports. This
may result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers or limit the information available to our shareholders.
As a foreign private issuer whose ordinary shares are listed on Nasdaq, we are permitted to follow certain home country corporate governance practices instead of
certain rules of Nasdaq. We currently follow Israeli home country practices with regard to the quorum requirement for shareholder meetings and the requirements
relating to distribution of our annual report to shareholders. As permitted under the Israeli Companies Law, 5759-1999, or the Companies Law, our articles of
association provide that the quorum for any meeting of shareholders shall be at least two shareholders present in person or by proxy who hold at least 25% of the
voting power of our shares instead of 33 1/3% of our issued share capital (as prescribed by Nasdaq’s rules). Further, as permitted by the Companies Law and in
accordance with the generally accepted business practice in Israel, we do not distribute our annual report to shareholders but make it available through our public
website. We may in the future elect to follow Israeli home country practices with regard to other matters such as director nomination procedures, separate executive
sessions of independent directors and the requirement to obtain shareholder approval for certain dilutive events (such as for the establishment or amendment of
certain equity-based compensation plans, issuances that will result in a change of control of the company, certain transactions other than a public offering involving
issuances of a 20% or more interest in the company and certain acquisitions of the stock or assets of another company). Accordingly, our shareholders may not be
afforded the same protection as provided under Nasdaq corporate governance rules. Following our home country governance practices as opposed to the
requirements that would otherwise apply to a U.S. company listed on Nasdaq may provide less protection than is accorded to shareholders of domestic issuers. See
“Item 16.G. Corporate Governance.”
As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private
issuers. In particular, we are exempt from the rules and regulations under the Exchange Act related to the furnishing and content of proxy statements, and our
officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange
Act. In addition, we are not required under the Exchange Act to file annual, quarterly and current reports and financial statements with the SEC, as frequently or as
promptly as domestic companies whose securities are registered under the Exchange Act. We are also exempt from the provisions of Regulation FD, which
prohibits issuers from making selective disclosure of material nonpublic information. Even though we intend to comply voluntarily with Regulation FD, these
exemptions and leniencies will reduce the frequency and scope of information and protections to which our shareholders are entitled as investors. For so long as we
qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, although pursuant to the Companies
Law, we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis,
including in this annual report. Because of these exemptions for foreign private issuers, our shareholders do not have the same information generally available to
investors holding shares in public companies that are not foreign private issuers.
Our Convertible Notes may impact our financial results, result in the dilution of existing shareholders, create downward pressure on the price of our ordinary
shares, and restrict our ability to take advantage of future opportunities.
In November 2019, we issued $575.0 million aggregate principal amount of 0.00% Convertible Senior Notes due 2024, or the Convertible Notes. The sale of the
Convertible Notes may affect our earnings per share figures, as accounting procedures may require that we include in our calculation of earnings per share the
number of ordinary shares into which the Convertible Notes are convertible. The Convertible Notes may be converted, under the conditions and at the premium
specified in the Convertible Notes, into cash and our ordinary shares, if any (subject to our right to pay cash in lieu of all or a portion of such shares). If our
ordinary shares are issued to the holders of the Convertible Notes upon conversion, there will be dilution to our shareholders’ equity and the market price of our
ordinary shares may decrease due to the additional selling pressure in the market. Any downward pressure on the price of our ordinary shares caused by the sale or
potential sale of ordinary shares issuable upon conversion of the Convertible Notes could also encourage short sales by third parties, creating additional downward
pressure on our share price.
21
�In addition, in connection with the pricing of the Convertible Notes, we entered into privately negotiated capped call transactions, or the Capped Call Transactions,
with certain of the purchasers of the Convertible Notes. The Capped Call Transactions cover, collectively, the number of our ordinary shares underlying the
Convertible Notes, subject to anti-dilution adjustments substantially similar to those applicable to the Convertible Notes. The cost of the Capped Call Transactions
was approximately $53.6 million. The Capped Call Transactions are expected generally to reduce the potential dilution to the ordinary shares upon any conversion
of the Convertible Notes and/or offset any cash payments we are required to make in excess of the principal amount upon conversion of the Convertible Notes
under certain events described in the Capped Call Transactions. We are subject to the risk that one or more of the counterparties to the Capped Call Transactions
may default, or otherwise fail to perform, or may exercise certain rights to terminate, their obligations under the Capped Call Transactions. Our exposure will
depend on many factors but, generally, our exposure will increase if the market price or the volatility of our common stock increases. Upon a default, a failure to
perform or a termination of obligations by a counterparty to the Capped Call Transactions, we may suffer adverse tax consequences or experience more dilution
than we currently anticipate with respect to our ordinary shares.
Furthermore, the indenture for the Convertible Notes will prohibit us from engaging in certain mergers or acquisitions unless, among other things, the surviving
entity assumes our obligations under the Convertible Notes. These and other provisions in the indenture could deter or prevent a third party from acquiring us even
when the acquisition may be favorable.
We currently anticipate that we will be able to rely on and to implement certain clarifications from the applicable Tax Authorities, with respect to the
administration of our Israeli withholding tax obligations in relation to considerations to be paid to the holders of the Convertible Notes upon their future conversion
and settlement. Unexpected failure to ultimately obtain such anticipated clarifications from the Israeli Tax Authorities could potentially result in increased Israeli
withholding tax gross-up costs.
We may not have the ability to raise the funds necessary to settle conversions of the Convertible Notes, repurchase the Convertible Notes upon a fundamental
change or repay the Convertible Notes in cash at their maturity, and our future debt may contain limitations on our ability to pay cash upon conversion or
repurchase of the Convertible Notes.
Holders of the Convertible Notes will have the right under the indenture governing the Convertible Notes to require us to repurchase all or a portion of their
Convertible Notes upon the occurrence of a fundamental change before the applicable maturity date, at a repurchase price equal to 100% of the principal amount of
such Convertible Notes to be repurchased, plus accrued and unpaid interest, excluding the applicable fundamental change repurchase date, if any. Moreover, we
will be required to repay the Convertible Notes in cash at their maturity, unless earlier converted, repurchased or redeemed. We may not have enough available
cash or be able to obtain financing at the time we are required to make such repurchases of the Convertible Notes and/or repay the Convertible Notes upon
maturity.
In addition, we have the right to elect to settle conversions of the Convertible Notes in cash. Although we entered into the Capped Call Transactions which are
expected generally to offset any cash payments we are required to make in excess of the principal amount upon conversion of the Convertible Notes (subject to a
cap), we may not ultimately receive such cash payments from the counterparties to the Capped Call Transactions in case of a default, a failure to perform or a
termination of obligations by a relevant counterparty.
Our ability to repurchase or to pay cash upon conversion of Convertible Notes may be limited by law, regulatory authority or agreements governing our future
indebtedness. Our failure to repurchase the Convertible Notes at a time when the repurchase is required by the indenture or to pay cash upon conversion of the
Convertible Notes or at maturity as required by the indenture would constitute a default under the indenture. A default under the indenture or the fundamental
change itself could also lead to a default under agreements governing our future indebtedness. If the payment of the related indebtedness were to be accelerated
after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Convertible Notes or to pay cash upon
conversion of the Convertible Notes or at maturity.
22
�We may lose our foreign private issuer status, which would then require us to comply with the rules and regulations applicable to U.S. domestic issuers and
cause us to incur significant legal, accounting and other expenses.
Since a majority of our voting securities are either directly or indirectly owned of record by residents of the United States, we would lose our foreign private issuer
status if any of the following were to occur: (i) the majority of our executive officers or directors were U.S. citizens or residents, (ii) more than 50 percent of our
assets were located in the United States, or (iii) our business was administered principally in the United States. Similarly, if we were to acquire a U.S. company in
the future, it could put us at heighted risk of losing our foreign private issuer status. Although we have elected to comply with certain U.S. regulatory provisions,
our loss of foreign private issuer status would make such provisions mandatory. In addition, we would lose our ability to rely on Nasdaq exemptions from certain
corporate governance requirements that are available to foreign private issuers. The regulatory and compliance costs to us under U.S. securities laws as a U.S.
domestic issuer may be significantly higher.
If we sell our ordinary shares in future financings, ordinary shareholders could experience immediate dilution and, as a result, the market price of our
ordinary shares may decline.
We may from time to time issue additional ordinary shares at a discount from the current trading price of our ordinary shares. As a result, our ordinary shareholders
would experience immediate dilution upon our issuance of any ordinary shares at such discount. In addition, as opportunities present themselves, we may enter into
equity or debt financings or similar arrangements in the future, including the issuance of additional convertible debt securities, preferred shares or ordinary shares.
If we issue ordinary shares or securities convertible into ordinary shares, holders of our ordinary shares could experience dilution.
If we are unable to satisfy the requirements of Sections 404(a) and 404(b) of the Sarbanes-Oxley Act of 2002 or if our internal control over financial reporting
is not effective, investors may lose confidence in the accuracy and the completeness of our financial reports and the trading price of our ordinary shares may
be negatively affected.
Pursuant to Section 404(a) of the Sarbanes-Oxley Act of 2002, or Sarbanes-Oxley Act, we are required to furnish a report by management on the effectiveness of
our internal control over financial reporting. Additionally, pursuant to Section 404(b) of the Sarbanes-Oxley Act, we must include an auditor attestation on our
internal control over financial reporting.
Our business transition into recurring revenue model will affect our internal control over financial reporting, and requires us to enhance existing, and implement
new, financial reporting and management systems, procedures and controls in order to address new risks raised from our business transition to recurring revenue
module and to manage our business effectively and support our growth in the future. If we identify material weaknesses in our internal control over financial
reporting, if we are unable to comply with the requirements of Section 404(a) or 404(b) in a timely manner or to assert that our internal control over financial
reporting is effective, or if our independent registered public accounting firm is unable to express an opinion or issues an adverse opinion in its attestation as to the
effectiveness of our internal control over financial reporting required by Section 404(b), investors may lose confidence in the accuracy and completeness of our
financial reports and the trading price of our ordinary shares could be negatively affected. We could also become subject to investigations by Nasdaq, the SEC or
other regulatory authorities, which could require additional financial and management resources.
Our U.S. shareholders may suffer adverse tax consequences if we are classified as a “passive foreign investment company.”
Generally, if for any taxable year, after the application of certain look-through rules, 75% or more of our gross income is passive income, or at least 50% of the
average quarterly value of our assets (which may be measured in part by the market value of our ordinary shares, which is subject to change) are held for the
production of, or produce, passive income (as defined in the relevant provisions of the Internal Revenue Code of 1986, as amended, or the Code), we would be
characterized as a “passive foreign investment company,” or PFIC, for U.S. federal income tax purposes under the Code. Based on our market capitalization and
the nature of our income, assets and business, we believe that we should not be classified as a PFIC for the taxable year that ended December 31, 2020. However,
PFIC status is determined annually and requires a factual determination that depends on, among other things, the composition of our income, assets and activities in
each taxable year, and can only be made annually after the close of each taxable year. Furthermore, because the value of our gross assets is likely to be determined
in part by reference to our market capitalization, a decline in the value of our ordinary shares may result in our becoming a PFIC. Accordingly, there can be no
assurance that we will not be considered a PFIC for any taxable year. If we are a PFIC for any taxable year during which a U.S. Holder (as defined in “Item 10.E.
Taxation—Certain United States Federal Income Tax Consequences”) holds our ordinary shares, certain adverse U.S. federal income tax consequences could apply
to such U.S. Holder. Prospective U.S. Holders should consult their tax advisors regarding the potential application of the PFIC rules to them. See “Item 10.E.
Taxation—Certain United States Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”
23
�If a United States person is treated as owning at least 10% of our ordinary shares, such holder may be subject to adverse U.S. federal income tax consequences.
If a U.S. person is treated as owning (directly, indirectly or constructively) at least 10% of the value or voting power of our ordinary shares, such person may be
treated as a “U.S. shareholder” with respect to each controlled foreign corporation, or CFC, in our group (if any). If our group includes one or more U.S.
subsidiaries (as has been the case for 2020), certain of our non-U.S. subsidiaries will be treated as CFCs regardless of whether or not we are treated as a CFC. A
U.S. shareholder of a CFC may be required to report annually and include in its U.S. taxable income its pro rata share of such CFC’s “Subpart F income,” “global
intangible low taxed income” and investments in U.S. property by CFCs, regardless of whether we make any distributions. An individual who is a U.S. shareholder
with respect to a CFC generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. shareholder that is a U.S.
corporation. Failure to comply with these reporting obligations may subject a U.S. shareholder to significant monetary penalties and may prevent the statute of
limitations with respect to such U.S. shareholder’s U.S. federal income tax return for the year for which reporting was due from starting. We cannot provide any
assurances that we will be able to assist holders of ordinary shares in determining whether any of our non U.S. subsidiaries is treated as a CFC or whether any
holder of ordinary shares should be treated as a U.S. shareholder with respect to any such CFC or furnish to any U.S. shareholders information that may be
necessary to comply with the aforementioned reporting and tax paying obligations. The United States Internal Revenue Service provided limited guidance on
situations in which investors may rely on publicly available alternative information to comply with their reporting and tax paying obligations with respect to foreign
controlled CFCs. U.S. investors are strongly advised to consult their own tax advisors regarding the potential application of these rules to their investment in our
ordinary shares.
We do not intend to pay dividends on our ordinary shares for the foreseeable future so any returns will be limited to changes in the value of our ordinary
shares.
We have never declared or paid any cash dividends on our ordinary shares. We currently anticipate that we will retain future earnings for the development,
operation, and expansion of our business and do not anticipate declaring or paying any cash dividends for the foreseeable future. Any return to shareholders will
therefore be limited to the increase, if any, of our share price, which may or may not occur.
Risks Relating to Our Incorporation and Location in Israel
Our principal executive offices, substantially all of our research and development activities and other significant operations are located in Israel, and therefore,
our results may be adversely affected by political, economic and military instability in Israel.
Our principal executive offices and research and development facilities are located in Israel and therefore may be influenced by regional instability and extreme
security tension. Accordingly, political, economic and security conditions in Israel and the surrounding region could directly affect our business. Any political
instability, terrorism, armed conflicts, cyber attacks or any other hostilities involving Israel or the interruption or curtailment of trade between Israel and its present
trading partners could affect adversely our operations. Additionally, we may also be targeted by cyber terrorists specifically because we are an Israeli company.
Ongoing and revived hostilities or other Israeli political or economic factors, could harm our operations and cause any future sales to decrease.
24
�Our commercial insurance does not cover losses that may occur as a result of events associated with war and terrorism. Although the Israeli government currently
covers the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot guarantee that this government coverage will be
maintained or that it will sufficiently cover our potential damages. Any losses or damages incurred by us could have a material adverse effect on our business.
Further, our operations could be disrupted by the obligations of personnel to perform military reserves service. As of December 31, 2020, approximately 35% of
our personnel are based in Israel, certain of whom may be called upon to perform military reserve duty, which could materially adversely affect our business and
results of operations.
Several countries restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on doing business with Israel and
Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by activists to cause companies and
consumers to boycott Israeli goods based on Israeli government policies. Such actions, if accelerated, could adversely affect our business, financial condition and
results of operations.
There is currently a level of unprecedented political instability on Israel’s domestic front. The Israeli government has been in a transitionary phase since December
2018 when the Israeli Parliament, or the Knesset, first resolved to dissolve itself and call for new general elections. Israel held general elections twice in 2019 and
once again in 2020. Currently, a fourth election within a two year period is scheduled for March 23, 2021. The Knesset, for reasons related to this extended political
turmoil, failed to pass a budget for the year 2020, and certain government ministries, certain of which are critical to the operation of our business, operated without
necessary resources and, assuming the current political stalemate persists, may not receive sufficient funding moving forward. This political reality is further
compounded by a budget deficit of NIS 160.3 billion ($50.4 billion) for the year 2020, which is roughly three times larger than in 2019 and the highest on record
since Israel’s founding. Given the likelihood that the current situation will not be resolved during the next calendar year, our ability to conduct our business
effectively may be adversely materially affected.
The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase
our costs and taxes.
We were granted Approved Enterprise status under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law. We elected
the alternative benefits program, pursuant to which income derived from the Approved Enterprise program is tax-exempt for two years and enjoys a reduced tax
rate of 10.0% to 25.0% for up to a total of eight years, subject to an adjustment based on the percentage of foreign investors’ ownership. We were also eligible for
certain tax benefits provided to Benefited Enterprises under the Investment Law. In March 2013, we notified the Israel Tax Authority that we apply the new tax
Preferred Enterprise regime under the Investment Law instead of our Approved Enterprise and Benefited Enterprise. Accordingly, we are eligible for certain tax
benefits provided to Preferred Enterprises under the Investment Law. If we do not meet the conditions stipulated in the Investment Law and the regulations
promulgated thereunder, as amended, for the Preferred Enterprise, any of the associated tax benefits may be canceled, and we would be required to repay the
amount of such benefits, in whole or in part, including interest and CPI linkage (or other monetary penalties). Starting from 2017, we are eligible for the
Technological Preferred Enterprise regime, a sub-category of the Preferred Enterprise regime, which grants enhanced tax benefits to enterprises with significant
research and development activities. Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or
discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates which would harm our financial condition and results of operation.
Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion under
future Israeli tax benefit regimes. See “Item 5. Operating and Financial Review and Prospects—Operating Results—Israeli Tax Considerations and Government
Programs—Law for the Encouragement of Capital Investments, 5719-1959.”
We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees.
We enter into assignment-of-invention agreements with our employees pursuant to which such individuals agree to assign to us all rights to any inventions created
in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our employees during the course
of their employment by us. Under the Israeli Patent Law, 5727-1967, inventions conceived by an employee during the scope of his or her employment with a
company are regarded as “service inventions” which belong to the employer, absent a specific agreement between the employee and employer giving the employee
service invention rights. Although our employees have agreed to assign to us service invention rights, as a result of uncertainty under Israeli law with respect to
service invention rights and the efficacy of related waivers, including with respect to remuneration and its extent, we may face claims demanding remuneration in
consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or
former employees, or be forced to litigate such claims, which could negatively affect our business.
25
�As a public company incorporated in Israel we may become subject to further compliance obligations and market trends or restrictions, which may strain our
resources and divert management’s attention.
Being an Israeli publicly traded company in the United States and being subject to both U.S. and Israeli rules and regulations may make it more expensive for us to
obtain directors and officers liability insurance, and we may be required to continue incurring substantially higher costs for reduced coverage. These factors could
also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee, and qualified
executive officers. In accordance with the provisions of the Companies Law, approval of our directors and officers insurance is limited to the terms of our duly
approved compensation policy, unless otherwise approved by our shareholders.
Provisions of Israeli law and our articles of association may delay, prevent or otherwise impede a merger with or an acquisition of us, even when the terms of
such a transaction are favorable to us and our shareholders.
Our articles of association contain certain provisions that may delay or prevent a change of control. These provisions include that our directors (other than external
directors, if applicable) are elected on a staggered basis, and therefore a potential acquirer cannot readily replace our entire board of directors at a single annual
general shareholder meeting. In addition, Israeli corporate law regulates acquisitions of shares through tender offers and mergers, requires special approvals for
transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to such types of transactions. See “Item 10.B.
Articles of Association—Acquisitions under Israeli Law” for additional information.
Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax
treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S.
tax law. With respect to mergers involving an exchange of shares, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent
on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and
dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is
limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. These provisions of Israeli law and our
articles of association could have the effect of delaying or preventing a change in control in us and may make it more difficult for a third party to acquire us, even if
doing so would be beneficial to our shareholders, and may limit the price that investors may be willing to pay in the future for our ordinary shares.
It may be difficult to enforce a judgment of a U.S. court against us, our officers and directors or the Israeli auditors named in this annual report in Israel or
the United States, to assert U.S. securities laws claims in Israel or to serve process on our officers and directors and these auditors.
We are incorporated in Israel. The majority of our directors and executive officers, and the Israeli auditors listed in this annual report reside outside of the United
States, and most of our assets and most of the assets of these persons are located outside of the United States. Therefore, a judgment obtained against us, or any of
these persons, including a judgment based on the civil liability provisions of the U.S. federal securities laws, may not be collectible in the United States and may
not be enforced by an Israeli court. It also may be difficult for our shareholders to effect service of process on these persons in the United States or to assert U.S.
securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws reasoning
that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli
law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact by expert
witnesses, which can be a time consuming and costly process. Certain matters of the procedure will also be governed by Israeli law. There is little binding case law
in Israel that addresses the matters described above. As a result of the difficulty associated with enforcing a judgment against us in Israel, our shareholders may not
be able to collect any damages awarded by either a U.S. or foreign court.
26
�The rights and responsibilities of our shareholders are, and will continue to be, governed by Israeli law which differs in some material respects from the rights
and responsibilities of shareholders of U.S. corporations.
The rights and responsibilities of the holders of our ordinary shares are governed by our articles of association and by Israeli law. These rights and responsibilities
differ in some material respects from the rights and responsibilities of shareholders in U.S. corporations. In particular, a shareholder of an Israeli company has a
duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards the company and other shareholders, and to
refrain from abusing its power in the company, including, among other things, in voting at a general meeting of shareholders on matters such as amendments to a
company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder
approval. In addition, shareholders have a general duty to refrain from discriminating against other shareholders and a shareholder who is aware that it possesses
the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or chief executive officer in the company has a duty
of fairness toward the company with regard to such vote or appointment. There is limited case law available to assist us in understanding the nature of this duty or
the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are
not typically imposed on shareholders of U.S. corporations. See “Item 6.C. Board Practices — Approval of Related Party Transactions under Israeli Law—
Fiduciary Duties of Directors and Executive Officers.”
ITEM 4.
INFORMATION ON THE COMPANY
A. History and Development of the Company
Our History
CyberArk Software Ltd. was founded in 1999 with the vision of protecting high-value business data and pioneering our Digital Vault technology. That same year,
we began offering our first product, the Sensitive Information Management Solution (previously called the Sensitive Document Vault), which provided a secure
platform for our customers’ employees to share sensitive files. A key pillar of our strategy is innovation which began with our early vaulting technology and has
enabled us to evolve into a company that provides a comprehensive solution to secure identities anchored on Privileged Access Management. In 2005, we
introduced our Privileged Access Management Solution, upon which we built our leadership position in the Privileged Access Management market, providing a
layer of security that protects high level and high value access across an organization. In September 2014, we listed our ordinary shares on the Nasdaq Stock
Market LLC (Nasdaq). In addition to investing in organic research and development in 2015 we began to execute a merger and acquisition strategy and acquired
Viewfinity, Inc., a provider of Windows least privilege management and application control software, as well as Cybertinel Ltd., a cybersecurity company
specializing in cyber threat detection technology. In May 2017, we acquired Conjur Inc., a provider of DevOps security software. In March 2018, we acquired
Vaultive, Ltd., a cloud security provider, and in May 2020 we acquired IDaptive Holdings, Inc., an Identity as a Service (IDaaS) provider. Based on our continued
innovation, today CyberArk is the global leader in Privileged Access Management — and we are expanding our offerings to include a comprehensive and flexible
set of Identity Security capabilities. We secure access for any identity – human or machine – to help organizations secure critical business assets, protect their
distributed workforce and customers, and accelerate business in the cloud.
We are a company limited by shares organized under the laws of the State of Israel. We are registered with the Israeli Registrar of Companies. Our registration
number is 51-229164-2. Our principal executive offices are located at 9 Hapsagot St., Park Ofer B, POB 3143, Petach-Tikva, 4951040, Israel, and our telephone
number is +972 (3) 918-0000. Our website address is www.cyberark.com. Information contained on, or that can be accessed through, our website is not part of this
annual report and is not incorporated by reference herein. We have included our website address in this annual report solely for informational purposes. Our SEC
filings are available to you on the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information statements, and other information
regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not incorporated by reference herein.
Our agent for service of process in the United States is CyberArk Software, Inc., located at 60 Wells Avenue, Newton, MA 02459, and our telephone number is
(617) 965-1544.
27
�Principal Capital Expenditures
Our cash capital expenditures for fiscal years 2018, 2019 and 2020 amounted to $8.6 million, $7.0 million, and $7.2 million, respectively. Capital expenditures
consist primarily of investments in leasehold improvements for our office space, purchases of furniture, computers, and related equipment and internal use software
capitalization. We anticipate our capital expenditures in fiscal year 2021 to be approximately 2% of revenue. We anticipate our capital expenditures in 2021 will be
financed with cash on hand and cash provided by operating activities.
B.
Business Overview
We are the global leader in Privileged Access Management (PAM), and we are expanding our offerings to include a comprehensive and flexible set of Identity
Security capabilities. We secure access for any identity – human or machine – to help organizations secure critical business assets, protect their distributed
workforce and customers, and accelerate business in the cloud. Our vision is to deliver an Identity Security portfolio that contextually authenticates each identity,
dynamically authorizes the least amount of privilege required, secures credentials, and thoroughly audits the entire cycle.
With CyberArk’s Identity Security portfolio, which has a foundation in Privileged Access Management, organizations can reduce risk by securing human and
machine identities with access to the “keys to the kingdom.” These “keys to the kingdom” provide complete control of IT infrastructure applications, DevOps tools,
and critical business data. In the hands of malicious insiders or external attackers, the consequences to businesses can be devastating. Organizations also leverage
the CyberArk Identity Security access management solutions to secure the access of workforce, partner, and customer identities and deliver operational efficiencies
by replacing complex, patchworked, and siloed legacy identity and access management solutions.
Securing these human and machine identities is now more important than ever. With the rapid rise in mobile workers, hybrid and multi-cloud adoption, and
digitalization of the enterprise, physical and network security barriers are less relevant at securing data and assets than ever before. Compromised identities and
their associated privileges represent an attack path to an organization’s most valuable assets. Because of this, we believe that identity has become the new security
perimeter and is at the foundation of Zero Trust security models. Our approach is unique as CyberArk recognizes that every identity can become privileged under
certain conditions and we offer the broadest range of security controls to reduce that risk while delivering a high-quality experience to the end user.
The main pillars of our strategy include innovation, whether organically or through acquisitions, developing a meaningful layer of identity security for our
customers, and executing our land and expand strategy. During 2020, we continued to add new customers and cross sell to existing customers directly and through
channels. As of December 31, 2020, we had approximately 6,600 customers, including more than 50% of Fortune 500 companies and more than 35% of Global
2000 companies. We define a customer to include a distinct entity, division, or business unit of a company. Our customers include leading organizations in a
diverse set of industries, including financial services, manufacturing, insurance, healthcare, energy and utilities, transportation, retail, technology, and
telecommunications, as well as government agencies.
In 2021, we began to actively shift to a subscription business model and we plan to primarily sell on-premises software subscriptions, and SaaS subscriptions
through our cloud-based offerings. We are focused on acquiring and retaining our customers and increasing their engagement with us through expanding the
number of users who access our platform and cross-selling additional products and services. We sell our solutions through a high touch hybrid model that includes
direct sales, channel sales, managed security service providers, as well as advisory firm partners.
Through CyberArk’s C3 Alliance, our global technology partner program, we bring together enterprise software, IT, Security, and cloud providers to build on the
power of Identity Security to better protect customers from cyber threats. Our CyberArk Marketplace provides a trusted platform for customers to easily find and
deploy integrations from the C3 Alliance, partners, and community members.
28
�Industry Background
The growth of our market has several drivers based on multi-year trends, making securing the identities and their associated privileges a main focus of
organizations’ security strategies.
Digital Transformation: The digitalization of business creates a larger digital landscape full of opportunities for improved engagement with customers, vendors
and employees, but also greater exposure to threats. New digital technologies require expanded privileged access for both humans and machines that must be
properly secured. Hybrid and multi-cloud adoption drives the need for centralized solutions that help secure privileged access, enterprise-wide. This trend has
greatly accelerated because of the COVID-19 pandemic forcing large portions of the workforce to work remotely and a much larger portion of businesses to offer
online options to stay viable.
Cloud and SaaS Applications: Broad acceptance and adoption of hybrid and cloud-based infrastructure, and an increasing reliance on SaaS applications, are
having a significant impact on how organizations approach security. Until a few years ago, organizations would typically prioritize protection of their most critical
systems and data, with a particular focus on protecting privileged access. “Privileged users” were understood at the time to be mostly IT administrators accessing
shared administrative accounts in systems and applications, whereas in today’s cloud and SaaS environment, every identity can become privileged under certain
conditions.
Any of the identities operating in a modern environment (such as employees, partners, IT Admins, DevOps and developers, applications or robots, vendors, or
customers) might have some level of privilege that, if improperly secured, can provide an attack path into an organization's most valuable assets. This is coupled
with the rapid expansion and adoption of hybrid and cloud infrastructure, applications and application programming interfaces (APIs), mobile and remote workers,
and use of third parties such as vendors. We now live in a world where the number, types, and interrelationships of identities have exploded, creating new
dimensions to the threat landscape.
Zero Trust Security: A traditional security approach that relies on perimeter-based security is relatively less effective and applicable nowadays, due to the
expansion of the digital transformation and the use of cloud and SaaS applications or remote access. In parallel, it is has become increasingly difficult to keep
attackers out of an organization’s network altogether. The expanding of both attack surface and prevalence of threats have led to a growing application of a Zero
Trust approach to security.
While traditional, perimeter-based security relies on a strategy of trying to separate legitimate users from threat actors and assumes that systems and traffic within
the corporate networks and datacenters can be trusted, Zero Trust assumes that the threat actors have already established a network presence and have access to the
organization’s applications and systems. In a Zero Trust security model, organizations aim to have every identity authenticated and authorized before granting it
access, every time.
Zero Trust is not a single technology but an approach that ensures every user’s identity is verified, their device is validated, and their access is intelligently limited
to just what they need – and taken away when they no longer need it. CyberArk’s Identity Security solutions delivers a set of technologies that are foundational to
adopting a Zero Trust approach.
Governance and Compliance: Industry regulations such as Sarbanes Oxley (SOX), Payment Card Industry Data Security Standard (PCI), SWIFT Customer
Security Controls Framework, Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and security
frameworks such as National Institute of Standards (NIST) and the Center for Internet Security (CIS) all have stringent requirements to uphold strong Identity
Security controls to maintain data privacy and sovereignty.
29
�Our Solutions
Our portfolio provides a complete and flexible set of Identity Security capabilities across three main areas: Privilege, Access, and DevSecOps.
Privilege
CyberArk’s Privileged Access Management solutions can be used to secure, manage, and monitor privileged access. Privileged accounts can be found on
endpoints, in applications, and from hybrid to multi-cloud environments.
•
•
•
•
Privileged Access Manager. CyberArk Privileged Access Manager includes risk-based credential security and session management to protect against
attacks involving privileged access. CyberArk’s Privileged On-Premises solution (formerly known as Core PAS) can be deployed in an on-premises data
center or in a hybrid cloud or a public cloud environment, either as a perpetual license or as a subscription, including as a subscription-based SaaS solution
through CyberArk Privilege Cloud.
Vendor Privileged Access Manager. CyberArk Vendor Privileged Access Manager combines Privileged Access Manager and Remote Access (formerly
known as Alero) to provide fast, easy and secure privileged access to third-party vendors who need access to critical internal systems via CyberArk,
without the need to use passwords. By not requiring VPNs or agents, Vendor Privileged Access Manager removes operational overhead for administrators,
makes it easier and quicker to deploy and improves organizational security.
Endpoint Privilege Manager. The CyberArk Endpoint Privilege Manager SaaS service secures privileges on the endpoint (Windows servers, Windows
desktops and Mac desktops) and helps contain attacks early in their lifecycle. It enables revocation of local administrator rights, while minimizing impact
on user productivity, by seamlessly elevating privileges for authorized applications or tasks. Application control, with automatic policy creation, allows
organizations to prevent malicious applications from executing, and runs unknown applications in a restricted mode. This, combined with credential theft
protection, helps prevent malware such as ransomware from gaining a foothold and contains attacks on the endpoint.
Cloud Entitlements Manager. Introduced in 2020, CyberArk Cloud Entitlements Manager is a SaaS solution that reduces risk that arises from excessive
privileges by implementing Least Privilege across cloud environments. From a centralized dashboard, Cloud Entitlements Manager provides visibility and
control of permissions across an organization’s cloud landscape. Within this single display, Cloud Entitlements Manager offers automatically deployable
remediations based on the principal of Least Privilege, to help organizations strategically remove excessive permissions without disrupting cloud
operations.
30
�Access
Following the acquisition of Idaptive in 2020, we now deliver robust Identity and Access Management as a Service (IDaaS) which provides a comprehensive
Artificial Intelligence (AI)-based and security-first approach to managing identities that is both adaptive and context-aware. Idaptive has now been rebranded to
CyberArk Identity and includes capabilities to secure both workforce and customer identities.
Workforce Identity offers:
•
•
•
•
•
Adaptive Multi-factor Authentication (MFA). Adaptive MFA enables an enterprise to enforce risk-aware and strong identity assurance controls within
the organization.
Single Sign-On (SSO). SSO is the ability to use a single secure identity to access all applications and resources within an organization. CyberArk Identity
enables SSO for all types of users – workforce, partners, and consumers to all types of workstations, systems, VPNs, and applications – both in the cloud
and on-premises.
Application Gateway. With the CyberArk Identity Application Gateway service, customers can enable secure remote access and expand SSO benefits to
on-premises web apps — like SharePoint and SAP — without the complexity of installing and maintaining VPNs.
Identity Lifecycle Management. This module enables CyberArk Identity customers to automate the joiner, mover, and leaver processes within the
organization. This automation is critical to ensure that privileges don’t accumulate, and a user’s access is turned off as soon as the individual changes roles
or leaves the organization.
Directory Services. Allows customers to use identity where they control it. In other words, we do not force our customers to synchronize their on-
premises identities with our cloud. Our cloud architecture can work seamlessly with any existing directory, enterprise or social or a federated directory.
CyberArk Identity also provides its own highly scalable and flexible directory for customers who choose to use it.
Customer Identity offers authentication and authorization services, MFA, directory, and user management to enable organizations to provide their customers with
easy and secure access to websites and applications.
In alignment with our Identity Security strategy, in January 2021, we introduced new offers that will be sold as a subscription to the market for workforce users,
privileged users, and external vendors. The workforce users offering includes credential vaulting and rotation, adaptive MFA, and SSO. The privileged users
offering includes full credential management, session management, and Remote Access (formerly Alero). The external vendor users offering aligns to the
capabilities detailed above for Vendor PAM.
DevSecOps
Our capabilities in the area of DevSecOps are focused on securing secrets used by machine identities such as applications, scripts, containers, DevOps tools, and
third-party security solutions. Secrets Manager enables organizations to avoid the need to store secrets within applications and instead easily and securely access
the required credentials from the CyberArk Vault. Secrets Manager supports traditional applications with its Credential Providers and dynamic applications with
Conjur.
•
•
Secrets Manager Credential Providers. Credential Providers can be used to provide and manage the credentials used by third-party solutions such as
security tools, RPA, and IT management software, and also supports internally developed applications built on traditional monolithic application
architectures. Credential Providers works with CyberArk’s on-premises and SaaS based solutions.
Secrets Manager Conjur. For cloud-native applications built using DevOps methodologies, Conjur Enterprise provides a secrets management solution
tailored specifically to the unique requirements of these environments. We also provide an open source version to better meet the needs of the developer
community.
31
�Our Technology
Our portfolio provides a complete and flexible set of Identity Security capabilities that leverage the following core technologies:
Secure Digital Vault Technology. Our proprietary Digital Vault technology provides a highly secure, isolated environment, independent of other software, and is
engineered with multiple layers of security. Our on-premises and SaaS PAM solutions use the highly secured Digital Vault to safely store, audit and manage
passwords, privileged credentials, policy information and privileged access session data.
Privileged Session Recording and Controls. Our innovative privileged session recording and control mechanisms provide the ability to isolate an organization’s IT
systems from end-user desktops, while monitoring and auditing privileged session activities. The architecture blocks direct communication between an end-user’s
desktop and a target system, thus preventing potential malware on the desktop from infiltrating the target system. This architecture further ensures that privileged
credentials will remain protected and will not be exposed to the end-user or reach the desktop. CyberArk session monitoring solutions support native connectivity
to Windows and other graphical platforms via native RDP tools and Linux/Unix using native SSH tools. Risk scoring can be applied to each recorded session,
automating the review of all privileged sessions and enabling auditors to prioritize and deprioritize workloads based on risk.
Secure Remote Access. The cloud-based, multifactor authentication provided with Remote Access leverages the biometric capabilities from smartphones which in
turn allows authorized remote vendors simple just-in-time secure privileged access. Once authenticated, all privileged sessions are automatically recorded for full
audit and monitored in real-time.
Strong Application Authentication and Credential Management. The Secrets Manager (formerly Application Access Manager) architecture allows an
organization to eliminate hard-coded application credentials, such as passwords and encryption keys, from applications and scripts. Our secure, proprietary
technology permits authentication of an application during run-time, based on any combination of the application’s signature, executable path or IP address, and
operating system user. Following application authentication, the authenticated application uses a secure application programming interface, or API, to request
privileged account credentials during run-time and, based on the application permissions in Privileged Access Manager, up-to-date credentials are provided to the
application.
Strong Endpoint Security. Our endpoint agent technology provides policy-based privilege management, application control and credential theft protection
capabilities. The agent detects privileged commands, and application installation or invocation on the endpoint to validate whether it is permissible in accordance
with the organization’s security policy, otherwise blocking the operation or allowing it to run in a restricted mode. Having users operate in a least privilege mode
together with our agent-based technology effectively reduces the attack surface that attackers or malware can exploit. The solution leverages third-party threat and
reputation information to further strengthen controls and block bad or malicious applications based on such security intelligence.
Adaptive Multi-factor Authentication. Our Adaptive Multi-factor Authentication (MFA) enforces risk-aware and strong identity assurance controls within an
organization. These controls include a broad range of built-in authentication factors such as passwordless authenticators like Windows Hello and Apple TouchID,
high assurance authenticators like USB security keys, and our patented Zero Sign-on certificate-based authentication.
Single Sign-on. Our Single Sign-on (SSO) solution facilities the secure access to many different applications, systems, and resources while only requiring a single
authentication. Our SSO solution offers a modern identity provider supporting popular SSO protocols to any system or app that supports SAML, WS-Fed, OIDC
and OAuth2 as well as an extensive application catalog with out-of-the-box integration for thousands of applications.
Our Customers
As of December 31, 2020, we had approximately 6,600 customers, including more than 50% of Fortune 500 companies and more than 35% of Global 2000
companies. Our customers include leading organizations in a diverse set of industries, including financial services, manufacturing, insurance, healthcare, energy
and utilities, transportation, retail, technology and telecommunications, as well as government agencies.
Our business is not dependent on any particular customer. No customer or channel partner accounted for more than 10% of our revenues in the last three years. Our
diverse global footprint is evidenced by the fact that in 2020, we generated 53.1% of our revenues from customers in the United States, 30.6% from the EMEA
region and 16.3% from the rest of the world, including countries in North and South America other than the United States and countries in the Asia Pacific region.
32
�Go-to-Market
Marketing
Our marketing strategy is focused on building our brand strength, communicating the benefits of our solutions, developing leads, and increasing sales to existing
customers. We market ourselves as the global leader in Identity Security. Centered on Privileged Access Management, we provide comprehensive security
solutions for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads, and throughout DevOps pipelines.
The world’s leading organizations trust CyberArk to help secure their most critical assets. We execute our strategy by leveraging a combination of internal
marketing professionals and a network of channel partners to communicate the value proposition and differentiation for our products, generating qualified leads for
our sales force and channel partners. Our marketing efforts also include public relations in multiple regions and extensive content development available through
our website. We are focused on ongoing thought-leadership campaigns to reinforce our positioning as the Identity Security leader.
In 2020, our marketing investments and campaigns were adjusted to match our customers’ and prospects’ “new normal” of remote work and online engagement
versus in-person trade shows, regional events, and in-person meetings. For example, in June 2020 we held our 14th annual Impact User Conference entirely online.
This immersive digital experience attracted more than 11,000 registered attendees and delivered over 40 keynotes, breakout, and training sessions — a record over
previous years. Additional adjustments included replacing in person regional events with regional online experiences as well in increased investment and focus on
digital marketing channels. We believe that just as parts of the new normal for our customers and prospects will be permanent, our investments, experience, and
focus on online events and digital marketing will become a permanent focus of our marketing mix going forward.
Sales
We believe that our hybrid sales model, which combines the leverage of high touch, channel sales with the account control of direct sales, has played an important
role in the growth of our customer base to date. We maintain a highly trained sales force that is responsible for developing and closing new business, the
management of relationships with our channel partners and the support and expansion of relationships with existing customers. Our sales organization is organized
by geographic regions, consisting of the Americas, EMEA and Asia Pacific and Japan regions. As of December 31, 2020, our global network of channel partners
consisted of more than 450 resellers, distributors, and managed service providers. Our channel partners generally complement our sales efforts by helping identify
potential sales targets, maintaining relationships with certain customers and introducing new products to existing customers and offering post-sale professional
services and technical support. In 2020, we generated approximately 33% of our revenues from direct sales from our field offices located throughout the world.
Approximately 45% of our sales in the United States are direct while most of our sales in the EMEA and APJ regions and the rest of the world are through channel
partners. We work with many global systems integration partners and several leading regional security value added resellers, such as Optiv Security Inc., Merlin
International, Computacenter PLC, Netpoleon, SHI, M.Tech and Guidepoint Security. These companies were each among our top 15 channel partners in 2019 and
2020 by revenues and we have derived a meaningful amount of revenues from sales to each of them during the last two years. Further, we work with advisory firms
such as Deloitte and KPMG in marketing our solutions and providing implementation services to our customers. We also have a joint business relationship contract
with PricewaterhouseCoopers LLP in which we may engage in co-marketing and associated co-delivery of solutions and implementation services.
Our sales cycle varies by size of the customer, the number of products purchased and the complexity of the customer’s IT infrastructure, ranging from several
weeks for incremental sales to existing customers to several months for large deployments. We also typically experience seasonality in our sales, particularly
demonstrated by increased sales in the last month of a quarter and the last quarter of the year. To support our broadly dispersed global channel and customer base,
as of December 31, 2020, we had sales personnel in 38 countries. We plan to continue investing in our sales organization to support both the growth of our channel
partners and our direct sales organization.
33
�Services
Subscription and Software as a Service
In 2021, we plan to actively transition our business to a recurring revenue model by shifting our sales from perpetual licenses to recurring subscriptions. Our
subscriptions include on-premises and SaaS subscriptions of our software solutions.
Maintenance and Support
Our maintenance and support program provides all customers who purchase maintenance and support in conjunction with their perpetual licenses, and on-premises
and SaaS subscriptions, the right to software bug repairs, the latest system enhancements, and updates on an if-and-when available basis during the maintenance
period, and access to our technical support services. Customers who purchase maintenance and support in conjunction with their initial perpetual license purchase
typically buy for one year or, to a lesser extent, three years, and can subsequently continue to renew maintenance and support for additional one- or three-year
periods. These two alternative maintenance and support periods are common in the software industry. Customers typically pay for each alternative in full at the
beginning of their terms. Most of our software maintenance and support contracts sold are for a one-year term. For example, for the years 2018 through 2020,
approximately 83% of the renewal contracts were for a one-year term.
Our technical support services are provided to perpetual and subscription customers via our online support center, which enables customers to submit new support
queries and monitor the status of open and past queries. Our online support system also provides customers with access to our CyberArk Knowledge Base, an
online user-driven information repository that provides customers the ability to address their own queries. Additionally, we offer email and telephone support
during business hours to customers that purchase a standard support or subscription package and 24/7 availability to customers that purchase our 24/7 support or
subscription package.
Our global customer support organization has expertise in our software and how it interacts with complex IT environments. When sales are made to customers
directly, we typically also provide any necessary maintenance and support pursuant to a maintenance and support contract directly with the customer. We typically
provide all levels of support directly to our customers. However, when sales are made through channels, the channel partner may provide the first and second level
support, and we typically provide third level support if the issue cannot be resolved by the channel partner.
Professional Services
Our products are designed to allow for online trials, or to allow customers to download, install and deploy them on their own or with training and professional
assistance. Our solutions are highly configurable, and many customers will select either one of our many trained channel partners or our CyberArk Security
Services team to provide expert professional services. Our Security Services team can be contracted to assist customers in planning, installing, and configuring our
solution to meet the needs of their security and IT environment, and provide technical account management services. Our Security Services team provides ongoing
consulting services regarding best practices for achieving Identity Security, and recommended ways to implement our solutions to meet specific customer
requirements. Additionally, they share best practices associated with Identity Security to educate customers and partners on such best practices through virtual
classroom, live face-to-face, or self-paced classes.
New for 2020, we delivered the Blueprint for Privileged Access Management and will be broadening the Blueprint to Identity Security in 2021. The most
comprehensive program of its kind, CyberArk Blueprint is designed to help customers take a future-proof, phased and measurable approach to reducing Identity
Security risks.
Based on the experience of the CyberArk Labs and Red Team (CyberArk teams involved in cyber security research) and incident response engagements, nearly
every targeted attack follows a similar pattern of identity and privileged credential compromise. These patterns influenced CyberArk Blueprint’s three guiding
principles, which are foundational to the program: prevent credential theft; stop lateral and vertical movement; and limit privilege escalation and abuse.
The CyberArk Blueprint uses a simple, prescriptive approach based on these guiding principles to reduce risk across five stages of Identity Security maturity.
Customers benefit from being able to prioritize quick wins, progressively address advanced Identity Security use cases, and align security controls to digital
transformation efforts across hybrid environments.
34
�Research and Development
Continued investment in research and development is critical to our business. Our research and development efforts are focused primarily on improving and
continuing to enhance existing products and services, as well as developing new products, features and functionality to meet market needs. We believe the timely
development of new products and capabilities is essential to maintaining our competitive position. We regularly release new versions of our software which
incorporate new features and enhancements to existing features. We also maintain a dedicated CyberArk Labs team that researches reported cyber-attacks, the
attackers’ techniques and post-exploit methods that lead to new security development initiatives for our products and provides thought-leadership on new product
capabilities and targeted attack mitigation.
As of December 31, 2020, we had 464 employees focused on research and development. We conduct our research and development activities primarily in Israel, as
well as in the United States, India and Ukraine. We believe this provides us with access to world class engineering talent. Our research and development expenses
were $57.1 million, $72.5 million, and $95.4 million in 2018, 2019 and 2020, respectively.
Intellectual Property
We rely on a combination of patent, trademark, copyright and trade secret laws, confidentiality procedures and contractual provisions to protect our technology and
the related intellectual property.
As of December 31, 2020, we had 84 issued patents in the United States, and 59 pending U.S. patent applications. We also had 37 issued patents and 25
applications pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications. We expect to file additional patent
applications in the future.
The inventions for which we have sought patent protection relate to current and future elements of our products and technology. The following list of products
identifies some of those with patent-protected features, but other products may also be protected by one or more patents: Digital Vault, Discovery & Audit tool,
Privileged Threat Analytics, Privileged Session Manager, Endpoint Privilege Manager, Secrets Manager and CyberArk Identity.
We generally enter into confidentiality agreements with our employees, consultants, service providers, resellers and customers and generally limit internal and
external access to, and distribution of, our proprietary information and proprietary technology through certain procedural safeguards. These agreements and
measures may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the
event of unauthorized use or disclosure of our intellectual property or technology.
Our industry is characterized by the existence of many relevant patents and frequent claims and related litigation regarding patent and other intellectual property
rights. Leading companies in the security industry have extensive patent portfolios. As our market position continues to grow, we believe that competitors will be
more likely to try to develop products that are like ours and that may infringe our proprietary rights. It may also be more likely that competitors or third parties will
claim that our products infringe their proprietary rights. From time to time, third parties have asserted and may assert their patent, copyright, trademark and other
intellectual property rights against us, our channel partners, users, or customers, whom our standard license and other agreements may obligate us to indemnify
against such claims under certain circumstances. Successful claims of infringement or misappropriation by a third party could prevent us from developing,
distributing, licensing, using certain products, performing certain services or could require us to pay substantial damages (including, for example, treble damages if
we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees.
Such claims also could require us to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-
infringing technology; enter into potentially unfavorable royalty or license agreements to obtain the right to use necessary technologies or intellectual property
rights; and to indemnify our customers and partners (and parties associated with them). Even if third parties may offer a license to their technology, the terms of
any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations
or financial condition to be materially and adversely affected.
35
�Competition
The IT security market in which we operate is characterized by intense competition, constant innovation, rapid adoption of different technological solutions and
services, and evolving security threats. We compete with a multitude of companies that offer a broad array of IT security products that employ different approaches
and delivery models to address these evolving threats.
Our current competitors in the Privileged Access Management market include BeyondTrust Corporation, NortonLifeLock, Inc. (acquired by Broadcom Inc.), One
Identity LLC and Thycotic Software Ltd., some of which may offer solutions at lower price points. Further, we may face competition due to changes in the manner
that organizations utilize IT assets and the security solutions applied to them, such as the provision of Privileged Access Management functionalities as part of
public cloud providers’ infrastructure offerings, or cloud-based identity management solutions. With the acquisition of Idaptive and our strategy to provide
customers with a comprehensive identity security portfolio, and our DevOps security solution, some of the functionality offered in our products may compete with
certain solutions in the market such as solutions from Okta Inc., Microsoft Corporation or HashiCorp, Inc. In addition, limited IT budgets may also result in
competition with providers of other advanced threat protection solutions such as Palo Alto Networks, CrowdStrike Holdings, Inc. and NortonLifeLock, Inc. We
also may compete, to a certain extent, with vendors that offer products or services in adjacent or complementary markets to Privileged Access Management,
including identity management vendors and cloud platform providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
The principal competitive factors in our market include:
•
•
•
•
•
•
•
•
•
•
•
•
the breadth and completeness of a security solution;
reliability and effectiveness in protecting, detecting and responding to cyber attacks;
analytics and accountability at an individual user level;
ability of customers to achieve and maintain compliance with compliance standards and audit requirements;
strength of sale and marketing efforts, including advisory firms and channel partner relationships;
global reach and customer base;
scalability and ease of integration with an organization’s existing IT infrastructure and security investments;
brand awareness and reputation;
innovation and thought leadership;
quality of customer support and professional services;
speed at which a solution can be deployed and implemented; and
price of a solution and cost of maintenance and professional services.
We believe we compete favorably with our competitors based on these factors. However, some of our current competitors may enjoy potential competitive
advantages, such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical, and other
resources.
Properties
Our corporate headquarters are in Petach Tikva, Israel in an office consisting of approximately 139,100 square feet to which we moved in September 2017. The
current lease expires in June 2022 with an extension option for two successive one-year periods. Our U.S. headquarters are in Newton, Massachusetts in an office
consisting of approximately 32,463 square feet. The lease expires in June 2026 with an extension option for the entire premises through 2034. We maintain
additional offices in the U.K., Singapore, France, Germany, Australia, Japan, India, Italy, Netherlands, Spain, Denmark, Poland, Kiev and Turkey. We believe that
our facilities are sufficient to meet our current needs and that if we require additional space to accommodate our growth, we will be able to obtain additional
facilities on commercially reasonable terms.
36
�Internal Cybersecurity
As we offer Identity Security solutions and services, we are sensitive to potential cyber-attacks that may result in unauthorized access to our information and
potentially that of our customers. We are also aware that, being an Israeli company, we may be targeted by cyber terrorists and nation-state actors. Any actual or
perceived breach of our networks, systems or data may have an adverse impact on the market perception of our solutions and services and may expose us to
potential liability.
For more information regarding the risks involved with cybersecurity, see “Item 3.D. Risk Factors— Our reputation and business could be harmed due to real or
perceived vulnerabilities in our solutions or services or the failure of our customers or third parties to correctly implement, manage and maintain our solutions,
resulting in loss of customers, enforcement actions, lawsuits or financial losses.” and “—If our internal IT network system, or those of third party service providers
associated with us, is compromised by cyber attacks or other data breaches, or by a critical system failure, our reputation, financial condition and operating results
could be materially adversely affected.”
We are focused on continuously implementing and maintaining technologies and solutions to assist in the prevention of potential cyber-attacks, as well as
protective measures and contingency plans in the event of an actual attack. We maintain cybersecurity risk management policies and procedures, including internal
controls, audits and disclosure protocols for handling and responding to cybersecurity events. These policies and procedures include internal notifications and
engagements and, as necessary, cooperation with law enforcement. Our controls are designed to limit and monitor access to our systems, networks, and data,
prevent inappropriate or unauthorized access or modification, and monitor for threats or vulnerabilities. We conduct periodic trainings for our employees, including
on phishing, malware and other cybersecurity risks and we have mechanisms in place designed to promote rapid internal reporting of potential or actual
cybersecurity breaches.
We have also made significant investments in technical and organizational measures to establish and manage compliance with laws and regulations governing our
data protection activities (such as GDPR), which enhance our data protection and cybersecurity. Furthermore, we monitor cybersecurity risks, certifications or
assessments at our third-party cloud infrastructure providers and other IT service providers and reevaluate those contractual relationships as appropriate.
The audit committee of our board periodically reviews our cybersecurity risks and controls with senior management, keeping our board informed of key issues. We
periodically review and modify our cybersecurity risk management policies and procedures to reflect changes in technology, the regulatory environment, industry
and security practices and other business needs.
Government Regulations
For information regarding the material effects of government regulations, see “—Industry Background” above, “Item 3.D. Risk Factors— The dynamic legal and
regulatory environment around privacy, data protection, cross-border data flows, and cloud computing may limit the offering, use and adoption of, or require
modification of, our products and services, which could limit our ability to attract new customers and support our current customers, or we could be subject to
investigations, litigation, or enforcement actions alleging that we fail to comply with the regulatory requirements thus harming our operating results and adversely
affecting our business,” “—We are subject to a number of regulatory and geopolitical risks, associated with global sales and operations, which could materially
affect our business,” and “The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future,
which could increase our costs and taxes,” and “Item 5. Operating and Financial Review and Prospects—Operating Results—Israeli Tax Considerations and
Government Programs.”
Legal Proceedings
See “Item 8.A. Consolidated Statements and Other Financial Information—Legal Proceedings.”
C. Organizational Structure
The legal name of our company is CyberArk Software Ltd. and we are organized under the laws of the State of Israel.
37
�The following table sets forth our key subsidiaries all of which are 100% owned directly or indirectly by CyberArk Software Ltd.:
Name of Subsidiary
CyberArk Software, Inc.
Cyber-Ark Software (UK) Limited
CyberArk Software (Singapore) PTE. LTD.
CyberArk Software (DACH) GmbH
CyberArk Software Italy S.r.l.
CyberArk Software (France) SARL
CyberArk Software (Netherlands) B.V.
CyberArk Software (Australia) Pty Ltd.
CyberArk Software (Japan) K.K.
CyberArk Software Canada Inc.
CyberArk USA Engineering, LP
CyberArk Software (Spain), S.L.
IDaptive India Private Limited
IDaptive Europe Limited
Place of Incorporation
Delaware, United States
United Kingdom
Singapore
Germany
Italy
France
Netherlands
Australia
Japan
Canada
Delaware, United States
Spain
India
United Kingdom
D.
Property, Plant and Equipment
See “Item 4.B.—Business Overview—Properties” for a discussion of property, plant and equipment.
ITEM 4A.
UNRESOLVED STAFF COMMENTS
Not applicable.
ITEM 5.
OPERATING AND FINANCIAL REVIEW AND PROSPECTS
For a discussion related to our financial condition, changes in financial condition, and the results of operations for the year ended December 31, 2018 and
comparison of the years ended December 31, 2018 and 2019, see “Item 5. Operating and Financial Review and Prospects” in our annual report on Form 20-F for
the fiscal year ended December 31, 2019 filed with the SEC on March 5, 2020.
Company Overview
CyberArk is the global leader in Privileged Access Management (PAM), and we are extending our leadership in PAM to offer the most complete and flexible set of
Identity Security capabilities. We secure access for any identity – human or machine – to help organizations secure critical business assets, protect their distributed
workforce and customers, and accelerate business in the cloud. CyberArk’s vision is to deliver an Identity Security portfolio that contextually authenticates each
identity, dynamically authorizes the least amount of privilege required, secures credentials, and thoroughly audits the entire cycle – giving organizations peace of
mind to drive their businesses fearlessly forward.
With CyberArk’s Identity Security portfolio, which has a foundation in Privileged Access Management, organizations can reduce risk by securing human and
machine identities with access to the “keys to the kingdom.” These “keys to the kingdom” provide complete control of IT infrastructure applications, DevOps tools,
and critical business data. In the hands of malicious insiders or external attackers, the consequences to businesses can be devastating. Organizations also leverage
the CyberArk Identity Security access management solutions to secure the access of workforce, partner, and customer identities and deliver operational efficiencies
by replacing complex, patchworked, and siloed legacy identity and access management solutions.
Securing these human and machine identities is now more important than ever. With the rapid rise in mobile workers, hybrid and multi-cloud adoption, and
digitalization of the enterprise, physical and network security barriers are less relevant at securing data and assets than ever before. Compromised identities and
their associated privileges represent an attack path to an organization’s most valuable assets. Because of this, we believe that identity has become the new security
perimeter and is at the foundation of Zero Trust security models. Our approach is unique since CyberArk recognizes that every identity can become privileged
under certain conditions and we offer the broadest range of security controls to reduce risk while delivering a high-quality experience to the end user.
38
�Prior to 2020, we primarily derived our revenues by licensing our cybersecurity software, selling maintenance and support contracts, and providing professional
services to the extent requested by customers. In 2021, we began to actively transition our business to a recurring revenue model by shifting our sales from
perpetual licenses to recurring subscriptions. Our subscriptions include on-premises and SaaS subscriptions of our software solutions. For the full year 2020, we
increased our annual recurring revenue (ARR) by 43% to $274 million. The majority of the growth in ARR was driven by on-premises and SaaS subscriptions
revenue.
We have experienced significant growth over the last several years, as evidenced by a compound annual growth rate in revenues of 16.3% from 2018 to 2020. We
have also increased our number of employees and subcontractors from 1,146 as of December 31, 2018 to 1,689 as of December 31, 2020. We intend to continue to
execute on our strategy of growing our business to meet the needs of our customers and to pursue opportunities in new and existing verticals, geographies, and
products. We intend to continue to invest in the development of our sales and marketing teams, with a particular focus on expanding our channel partnerships,
targeting new customers, creating technology partnerships and expanding our sales to existing customers.
We also plan to continue to invest in research and development in order to continue to develop technology to protect modern enterprises from Identity Security risk
from hybrid to cloud-native environments. During the years ended December 31, 2018, 2019 and 2020, our revenues were $343.2 million, $433.9 million and
$464.4 million, respectively, representing year-over-year growth of 26.4% and 7.0% in 2019 and 2020, respectively, and with maintenance and professional
services comprising 45.2% and 51.3% of our revenues in 2019 and 2020, respectively. Our net income (loss) for the years ended December 31, 2018, 2019 and
2020 was $47.1 million, $63.1 million and $(5.8) million, respectively.
Key Performance Indicators and Recent Business Developments
As we look at our business, we continue to benefit from strong industry tailwinds around digital transformation, cloud migration and enhanced cybersecurity
requirements. The COVID-19 pandemic accelerated these trends. At the same time, organizations around the world, including CyberArk, have had to respond to
the global pandemic and adjust operations to a remote work environment. From a business perspective, the health and safety of our employees and community of
customers and partners remain our top priority.
We responded quickly to the COVID-19 pandemic by:
•
•
•
•
•
•
•
Delivering strong customer support remotely while continuing to provide 24/7 service and ensuring customers and partners had the support resources
required to keep their businesses up and running;
Offering at no cost our Remote Access solution, formerly known as Alero, our SaaS solution for remote access, for employees and contractors to securely
access CyberArk through biometric authentication without a VPN;
Providing our entire global workforce the ability to work securely from home;
Adjusting and delivering all of our security services remotely, including Consulting, Implementation, Program Delivery, Red Teaming, Cloud and
Education Services;
Increasing our level of virtual employee engagement and communication;
Transitioning our sales team to virtual engagements; and
Shifting our marketing to digital programs.
In addition, the COVID-19 pandemic did impact our new business sales process, which was transformed from in person engagements to online engagements,
product demonstrations and proof of concepts. We experienced slower progression of new business deals through the pipeline and smaller initial new business deal
sizes in 2020, as many customers limited their purchases to only address immediate needs given the economic uncertainty created by the COVID-19 pandemic.
This trend contributed to our lower percentage of license revenue from new customers in 2020 compared with prior years. Lastly, we experienced lower travel
related expenses during 2020 as the majority of our business was conducted virtually given the global lockdowns and COVID-19 related travel restrictions. We
expect that over time our travel related expenses will increase as travel restrictions begin to be lifted.
39
�In 2020, we also began to experience a shift in customer preferences toward more recurring subscriptions for our software solutions including on-premises and
SaaS subscriptions. Revenue recognition for our subscription offerings is more ratable compared to sales of perpetual licenses, which have a higher percentage of
revenue recognized upfront. This shift in the mix of our business toward more recurring revenues, or subscriptions, impacted our revenues, profitability and cash
flow provided by operating activities during the full year 2020. In early 2021, we began to actively transition our business to a recurring revenue model by
incentivizing our team to shift our sales from perpetual licenses to recurring subscriptions, including both SaaS and on-premises subscriptions. As part of the active
transition of our business, we expect our revenues, operating income, net income (loss) and cash flow provided by operating activities to be impacted by the
increase in ratable revenue recognition related to our subscription offerings. We also expect that maintenance revenues associated with perpetual license contracts
will decline over the long term as we sell less perpetual licenses. In addition, we anticipate that the shift toward a recurring revenue business will result in an
increase in annual payment terms for our customer contracts, which is customary in a subscription business model, and will have an impact on our cash flow
provided by operating activities. Over the long term, we expect the transition to a recurring revenue model to result in higher visibility and stronger durability of
our business. The subscription business model transition is also directly aligned with the broad market trends related to digital transformation and cloud migration
as well as our identity security strategy.
As we move forward with the transition, we are focusing on the following metrics to evaluate the health of our business:
ARR (as of period-end)
Recurring Revenue
Total deferred revenues (as of period-end)
$
$
$
2018
Year ended December 31,
2019
($ in thousands)
192,047
$
$
143,026
134,894
149,534
$
$
175,655
190,355
$
$
2020
273,961
247,322
242,508
ARR. Annual recurring revenue (ARR) is a performance indicator that provides more visibility into the growth of our recurring business. ARR is defined as the
annualized value of active SaaS, subscription or term-based license and maintenance contracts in effect at the end of the reported period. ARR should be viewed
independently of revenue and deferred revenues as it is an operating measure and is not intended to be combined with or to replace either of those items. ARR
provides management with more visibility into our revenue stream for the upcoming year. This visibility allows us to make informed decisions about our capital
allocation and level of investment.
Recurring Revenue. Recurring revenue refers to the portion of our total revenue that includes our SaaS subscriptions, on-premises subscription and recurring
maintenance revenues related to our perpetual license contracts. Management monitors the growth of our recurring revenue as we move through the transition to
evaluate the pace of our transition to a recurring revenue model and the health of our business. Recurring revenue also provides enhanced visibility and
predictability of future revenue.
Total Deferred Revenues. Our total deferred revenues consist of maintenance and support and professional services that have been invoiced and collected but that
have not yet been recognized as revenues because they do not meet the applicable criteria, and of SaaS contracts, where there are unconditional rights for a
consideration, that have been invoiced but have not yet been recognized. In 2020, an increasing percentage of our total deferred revenues and the substantial portion
of our deferred revenues growth was related to SaaS contracts that have not been recognized. Management monitors our total deferred revenues because they
represent a significant portion of revenues to be recognized in future periods. The material factors driving changes in our license revenues are discussed under “—
Comparison of Period to Period Results of Operations.”
40
�A.
Operating Results
The following discussion and analysis should be read in conjunction with the section titled “Key Performance Indicators and Recent Business Developments” of
this annual report and our consolidated financial statements and the related notes contained elsewhere in this annual report. This discussion and analysis may
contain forward-looking statements based upon current expectations that involve risks and uncertainties. Our actual results may differ materially from those
anticipated in these forward-looking statements as a result of various factors, including those set forth in “Item 3.D. Risk Factors” of this annual report. Our
financial statements have been prepared in accordance with U.S. GAAP.
Components of Statements of Operations
Revenues
Our revenues consist of the following:
•
License Revenues. License revenues include perpetual licenses, the license portion of on-premises subscription contracts as well as SaaS revenues
recognized during the reported period. License revenues are generated primarily from sales of our Privileged Access Manager, Endpoint Privilege
Manager, Secrets Manager and CyberArk Identity solutions. The substantial majority of our license revenues has been from sales of our Privileged Access
Manager. We are seeing an increasing percentage of our business coming from our SaaS solutions, including Privilege Cloud, Endpoint Privilege Manager
and CyberArk Identity, which have ratable revenue recognition, increasing our deferred revenues that will be recognized over time. We expect revenues
from SaaS and on-premises subscriptions to become a larger percentage of our total revenues. Privileged Access Manager and CyberArk Identity are both
licensed per user. Endpoint Privilege Manager is licensed by target system (workstations and servers). Secrets Manager has two different licensing
approaches based on the types of applications being secured. The first model is licensed by agent for mission-critical and static applications and the
second model is licensed by site/region for more dynamic cloud native applications and DevOps pipelines.
• Maintenance and Professional Services Revenues. Maintenance revenues are generated from maintenance and support contracts purchased by our
customers in order to gain access to the latest software enhancements and updates on an ‘if and when available’ basis and to telephone and email technical
support. Maintenance Revenues includes the maintenance associated with both our perpetual and on premises subscription license contracts. We expect
the growth rate in our maintenance revenue to decline in the near term and eventually to decline in absolute dollars over the long term as we transition
towards selling more SaaS subscriptions and less perpetual licenses. We also offer professional services for consulting, deployment and training of our
customers to fully leverage the use of our products.
Geographic Breakdown of Revenues
The United States is our biggest market, with the balance of our revenues generated from the EMEA region and the rest of the world, which includes Canada,
Central and South America, and the Asia Pacific and Japan region. The following table sets forth the geographic breakdown of our revenues by region for the
periods indicated:
United States
EMEA
Rest of World
Total revenues
2018
Year ended December 31,
2019
2020
Amount
% of
Revenues
Amount
% of
Revenues
Amount
% of
Revenues
$
$
187,704
112,086
43,409
343,199
54.7% $
32.7%
12.6%
($ in thousands)
233,945
129,730
70,220
53.9% $
29.9%
16.2%
246,811
141,866
75,754
53.1%
30.6%
16.3%
100.0% $
433,895
100.0% $
464,431
100.0%
41
�Cost of Revenues
Our total cost of revenues consists of the following:
•
•
Cost of License Revenues. Cost of license revenues consists primarily of amortization of intangible assets, cloud infrastructure costs, personnel costs for
our global cloud organization that consist primarily of salaries, benefits, bonuses and share-based compensation, depreciation of internal use software
capitalization, costs incurred by third-party software vendors and shipping costs associated with delivery of our software. As we shift more of our sales to
SaaS offerings, we expect the absolute cost of license revenues and the cost of revenues as a percentage of revenue to increase.
Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues primarily consists of personnel costs
for our global customer support and professional services organization. Such costs consist primarily of salaries, benefits, commissions, bonuses, share-
based compensation and subcontractors’ fees. We expect the absolute cost of maintenance and professional services revenues to increase as our customer
base grows and as we hire additional professional services and technical support personnel.
Gross Profit and Gross Margin
Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin has historically
fluctuated from period to period as a result of changes in the mix of license revenues and maintenance and professional services revenues, and we expect this
pattern to continue as we shift more of our sales to subscription, particularly as the mix of our business will include more SaaS based revenues.
Operating Expenses
Our operating expenses are classified into three categories: research and development, sales and marketing and general and administrative. For each category, the
largest component is personnel costs, which consists primarily of salaries, employee benefits (including commissions and bonuses) and share-based compensation
expense. Operating expenses also include software and related expenses and allocated overhead costs for facilities and office expenses as well as depreciation and
amortization. Allocated costs for facilities and office expenses primarily consist of rent, office maintenance and utilities and office supplies. We expect personnel
and all allocated costs to continue to increase in absolute dollars as we hire new employees and add facilities to continue to grow our business.
Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel and
consultants as well as allocated overhead costs and software and related expenses. We continue to expect that our research and development expenses will continue
to increase in absolute dollars and at least in line with our revenue growth rate as we continue to grow our research and development headcount to further
strengthen our technology platform and invest in the development of both existing and new products.
Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including
variable compensation, as well as marketing programs and business development costs, travel expenses, allocated overhead costs and depreciation and amortization
of intangibles assets. We expect that sales and marketing expenses will continue to increase in absolute dollars and at least in line with our revenue growth rate as
we plan to expand our sales and marketing efforts globally. We continue to expect sales and marketing expenses will remain our largest category of operating
expenses.
General and Administrative. General and administrative expenses consist primarily of personnel costs for our executive, finance, human resources, legal and
administrative personnel. General and administrative expenses also include insurance premiums and external legal, accounting and other professional service fees.
We continue to expect that general and administrative expense will increase in dollars and at least in line with our revenue growth rate as we grow and expand our
operations and operate as a public company, including higher corporate insurance premiums, investor relations and accounting expenses, and the additional costs
relating to our ongoing regulatory compliance efforts.
42
�Financial Income (Expense), Net
Financial income (expense), net consists of mainly interest income, foreign currency exchange gains or losses, amortization of debt discount and issuance costs and
foreign exchange forward transactions expenses. Interest income consists of interest earned on our cash, cash equivalents, short and long-term bank deposits and
marketable securities. We expect interest income to vary depending on our average investment balances and market interest rates during each reporting period.
Foreign currency exchange changes reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar.
Taxes on Income
The ordinary corporate tax rate in Israel is 23.0%.
As discussed in greater detail below under “Israeli Tax Considerations and Government Programs”, we have been entitled to various tax benefits under the
Investment Law. Under the Investment Law, our tax rate to be paid with respect to our eligible Israeli taxable income under these benefits programs is generally
12.0%.
Under the Investment Law and other Israeli legislation, we are entitled to certain additional tax benefits, including accelerated deduction of research and
development expenses, accelerated depreciation and amortization rates for tax purposes on certain intangible assets and deduction of public offering expenses in
three equal annual installments.
Our non-Israeli subsidiaries are taxed according to the tax laws in their respective jurisdictions of tax residency. Due to our multi-jurisdictional operations, we
apply significant judgment to determine our consolidated income tax position.
Comparison of Period to Period Results of Operations
The following table sets forth our results of operations in dollars and as a percentage of revenues for the periods indicated:
2018
Year ended December 31,
2019
Amount
% of Revenues
Amount
% of Revenues
Amount
($ in thousands)
2020
% of
Revenues
Revenues:
License
Maintenance and professional
services
Total revenues
Cost of revenues:
License
Maintenance and professional
services
Total cost of revenues
Gross profit
Operating expenses:
Research and development
Sales and marketing
General and administrative
Total operating expenses
Operating income
Financial income (expense), net
Income (loss) before taxes on income
Taxes on income
$
192,514
56.1% $
237,879
54.8% $
226,113
150,685
343,199
10,526
37,935
48,461
294,738
57,112
148,290
42,044
247,446
47,292
4,551
51,843
(4,771)
43.9
100.0
3.1
11.0
14.1
85.9
16.6
43.2
12.3
72.1
13.8
1.3
15.1
(1.4)
196,016
433,895
10,569
52,046
62,615
371,280
72,520
184,168
52,308
308,996
62,284
7,800
70,084
(7,020)
45.2
100.0
2.4
12.0
14.4
85.6
16.7
42.4
12.1
71.2
14.4
1.8
16.2
(1.6)
238,318
464,431
19,341
63,230
82,571
381,860
95,426
219,999
60,429
375,854
6,006
(6,395)
(389)
(5,369)
48.7%
51.3
100.0
4.2
13.6
17.8
82.2
20.5
47.4
13.0
80.9
1.3
(1.4)
(0.1)
(1.2)
Net income (loss)
$
47,072
13.7% $
63,064
14.6% $
(5,758)
(1.2)%
43
�Year Ended December 31, 2019 Compared to Year Ended December 31, 2020
Revenues
2019
Amount
% of
Revenues
Year ended December 31,
2020
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
Revenues:
License
Maintenance and professional
services
Total revenues
$
$
237,879
196,016
433,895
54.8% $
226,113
48.7% $
(11,766)
45.2
238,318
51.3
42,302
100.0% $
464,431
100.0% $
30,536
(4.9)%
21.6
7.0%
Revenues increased by $30.5 million, or 7%, from $433.9 million in 2019 to $464.4 million in 2020. This increase was due primarily to continued sales of our
license solutions and increased revenues from our maintenance and professional services revenues. The largest increase in revenue occurred in the United States,
where revenues increased by $12.9 million, while the increase in EMEA and the rest of the world was $12.1 million and $5.5 million, respectively. We increased
our number of customers from approximately 5,300 as of December 31, 2019 to approximately 6,600 as of December 31, 2020.
44
�License revenues decreased by $11.8 million, or 4.9%, from $237.9 million in 2019 to $226.1 million in 2020. In 2020, approximately 75% of license revenues
were generated from sales to existing customers. The decline in the license revenue was in part because of the significant shift in our license bookings mix toward
more recurring and ratable business, which includes subscriptions to our on-premises offerings, and also to our SaaS solutions which are recognized over the
contract period.
Maintenance and professional services revenues increased by $42.3 million, or 21.6%, from $196.0 million in 2019 to $238.3 million in 2020. Maintenance
revenues increased by $37.6 million from $159.7 million in 2019 to $197.3 million in 2020, with renewals accounting for approximately $22.8 million and initial
maintenance contracts for approximately $14.7 million, respectively, of this increase. Professional services revenues increased by $4.7 million from $36.3 million
in 2019 to $41.0 million in 2020, primarily due to the provision of more services to customers.
Cost of Revenues and Gross Profit
2019
Amount
% of
Revenues
Year ended December 31,
2020
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
Cost of revenues:
License
Maintenance and professional
services
Total cost of revenues
Gross profit
$
$
$
10,569
52,046
62,615
2.4% $
12.0
19,341
63,230
4.2% $
13.6
8,772
11,184
14.4% $
82,571
17.8% $
19,956
371,280
85.6% $
381,860
82.2% $
10,580
83.0%
21.5%
31.9%
2.8%
Cost of license revenues increased from $10.6 million in 2019 to $19.3 million in 2020. The increase in cost of license revenues was driven by a $4.3 million
increase in cloud infrastructure costs, an additional $2.6 million of other costs associated with an increase in SaaS sales and an increase of $3.1 million from
amortization of intangible assets, offset by a $1.3 million decrease in installations of appliances and hardware parts.
Cost of maintenance and professional services revenues increased by $11.2 million, or 21.5%, from $52.0 million in 2019 to $63.2 million in 2020. The increase in
cost of maintenance and professional services revenues was driven primarily by a $11.1 million increase in personnel costs and related expenses. Our technical
support and professional services headcount grew from 253 at the end of 2019 to 309 at the end of 2020.
Gross profit increased by approximately $10.6 million, or 2.8%, from $371.3 million in 2019 to $381.9 million in 2020. Gross margins decreased from 85.6% in
2019 to 82.2% in 2020. This was driven by the increase in SaaS sales which have incremental costs related to cloud infrastructure and, as a result, a lower margin
contribution.
45
�Operating Expenses
Operating expenses:
Research and development
Sales and marketing
General and administrative
Total operating expenses
2019
Amount
% of
Revenues
Year ended December 31,
2020
Amount
% of
Revenues
($ in thousands)
Change
Amount
%
$
$
72,520
184,168
52,308
308,996
16.7% $
42.4
12.1
95,426
219,999
60,429
20.5% $
47.4
13.0
22,906
35,831
8,121
71.2% $
375,854
80.9% $
66,858
31.6%
19.5
15.5
21.6%
Research and Development. Research and development expenses increased by $22.9 million, or 31.6%, from $72.5 million in 2019 to $95.4 million in 2020. This
increase was primarily attributable to an $18.6 million increase in personnel costs and related expenses, as we increased our research and development team
headcount from 349 at the end of 2019 to 464 at the end of 2020 to support continued investment in our future product and service offerings. The increase was also
attributable to a $3.1 million increase in software and related expenses and a $1.5 million increase related to facilities and depreciation overhead costs.
Sales and Marketing. Sales and marketing expenses increased by $35.8 million, or 19.5%, from $184.2 million in 2019 to $220.0 million in 2020. This increase
was primarily attributable to a $37.0 million increase in personnel costs and related expenses due to increased headcount in all regions to expand our sales and
marketing organization. The increase was also attributable to a $2.0 million increase in expenses related to our marketing programs, a $1.5 million increase in
software and related expenses and a $1.8 million increase related to facilities and depreciation overhead costs, partially offset by a $6.9 million decrease in travel
and related expenses due to COVID-19. Our sales and marketing headcount grew from 656 at the end of 2019 to 772 at the end of 2020.
General and Administrative. General and administrative expenses increased by $8.1 million, or 15.5%, from $52.3 million in 2019 to $60.4 million in 2020. This
increase was primarily attributable to an increase of $2.9 million in personnel costs and related expenses due to increased headcount coupled with a $6.4 million
increase in services fees due to external legal counsel, accounting, insurance and patent administration, offset by a $1.2 million decrease in depreciation and
amortization. Our general and administrative headcount grew from 122 at the end of 2019 to 144 at the end of 2020.
Financial Income (Expense), Net. Financial income (expense), net changed by $14.2 million from $7.8 million of income in 2019 to $6.4 million of expenses in
2020. This change resulted primarily from an increase of $15.2 million in non-cash interest expense related to the amortization of debt discount and issuance costs
and from a $0.5 million decrease in interest income from investments in marketable securities and short- and long-term bank deposits offset by a $1.4 million
increase in financial income from foreign currency exchange differences.
Taxes on Income. Taxes on income decreased from $7.0 million in 2019 to $5.4 million in 2020. This decrease was mainly attributed to a decrease in our income
before taxes on income offset by consequences of an intra-entity intellectual property transfer in 2020.
Application of Critical Accounting Policies and Estimates
Our accounting policies and their effect on our financial condition and results of operations are more fully described in our consolidated financial statements
included elsewhere in this annual report. We have prepared our financial statements in conformity with U.S. GAAP, which requires management to make estimates
and assumptions that in certain circumstances affect the reported amounts of assets and liabilities, revenues and expenses and disclosure of contingent assets and
liabilities. These estimates are prepared using our best judgment, after considering past and current events and economic conditions. While management believes
the factors evaluated provide a meaningful basis for establishing and applying sound accounting policies, management cannot guarantee that the estimates will
always be consistent with actual results. In addition, certain information relied upon by us in preparing such estimates includes internally generated financial and
operating information, external market information, when available, and when necessary, information obtained from consultations with third parties. Actual results
could differ from these estimates and could have a material adverse effect on our reported results. See “Item 3.D. Risk Factors” for a discussion of the possible
risks which may affect these estimates.
46
�We believe that the accounting policies discussed below are critical to our financial results and to the understanding of our past and future performance, as these
policies relate to the more significant areas involving management’s estimates and assumptions. We consider an accounting estimate to be critical if: (1) it requires
us to make assumptions because information was not available at the time or it included matters that were highly uncertain at the time we were making our
estimate; and (2) changes in the estimate could have a material impact on our financial condition or results of operations.
Revenue Recognition
We primarily generate revenues from licensing the rights to use our software products and providing the right to access our SaaS solutions, as well as from
maintenance and professional services. License revenues include perpetual, the license portion of on-premises subscription contracts, as well as SaaS revenues
recognized during the reported period. We sell our products through our direct sales force and indirectly through resellers. Payment is typically due within 30 to 90
calendar days of the invoice date.
We recognize revenues in accordance with ASC No. 606. As such, we identify a contract with a customer, identify the performance obligations in the contract,
determine the transaction price, allocate the transaction price to each performance obligation in the contract and recognize revenues when (or as) we satisfy a
performance obligation.
We enter into contracts that can include combinations of products and services, which are generally capable of being distinct and accounted for as separate
performance obligations and may include an option to provide professional services. The license is distinct as the customer can derive the economic benefit of the
software without any professional services, updates or technical support.
The transaction price is determined based on the consideration to which we will be entitled in exchange for transferring goods or services to the customer. We do
not grant a right of return to our customers.
In instances of contracts where revenue recognition differs from the timing of invoicing, we determined that those contracts generally do not include a significant
financing component. The primary purpose of the invoicing terms is to provide customers with simplified and predictable ways of purchasing our products and
services, not to receive or provide financing. We use the practical expedient and do not assess the existence of a significant financing component when the
difference between payment and revenue recognition is a year or less.
We record unbilled receivables from contracts when the revenue recognized exceeds the amount billed to the customer.
We allocate the transaction price to each performance obligation based on its relative standalone selling price. For maintenance, we determine the standalone
selling prices based on the price at which we separately sell a renewal contract. For professional services, we determine the standalone selling prices based on the
prices at which we separately sell those services. For software licenses, we determine the standalone selling prices by taking into account available information
such as historical selling prices, contract value, geographic location, and our price list and discount policy.
Our software license revenues from perpetual or on-premises subscription licenses, are recognized at the point of time when the license is made available for
download by the customer. Maintenance revenue related to our perpetual license contracts and the maintenance component of our on-premises subscription offering
as well as our SaaS revenues are recognized ratably, on a straight-line basis over the term of the related contract, which is generally one to three years. Professional
services revenues consist mostly of time and material services that are recognized as the services are performed.
Contract liabilities consist of deferred revenues and include unearned amounts received under maintenance and support contracts, professional services contracts
that do not meet the revenue recognition criteria as of the balance sheet date. Contract liabilities also include unearned, invoiced amounts in respect of SaaS
services whereby there is an unconditional right for a consideration. Deferred revenues are recognized as (or when) we perform under the contract.
47
�Transaction price allocated to remaining performance obligations represents non-cancelable contracts that have not yet been recognized, which includes deferred
revenues and amounts not yet received that will be recognized as revenue in future periods.
Deferred Contract Costs
We pay sales commissions primarily to sales and certain management personnel based on their attainment of certain predetermined sales goals. Sales commissions
are considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions paid for initial contracts, which are not commensurate
with sales commissions paid for renewal contracts, are capitalized and amortized over an expected period of benefit. Based on our technology, customer contracts
and other factors, we have determined the expected period of benefit to be approximately five years. Sales commissions for initial contracts, which are
commensurate with sales commissions paid for renewal contracts, are capitalized and amortized correspondingly to the recognized revenue of the related initial
contracts. Sales commissions for renewal contracts are capitalized and amortized on a straight-line basis over the related contractual renewal period and aligned
with the revenue recognized from these contracts. Amortization expense of these costs are substantially included in sales and marketing expenses.
Derivative Instruments
ASC No. 815, “Derivative and Hedging”, requires companies to recognize all of their derivative instruments as either assets or liabilities on the balance sheet at fair
value.
For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument, based upon the
exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.
As a result of adopting ASU 2017-12, “Targeted Improvements to Accounting for Hedging Activities”, beginning on January 1, 2019, gains and losses on the
derivatives instruments that are designated and qualify as a cash flow hedge are recorded in accumulated other comprehensive income (loss) and reclassified into
earnings in the same accounting period in which the designated forecasted transaction or hedged item affects earnings. Prior to January 1, 2019, cash flow hedge
ineffectiveness was separately measured and reported immediately in earnings.
To hedge against the risk of changes in cash flows resulting from foreign currency salary payments during the year, we have instituted a foreign currency cash flow
hedging program. We hedge a portion of our forecasted expenses denominated in NIS. These forward and option contracts are designated as cash flow hedges, as
defined by ASC 815, and are all effective, as their critical terms match underlying transactions being hedged.
In addition to the derivatives that are designated as hedges as discussed above, we also enter into certain foreign exchange forward transactions to economically
hedge certain account receivables in Euros, British Pounds Sterling and Canadian Dollars. Gains and losses related to such derivative instruments are recorded in
financial income (expense), net.
Share-Based Compensation
We account for share-based compensation in accordance with ASC No. 718, “Compensation - Stock Compensation” (“ASC No. 718”). ASC No. 718 requires
companies to estimate the fair value of equity-based payment awards on the date of grant using an option-pricing model. The value of the award is recognized as an
expense over the requisite service periods, which is generally the vesting period of the respective award, on a straight-line basis when the only condition to vesting
is continued service. If vesting is subject to a performance condition, recognition is based on the implicit service period of the award. Expense for awards with
performance conditions is estimated and adjusted on a quarterly basis based upon the assessment of the probability that the performance condition will be met.
We selected the Black-Scholes-Merton option-pricing model as the most appropriate fair value method for our option awards. The fair value of restricted stock
units (“RSUs”) and performance stock units (“PSUs”) without market conditions, is based on the closing market value of the underlying shares at the date of grant.
For PSUs subject to market conditions, we use a Monte Carlo simulation model, which utilizes multiple inputs to estimate payout level and the probability that
market conditions will be achieved.
48
�The option-pricing and Monte Carlo models require a number of assumptions, of which the most significant are the expected share price volatility and the expected
option term. We recognize forfeitures of equity-based awards as they occur.
Goodwill and Other Intangible Assets
Goodwill and certain other purchased intangible assets have been recorded in our financial statements as a result of acquisitions. Goodwill represents excess of the
purchase price in a business combination over the fair value of identifiable tangible and intangible assets acquired. Goodwill is not amortized, but rather is subject
to an impairment test.
ASC No. 350, “Intangible—Goodwill and other” requires goodwill to be tested for impairment at least annually and, in certain circumstances, between annual tests.
The accounting guidance gives the option to perform a qualitative assessment to determine whether further impairment testing is necessary. The qualitative
assessment considers events and circumstances that might indicate that a reporting unit’s fair value is less than its carrying amount. If it is determined, as a result of
the qualitative assessment, that it is more likely than not that the fair value of a reporting unit is less than its carrying amount, a quantitative test is performed. We
operate as one reporting unit. Therefore, goodwill is tested for impairment by comparing the fair value of the reporting unit with its carrying value. We elect to
perform an annual impairment test of goodwill as of October 1 of each year, or more frequently if impairment indicators are present.
For the years ended December 31, 2018, 2019 and 2020, no impairment losses were identified.
Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated useful lives of the
respective assets which range from two to twelve years. Intangible assets, consisting primarily of technology and customer relationships, are amortized over their
estimated useful lives on a straight-line basis or in proportion to their economic benefits realized.
Convertible Senior Notes
We account for our convertible senior notes in accordance with ASC 470-20 “Debt with Conversion and Other Options.” We allocated the principal amount of the
convertible senior notes between its liability and equity component. The liability component at issuance is recognized at fair value, based on the fair value of a
similar instrument of similar credit rating and maturity that does not have a conversion feature. The equity component is based on the excess of the principal
amount of the convertible senior notes over the fair value of the liability component and is recorded in additional paid-in capital. The equity component, net of
issuance costs and deferred tax effects is presented within additional paid-in-capital and is not remeasured as long as it continues to meet the conditions for equity
classification. We allocated the total issuance costs incurred to the liability and equity components of the convertible senior notes based on the same proportions as
the proceeds from the notes.
Relating to the convertible senior notes issued in 2019, issuance costs attributable to the liability and equity components were $12.9 million and $2.0 million,
respectively. Issuance costs attributable to the liability are netted against the principal balance and are amortized to interest expense using the effective interest
method over the contractual term of the notes. The effective interest rate of the liability component of the notes is 3.50%. This interest rate was based on our credit
risk rating using software industry rating methodology.
Issuance costs attributable to the equity component are netted with the equity component in additional paid-in capital.
Income Taxes
We account for income taxes in accordance with ASC No. 740-10, “Income Taxes” (“ASC No. 740-10”). ASC No. 740-10 prescribes the use of the asset and
liability method whereby deferred tax asset and liability account balances are determined based on temporary differences between financial reporting and tax bases
of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. We provide a
valuation allowance, if necessary, to reduce deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred
tax assets will not be realized.
49
�We establish reserves for uncertain tax positions based on the evaluation of whether or not our uncertain tax position is “more likely than not” to be sustained upon
examination based on our technical merits. We record interest and penalties pertaining to our uncertain tax positions in the financial statements as income tax
expense.
Legal Contingencies
From time to time we may be subject to legal proceedings and claims arising in the ordinary course of our business. Such matters are subject to many uncertainties
and outcomes are not predictable with assurance. We accrue for contingencies when the loss is probable and we can reasonably estimate the amount of any such
loss. We are currently not a party to any material litigation and are not aware of any pending or threatened material legal or administrative proceedings against us.
Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other
factors.
Israeli Tax Considerations and Government Programs
The following is a brief summary of the material Israeli tax laws applicable to us, and certain Israeli Government programs that benefit us. To the extent that the
discussion is based on new tax legislation that has not yet been subject to substantive judicial or administrative interpretation, we cannot provide assurance that the
appropriate tax authorities or the courts will accept the views expressed in this discussion. The discussion below is subject to change, including due to amendments
under Israeli law or changes to the applicable judicial or administrative interpretations of Israeli law, which could affect the tax consequences described below.
General Corporate Tax Structure in Israel
Ordinary taxable income is subject to a corporate tax rate of 23% as of 2018. However, the effective tax rate payable by a company that derives income from an
Approved Enterprise, a Benefited Enterprise, a Preferred Enterprise or a Preferred Technology Enterprise (as discussed below) may be considerably lower. Capital
gains derived by an Israeli company are generally subject to tax at the prevailing ordinary corporate tax rate.
Tax Benefits for Research and Development
Israeli tax law allows, under certain conditions, a tax deduction for research and development expenditures, including capital expenditures, for the year in which
they are incurred if:
•
•
•
the expenditures are approved by the relevant Israeli government ministry, determined by the field of research;
the research and development is for the promotion or development of the company; and
the research and development is carried out by or on behalf of the company seeking the deduction.
However, the amount of such deductible expenses shall be reduced by the sum of any funds received through government grants for the finance of such scientific
research and development projects. Expenditures not so approved are deductible over a three-year period from the first year that the expenditures were made if the
research or development is for the promotion or development of the company.
Law for the Encouragement of Industry (Taxes), 5729-1969
The Law for the Encouragement of Industry (Taxes), 5729-1969, generally referred to as the Industry Encouragement Law, provides several tax benefits for
“Industrial Companies.”
The Industry Encouragement Law defines an “Industrial Company” as an Israeli resident company which was incorporated in Israel, of which 90% or more of its
income in any tax year, other than income from certain government loans, is derived from an “Industrial Enterprise” owned by it and located in Israel or in the
“Area”, in accordance with the definition in the section 3a of the Israeli Income Tax Ordinance (New Version) 1961, or the Ordinance. An “Industrial Enterprise” is
defined as an enterprise whose principal activity in a given tax year is industrial production.
50
�The following tax benefits, among others, are available to Industrial Companies:
•
•
•
deduction of the cost of purchased know-how, patents and rights to use a patent and know-how which are used for the development or promotion of the
Industrial Enterprise, over an eight-year period commencing on the year in which such rights were first exercised;
under limited conditions, an election to file consolidated tax returns together with Israeli Industrial Companies controlled by it; and
expenses related to a public offering of shares in a stock exchange are deductible in equal amounts over three years commencing on the year of offering.
Eligibility for benefits under the Industry Encouragement Law is not contingent upon the approval of any governmental authority. We believe that we generally
qualify as an Industrial Company within the meaning of the Industry Encouragement Law. The Israel Tax Authority may determine that we do not qualify as an
Industrial Company, which could entail our loss of the benefits that relate to this status. There can be no assurance that we will continue to qualify as an Industrial
Company or that the benefits described above will be available in the future.
Law for the Encouragement of Capital Investments, 5719-1959
The Law for the Encouragement of Capital Investments, 5719-1959, generally referred to as the Investment Law, provides certain incentives for capital investments
in production facilities (or other eligible assets) by “Industrial Enterprises” (as defined under the Investment Law).
The Investment Law was significantly amended effective April 1, 2005, or the 2005 Amendment, further amended as of January 1, 2011, or the 2011 Amendment,
and further amended as of January 1, 2017, or the 2017 Amendment. Pursuant to the 2005 Amendment, tax benefits granted in accordance with the provisions of
the Investment Law prior to its revision by the 2005 Amendment remain in force but any benefits granted subsequently are subject to the provisions of the 2005
Amendment. Similarly, the 2011 Amendment introduced new benefits to replace those granted in accordance with the provisions of the Investment Law in effect
prior to the 2011 Amendment. However, companies entitled to benefits under the Investment Law as in effect prior to January 1, 2011 were entitled to choose to
continue to enjoy such benefits, provided that certain conditions are met, or elect instead, irrevocably, to forego such benefits and have the benefits of the 2011
Amendment apply. The 2017 Amendment introduced new benefits for Technological Enterprises which meet certain conditions, alongside the existing tax benefits.
Tax Benefits Prior to the 2005 Amendment
An investment program that is implemented in accordance with the provisions of the Investment Law prior to the 2005 Amendment, referred to as an “Approved
Enterprise”, is entitled to certain benefits. A company that wished to receive benefits as an Approved Enterprise must have received approval from the Israeli
Authority for Investments and Development of the Industry and Economy, or the Investment Center. Each certificate of approval for an Approved Enterprise
relates to a specific investment program, delineated both by the financial scope of the investment, including sources of funds, and by the physical characteristics of
the facility or other assets.
The tax benefits available under any certificate of approval relate only to taxable income attributable to the specific program and are contingent upon meeting the
criteria set out in such certificate. Income derived from activity that is not integral to the activity of the Approved Enterprise will not enjoy tax benefits.
The tax benefits under the alternative benefits track include an exemption from corporate tax on undistributed income which was generated from an Approved
Enterprise for between two and ten years from the first year of taxable income, depending on the geographic location of the Approved Enterprise facility within
Israel, and the taxation of income generated from an Approved Enterprise at a reduced corporate tax rate of between 10% to 25% for the remainder of the benefits
period, depending on the level of foreign investment in the company in each year, as detailed below.
In addition, a company that has an Approved Enterprise program is eligible for further tax benefits if it qualifies as a Foreign Investors’ Company, or a FIC, which
is a company with a level of foreign investment, as defined in the Investment Law, of more than 25%.
If a company elects the alternative benefits track and subsequently distributes a dividend out of income derived by its Approved Enterprise during the tax
exemption period it will be subject to corporate tax in respect of the amount of the distributed dividend (grossed-up to reflect the pre-tax income that it would have
had to earn in order to distribute the dividend) at the corporate tax rate which would have been otherwise applicable if such income had not been tax-exempted
under the alternative benefits track. This rate generally ranges from 10% to 25%, depending on the level of foreign investment in the company in each year, as
mentioned above. In addition, dividends paid out of income attributed to an Approved Enterprise (or out of dividends received from a company whose income is
attributed to an Approved Enterprise) are generally subject to withholding tax at source at the rate of 15% or such lower rate as may be provided in an applicable
tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). The 15% tax rate is limited to
dividends and distributions out of income derived during the benefits period and actually paid at any time up to 12 years thereafter. After this period, the
withholding tax is applied at a rate of up to 30%, or at the lower rate under an applicable tax treaty (subject to the receipt in advance of a valid certificate from the
Israel Tax Authority allowing for a reduced tax rate). In the case of a FIC, the 12-year limitation on reduced withholding tax on dividends does not apply.
51
�The benefits available to an Approved Enterprise are subject to the continued fulfillment of conditions stipulated in the Investment Law and its regulations and the
criteria in the specific certificate of approval, as described above. If a company does not meet these conditions, it would be required to refund the amount of tax
benefits, adjusted to the Israeli consumer price index, and interest, or other monetary penalties.
Tax Benefits Subsequent to the 2005 Amendment
The 2005 Amendment applies to new investment programs commencing after 2004, but does not apply to investment programs approved prior to April 1, 2005.
The 2005 Amendment provides that terms and benefits included in any certificate of approval that was granted before the 2005 Amendment became effective
(April 1, 2005) will remain subject to the provisions of the Investment Law as in effect on the date of such approval. Pursuant to the 2005 Amendment, the
Investment Center will continue to grant Approved Enterprise status to qualifying investments. The 2005 Amendment, however, limits the scope of enterprises that
may be approved by the Investment Center by setting criteria for the approval of a facility as an Approved Enterprise, such as provisions generally requiring that at
least 25% of the Approved Enterprise’s income be derived from exports.
Tax benefits are available under the 2005 Amendment to production facilities (or other eligible facilities) which are generally required to derive more than 25% of
their business income from export to specific markets with a population of at least 14 million in 2012 (such export criteria will further be increased in the future by
1.4% per annum).
A company qualifying for tax benefits under the 2005 Amendment which pays a dividend out of income derived by its Benefited Enterprise during the tax
exemption period will be subject to corporate tax in respect of the amount of the dividend distributed (grossed-up to reflect the pre-tax income that it would have
had to earn in order to distribute the dividend) at the corporate tax rate which would have otherwise been applicable. Dividends paid out of income attributed to a
Benefited Enterprise (or out of dividends received from a company whose income is attributed to a Benefited Enterprise) are generally subject to withholding tax at
source at the rate of 15% or at a lower rate as may be provided in an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax
Authority allowing for a reduced tax rate). The reduced rate of 15% is limited to dividends and distributions out of income attributed to a Beneficiary Enterprise
during the benefits period and actually paid at any time up to 12 years thereafter except with respect to a FIC, in which case the 12-year limit does not apply.
The benefits available to a Benefited Enterprise are subject to the continued fulfillment of conditions stipulated in the Investment Law and its regulations. If a
company does not meet these conditions, it would be required to refund the amount of tax benefits, adjusted to the Israeli consumer price index, and interest, or
other monetary penalties.
Tax Benefits under the 2011 Amendment
The 2011 Amendment introduced new benefits for income generated by a “Preferred Company” through its “Preferred Enterprise” (as such terms are defined in the
Investment Law) as of January 1, 2011. The definition of a Preferred Company includes a company incorporated in Israel that is not wholly owned by a
governmental entity, and that has, among other things, Preferred Enterprise status and is controlled and managed from Israel. Pursuant to the 2011 Amendment, a
Preferred Company is entitled to a reduced corporate tax rate of 15% with respect to its preferred income derived by its Preferred Enterprise in 2011 and 2012,
unless the Preferred Enterprise is located in a development zone A, in which case the rate will be 10%. Such corporate tax rate was reduced from 15% and 10%,
respectively, to 12.5% and 7%, respectively in 2013, and then increased to 16% and 9%, respectively, in 2014 until 2016. Pursuant to the 2017 Amendment, in
2017 and thereafter, the corporate tax rate for Preferred Enterprise which is located in development zone A was decreased to 7.5%, while the reduced corporate tax
rate for other development zones remains 16%. Income derived by a Preferred Company from a ‘Special Preferred Enterprise’ (as such term is defined in the
Investment Law) could be entitled, under certain conditions and limitations, to further reduced tax rates.
52
�Dividends paid out of preferred income attributed to a Preferred Enterprise are generally subject to withholding tax at the rate of 20% or such lower rate as may be
provided in an applicable tax treaty (each subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate).
However, if such dividends are paid to an Israeli company, no tax is required to be withheld (although, if such dividends are subsequently distributed to individuals
or a non-Israeli company, withholding tax at a rate of 20% or such lower rate as may be provided in an applicable tax treaty will apply). In 2017-2019, dividends
paid out of preferred income attributed to a Special Preferred Enterprise, directly to a foreign parent company, are subject to withholding tax at source at the rate of
5% (temporary provisions).
The 2011 Amendment also provided transitional provisions to address companies already enjoying existing tax benefits under the Investment Law. These
transitional provisions provide, among other things, that unless an irrevocable request is made to apply the provisions of the Investment Law as amended in 2011
with respect to income to be derived as of January 1, 2011: (i) the terms and benefits included in any certificate of approval that was granted to an Approved
Enterprise which chose to receive grants before the 2011 Amendment became effective will remain subject to the provisions of the Investment Law as in effect on
the date of such approval, and subject to certain other conditions; (ii) the terms and benefits included in any certificate of approval that was granted to an Approved
Enterprise which had participated in an alternative benefits track before the 2011 Amendment became effective will remain subject to the provisions of the
Investment Law as in effect on the date of such approval, provided that certain conditions are met; and (iii) a Benefited Enterprise can elect to continue to benefit
from the benefits provided to it before the 2011 Amendment became effective, provided that certain conditions are met.
From time to time, the Israeli Government has discussed reducing the benefits available to companies under the Investment Law. The termination or substantial
reduction of any of the benefits available under the Investment Law could materially increase our tax liabilities.
We applied the new benefits under the 2011 Amendment instead of the benefits provided to our Approved Enterprise and Benefited Enterprise as of 2013 tax year
onwards through 2016 tax year.
New Tax Benefits under the 2017 Amendment
The 2017 Amendment was enacted as part of the Economic Efficiency Law that was published on December 29, 2016, and is effective as of January 1, 2017. The
2017 Amendment provides new tax benefits for two types of “Technology Enterprises”, as described below, and is in addition to the other existing tax beneficial
programs under the Investment Law.
The 2017 Amendment provides that a technology company satisfying certain conditions will qualify as a “Preferred Technology Enterprise” and will thereby enjoy
a reduced corporate tax rate of 12% on income that qualifies as “Preferred Technology Income” which is generally generated by “Benefited Intangible Assets”, as
defined in the Investment Law. The tax rate is further reduced to 7.5% for a Preferred Technology Enterprise and/or for its segment located in development Zone
A. In addition, a Preferred Technology Enterprise will enjoy a reduced corporate tax rate of 12% on capital gain derived from the sale of certain “Benefitted
Intangible Assets” (as defined in the Investment Law) to a related foreign company if the Benefitted Intangible Assets were acquired from a foreign company on or
after January 1, 2017 for at least NIS 200 million, and the sale receives prior approval from the National Authority for Technological Innovation, or NATI.
The 2017 Amendment further provides that a technology company satisfying certain conditions will qualify as a “Special Preferred Technology Enterprise” and
will thereby enjoy a reduced corporate tax rate of 6% on “Preferred Technology Income” regardless of the company’s geographic location within Israel. In
addition, a Special Preferred Technology Enterprise will enjoy a reduced corporate tax rate of 6% on capital gain derived from the sale of certain “Benefitted
Intangible Assets” to a related foreign company if the Benefitted Intangible Assets were either developed by an Israeli company or acquired from a foreign
company on or after January 1, 2017, and the sale received prior approval from NATI. A Special Preferred Technology Enterprise that acquires Benefitted
Intangible Assets from a foreign company for more than NIS 500 million will be eligible for these benefits for at least ten years, subject to certain approvals as
specified in the Investment Law.
53
�Dividends distributed by a Preferred Technology Enterprise or a Special Preferred Technology Enterprise, paid out of Preferred Technology Income, are generally
subject to withholding tax at source at the rate of 20% or such lower rate as may be provided in an applicable tax treaty (each subject to the receipt in advance of a
valid certificate from the Israel Tax Authority allowing for such reduced tax rate). However, if such dividends are paid to an Israeli company, no tax is required to
be withheld. If such dividends are distributed to a foreign company that holds alone or together with other foreign companies 90% or more in the Israeli company
and other conditions are met, the withholding tax rate will be 4%.
We have obtained a tax ruling confirming, among others, that we generally qualify as a Preferred Technology Enterprise since 2017 onwards.
Recently Issued Accounting Pronouncements
See Note 2(ab) and Note 2(ac) to our consolidated financial statements included elsewhere in this annual report for information regarding recent accounting
standards issued.
Non-GAAP Financial Measures
Non-GAAP gross profit, non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. Non-GAAP gross profit is calculated as
GAAP gross profit excluding share-based compensation expense, expenses related to acquisitions and amortization of intangible assets related to acquisitions. Non-
GAAP operating income is calculated as GAAP operating income excluding share-based compensation expense, expenses related to acquisitions, expenses related
to facility exit and transition costs and amortization of intangible assets related to acquisitions. Non-GAAP net income is calculated as GAAP net income (loss)
excluding share-based compensation expense, expenses related to acquisitions, amortization of intangible assets related to acquisitions, expenses related to facility
exit and transition costs, non-cash interest expense related to amortization of debt discount and issuance costs, intra-entity intellectual property transfer tax effects
and the tax effects related to these non-GAAP adjustments.
The following tables reconcile gross profit, operating income and net income (loss), the most directly comparable U.S. GAAP measures, to non-GAAP gross profit,
non-GAAP operating income and non-GAAP net income for the periods presented:
Reconciliation of Gross Profit to Non-GAAP Gross Profit:
Gross profit
Share-based compensation –License, Maintenance and professional services
Acquisition related expenses
Amortization of intangible assets – License
Non-GAAP Gross profit
54
2018
Year ended December 31,
2019
($ in thousands)
2020
$
$
294,738
3,350
—
5,563
303,651
$
$
371,280
5,690
—
5,029
381,999
$
$
381,860
8,734
447
8,244
399,285
�Reconciliation of Operating Income to Non-GAAP Operating Income:
Operating income
Share-based compensation
Acquisition related expenses
Amortization of intangible assets – Cost of revenues
Amortization of intangible assets – Sales and marketing
Facility exit and transition costs
Non-GAAP operating income
Reconciliation of Net Income (Loss) to Non-GAAP Net Income:
Net income (loss)
Share-based compensation
Acquisition related expenses
Amortization of intangible assets – Cost of revenues
Amortization of intangible assets – Sales and marketing
Facility exit and transition costs
Amortization of debt discount and issuance costs
Taxes on income related to non-GAAP adjustments
Intra-entity intellectual property transfer tax effect, net
Non-GAAP net income
55
2018
Year ended December 31,
2019
($ in thousands)
2020
47,292
35,964
268
5,563
793
580
90,460
$
$
62,284
55,517
—
5,029
576
—
123,406
$
$
6,006
71,849
4,526
8,244
683
140
91,448
2018
Year ended December 31,
2019
($ in thousands)
2020
47,072
35,964
268
5,563
793
580
—
(15,485)
1,768
76,523
$
$
63,064
55,517
—
5,029
576
—
1,966
(18,251)
—
107,901
$
$
(5,758)
71,849
4,526
8,244
683
140
17,183
(20,807)
5,036
81,096
$
$
$
$
�We believe that providing non-GAAP gross profit and non-GAAP operating income that exclude, as appropriate, share-based compensation expenses, expenses
related to facility exit and transition costs, expenses related to acquisitions and amortization of intangible assets related to acquisitions, allows for more meaningful
comparisons between our operating results from period to period. Share-based compensation expense has been, and will continue to be, for the foreseeable future, a
significant recurring expense in our business and an important part of the compensation we provide to employees. We also believe that non-GAAP net income
which additionally excludes intra-entity intellectual property transfer tax effects, the tax effects related to non-GAAP adjustments and non-cash interest expense
related to amortization of debt discount and issuance costs allows for more meaningful comparison between our net income (loss) from period to period. We also
believe that expenses related to our acquisitions, expenses related to facility exit and transition costs, amortization of intangible assets related to acquisitions, intra-
entity intellectual property transfer tax effects, tax effects related to the non-GAAP adjustments set forth above and non-cash interest expense related to
amortization of debt discount and issuance costs do not reflect the performance of our core business and would impact period-to-period comparability. Each of our
non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our own financial results over different periods
of time. In particular, these financial measures reflect our operating expenses, the largest of which is currently sales and marketing. Accordingly, we assess the
effectiveness of our sales and marketing efforts in part by considering whether increases in such expenditures are reflected in increased revenues and increased non-
GAAP operating income and non-GAAP net income.
Non-GAAP financial measures may not provide information that is directly comparable to that provided by other companies in our industry, as other companies in
the industry may calculate non-GAAP financial results differently, particularly related to non-recurring, unusual items. In addition, there are limitations in using
non-GAAP financial measures as they exclude expenses that may have a material impact on our reported financial results. The presentation of non-GAAP financial
information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with U.S. GAAP. We
urge investors to review the reconciliation of our non-GAAP financial measures to the comparable U.S. GAAP financial measures included above, and not to rely
on any single financial measure to evaluate our business.
B.
Liquidity and Capital Resources
We fund our operations with cash generated from operating activities. We have also raised capital through issuing convertible senior notes, the sale of equity
securities in public offerings and to a lesser extent, through exercised options. Our primary current uses of our cash are ongoing operating expenses and capital
expenditures.
As of December 31, 2020, we had $1.2 billion of cash, cash equivalents, short-term bank deposits and marketable securities. This compared with cash, cash
equivalents, short-term bank deposits and marketable securities of $1.1 billion as of December 31, 2019. We believe that our existing cash, cash equivalents,
marketable securities and short-term bank deposits will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Our future
capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and marketing activities, the timing and extent
of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new software products and
enhancements to existing software products and the continuing market acceptance of our software offerings.
The following table presents the major components of net cash flows for the periods presented:
Net cash provided by operating activities
Net cash used in investing activities
Net cash provided by financing activities
56
Year Ended December 31,
2020
2019
$
($ in thousands)
141,710
(143,222)
532,042
$
106,769
(412,387)
13,249
�A substantial source of our net cash provided by operating activities is our deferred revenues, which are included on our consolidated balance sheet as a liability.
The majority of our deferred revenues consists of the unrecognized portion of upfront payments associated with maintenance and professional services and SaaS
offerings that have been invoiced but not yet recognized. We assess our liquidity, in part, through an analysis of our short-term and long-term deferred revenues
that have not yet been recognized as revenues together with our other sources of liquidity. Revenues from SaaS contracts and maintenance and support contracts are
recognized ratably on a straight line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional
services as services are performed. Thus, upfront payments add to the liquidity of our operations since we frequently recognize on-premises subscription, SaaS,
maintenance and support and professional services revenues and expenses in subsequent periods to when the payments may be received.
Net Cash Provided by Operating Activities
Our cash flows historically have reflected our net income (loss) coupled with changes in our non-cash working capital. During the year ended December 31, 2020,
operating activities provided $106.8 million in cash as a result of $5.8 million of net loss, adjusted by $71.8 million of non-cash charges related to share-based
compensation expense, $15.5 million related to depreciation and amortization expenses, $17.2 million in non-cash interest expense related to the amortization of
debt discount and issuance costs and a net change of $24.0 million in non-cash working capital offset by a $2.0 million increase in deferred tax assets and a $13.9
million net change from other long-term assets and liabilities.
The change of $24.0 million in non-cash working capital was due to a $37.2 million increase in short-term deferred revenues, an increase of $7.8 million in
employees and payroll accruals and an increase of $0.6 million in trade payables, offset by an increase of $17.2 million in trade receivables and a decrease of $4.4
million in other current liabilities.
During the year ended December 31, 2019, operating activities provided $141.7 million in cash as a result of $63.1 million of net income, adjusted by $55.5 million
of non-cash charges related to share-based compensation expenses, $10.6 million related to depreciation and amortization expenses, a $5.0 million net change from
other long-term assets and liabilities and a net change of $14.5 million in non-cash working capital, offset by a $7.0 million increase in deferred tax assets.
The change of $14.5 million in non-cash working capital was due to a $26.1 million increase in short term deferred revenue, an increase of $7.3 million in
employees and payroll accruals, an increase of $1.6 million in trade payables and an increase of $5.1 million in other current liabilities, offset by an increase of $1.1
million in other current assets and an increase of $24.5 million in trade receivables.
During the years ended December 31, 2019 and 2020, our days’ sales outstanding, or DSO, was 66 days and 85 days, respectively. The increase of the DSO is
mainly due to long-term unbilled receivables from contracts in which the revenue recognized exceeded the amount billed.
Net Cash Used in Investing Activities
Investing activities have consisted of investment in, and proceeds from, short-term and long-term deposits, investment in, and proceeds from marketable securities,
acquisitions and purchase of property and equipment.
Net cash used in investing activities was $143.2 million and $412.4 million for the years ended December 31, 2019 and 2020, respectively.
The increase of $269.2 million in net cash used in investing activities in 2020 was due to a net increase of $200.5 million in investments in short and long term
deposits and marketable securities, an increase of $68.6 million in payments for business acquisitions, net of cash acquired and by an increase of $0.1 million in
capital expenditures.
The increase of $94.5 million in net cash used in investing activities in 2019 was due to a net increase of $114.5 million in investments in short- and long-term
deposits and marketable securities, offset by a decrease of $18.4 million in payments for business acquisitions, net of cash acquired, and a decrease of $1.6 million
in capital expenditures.
57
�Net Cash Provided by Financing Activities
Our financing activities have consisted of proceeds from the exercise of share options, proceeds from the issuance of convertible senior notes net of issuance costs,
purchase of capped calls and proceeds from withholding tax related to employee stock plans.
Net cash provided by financing activities was $532.0 million and $13.2 million for the years ended December 31, 2019 and 2020, respectively.
C.
Research and Development, Patents and Licenses, etc.
We conduct our research and development activities primarily in Israel as well as the United States, India and Ukraine. As of December 31, 2020, our research and
development department included 464 employees and contractors. In 2020, research and development costs accounted for 20.5% of our total revenues.
For a description of our research and development policies, see “Item 4.B. Business Overview—Research and Development.”
For information regarding our patents, see “Item 4.B. Business Overview—Intellectual Property.”
D.
Trend Information
Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties, demands, commitments or events since December 31, 2020
that are reasonably likely to have a material adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed
financial information to be not necessarily indicative of future operating results or financial condition.
E.
Off-Balance Sheet Arrangements
We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities,
which includes special purposes entities and other structured finance entities.
F.
Contractual Obligations
The following summarizes our contractual obligations as of December 31, 2020:
Operating lease obligations(1)
Uncertain tax obligations(2)
Severance pay(3)
0.00% Convertible Senior Notes due 2024(4)
3 – 5 years
More than 5
years
Total
Less than 1 year
$
23,964
4,633
7,963
575,000
7,080
—
—
—
1 – 3 years
($ in thousands)
12,572
$
—
—
—
$
$
4,114
—
—
575,000
611,560
$
7,080
$
12,572
$
579,114
$
$
$
198
—
—
—
198
Operating lease obligations consist of our contractual rental expenses under operating leases of facilities and certain motor vehicles.
Consists of accruals for certain income tax positions under ASC 740 that are paid upon settlement, and for which we are unable to reasonably estimate the
ultimate amount and timing of settlement. See Note 13(m) to our consolidated financial statements included elsewhere in this annual report for further
information regarding our liability under ASC 740. Payment of these obligations would result from settlements with tax authorities. Due to the difficulty in
determining the timing of resolution of audits, these obligations are only presented in their total amount.
Severance pay relates to accrued severance obligations mainly to our Israeli employees as required under Israeli labor laws. These obligations are payable
only upon the termination, retirement or death of the respective employee and may be reduced if the employee’s termination is voluntary. These obligations
are partially funded through accounts maintained with financial institutions and recognized as an asset on our balance sheet. As of December 31, 2020 $3.0
million is unfunded. See Note 2(l) to our consolidated financial statements included elsewhere in this report for further information.
(4)
For additional information, see Note 11 to our consolidated financial statements included elsewhere in this annual report.
58
Total
(1)
(2)
(3)
�ITEM 6.
DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES
A.
Directors and Senior Management
The following table sets forth the name, age and position of each member of our senior management as of March 11, 2021:
Age
Position
Name
Senior Management
Ehud (Udi) Mokady
Joshua Siegel
Chen Bitan
Matthew Cohen
Donna Rahav
Directors
Gadi Tirosh(1)(3)(4)
Ron Gutler(1)(2)(3)(4)
Kim Perdikou(1)(2)(3)(4)
David Schaeffer(4)
Amnon Shoshani(2)(4)
François Auque(4)
Avril England(4)
(1)
(2)
(3)
(4)
Member of our compensation committee.
Member of our audit committee.
Member of our nominating and governance committee.
Independent director under the rules of Nasdaq.
52
57
51
45
42
54
63
63
64
57
64
52
Chairman of the Board and Chief Executive Officer and Founder
Chief Financial Officer
General Manager Israel, Chief Product Officer
Chief Operating Officer
General Counsel and Compliance Officer
Lead Independent Director
Director
Director
Director
Director
Director
Director
59
�Senior Management
Ehud (Udi) Mokady is one of our founders and has served as our Chief Executive Officer since 2005 and as chairman of the board since June 2016. He previously
served as our President from 2005 to 2016 and as our Chief Operating Officer from 1999 to 2005. Mr. Mokady has also served as a member of our board since
November 2004. Mr. Mokady served as a member of the board of directors of Demisto, Inc. commencing in January 2018 until its acquisition by Palo Alto
Networks, Inc. in March 2019. From 1997 to 1999, Mr. Mokady served as general counsel at Tadiran Spectralink Ltd., a producer of secure wireless
communication systems. From 1986 to 1989, Mr. Mokady served in a military intelligence unit in the Israel Defense Forces. Mr. Mokady was honored by a panel
of independent judges with the New England EY Entrepreneur Of The Year™ 2014 Award in the Technology Security category. Mr. Mokady holds a Bachelor of
Laws (LL.B.) from Hebrew University in Jerusalem, Israel and a Master of Science Management (MSM) from Boston University in Massachusetts.
Joshua Siegel has served as our Chief Financial Officer since May 2011. Prior to joining CyberArk, Mr. Siegel served as Chief Financial Officer for Voltaire Ltd.,
a provider of InfiniBand and Ethernet connectivity solutions, from December 2005 to February 2011, and as Director of Finance and then Vice President of Finance
from April 2002 to December 2005. Voltaire completed an initial public offering and listing on Nasdaq in 2007 and was acquired by Mellanox Technologies, Ltd.
in 2011. From 2000 to 2002, he was Vice President of Finance at KereniX Networks Ltd., a terabit routing and transport system company. From 1995 to 2000, Mr.
Siegel served in various positions at Lucent Technologies Networks Ltd. (formerly Lannet Ltd.). From 1990 to 1995, he served in various positions at SLM
Corporation (Sallie Mae—Student Loan Marketing Association). Mr. Siegel holds a Bachelor of Arts in economics and an MBA with a concentration in finance
from the University of Michigan in Ann Arbor.
Chen Bitan has served as the General Manager of our Israeli headquarters, and as Chief Product Officer since January 2020. He previously served as our General
Manager of EMEA, Asia Pacific and Japan since 2005 and as Head of Research & Development since 1999. From March 1998 to April 1999, Mr. Bitan worked as
Project Manager for Amdocs Software Ltd., leading the development of billing and customer care systems for telecommunications providers. From 1995 to 1998,
he worked for Magic Software Enterprises Ltd. as Research and Development Group Manager leading the development of their 4GL products for the Asia Pacific
market. From 1988 to 1995, Mr. Bitan served in a software engineering unit in the Israel Defense Forces (IDF) in various research and development roles, finally
leading the programming education department as Department Manager at the Computer Studies Academy (Mamram). Mr. Bitan holds a Bachelor of Science in
computer science and political science from Bar-Ilan University in Ramat-Gan, Israel.
Matthew Cohen has served as our Chief Operating Officer since December 2020 after he served as our Chief Revenue Officer since December 2019. Prior to
joining CyberArk, Mr. Cohen held several leadership positions in PTC Inc. (Nasdaq: PTC). His most recent position was Executive Vice President of Field
Operations, from February 2018 to November 2019, where he led the go to market strategy and all Sales, Commercial Marketing, Customer Success, Services, and
Partner functions. Prior to that he was Executive Vice President, Customer Success and Partners from July 2016 to February 2018, Executive Vice President,
Global Services from April 2014 through July 2016, and Divisional Vice President, Global Services from October 2013 to March 2014. Before that, Mr. Cohen
held various positions in the company’s Global Services group. Mr. Cohen holds a Bachelor of Arts in Psychology from Harvard University.
Donna Rahav has served as our General Counsel and Compliance Officer since March 2014 and previously served as Corporate Secretary from April 2014 until
December 2019. Prior to joining CyberArk, Ms. Rahav served as Deputy General Counsel at Allot Communications Ltd. (Nasdaq and TASE: ALLT), a global
provider of bandwidth management solutions, from 2011 to 2014. From 2009 to 2011 she served as Legal Counsel at Alvarion Ltd. (Nasdaq and TASE: ALVR),
and from 2008 to 2009 she served in similar capacity at MediaMind Technologies, Inc. (formerly Eyeblaster, Inc.; Nasdaq: MDMD). Prior to that, from 2005 to
2006 she was an associate at an Israeli law firm specializing in technology transactions. Ms. Rahav holds a Bachelor of Laws from Tel Aviv University in Israel,
and a Master of Laws from Tel Aviv University in collaboration with University of California, Berkeley, an executive program focused on corporate and
commercial law.
60
�Directors
Gadi Tirosh has served as a member of our board of directors since June 2011, as chairman of the board between July 2013 and June 2016 and as lead independent
director since June 2016. Since 2020, Mr. Tirosh has served as Venture Partner at DisruptiveAI, an Israeli venture capital firm that focuses on innovative artificial
intelligence companies. From 2018 to 2020, Mr. Tirosh served as Venture Partner at Jerusalem Venture Partners, an Israeli venture capital firm that focuses, among
other things, on cybersecurity companies and operates the JVP Cyber Labs incubator. From 2005 to 2018, he served as Managing Partner at Jerusalem Venture
Partners. From 1999 to 2005, he served as Corporate Vice President of Product Marketing and as a member of the executive committee for NDS Group Ltd.
(Nasdaq: NNDS) later acquired by Cisco Systems, Inc. a provider of end-to-end software solutions to the pay-television industry, including content protection and
video security. Mr. Tirosh holds a Bachelor of Science in computer science and mathematics and an Executive MBA from the Hebrew University in Jerusalem,
Israel.
Ron Gutler has served as a member of our board of directors since July 2014 and served as an external director under the Companies Law between July 2014 and
May 2016. Mr. Gutler is currently a director of Wix.com Ltd. (Nasdaq: WIX), Fiverr International Ltd. (NYSE: FVRR) and WalkMe Ltd. Between November 2009
and December 2020. Mr. Gutler served as a director of Psagot Investment House and between November 2007 and December 2020, he served as a director of
Psagot Securities. Between June 2018 and November 2019, Mr. Gutler served as the Chairman of the Board of Psagot Market Making. Between 2014 and 2019 Mr.
Gutler served as a director of Hapoalim Securities USA (HSU). Between August 2012 and January 2018, Mr. Gutler served as chairman of the board of the College
of Management Academic Studies in Israel. Between May 2002 and February 2013, Mr. Gutler served as the Chairman of NICE Systems Ltd., a public company
specializing in voice recording, data security, and surveillance. Between 2000 and 2011, Mr. Gutler served as the Chairman of G.J.E. 121 Promoting Investments
Ltd., a real estate company. Between 2000 and 2002, Mr. Gutler managed the Blue Border Horizon Fund, a global macro fund. Mr. Gutler is a former Managing
Director and a Partner of Bankers Trust Company, which is currently part of Deutsche Bank. He also established and headed the Israeli office of Bankers Trust
Company. Mr. Gutler holds a Bachelor of Arts in economics and international relations and an MBA, both from the Hebrew University in Jerusalem, Israel.
Kim Perdikou has served as a member of our board of directors since July 2014 and served as an external director under the Companies Law between July 2014 and
May 2016. Ms. Perdikou has served as Chairman of REBBL Inc., since June 2014, a private beverage company. Ms. Perdikou has served as Chairman of The
@Company, a private startup Internet Protocol company, from December 2019. Ms. Perdikou serves on the board of Trunomi, Ltd. a private fintech startup, based
in Bermuda, from June 2018. From 2010 to August 2013, Ms. Perdikou served as the Executive Vice President for the Office of the Chief Executive Officer at
Juniper Networks, Inc. Before that she served as the Executive Vice President and General Manager of Infrastructure Products Group and as Chief Information
Officer at Juniper Networks, Inc. from 2006 to 2010 and from August 2000 to January 2006, respectively. Ms. Perdikou served in leadership positions at
Women.com, Readers Digest, Knight Ridder, and Dun & Bradstreet. Ms. Perdikou holds a Bachelor of Science degree in computing science with operational
research from Paisley University (now the West of Scotland University) in Paisley, Scotland, a Post-Graduate degree in education from Jordanhill College in
Glasgow, Scotland and a Master’s of Science in information systems from Pace University in New York, United States.
David Schaeffer has served as a member of our board of directors since May 2014. Mr. Schaeffer has served as the Chairman, Chief Executive Officer and
President of Cogent Communications, Inc. (Nasdaq: CCOI), an internet service provider based in the United States that is listed on Nasdaq, since he founded the
company in August 1999. Mr. Schaeffer was the founder of Pathnet, Inc., a broadband telecommunications provider, where he served as Chief Executive Officer
from 1995 until 1997 and as Chairman from 1997 until 1999. Mr. Schaeffer holds a Bachelor of Science in physics from the University of Maryland, the United
States.
Amnon Shoshani has served as a member of our board of directors since November 2009. Since February 1995, Mr. Shoshani has served as the Founder and
Managing Partner of Cabaret Holdings Ltd. and, since March 1999, he has also served as Managing Partner of Cabaret Security Ltd., CyberArk’s founding investor
and Cabaret and ArbaOne Inc. ventures activities where he had a lead role in managing the group’s portfolio companies. Since 2018, Mr. Shoshani has served as
the President and Chairman of the Board of Smartech, a portfolio company of Cabaret and ArbaOne, that provides game changing technologies to the industrial
world. Between 2005 and 2018, he served as CEO and Chairman of the Board of Smartech. From 1994 to April 2005, Mr. Shoshani owned a Tel Aviv boutique
law firm engaged in entrepreneurship, traditional industries and high tech, which he founded. Mr. Shoshani holds an LL.B. from Tel Aviv University, Israel.
61
�François Auque has served as a member of our board of directors since February 2019. Mr. Auque serves as the chairman of the Audit and Risk Committee of
Rexel SA from May 2019, after being an observer on the board from October 2018. Mr. Auque is a partner at InfraVia Capital Partners, a Private Equity firm based
in Paris. Mr. Auque served as the General Partner and Chairman of the Investment Committee of Airbus Ventures, the venture capital arm of Airbus between 2016
and 2018. From 2000 to 2016, Mr. Auque headed the Airbus space division as a member of Airbus Group’s Executive Committee. Between 1991 and 2000, Mr.
Auque served as Chief Financial Officer of Aerospatiale (then Aerospatiale-Matra), one of the three founding firms of the European Aeronautic Defense and Space
Company (EADS), Europe’s largest aerospace company (currently Airbus). Mr. Auque holds a Master’s in Finance from Ecole des Hautes Etudes Commercials in
Paris, France, a Bachelor of Arts in Public Administration from the Paris Institute of Political Studies in Paris, France, and is a graduate in economics from Ecole
Nationale d’Administration in Paris, France.
Avril England has served as a member of our board of directors since March 2021. Since September 2013, Ms. England has served as part of the product leadership
of Veeva Systems Inc. (NYSE: VEEV), as the General Manager of Veeva Vault, a fast-growing cloud software platform and suite of applications. Ms. England
holds a Bachelor of Commerce degree from Queen’s University in Ontario, Canada, and has received numerous professional and academic awards.
B.
Compensation
Compensation of Directors and Senior Management
The aggregate compensation expensed, including share-based compensation and other compensation expensed by us and our subsidiaries, with respect to the year
ended December 31, 2020, to our directors and senior management that served at any time during the year ended December 31, 2020 was $19.5 million. This
amount includes approximately $0.8 million set aside or accrued to provide pension, severance, retirement, or similar benefits.
The table below sets forth the compensation earned by our five most highly compensated office holders (as defined in the Companies Law and described under
“Board Practices— Disclosure of Compensation of Senior Management” below) during or with respect to the year ended December 31, 2020. We refer to the five
individuals for whom disclosure is provided herein as our “Covered Executives.” For purposes of the table and the summary below, “compensation” includes base
salary, bonuses, equity-based compensation, retirement or termination payments, and any benefits or perquisites such as car, phone and social benefits, as well as
any undertaking to provide such compensation in the future.
Summary Compensation Table
Name and Principal Position(2)
Ehud (Udi) Mokady, Chairman of the Board & CEO
Joshua Siegel, Chief Financial Officer
Matthew Cohen, Chief Operating Officer
Chen Bitan, General Manager Israel, Chief Product Officer
Clarence Hinton, Chief Strategy Officer
Information Regarding the Covered Executive(1)
Benefits and
Perquisites
(3)
Variable
Compensation
(4)
Equity-Based
Compensation
(5)
Base Salary
$
$
390,000
386,930
400,000
320,294
310,000
$
344,555
134,341
66,332
177,926
60,431
$
114,953
75,900
226,861
84,400
123,412
8,319,562
3,143,503
1,739,339
1,013,730
745,005
(1)
(2)
(3)
(4)
(5)
In accordance with Israeli law, all amounts reported in the table are in terms of cost to our company, as recorded in our financial statements for the year
ended December 31, 2020.
All current officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were
converted into U.S. dollars at the average conversion rate for the year ended December 31, 2020.
Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include,
to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car allowance,
medical insurances and benefits, risk insurances (such as life, disability and accident insurances), convalescence pay, payments for Medicare and social
security, tax gross-up payments and other benefits and perquisites consistent with our guidelines, regardless of whether such amounts have actually been
paid to the executive.
Amounts reported in this column refer to Variable Compensation such as earned commissions, incentives and earned or paid bonuses as recorded in our
financial statements for the year ended December 31, 2020.
Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2020 with respect to equity-
based compensation, reflecting also equity awards made in previous years which have vested during the current year. Assumptions and key variables used
in the calculation of such amounts are described in Note 12 to our audited consolidated financial statements, which are included in this annual report.
62
�CEO Equity Plan
In June 2020, the Company’s shareholders approved a three-year CEO Equity Plan, or the CEO Equity Plan, including the terms of an equity grant to the CEO in
respect of 2020, and authorized the compensation committee and Board to approve CEO equity grants for 2021 and 2022, subject to the terms of the CEO Equity
Plan.
The CEO 2020 equity grant included 27,700 RSUs and 27,700 PSUs, of which:
•
•
16,600 PSUs, generally referred to as business PSUs,were subject to business performance criteria (annual revenue, non-GAAP profitability and license-
derived revenue), to be earned based on a one-year performance period, subject to further time-based vesting; and
11,100 PSUs were subject to relative TSR performance criteria, to be earned based on a three-year performance period.
In July 2020, the Board adjusted our 2020 operating plan to address the impact of the COVID-19 pandemic on our sales to new customers, which was determined
to have material impact on the performance metrics during the performance period. Nevertheless, the compensation committee and the Board determined to
maintain the original target level of all performance criteria such that Mr. Mokady would have only been able to earn 100% of the such business PSUs upon
achievement of the original 2020 operating plan goals. In order to address the significant change in macroeconomic trends and incentivize the achievement of the
revised operating plan, the compensation committee and the Board determined to modify the thresholds of the business performance criteria to range between 70%
and 80% of the original 2020 operating plan approved prior to any adjustments made as a result of the macroeconomic uncertainty created by the COVID-19
pandemic (compared to the prior thresholds set at no less than 85% of each target). In February 2021, the compensation committee certified the performance and
earning of the business PSUs that were granted in 2020. The overall performance rate of the annual revenue, non-GAAP profitability and licensed-derived revenue
criteria was approximately 80%. As a result, Mr. Mokady earned 9,830 PSUs out of 16,600 PSUs at target, representing an earning rate of less than 60%. 25% of
the earned PSUs vested on February 15, 2021, with the remainder vesting on a quarterly basis thereafter, and becoming fully vested on February 15, 2024.
63
�In February 2021 the compensation committee and the Board approved an equity grant to Mr. Mokady, or the CEO 2021 Grant, subject to the terms of the CEO
Equity Plan approved by our shareholders at the 2020 annual general meeting. The CEO 2021 Grant is comprised of the following:
•
•
•
25,300 RSUs
25,290 PSUs at target, subject to business performance criteria aligned to measure the success of our subscription transition program (annual recurring
revenue and percentage of new license subscription bookings out of total new license bookings, on an annualized basis), to be earned based on a one-year
performance period, subject to further time-based vesting; and
12,650 PSUs at target, subject to relative TSR performance criteria, to be earned based on a three-year performance period.
Employment Agreements with Executive Officers
We have entered into written employment agreements with all of our executive officers. Most of these agreements contain provisions regarding non-competition
and all of these agreements contain provisions regarding confidentiality of information and ownership of inventions. The non-competition provision applies for a
period that is generally 12 months following termination of employment. The enforceability of covenants not to compete in Israel, the United States and the United
Kingdom is subject to limitations. In addition, we are required to provide one to six months’ notice prior to terminating the employment of our executive officers,
other than in the case of a termination for cause.
Directors’ Service Contracts
Other than with respect to Ehud (Udi) Mokady, our Chairman of the Board and Chief Executive Officer, there are no arrangements or understandings between us,
on the one hand, and any of our directors, on the other hand, providing for benefits upon termination of their service as directors of our company, except that
directors are permitted to exercise vested options for one year following the termination of their service. In July 2019, our shareholders approved certain changes to
the compensation framework for each of our non-executive directors, specifically by implementing a fixed annual fee and predetermined values of initial and
recurring annual equity grants of RSUs.
Equity Incentive Plans
2014 Share Incentive Plan
The 2014 Share Incentive Plan, or the 2014 SIP, was adopted by our board of directors and became effective on June 10, 2014. The 2014 SIP was approved by our
shareholders on July 10, 2014. The 2014 SIP provides for the grant of options, restricted shares, restricted share units and other share-based awards to our
employees, directors, officers, consultants, advisors and any other person providing services to us or our affiliates, under varying tax regimes. The maximum
aggregate number of shares that may be issued pursuant to awards under this 2014 SIP is the sum of (a) 422,000 shares plus (b) an increase of 1,220,054 shares as
of January 1, 2015 plus (c) on January 1 of each calendar year commencing in 2016, a number of shares equal to the lesser of: (i) an amount determined by our
board of directors, if so determined prior to the January 1 of the calendar year in which the increase will occur, (ii) 4% of the total number of shares outstanding on
December 31 of the immediately preceding calendar year, and (iii) 4,000,000 shares. Additionally, any share underlying an award that is cancelled or terminated or
forfeited for any reason without having been exercised will automatically be available for grant under the 2014 SIP. As of December 31, 2020, 2,773,312 ordinary
shares underlying share-based awards were outstanding under the 2014 SIP and 836,117 ordinary shares were reserved for future grant under the 2014 SIP. On
January 1, 2021, the aggregate number of ordinary shares reserved for issuance under the 2014 SIP was increased by 1,350,000 shares. In addition, as discussed in
“—2020 Employee Stock Purchase Plan” the number of ordinary shares reserved under the 2014 SIP was reduced by 125,000 upon effectiveness of the ESPP (as
defined below). Either our board, or a committee established by our board, administers the 2014 SIP, and the board may, at any time, suspend, terminate, modify,
or amend the 2014 SIP retroactively or prospectively.
The board or the committee may grant awards intended to qualify as an incentive stock option, non-qualified stock option, Israeli Income Tax Ordinance Section
102 award, Section 3(9) award, or other designations under other regimes. Other than with respect to incentive stock options, governed by the specific exercise
price provisions of the 2014 SIP, the exercise price of any award will be determined by the committee or the board (as applicable). Unless otherwise stated in the
applicable award agreement, option awards under the 2014 SIP expire ten years after their grant date. Upon termination of the employment or service of a grantee,
any unvested awards will be forfeited on the termination date. Upon termination by reason of death, disability or retirement, all of the grantee’s vested awards may
be exercised at any time within one year after such death or disability or within three months following retirement. Upon termination for “cause” (as defined in the
2014 SIP), all awards granted to such grantee (whether vested or not) will be forfeited on the termination date. Upon termination for any other reason all vested and
exercisable awards at the time of termination may, unless earlier terminated in accordance with their terms, be exercised within up to three months after the
termination date (or such different period as the committee will prescribe).
64
�The committee and the board may grant restricted shares under the 2014 SIP. If a grantee’s employment or service to the company or any affiliate thereof
terminates for any reason prior to the vesting of such grantee’s restricted shares, any unvested shares will be forfeited by such grantee. The committee and the
board may also grant restricted share units, performance share units, and other awards under the 2014 SIP, including shares, cash, cash and shares, other share units
and share appreciation rights.
In order to comply with the provisions of Section 102, all awards to Israeli grantees must be held in trust for the benefit of the relevant grantee for the requisite
period prescribed by the Ordinance.
Upon a “Change in Control” event (as defined in the 2014 SIP), any award then outstanding will be assumed or substituted by us or the successor corporation or by
any affiliate thereof, as determined by the committee. Regardless of whether or not awards are assumed or substituted, the committee may: (1) provide for grantees
to have the right to exercise their awards or otherwise for the accelerated vesting of the unvested underlying shares, under such terms as the committee will
determine, including the cancellation of all unexercised awards (whether vested or unvested) upon or immediately prior to the closing of the Change in Control;
and/or (2) provide for the cancellation of each outstanding and unexercised award at or immediately prior to the closing of the Change in Control, and payment to
the grantees of an amount in cash or in shares of the acquirer or of a corporation or other business entity which is a party to the Change in Control, or in other
property, as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee.
Awards under the 2014 SIP are not transferable other than by will or by the laws of descent and distribution or to a grantee’s designated beneficiary, unless, in the
case of awards other than incentive stock options, otherwise determined by our committee or under the 2014 SIP. Awards may be granted from time to time
pursuant to the 2014 SIP, within a period of ten years from the effective date of the 2014 SIP, which period may be extended by our board.
2011 Share Incentive Plan
The 2011 Share Incentive Plan, or the 2011 SIP, was adopted by our board of directors and became effective on July 14, 2011. The 2011 SIP was approved by our
shareholders on December 20, 2011. Any share underlying an award that is cancelled or terminated or forfeited for any reason without having been exercised will
automatically be available for grant under the 2014 SIP. As of December 31, 2020, 23,104 options to purchase ordinary shares remained outstanding under the
2011 SIP. No new awards may be granted under the 2011 SIP.
The 2011 SIP is administered by our board or a committee established by our board. Option awards to purchase our ordinary shares that were granted under the
2011 SIP are designated in the applicable award agreement as an incentive stock option, non-qualified stock option, Section 102 award (with such designation to
include the relevant tax track), Section 3(i) award, or other designations under other regimes. All awards granted under the 2011 SIP have vested. Upon termination
by reason of death, disability or retirement, all of the grantee’s vested options may be exercised at any time within one year after such death or disability or within
three months following retirement. Upon termination for cause (as defined in the 2011 SIP), all options granted to such grantee are forfeited on the termination
date. Upon termination for any other reason all vested and exercisable options at the time of termination may, unless earlier terminated in accordance with their
terms, be exercised within up to 90 days after the termination date.
In the event of certain merger or sale events (as specified in the 2011 SIP), any award then outstanding will be assumed or an equivalent award will be substituted
by such successor corporation under substantially the same terms as such award. If such awards are not assumed or substituted by an equivalent award, then the
committee may (i) provide for grantees to have the right to exercise their awards under such terms and conditions as the committee will determine; and/or (ii)
provide for the cancellation of each outstanding award at the closing of such transaction, and payment to the grantees of an amount in cash as determined by the
committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee.
65
�Awards under the 2011 SIP are not transferable other than by will or by the laws of descent and distribution, unless otherwise determined by the board or under the
2011 SIP, and generally expire ten years following the grant date. The 2011 SIP will terminate on the tenth anniversary of the effective date, other than with respect
to those awards outstanding under the 2011 SIP at the time of termination.
2020 Employee Stock Purchase Plan
On January 1, 2021, our employee stock purchase plan, or ESPP, became effective. The ESPP enables our eligible employees and eligible employees of our
designated subsidiaries to elect to have payroll deductions made during the offering period in an amount not exceeding 15% of the gross base compensation which
the employees receive. The total number of ordinary shares initially reserved under the ESPP as of January 1, 2021 was 125,000 shares, or the ESPP Share Pool. In
connection with establishing the ESPP, we correspondingly reduced the number of shares available under the 2014 SIP by 125,000. On January 1 of each year
between 2022 and 2026 the ESPP Share Pool will be increased by a number of ordinary shares equal to the lowest of (i) 1,000,000 shares, (ii) 1% of our
outstanding shares on December 31 of the immediately preceding calendar year, and (iii) a lesser number of shares determined by our board of directors.
The ESPP is administered by our board of directors or by a committee designated by the board of directors. Subject to those rights which are reserved to the board
of directors or which require shareholder approval under Israeli law, our board of directors has designated the compensation committee to administer the ESPP.
Eligible employees become participants in the ESPP by enrolling and authorizing payroll deductions by the deadline established by the plan administrator prior to
the relevant enrollment date. We expect that on the first trading day of each purchase period, each participant will automatically be granted an option to purchase
our ordinary shares on the exercise date of such purchase period. The applicable purchase price will be no less than 85% of the lesser of the fair market value of our
ordinary shares on the first day or the last day of the purchase period. The maximum number of ordinary shares that may be purchased under the ESPP in any offer
period is 10,000. Participant payroll deductions will be used to purchase shares on the last day of each purchase period. The plan administrator may amend, suspend
or terminate the ESPP at any time. However, shareholder approval of any amendment to the ESPP must be obtained for any amendment which increases the
aggregate number or changes the type of shares that may be sold pursuant to rights under the ESPP or changes the corporations or classes of corporations whose
employees are eligible to participate in the ESPP.
C.
Board Practices
Board of Directors
Under the Companies Law, the management of our business is vested in our board of directors. Our board of directors may exercise all powers and may take all
actions that are not specifically granted to our shareholders or to management. Our executive officers are responsible for our day-to-day management and have
individual responsibilities established by our board of directors. Our Chief Executive Officer is appointed by, and serves at the discretion of, our board of directors,
subject to the employment agreement that we have entered into with him. All other executive officers are also appointed by our board of directors, and are subject
to the terms of any applicable employment agreements that we may enter into with them.
We comply with the rule of Nasdaq that requires a majority of our directors to be independent as defined under Nasdaq corporate governance rules. Our board of
directors has determined that all of our directors, other than our Chief Executive Officer, are independent under such rules. Under our articles of association, our
directors serve for a period of three years pursuant to the staggered board provisions of our articles of association. Under our articles of association, our board of
directors must consist of at least four and not more than nine directors. Our board of directors currently consists of eight directors. Our Chairman of the Board is
Ehud (Udi) Mokady, who also serves as our Chief Executive Officer. Under the Companies Law, a chairman of the board of directors of a public company may
also serve as the chief executive officer of such company if his appointment is ratified and approved by the company’s shareholders, and which term will be valid
for a period not exceeding three years from the date of such shareholder approval. In July of 2019, our shareholders ratified and approved Mr. Mokady’s
appointment as both Chairman of the Board and Chief Executive Officer, and therefore such appointment will remain valid until 2022.
66
�Pursuant to our articles of association, our directors are divided into three classes with staggered three-year terms. Each class of directors consists, as nearly as
possible, of one-third of the total number of directors constituting the entire board of directors. At each annual general meeting of our shareholders, the election or
re-election of directors following the expiration of the term of office of the directors of that class of directors is for a term of office that expires on the third annual
general meeting following such election or re-election, such that at each annual general meeting, the term of office of only one class of directors will expire. Each
director will hold office until the annual general meeting of our shareholders in which his or her term expires, unless he or she is removed by a vote of 65% of the
total voting power of our shareholders at a general meeting of our shareholders or upon the occurrence of certain events, in accordance with the Companies Law
and our articles of association.
Our directors are divided among the three classes as follows:
(i) the Class I directors are Ehud (Udi) Mokady and David Schaeffer, and their term expires at the annual general meeting of shareholders to be held in 2021 at the
time their successors are elected and qualified;
(ii) the Class II directors are Gadi Tirosh, Amnon Shoshani and Avril England, and their term expires at the annual general meeting of shareholders to be held in
2022 at the time their successors are elected and qualified; and
(iii) the Class III directors are Ron Gutler, Kim Perdikou and François Auque, and their term expires at the annual general meeting of shareholders to be held in
2023 at the time their successors are elected and qualified.
In addition, our articles of association allow our board of directors to appoint directors, create new directorships or fill vacancies on our board of directors up to the
maximum number of directors permitted under our articles of association. In case of an appointment by our board of directors to fill a vacancy on our board of
directors due to a director no longer serving, the term of office shall be equal to the remaining period of the term of office of the director(s) whose office(s) have
been vacated, and in case of a new appointment where the number of directors serving is less than the maximum number stated in our articles of association, our
board of directors shall determine at the time of appointment the class to which the new director shall be assigned.
Under the Companies Law and our articles of association, nominations for directors may be made by any shareholder(s) holding together at least 1% of our
outstanding voting power. However, any such shareholder may make such a nomination only if a written notice of such shareholder’s intent to make such
nomination has been timely and duly given to our Secretary (or, if we have no Secretary, our Chief Executive Officer), as set forth in our articles of association.
Any such notice must include certain information regarding the proposing shareholder and the proposed director nominee, the consent of the proposed director
nominee(s) to serve as our director(s) if elected and a declaration signed by the proposed director nominee(s) as required by the Companies Law and that all of the
information that is required to be provided to us in connection with such election under the Companies Law and under our articles of association has been provided.
Under the Companies Law, our board of directors must determine the minimum number of directors who are required to have accounting and financial expertise. A
director with accounting and financial expertise is a director who, due to his or her education, experience and skills, possesses an expertise in, and an understanding
of, financial and accounting matters and financial statements, such that he or she is able to understand the financial statements of the company and initiate a
discussion about the presentation of financial data.
In determining the number of directors required to have such expertise, a board of directors must consider, among other things, the type and size of the company
and the scope and complexity of its operations. Our board of directors has determined that the minimum number of directors of our company who are required to
have accounting and financial expertise is one.
External Directors
Under the Companies Law, companies incorporated under the laws of the State of Israel that are public companies, including companies with shares listed on
Nasdaq, are required to appoint at least two external directors.
Pursuant to regulations enacted under the Companies Law, the board of directors of a public company whose shares are listed on certain non-Israeli stock
exchanges, including Nasdaq, that do not have a controlling shareholder (as such term is defined in the Companies Law), may, subject to certain conditions, elect to
“opt-out” of the requirements of the Companies Law regarding the election of external directors and to the composition of the audit committee and compensation
committee, provided that the company complies with the requirements as to director independence and audit committee and compensation committee composition
applicable to companies that are incorporated in the jurisdiction in which its stock exchange is located. In May 2016, our board of directors elected to opt-out of the
Companies Law requirements to appoint external directors and related Companies Law rules concerning the composition of the audit committee and compensation
committee.
67
�The foregoing exemptions will continue to be available to us so long as: (i) we do not have a “controlling shareholder” (as such term is defined under the
Companies Law), (ii) our shares are traded on a U.S. stock exchange, including Nasdaq, and (iii) we comply with Nasdaq listing rules applicable to domestic U.S.
companies. If in the future we were to have a controlling shareholder, we would again be required to comply with the requirements relating to external directors
and composition of the audit committee and compensation committee.
Under the Securities Law 1968-5728, or the Securities Law, and the Companies Law, the term “controlling shareholder” means a shareholder with the ability to
direct the activities of the company, other than by virtue of being an office holder. A shareholder is presumed to be a controlling shareholder if the shareholder
holds 50% or more of the voting rights in a company or has the right to appoint the majority of the directors of the company or its general manager. For the purpose
of approving transactions with controlling shareholders, the term “controlling shareholder” also includes any shareholder that holds 25% or more of the voting
rights of the company if no other shareholder holds more than 50% of the voting rights in the company.
Lead Independent Director
Mr. Mokady has been our CEO since 2005, and following approval by our shareholders at the June 2016 and July 2019 annual shareholder meetings, has held that
post in addition to serving as our Chairman, for the maximum period permitted under the Companies Law. As approved by our shareholders at the July 2019 annual
shareholder meeting, for so long as the positions of the Chief Executive Officer and Chairman of the Board are combined, the non-executive board members will
select a Lead Independent Director from among the independent directors of the board, who has served a minimum of one year as a director. If at any meeting of
the board the Lead Independent Director is not present, for the purpose and duration of such meeting, the Chairman of the Audit Committee, Chairman of the
Compensation Committee, or an independent member of the board appointed by a majority of the independent members of the board present will act as the Lead
Independent Director, in the order listed above. Mr. Tirosh has been our Lead Independent Director since June 2016. The authorities and responsibilities of the
Lead Independent Director include, but are not limited to, the following:
•
•
•
•
•
•
•
•
•
providing leadership to the board of directors if circumstances arise in which the role of the Chairman of the Board may be, or may be perceived to
be, in conflict, and responding to any reported conflicts of interest, or potential conflicts of interest, arising for any director;
presiding as chairman of meetings of the board of directors at which the Chairman of the Board is not present, including executive sessions of the
independent members of the board of directors;
serving as liaison between the Chairman of the Board and the independent members of the Board;
approving meeting agendas for the board of directors;
approving information sent to the board of directors;
approving meeting schedules to assure that there is sufficient time for discussion of all agenda items;
having the authority to call meetings of the independent members of the board;
ensuring that he or she is available for consultation and direct communication with shareholders, as appropriate;
recommending that the board of directors retain consultants or advisers that report directly to the board;
68
�•
•
conferring with the Chairman of the Board on important board of directors matters and ensuring the board of directors focuses on key issues and tasks
facing the company; and
performing such other duties as the board of directors may from time to time delegate to assist the board of directors in the fulfillment of its duties.
Audit Committee
Under the Companies Law, the board of directors of a public company must appoint an audit committee. Our audit committee consists of three independent
directors, Ron Gutler (Chairperson), Kim Perdikou, and Amnon Shoshani.
Audit Committee Composition
Under Nasdaq corporate governance rules, we are required to maintain an audit committee consisting of at least three independent directors, each of whom is
financially literate and one of whom has accounting or related financial management expertise.
All members of our audit committee meet the requirements for financial literacy under the applicable rules and regulations of the SEC and Nasdaq corporate
governance rules. Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by SEC rules and have
the requisite financial experience as defined by Nasdaq corporate governance rules.
Each of the members of the audit committee is “independent” as such term is defined in Rule 10A-3(b)(1) under the Exchange Act, which is different from the
general test for independence of board members and members of other committees.
Audit Committee Role
Our board of directors has an audit committee charter that sets forth the responsibilities of the audit committee consistent with the rules of the SEC and the listing
requirements of Nasdaq, as well as the requirements for such committee under the Companies Law. The responsibilities of the audit committee under the audit
committee charter include, among others, the following:
•
•
•
•
•
•
•
overseeing of our accounting and financial reporting process and the audits of our financial statements, the effectiveness of our internal control over
financial reporting and making such reports as may be required of an audit committee under the rules and regulations promulgated under the
Exchange Act;
retaining and terminating our independent registered public accounting firm subject to the approval of our board of directors and, in the case of
retention, of our shareholders and recommending the terms of audit and non-audit services provided by the independent registered public accounting
firm for pre-approval by our board of directors and related fees and terms;
establishing systems of internal control over financial reporting, including communication and implementation thereof and the assessment of the
internal controls in accordance with the Sarbanes-Oxley Act, and any attestation by the independent registered public accounting firm;
determining whether there are deficiencies in the business management practices of our company, including in consultation with our internal auditor
or the independent registered public accounting firm, and making recommendations to the board of directors to improve such practices;
determining whether to approve certain related party transactions (see “Item 6.C. Board Practices —Approval of Related Party Transactions under
Israeli Law”);
recommending to the board of directors the retention and termination of our internal auditor, and determining the internal auditor's fees and other
terms of engagement, in accordance with the Companies Law;
approving the working plan proposed by the internal auditor and reviewing and discussing the work of the internal auditor on a quarterly basis;
69
�•
•
•
reviewing our cybersecurity risks and controls with senior management, keeping our board informed of key issues related to cybersecurity;
establishing procedures for the handling of employees’ complaints as to the deficiencies in the management of our business and the protection to be
provided to such employees; and
performing such other duties consistent with the audit committee charter, our governing documents, stock exchange rules and applicable law that may
be requested by the board of directors from time to time, including discussing guidelines and policies to govern the process by which the company
undertakes risk assessment and management in sensitive areas.
Compensation Committee
Under the Companies Law, the board of directors of any public company must appoint a compensation committee. Our compensation committee consists of three
independent directors, Kim Perdikou (Chairperson), Gadi Tirosh and Ron Gutler.
Compensation Committee Composition
Under Nasdaq corporate governance rules, we are required to maintain a compensation committee consisting of at least two independent directors. Each of the
members of the compensation committee is “independent” as such term is defined in Rule 10C-1(b)(1) under the Exchange Act, which is different from the general
test for independence of board members and members of other committees.
Compensation Policy pursuant to the Israeli Companies Law
The duties of the compensation committee include the recommendation to the company’s board of directors of a policy regarding the terms of engagement of office
holders, as such term is defined under the Companies Law, to which we refer as a compensation policy. That compensation policy must be adopted by the
company’s board of directors, after considering the recommendations of the compensation committee, and must be brought for approval by the company’s
shareholders at least once every three years, which approval requires a Special Approval for Compensation (as defined below under “—Approval of Related Party
Transactions under Israeli Law—Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions”).
Under special circumstances, the board of directors may approve the compensation policy despite the objection of the shareholders on the condition that the
compensation committee and then the board of directors decide, on the basis of detailed grounds and after discussing again the compensation policy, that approval
of the compensation policy, despite the objection of the meeting of shareholders, is for the benefit of the company.
The compensation policy must serve as the basis for decisions concerning the financial terms of employment or engagement of office holders, including
exculpation, insurance, indemnification or any monetary payment, obligation of payment or other benefit in respect of employment or engagement. The
compensation policy must be determined and later re-evaluated according to certain factors, including the advancement of the company’s objectives, business plan
and its long-term strategy and creation of appropriate incentives for office holders, while considering, among other things, the company’s risk management policy,
the size and the nature of its operations and with respect to variable compensation, the contribution of the office holder towards the achievement of the company’s
long-term goals and the maximization of its profits, all with a long-term objective and according to the position of the office holder. The compensation policy must
include certain principles, such as: a link between variable compensation and long-term performance, which variable compensation shall, other than with respect to
office holders who report to the CEO, be primarily based on measurable criteria; the relationship between variable and fixed compensation; and the minimum
holding or vesting period for variable, equity-based compensation. The compensation committee is responsible for (a) recommending the compensation policy to a
company’s board of directors for its approval (and subsequent approval by our shareholders) and (b) duties related to the compensation policy and to the
compensation of company’s office holders (as described below). Accordingly, following the recommendation and approval of our compensation committee and
Board, our shareholders approved our compensation policy at the July 2019 annual general meeting.
70
�Compensation Committee Role
Our board of directors has adopted a compensation committee charter that sets forth the responsibilities of the compensation committee. The responsibilities of the
committee set forth in its charter and the Companies Law include, among others, the following:
•
•
•
•
recommending to the board of directors for its approval a compensation policy and subsequently reviewing it from time to time, assessing its
implementation and recommending periodic updates, whether a new compensation policy should be adopted or an existing compensation policy
should continue in effect;
reviewing, evaluating and making recommendations regarding the terms of office, compensation and benefits for our office holders, including the
non-employee directors, taking into account our compensation policy;
exempting certain compensation arrangements from the requirement to obtain shareholder approval under the Companies Law (including with respect
to the Chief Executive Officer); and
reviewing and granting equity-based awards pursuant to our equity incentive plans to the extent such authority is delegated to the compensation
committee by our board of directors and the reserving of additional shares for issuance thereunder.
Under our compensation policy, which was approved by our shareholders in July 2019, the compensation committee is responsible for the general administration of
the policy.
Nominating and Governance Committee
Our nominating and governance committee consists of three independent directors, Gadi Tirosh (Chairperson), Kim Perdikou and Ron Gutler.
Nominating and Governance Committee Role
Our board of directors has a nominating and governance committee charter that sets forth the responsibilities of the nominating and governance committee, which
include:
•
•
•
•
•
•
overseeing and assisting our board of directors in reviewing and recommending nominees for election as directors and as members of the committees
of the board of directors;
establishing procedures for, and administering the performance of the members of our board and its committees;
evaluating and making recommendations to our board of directors regarding the termination of membership of directors;
reviewing, evaluating and making recommendations regarding management succession and development;
reviewing and making recommendations to our board of directors regarding board member qualifications, composition and structure and the nature
and duties of the committees and qualifications of committee members; and
establishing and maintaining effective corporate governance policies and practices, including, but not limited to, developing and recommending to
our board of directors a set of corporate governance guidelines applicable to our company.
Disclosure of Compensation of Executive Officers
For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, including the
requirement applicable to certain domestic issuers that do not qualify as emerging growth companies to disclose on an individual, rather than an aggregate basis,
the compensation of our named executive officers as defined in Item 402 of Regulation S-K. Nevertheless, the Companies Law requires that we disclose the annual
compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis. Under the Companies Law
regulations, this disclosure is required to be included in the annual proxy statement for our annual meeting of shareholders each year, which we will furnish to the
SEC under cover of a Report of Foreign Private Issuer on Form 6-K. Because of that disclosure requirement under Israeli law, we are also including such
information in this annual report, pursuant to the disclosure requirements of Form 20-F.
71
�For additional information, see “Item 6.B. Compensation—Compensation of Directors and Senior Management.”
Compensation of Directors
Under the Companies Law, compensation of directors requires the approval described below under “Approval of Related Party Transactions under Israeli Law -
Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions.”
The directors are also entitled to be paid reasonable travel, hotel and other expenses expended by them in attending board meetings and performing their functions
as directors of the company, all of which is to be determined by the board of directors.
For additional information, see “Item 6.B. Compensation—Compensation of Directors and Senior Management.”
Internal Auditor
Under the Companies Law, the board of directors of an Israeli public company must appoint an internal auditor recommended by the audit committee. An internal
auditor may not be:
•
•
•
•
a person (or a relative of a person) who holds more than 5% of the company’s outstanding shares or voting rights;
a person (or a relative of a person) who has the power to appoint a director or the general manager of the company;
an office holder (including a director) of the company (or a relative thereof); or
a member of the company’s independent accounting firm, or anyone on his or her behalf.
The role of the internal auditor is to examine, among other things, our compliance with applicable law and orderly business procedures. The audit committee is
required to oversee the activities and to assess the performance of the internal auditor as well as to review the internal auditor’s work plan. Chaikin, Cohen, Rubin
& Co. serves as our internal auditor.
Approval of Related Party Transactions under Israeli Law
Fiduciary Duties of Directors and Office Holders
The Companies Law codifies the fiduciary duties that office holders owe to a company. The term “office holder” is defined under the Companies Law as a general
manager, chief business manager, deputy general manager, vice general manager, any other person assuming the responsibilities of any of these positions
(regardless of that person’s title), a director and any other manager directly subordinate to the general manager.
An office holder’s fiduciary duties consist of a duty of care and a duty of loyalty. The duty of care requires an office holder to act with the level of care with which
a reasonable office holder in the same position would have acted under the same circumstances. The duty of loyalty requires that an office holder act in good faith
and in the best interests of the company.
The duty of care includes a duty to use reasonable means to obtain:
•
•
information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position; and
all other important information pertaining to any such action.
72
�The duty of loyalty includes a duty to:
•
•
•
•
refrain from any conflict of interest between the performance of his or her duties to the company and his or her duties or personal affairs;
refrain from any action which competes with the company’s business;
refrain from exploiting any business opportunity of the company in order to receive a personal gain for himself or herself or others; and
disclose to the company any information or documents relating to the company’s affairs which the office holder received as a result of his or her
position as an office holder.
We may approve an act specified above that would otherwise constitute a breach of the duty of loyalty of an office holder, provided, that the office holder acted in
good faith, the act or its approval does not harm the company, and the office holder discloses his or her personal interest, including any related material information
or document, a sufficient time before the approval of such act. Any such approval is subject to the terms of the Companies Law, setting forth, among other things,
the organs of the company entitled to provide such approval, and the methods of obtaining such approval.
Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions
The Companies Law requires that an office holder promptly disclose to the board of directors any personal interest that he or she may be aware of and all related
material information or documents concerning any existing or proposed transaction with the company. An interested office holder’s disclosure must be made
promptly and in any event no later than the first meeting of the board of directors in which the transaction is considered.
Under the Companies Law, a “personal interest” includes an interest of any person in an act or transaction of a company, including a personal interest of such
person’s relative or of a corporate body in which such person or a relative of such person is a 5% or greater shareholder, director or general manager, or in which he
or she has the right to appoint at least one director or the general manager, but excluding a personal interest stemming from one’s ownership of shares in the
company. A personal interest furthermore includes the personal interest of a person for whom the office holder holds a voting proxy or the personal interest of the
office holder with respect to his or her vote on behalf of a person for whom he or she holds a proxy even if such shareholder has no personal interest in the matter.
An office holder is not, however, obliged to disclose a personal interest if it derives solely from the personal interest of his or her relative in a transaction that is not
considered an extraordinary transaction. Under the Companies Law, an extraordinary transaction is defined as any of the following:
•
•
•
a transaction other than in the ordinary course of business;
a transaction that is not on market terms; or
a transaction that may have a material impact on a company’s profitability, assets or liabilities.
If it is determined that an office holder has a personal interest in a transaction, approval by the board of directors (and, in certain circumstances, of its applicable
committee) is required for the transaction, unless the company’s articles of association provide for a different method of approval. Further, so long as an office
holder has disclosed his or her personal interest in a transaction and acted in good faith and the transaction or action does not harm the company’s best interests, the
board of directors may approve an action by the office holder that would otherwise be deemed a breach of duty of loyalty.
The compensation of, or an undertaking to indemnify or insure, an office holder requires approval first by the company’s compensation committee, then by the
company’s board of directors, and, if such compensation arrangement or an undertaking to indemnify or insure is that of a director, the approval of the shareholders
by an ordinary majority. If such compensation arrangement or an undertaking to indemnify or insure is inconsistent with the company’s stated compensation policy
then such arrangement is subject to the approval of a majority vote of the shares present and voting at a shareholders meeting, provided that either, which we refer
to as the Special Approval for Compensation:
(a) such majority includes at least a majority of the shares held by all shareholders who do not have a personal interest in such compensation arrangement
and are not controlling shareholders, excluding abstentions; or
73
�(b) the total number of shares of shareholders who do not have a personal interest in the compensation arrangement and who vote against the arrangement
does not exceed 2% of the company’s aggregate voting rights.
Generally, a person who has a personal interest in a matter which is considered at a meeting of the board of directors or the audit committee may not be present at
such a meeting or vote on that matter unless the chairman of the relevant committee or board of directors (as applicable) determines that he or she should be present
in order to present the transaction that is subject to approval, in which case such person may do so but may not vote on the matter. If a majority of the members of
the audit committee or the board of directors (as applicable) has a personal interest in the approval of a transaction, then all directors may participate in discussions
of the audit committee or the board of directors (as applicable) on such transaction and the voting on approval thereof. However, in the event that a majority of the
members of the board has a personal interest in a transaction, shareholder approval is also required for such transaction.
Disclosure of Personal Interests of Controlling Shareholders and Approval of Certain Transactions
We currently do not have a controlling shareholder. If in the future we would have a controlling shareholder, disclosure requirements regarding personal interests
will apply and shareholder approval (meeting a special majority requirement) will be required with respect to transactions specified in the Companies Law
involving the controlling shareholder, parties having certain relationships with the controlling shareholder and certain other specific transactions. In such cases, the
votes of a controlling shareholder and certain parties associated with it would be excluded for purposes of special majority voting requirements. Additionally, the
Companies Law provides a different, broader definition of a controlling shareholder with respect to the provisions pertaining to the approval of related party
transactions.
Shareholder Duties
Pursuant to the Companies Law, a shareholder has a duty to act in good faith and in a customary manner toward the company and other shareholders and to refrain
from abusing his or her power in the company, including, among other things, in voting at a general meeting and at shareholder class meetings with respect to the
following matters:
•
•
•
•
an amendment to the company’s articles of association;
an increase of the company’s authorized share capital;
a merger; or
the approval of related party transactions and acts of office holders that require shareholder approval.
In addition, a shareholder also has a general duty to refrain from discriminating against other shareholders.
In addition, certain shareholders have a duty of fairness toward the company. These shareholders include any controlling shareholder, any shareholder who knows
that he or she has the power to determine the outcome of a shareholder vote and any shareholder who has the power to appoint or to prevent the appointment of an
office holder of the company or other power towards the company. The Companies Law does not define the substance of the duty of fairness, except to state that
the remedies generally available upon a breach of contract will also apply in the event of a breach of the duty to act with fairness.
Exculpation, Insurance and Indemnification of Directors and Officers
Under the Companies Law, a company may not exculpate an office holder from liability for a breach of the duty of loyalty. An Israeli company may exculpate an
office holder in advance from liability to the company, in whole or in part, for damages caused to the company as a result of a breach of duty of care but only if a
provision authorizing such exculpation is included in its articles of association. Our articles of association include such a provision. The company may not
exculpate in advance a director from liability arising out of a prohibited dividend or distribution to shareholders.
74
�Under the Companies Law and the Securities Law, a company may indemnify an office holder in respect of the following liabilities, payments and expenses
incurred for acts performed by him or her as an office holder, either pursuant to an undertaking made in advance of an event or following an event, provided its
articles of association include a provision authorizing such indemnification:
•
•
•
•
a monetary liability incurred by or imposed on him or her in favor of another person pursuant to a judgment, including a settlement or arbitrator’s
award approved by a court. However, if an undertaking to indemnify an office holder with respect to such liability is provided in advance, then such
undertaking must be limited to certain events which, in the opinion of the board of directors, can be foreseen based on the company’s activities when
the undertaking to indemnify is given, and to an amount or according to criteria determined by the board of directors as reasonable under the
circumstances, and such undertaking shall detail the foreseen events and described above amount or criteria;
reasonable litigation expenses, including reasonable attorneys’ fees, incurred by the office holder (1) as a result of an investigation or proceeding
instituted against him or her by an authority authorized to conduct such investigation or proceeding, provided that (i) no indictment was filed against
such office holder as a result of such investigation or proceeding; and (ii) no financial liability was imposed upon him or her as a substitute for the
criminal proceeding as a result of such investigation or proceeding or, if such financial liability was imposed, it was imposed with respect to an
offense that does not require proof of criminal intent; or (2) in connection with a monetary sanction or liability imposed on him or her in favor of an
injured party in certain Administrative proceedings;
expenses incurred by an office holder in connection with Administrative proceedings instituted against such office holder, or certain compensation
payments made to an injured party imposed on an office holder by Administrative proceedings, including reasonable litigation expenses and
reasonable attorneys’ fees; and
reasonable litigation expenses, including attorneys’ fees, incurred by the office holder or imposed by a court in proceedings instituted against him or
her by the company, on its behalf, or by a third party, or in connection with criminal proceedings in which the office holder was acquitted, or as a
result of a conviction for an offense that does not require proof of criminal intent.
Under the Companies Law and the Securities Law, a company may insure an office holder against the following liabilities incurred for acts performed by him or
her as an office holder if and to the extent provided in the company’s articles of association:
•
•
•
•
•
a breach of duty of care to the company or to a third party, to the extent such a breach arises out of the negligent conduct of the office holder;
a breach of the duty of loyalty to the company, provided that the office holder acted in good faith and had a reasonable basis to believe that the act
would not harm the company;
a monetary liability imposed on the office holder in favor of a third party;
a monetary liability imposed on the office holder in favor of an injured party in certain Administrative proceedings; and
expenses incurred by an office holder in connection with certain Administrative proceedings, including reasonable litigation expenses and reasonable
attorneys’ fees.
Under the Companies Law, a company may not indemnify, exculpate or insure an office holder against any of the following:
•
•
•
a breach of the duty of loyalty, except for indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the office
holder acted in good faith and had a reasonable basis to believe that the act would not prejudice the company;
a breach of duty of care committed intentionally or recklessly, excluding a breach arising out of the negligent conduct of the office holder;
an act or omission committed with intent to derive illegal personal benefit; or
75
�•
a civil or criminal fine, monetary sanction or forfeit levied against the office holder.
Under the Companies Law, exculpation, indemnification and insurance of office holders in a public company must be approved by the compensation committee
and the board of directors and, with respect to certain office holders or under certain circumstances, also by the shareholders. See “Item 6.C. Board Practices—
Approval of Related Party Transactions under Israeli Law.”
We have entered into indemnification agreements with our office holders to exculpate, indemnify and insure our office holders to the fullest extent permitted or to
be permitted by our articles of association and applicable law (including without limitation), the Companies Law, the Securities Law and the Israeli Restrictive
Trade Practices Law, 5758-1988. We have obtained director and officer liability insurance for the benefit of our office holders and intend to continue to maintain
such insurance as deemed adequate and to the extent permitted by the Companies Law.
D.
Employees
As of December 31, 2020, we had 1,689 employees and subcontractors with 570 located in Israel, 649 in the United States, 120 in the United Kingdom and 350
across 36 other countries. The following table shows the breakdown of our global workforce of employees and subcontractors by category of activity as of the dates
indicated:
Department
Sales and marketing
Research and development
Services and support
General and administrative
Total
2018
As of December 31,
2019
2020
541
287
214
104
656
349
253
122
772
464
309
144
1,146
1,380
1,689
All our employment agreements are governed by local labor laws. None of our employees work under any collective bargaining agreements, except for our
employees in Italy who work under the national collective bargaining agreement for trade and commerce sector (CCNL Commercio), which affects matters such as
length of working, annual holidays entitlement, sick leave, travel expenses and pension rights, and our employees in France who work under the collective
bargaining agreement for offices of technical studies, offices of consulting engineers and consulting firms (SYNTEC CBA), and our employees in Spain who work
under the collective bargaining agreement for the sale of Metal of the Region of Madrid or the collective bargaining agreement for the sale of Metal of the province
of Barcelona, depending on their location.
With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing
employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws
and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an
employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration.
Our Israeli employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for
all Israeli employees, which cover potential severance pay obligations.
Extension orders issued by the Israeli Ministry of Economy and Industry (formerly the Israeli Ministry of Industry, Trade and Labor) apply to our employees in
Israel and affect matters such as, living adjustments to salaries, length of working hours and week, recuperation pay, travel expenses, and pension rights. We have
never experienced labor-related work stoppages or strikes and believe that our relations with our employees are satisfactory.
76
�Human Capital Resources
Our Culture
Our culture is an important contributing factor of our success and an important differentiator in our strategy. We value diversity and inclusion which allows for the
exchange of ideas, creates a strong community and helps ensure our employees are valued and respected. We are committed to hiring talented smart but humble
employees who love a challenge. Our Chief Human Resource Officer, who reports directly to our Chief Executive Officer, oversees our broad and comprehensive
initiatives to promote a strong culture including employee recognition and engagement, formal as well as real time recognition programs, matching charitable
donations, a wide range of community volunteering opportunities, team building events, regular executive round table discussions and employee engagement
surveys.
Talent Development
We encourage all of our employees to learn and shape their own learning journey. Learning and development helps everyone become more impactful in both their
current role as well as in future roles. We deliver learning solutions using various methodologies - classroom-based sessions, virtual webinars, coaching and
experiential learning - to meet the needs of our learners. Some of these learning efforts include an effective onboarding process for new employees and
management training for managers, as well as learning opportunities aligned with our strategic direction. Likewise, we provide all employees with access to
multiple platforms for various self-paced, on-demand learning opportunities.
Compensation and Benefits
We offer a pay-for-performance total rewards approach. Our methodology includes competitive base salaries, variable pay programs to drive target achievements,
long-term incentives such as equity grants and customized benefits packages across all our regions. We encourage work-life alignment, career development
opportunities and excellence in performance. These principles align with our values and support our journey towards building an equitable, diverse and inclusive
environment. We regularly review our total rewards offering to address constantly changing trends and developments in the complex global and local markets in
which we operate.
Health, Safety, and Wellness
We provide our employees and their families with robust healthcare benefits and a variety of health and wellness programs. From our benefits and work spaces to
our employee engagement and focus on values, we are creating an environment that fosters communication, collaboration and community. We invest in our
employees through various training and wellness programs focused on physical, emotional and financial wellbeing, including lectures, meditation sessions,
physical fitness classes and challenges, monthly newsletters and team-building activities.
We are committed to ensuring high standards of health, safety and wellbeing for all employees, contractors and visitors, throughout our global operations and
working collaboratively across different regions, functions and levels of our organization to have a positive impact on safety performance across all our activities.
77
�The COVID-19 pandemic has increased our focus on health, safety and wellness of our employees, which continues to be our top priority. At the outset of the
COVID-19 pandemic, we shifted our operations to enable work from home. In addition, we increased our level of communication with our employees, including
implementing regular executive round table discussions, ask-the-executive sessions and an employee Intranet portal focused on wellness.
Business Ethics and Compliance
We are committed to promoting integrity, honesty and professionalism and maintaining the highest standards of ethical conduct in all of our activities, and have
fostered a culture of openness that promotes communication across the Company. See “Item 16.B. Code of Ethics” for additional details.
Our Chief Executive Officer and our Chief Human Resource Officer regularly report to the Board and the Compensation Committee on issues related to human
capital management.
E.
Share Ownership
For information regarding the share ownership of our directors and senior management, please refer to “Item 6.B. Compensation” and “Item 7.A. Major
Shareholders.”
ITEM 7.
MAJOR SHAREHOLDERS AND RELATED PARTY TRANSACTIONS
A.
Major Shareholders
The following table sets forth information with respect to the beneficial ownership of our shares as of January 31, 2021 by:
•
•
•
each person or entity known by us to own beneficially 5% or more of our outstanding shares;
each of our directors and senior management individually; and
all of our senior management and directors as a group.
The beneficial ownership of ordinary shares is determined in accordance with the rules of the SEC and generally includes any ordinary shares over which a person
exercises sole or shared voting or investment power, or the right to receive the economic benefit of ownership. For purposes of the table below, we deem shares
subject to equity-based awards that are currently exercisable or exercisable within 60 days of January 31, 2021, to be outstanding and to be beneficially owned by
the person holding the equity-based awards for the purposes of computing the percentage ownership of that person but we do not treat them as outstanding for the
purpose of computing the percentage ownership of any other person. The percentage of shares beneficially owned is based on 39,088,502 ordinary shares
outstanding as of January 31, 2021.
As of January 31, 2021, we had 9 holders of record of our ordinary shares in the United States, including Cede & Co., the nominee of The Depository Trust
Company. These shareholders held in the aggregate 39,084,736 of our outstanding ordinary shares, or 99.9% of our outstanding ordinary shares as of January 31,
2021. The number of record holders in the United States is not representative of the number of beneficial holders nor is it representative of where such beneficial
holders are resident since many of these ordinary shares were held by brokers or other nominees.
All of our shareholders, including the shareholders listed below, have the same voting rights attached to their ordinary shares. See “Item 10.B. Memorandum and
Articles of Association.” None of our principal shareholders or our directors and senior management have different or special voting rights with respect to their
ordinary shares. Unless otherwise noted below, each shareholder’s address is CyberArk Software Ltd. 9 Hapsagot St., Park Ofer B, POB 3143, Petach-Tikva,
4951040, Israel.
78
�A description of any material relationship that our principal shareholders have had with us or any of our predecessors or affiliates since January 31, 2020 is
included under “Item 7.B. Related Party Transactions.”
Name of Beneficial Owner
Principal Shareholders
Wasatch Advisors, Inc. (1)
RBC Global Asset Management Inc. (2)
Senior Management and Directors
Ehud (Udi) Mokady (3)
Joshua Siegel
Chen Bitan
Matthew Cohen
Donna Rahav
Gadi Tirosh
Ron Gutler
Kim Perdikou
David Schaeffer
Amnon Shoshani
François Auque
Avril England
All senior management and directors as a group (12 persons)
Shares Beneficially Owned
Number
%
3,408,406
2,431,424
8.7%
6.2%
*
*
*
*
*
*
*
*
*
*
*
*
470,908
*
*
*
*
*
*
*
*
*
*
*
*
1.2%
*
(1)
(2)
Less than 1%.
Based on a Schedule 13G filed on February 11, 2021, by Wasatch Advisors, Inc. (“Wastach”), shares beneficially owned consist of 3,408,406 ordinary
shares over which Wastach has sole voting and dispositive power. The address of Wasatch’s is 505 Wakara Way, Salt Lake City, UT 84108.
Based on a Schedule 13G filed on February 16, 2021, by RBC Global Asset Management Inc., RBC Phillips, Hager & North Investment Counsel Inc.,
RBC Private Counsel (USA) Inc., Royal Trust Corporation of Canada and RBC Global Asset Management (U.S.) Inc., shares beneficially owned
consist of 2,431,424, for which they have shared voting and dispositive power. The address of RBC Global Asset Management Inc. is RBC Centre, 155
Wellington Street West, Suite 2300, Toronto, Ontario, Canada M5V 3K7.
(3)
Mr. Mokady’s shares include 12,600 shares held in trust for family members over which Mr. Mokady is the beneficial owner.
Significant Changes
Based on a Schedule 13G/A filed with the SEC on February 10, 2021, as of December 31, 2020, Morgan Stanley and certain of its affiliates and subsidiaries no
longer beneficially owned more than 5% of our ordinary shares.
79
�B.
Related Party Transactions
Our policy is to enter into transactions with related parties on terms that, on the whole, are no more favorable, or no less favorable, than those available from
unaffiliated third parties. Based on our experience in the business sectors in which we operate and the terms of our transactions with unaffiliated third parties, we
believe that all of the transactions described below met this policy standard at the time they occurred.
The following is a description of material transactions, or series of related material transactions, since January 1, 2020, to which we were or will be a party and in
which the other parties included or will include our directors, executive officers, holders of more than 10% of our voting securities or any member of the immediate
family of any of the foregoing persons.
Registration Rights
Our investor rights agreement entitles our shareholders to certain registration rights. None of our shareholder are currently entitled to registration rights.
Agreements with Directors and Officers
Employment and Related Agreements. We have entered into written employment agreements with each of our officers. These agreements provide for notice periods
of varying duration for termination of the agreement by us or by the relevant executive officer, during which time the officer will continue to receive base salary
and benefits. These agreements also contain customary provisions regarding confidentiality of information and ownership of inventions.
Equity Awards. Since our inception we have granted options to purchase, and restricted share units underlying, our ordinary shares to our officers and certain of our
directors. Such award agreements contain acceleration provisions upon certain merger, acquisition, or change of control transactions. We describe our option plans
under “Item 6.B. Compensation—Equity Incentive Plans” and the equity-based compensation received by certain of our senior managers in “Item 6.B.
Compensation—Compensation of Directors and Senior Management.” If the relationship between us and a senior manager, or a director, is terminated, except for
cause (as defined in the various option plan agreements), all options that are vested will remain exercisable for ninety days after such termination in the case of our
executive officers, or one year in the case of our directors.
Exculpation, Indemnification and Insurance. Our articles of association permit us to exculpate, indemnify and insure certain of our office holders to the fullest
extent permitted by Israeli law. We have entered into agreements with certain of our office holders, including our directors, exculpating them from a breach of their
duty of care to us to the fullest extent permitted by law and undertaking to indemnify them to the fullest extent permitted by law, subject to certain exceptions,
including with respect to liabilities resulting from our initial public offering to the extent that these liabilities are not covered by insurance. See “Item 6.C. Board
Practices—Exculpation, Insurance and Indemnification of Directors and Officers.”
C.
Interests of Experts and Counsel
Not applicable.
ITEM 8.
FINANCIAL INFORMATION
A.
Consolidated Statements and Other Financial Information
Consolidated Financial Statements
We have appended as part of this annual report our consolidated financial statements starting at page F-1.
Legal Proceedings
From time to time we may be subject to legal proceedings and claims arising in the ordinary course of business. We are currently not a party to any material
litigation, and we are not aware of any pending or threatened material legal or administrative proceedings against us. Regardless of the outcome, litigation can have
an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
80
�Dividend Policy
We have never declared or paid any cash dividends on our ordinary shares. We do not anticipate paying any cash dividends in the foreseeable future. We currently
intend to retain future earnings, if any, to finance operations and expand our business. Our board of directors has sole discretion whether to pay dividends. If our
board of directors decides to pay dividends, the form, frequency and amount will depend upon our future operations and earnings, capital requirements and surplus,
general financial condition, contractual restrictions and other factors that our directors may deem relevant. The distribution of dividends may also be limited by
Israeli law, which permits the distribution of dividends only out of retained earnings or otherwise upon the permission of an Israeli court.
B.
Significant Changes
No significant changes have occurred since December 31, 2020, except as otherwise disclosed in this annual report.
ITEM 9.
THE OFFER AND LISTING
A.
Offer and Listing Details
Our ordinary shares are quoted on Nasdaq under the symbol “CYBR.”
B.
Plan of Distribution
Not applicable.
C.
Markets
See “—Offer and Listing Details” above.
D.
Selling Shareholders
Not applicable.
E.
Dilution
Not applicable.
F.
Expenses of the Issue
Not applicable.
ITEM 10.
ADDITIONAL INFORMATION
A.
Share Capital
Not applicable.
B.
Memorandum and Articles of Association
A copy of our amended and restated articles of association is attached as Exhibit 1.1 to this annual report on Form 20-F. The information called for by this Item is
set forth in Exhibit 2.3 to this annual report on Form 20-F and is incorporated by reference into this annual report on Form 20-F.
C.
Material Contracts
For a description of the registration rights that we granted under our Fourth Amended Investor Rights Agreement, please refer to “Item 7.B. Related Party
Transactions—Registration Rights.”
For a description of our leases, see “Item 4.B.—Business Overview—Properties.”
For a description of our issuance of convertible notes, see Note 11 to our consolidated financial statements included within this annual report.
D.
Exchange Controls
In 1998, Israeli currency control regulations were liberalized significantly, so that Israeli residents generally may freely deal in foreign currency and foreign assets,
and non-residents may freely deal in Israeli currency and Israeli assets. There are currently no Israeli currency control restrictions on remittances of dividends on
the ordinary shares or the proceeds from the sale of the shares provided that all taxes were paid or withheld; however, legislation remains in effect pursuant to
which currency controls can be imposed by administrative action at any time.
81
�Non-residents of Israel may freely hold and trade our securities. Neither our articles of association nor the laws of the State of Israel restrict in any way the
ownership or voting of ordinary shares by non-residents, except that such restrictions may exist with respect to citizens of countries which are in a state of war with
Israel. Israeli residents are allowed to purchase our ordinary shares.
E.
Taxation
Certain Israeli Tax Consequences
The following description is not intended to constitute a complete analysis of all tax consequences relating to the acquisition, ownership and disposition of our
ordinary shares. You should consult your tax advisor concerning the tax consequences of your particular situation, as well as any tax consequences that may arise
under the laws of any state, local, foreign or other taxing jurisdiction. This summary does not discuss all of the aspects of Israeli tax law that may be relevant to a
particular investor in light of his or her personal investment circumstances or to some types of investors subject to special treatment under Israeli law. Examples of
such investors include residents of Israel or traders in securities who are subject to special tax regimes not covered in this discussion. Some parts of this discussion
are based on tax legislation which has not been subject to judicial or administrative interpretation. The discussion should not be construed as legal or professional
tax advice and does not cover all possible tax considerations.
Capital Gains
Capital gain tax is imposed on the disposal of capital assets by an Israeli resident, and on the disposal of such assets by a non-Israel resident if those assets are
either (i) located in Israel, (ii) are shares or a right to a share in an Israeli resident corporation, or (iii) represent, directly or indirectly, rights to assets located in
Israel, unless a tax treaty in force between Israel and the seller’s country of residence provides otherwise. The Ordinance distinguishes between “Real Capital Gain”
and the “Inflationary Surplus.” Real Capital Gain is the excess of the total capital gain over Inflationary Surplus computed generally on the basis of the increase in
the Israeli Consumer Price Index ("CPI") between the date of purchase and the date of disposal.
The Real Capital Gain accrued by individuals on the sale of our ordinary shares (that were purchased after January 1, 2012, whether listed on a stock exchange or
not) will be taxed at the rate of 25%. However, if such shareholder is a “Controlling Shareholder” (i.e., a person who holds, directly or indirectly, alone or together
with such person’s relative or another person who collaborates with such person on a permanent basis, 10% or more of one of the Israeli resident company’s means
of control) at the time of sale or at any time during the preceding twelve (12) months period and/or claims a deduction for interest and linkage differences expenses
in connection with the purchase and holding of such shares, such gain will be taxed at the rate of 30%.
The Real Capital Gain derived by corporations will generally be subject to the ordinary corporate tax (23% in 2018 and thereafter).
An individual shareholder dealing in securities, or to whom such income is otherwise taxable as ordinary business income are taxed in Israel at their marginal tax
rates applicable to business income (up to 47% in 2020).
Capital Gains Taxes Applicable to Non-Israeli Resident Shareholders
A non-Israeli resident who derives capital gains from the sale of shares in an Israeli resident company that were purchased after the company was listed for trading
on a stock exchange outside of Israel should generally be exempt from Israeli tax so long as the shares were not held through a permanent establishment that the
non-resident maintains in Israel and that such shareholders are not subject to the Israeli Income Tax Law (Inflationary Adjustments) 5745-1985. However, non-
Israeli corporations will not be entitled to the foregoing exemption if Israeli residents: (i) have a controlling interest of more than 25% in such non-Israeli
corporation or (ii) are the beneficiaries of, or are entitled to, 25% or more of the revenues or profits of such non-Israeli corporation, whether directly or indirectly.
Such exemption is not applicable to a person whose gains from selling or otherwise disposing of the shares are deemed to be a business income.
82
�Additionally, a sale of shares by a non-Israeli resident (either an individual or a corporation) may be exempt from Israeli capital gains tax under the provisions of an
applicable tax treaty. For example, under the Convention between the United States and the Government of the State of Israel with respect to income taxes (the
“United States-Israel Tax Treaty”), the disposition of shares by a shareholder who (i) is a U.S. resident (for purposes of the treaty), (ii) holds the shares as a capital
asset, and (iii) is entitled to claim the benefits afforded to such person by the treaty, is generally exempt from Israeli capital gains tax. Such exemption will not
apply if: (i) the capital gain arising from the disposition can be attributed to royalties; (ii) the shareholder holds, directly or indirectly, shares representing 10% or
more of the voting capital during any part of the 12-month period preceding such sale, exchange or disposition, subject to certain conditions; (iii) such U.S. resident
is an individual and was present in Israel for a period or periods aggregating to 183 days or more during the relevant taxable year; (iv) the capital gain arising from
such sale, exchange or disposition is attributed to real estate located in Israel; or (v) the shareholder is a U.S. resident (for purposes of the U.S.-Israel Treaty) and
deemed a dealer or otherwise is deemed to have business income from such sale, exchange or disposition of the shares attributed to a permanent establishment in
Israel. In such case, the sale, exchange or disposition of our ordinary shares would be subject to Israeli tax, to the extent applicable; however, under the United
States-Israel Tax Treaty, a U.S. resident would be permitted to claim a credit for such taxes against the U.S. federal income tax imposed with respect to such sale,
exchange or disposition, subject to the limitations under U.S. law applicable to foreign tax credits. The United States-Israel Tax Treaty does not relate to tax credits
against U.S. state or local taxes.
In some instances where our shareholders may be liable for Israeli tax on the sale of their ordinary shares, the payment of the consideration may be subject to the
withholding of Israeli tax at source. Shareholders may be required to demonstrate that they are exempt from tax on their capital gains in order to avoid withholding
at source at the time of sale. Specifically, in transactions involving a sale of all of the shares of an Israeli resident company, in the form of a merger or otherwise,
the Israel Tax Authority may require from shareholders who are not liable for Israeli tax to sign declarations in forms specified by this authority or to apply for and
obtain a specific withholding tax certificate of exemption from the Israel Tax Authority to confirm their status as non-Israeli resident, and, in the absence of such
declarations or exemptions, may require the purchaser of the shares to withhold taxes at source.
Taxation of Non-Israeli Shareholders on Receipt of Dividends
Non-Israeli residents (either an individual or a corporation) are generally subject to Israeli income tax on the receipt of dividends paid on our ordinary shares at the
rate of 25%, unless relief is provided in a treaty between Israel and the shareholder’s country of residence. With respect to a person who is a “Controlling
Shareholder” at the time of receiving the dividend or on any time during the preceding twelve months, the applicable tax rate is 30%. A “Controlling Shareholder”
is generally a person who alone or together with such person’s relative or another person who collaborates with such person on a permanent basis, holds, directly or
indirectly, at least 10% of any of the “means of control” of the corporation. “Means of control” generally include the right to vote, receive profits, nominate a
director or an executive officer, receive assets upon liquidation, or order someone who holds any of the aforesaid rights how to act, regardless of the source of such
right. Such dividends paid to non-Israeli residents are generally subject to Israeli withholding tax at a rate of 25% so long as the shares are registered with a
Nominee Company (whether the recipient is a Controlling Shareholder or not), unless a reduced tax rate is provided under an applicable tax treaty, provided that a
certificate from the Israel Tax Authority allowing for a reduced withholding tax rate is obtained in advance. However, subject to the receipt in advance of a valid
certificate from the Israel Tax Authority allowing for a reduced tax rate, a distribution of dividends to non-Israeli residents is subject to withholding tax at source at
a rate of 15% if the dividend is distributed from income attributed to an Approved Enterprise or generally 20% if the dividend is distributed from income attributed
to a Preferred Enterprise (including Technological Preferred Enterprise based on which the Company is taxed as from 2017), unless a reduced tax rate is provided
under an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). Under the
United States-Israel Tax Treaty, the maximum rate of tax withheld at source in Israel on dividends paid to a holder of our ordinary shares who is a U.S. resident
(for purposes of the United States-Israel Tax Treaty) is 25%. However, the maximum rate of withholding tax on dividends, not generated from an Approved
Enterprise or Benefited Enterprise, that are paid to a United States corporation holding 10% or more of the outstanding voting capital throughout the tax year in
which the dividend is distributed as well as during the previous tax year, is 12.5%, provided that no more than 25% of the gross income for such preceding year
consists of certain types of dividends and interest. Notwithstanding the foregoing, a distribution of dividends to non-Israeli residents is subject to withholding tax at
source at a rate of 15% if the dividend is distributed from income attributed to an Approved Enterprise or for such U.S. corporation shareholder, provided that the
condition related to our gross income for the previous year (as set forth in the previous sentence) is met. The aforementioned rates under the United States-Israel
Tax Treaty will not apply if the dividend income was attributed to a permanent establishment that the U.S. resident maintains in Israel. U.S. residents who are
subject to Israeli withholding tax on a dividend may be entitled to a credit or deduction for United States federal income tax purposes in the amount of the taxes
withheld, subject to detailed rules contained in U.S. tax legislation. We cannot assure you that in the event we declare a dividend we will designate the income out
of which the dividend is paid in a manner that will reduce shareholders’ tax liability.
83
�If the dividend is attributable partly to income derived from an Approved Enterprise, Benefited Enterprise or Preferred Enterprise, and partly to other sources of
income, the withholding rate will be a blended rate reflecting the relative portions of the two types of income. U.S. residents who are subject to Israeli withholding
tax on a dividend may be entitled to a credit or deduction for United States federal income tax purposes in the amount of the taxes withheld, subject to detailed
rules contained in U.S. tax legislation. As indicated above, application for this reduced tax rate requires appropriate documentation presented to and specific
instruction received from the Israel Tax Authority.
A non-Israeli resident who receives dividends from which tax was duly withheld is generally exempt from the obligation to file tax returns in Israel with respect to
such income, provided that (i) such income was not generated from business conducted in Israel by the taxpayer; (ii) the taxpayer has no other taxable sources of
income in Israel with respect to which a tax return is required to be filed, and (iii) the taxpayer is not liable to Excess Tax (as further explained below).
Payers of dividends on our shares, including the Israeli stockbroker effectuating the transaction, or the financial institution through which the securities are held, are
generally required, subject to any of the foregoing exemptions, reduced tax rates and the demonstration of foreign residence of the shareholder, to withhold tax
upon the distribution of dividend at the rate of 25%, so long as the shares are registered with a nominee company.
Excess Tax
Individuals who are subject to tax in Israel (whether any such individual is an Israeli resident or non-Israeli resident) are also subject to an additional tax at a rate of
3% on annual income exceeding a certain threshold (NIS 651,600 for 2020) which amount is linked to the annual change in the Israeli consumer price index,
including, but not limited to, dividends, interest and capital gain.
Estate and Gift Tax
Israeli law presently does not impose estate or gift taxes.
Certain United States Federal Income Tax Consequences
The following is a description of certain United States federal income tax consequences relating to the acquisition, ownership and disposition of our ordinary shares
by a U.S. Holder (as defined below). This description addresses only the United States federal income tax consequences to U.S. Holders that hold such ordinary
shares as capital assets within the meaning of Section 1221 of the Internal Revenue Code of 1986, as amended (the “Code”). This description does not address tax
considerations applicable to U.S. Holders that may be subject to special tax rules, including, without limitation:
•
•
•
•
•
•
•
banks, financial institutions or insurance companies;
real estate investment trusts, regulated investment companies or grantor trusts;
brokers, dealers or traders in securities, commodities or currencies;
tax-exempt entities, accounts or organizations, including an “individual retirement account” or “Roth IRA” as defined in Section 408 or 408A of the
Code, respectively;
certain former citizens or long-term residents of the United States;
persons that receive our ordinary shares as compensation for the performance of services;
persons that hold our ordinary shares as part of a “hedging,” “integrated” or “conversion” transaction or as a position in a “straddle” for United States
federal income tax purposes;
84
�•
•
•
•
•
persons subject to special tax accounting rules as a result of any item of gross income with respect to the ordinary shares being taken into account in
an applicable financial statement;
partnerships (including entities or arrangements classified as partnerships for United States federal income tax purposes) or other pass-through entities
or arrangements, or indirect holders that hold our ordinary shares through such an entity or arrangement;
S corporations;
holders whose “functional currency” is not the U.S. dollar; or
holders that own directly, indirectly or through attribution 10.0% or more of the voting power or value of our shares.
Moreover, this description does not address the United States federal estate, gift or alternative minimum tax consequences, or any state, local or non-U.S. tax
consequences, of the acquisition, ownership and disposition of our ordinary shares.
This description is based on the Code, existing, proposed and temporary United States Treasury Regulations and judicial and administrative interpretations thereof,
in each case as in effect and available on the date hereof. All of the foregoing is subject to change, which change could apply retroactively and could affect the tax
consequences described below. There can be no assurances that the U.S. Internal Revenue Service, or IRS, will not take a different position concerning the tax
consequences of the ownership and disposition of our ordinary shares or that such a position would not be sustained. Holders should consult their tax advisors
concerning the U.S. federal, state, local and foreign tax consequences of acquiring, owning and disposing of our ordinary shares in their particular circumstances.
For purposes of this description, a “U.S. Holder” is a beneficial owner of our ordinary shares that, for United States federal income tax purposes, is:
•
•
•
•
a citizen or individual resident of the United States;
a corporation (or other entity treated as a corporation for United States federal income tax purposes) created or organized in or under the laws of the
United States or any state thereof, including the District of Columbia;
an estate the income of which is subject to United States federal income taxation regardless of its source; or
a trust if such trust has validly elected to be treated as a United States person for United States federal income tax purposes or if (1) a court within the
United States is able to exercise primary supervision over its administration and (2) one or more United States persons have the authority to control
all of the substantial decisions of such trust.
If a partnership (or any other entity or arrangement treated as a partnership for United States federal income tax purposes) holds our ordinary shares, the tax
treatment of a partner in such partnership will generally depend on the status of the partner and the activities of the partnership. Such a partner or partnership should
consult its tax advisor as to the particular United States federal income tax consequences of acquiring, owning and disposing of our ordinary shares in its particular
circumstance.
You should consult your tax advisor with respect to the United States federal, state, local and foreign tax consequences of acquiring, owning and disposing
of our ordinary shares.
Distributions
Subject to the discussion below under “Passive Foreign Investment Company Considerations,” the gross amount of any distribution made to you with respect to our
ordinary shares before reduction for any Israeli taxes withheld therefrom, other than certain distributions, if any, of our ordinary shares distributed pro rata to all our
shareholders, generally will be includible in your income as dividend income on the date on which the dividends are actually or constructively received, to the
extent such distribution is paid out of our current or accumulated earnings and profits as determined under United States federal income tax principles. To the
extent that the amount of any distribution by us exceeds our current and accumulated earnings and profits as determined under United States federal income tax
principles, it will be treated first as a tax‑free return of your adjusted tax basis in our ordinary shares and thereafter as capital gain. However, we do not expect to
maintain calculations of our earnings and profits under United States federal income tax principles. Therefore, you should expect that the entire amount of any
distribution generally will be reported as dividend income to you. Subject to applicable limitations, dividends paid to certain non-corporate U.S. Holders may
qualify for the preferential rates of taxation with respect to dividends on ordinary shares if certain requirements, including stock holding period requirements, are
satisfied by the recipient and we are eligible for the benefits of the United States-Israel Tax Treaty. However, such dividends will not be eligible for the dividends
received deduction generally allowed to corporate U.S. Holders.
85
�Subject to certain conditions and limitations, Israeli tax withheld on dividends may be, at your election, either deducted from your taxable income or credited
against your United States federal income tax liability. Dividends paid to you with respect to our ordinary shares will generally be treated as foreign source income,
which may be relevant in calculating your foreign tax credit limitation. However, for periods in which we are a “United Stated-owned foreign corporation,” a
portion of dividends (generally attributable to earnings and profits from sources within the United States) paid by us may be treated as U.S. source solely for
purposes of the foreign tax credit. A United States-owned foreign corporation is any foreign corporation if 50% or more of the total value or total voting power of
its stock is owned, directly, indirectly or by attribution, by United States persons. We believe that we may be treated as a United States-owned foreign corporation.
As a result, if 10% or more of our earnings and profits are attributable to sources within the United States, a portion of the dividends paid on our ordinary shares
allocable to United States source earnings and profits may be treated as United States source, and, as such a U.S. Holder may not offset any Israeli withholding
taxes withheld as a credit against United States federal income tax imposed on that portion of dividends. A U.S. Holder entitled to benefits under the United States-
Israel Tax Treaty may, however, elect to treat any dividends as foreign source income for foreign tax credit purposes if the dividend income is separated from other
income items for purposes of calculating the U.S. Holder’s foreign tax credit. The rules governing the treatment of foreign taxes imposed on a U.S. Holder and
foreign tax credits are very complex, and U.S. Holders should consult their tax advisors about the impact of, and any exception available to, the special sourcing
rule described in this paragraph, and the desirability of making, and the method of making, such an election.
Sale, Exchange or Other Taxable Disposition of Ordinary Shares
Subject to the discussion below under “Passive Foreign Investment Company Considerations,” you generally will recognize gain or loss on the sale, exchange or
other taxable disposition of our ordinary shares equal to the difference between the amount realized on such sale, exchange or other taxable disposition and your
adjusted tax basis in our ordinary shares, and such gain or loss will be capital gain or loss. The adjusted tax basis in an ordinary share generally will be equal to the
cost of such ordinary share. If you are a non-corporate U.S. Holder, capital gain from the sale, exchange or other taxable disposition of ordinary shares is generally
eligible for a preferential rate of taxation applicable to capital gains, if your holding period for such ordinary shares exceeds one year (i.e., such gain is long-term
capital gain). The deductibility of capital losses for United States federal income tax purposes is subject to limitations under the Code. Any such gain or loss that a
U.S. Holder recognizes generally will be treated as U.S. source income or loss for foreign tax credit limitation purposes.
Passive Foreign Investment Company Considerations
If we were to be classified as a “passive foreign investment company,” or PFIC, in any taxable year, a U.S. Holder would be subject to special rules generally
intended to reduce or eliminate any benefits from the deferral of U.S. federal income tax that a U.S. Holder could derive from investing in a non-U.S. company that
does not distribute all of its earnings on a current basis.
A non-U.S. corporation will be classified as a PFIC for federal income tax purposes in any taxable year in which, after applying certain look-through rules with
respect to the income and assets of subsidiaries, either:
•
•
at least 75% of its gross income is “passive income”; or
at least 50% of the average quarterly value of its total gross assets (which may be measured in part by the market value of our ordinary shares, which
is subject to change) is attributable to assets that produce “passive income” or are held for the production of passive income.
86
�Passive income for this purpose generally includes dividends, interest, royalties, rents, gains from commodities and securities transactions and the excess of gains
over losses from the disposition of assets which produce passive income. If a non-U.S. corporation owns directly or indirectly at least 25% by value of the stock of
another corporation, the non-U.S. corporation is treated for purposes of the PFIC tests as owning its proportionate share of the assets of the other corporation and as
receiving directly its proportionate share of the other corporation’s income. If we are classified as a PFIC in any year with respect to which a U.S. Holder owns our
ordinary shares, we will continue to be treated as a PFIC with respect to such U.S. Holder in all succeeding years during which the U.S. Holder owns our ordinary
shares, regardless of whether we continue to meet the tests described above.
Based on our market capitalization and the nature of our income, assets and business, we believe that we should not be classified as a PFIC for the taxable year that
ended December 31, 2020. However, PFIC status is determined annually and requires a factual determination that depends on, among other things, the composition
of our income, assets and activities in each taxable year, and can only be made annually after the close of each taxable year. Furthermore, because the value of our
gross assets is likely to be determined in part by reference to our market capitalization, a decline in the value of our ordinary shares may result in our becoming a
PFIC. Accordingly, there can be no assurance that we will not be considered a PFIC for any taxable year.
Under certain attribution rules, if we are considered a PFIC, U.S. Holders may be deemed to own their proportionate share of equity in any PFIC owned by us (if
any), such entities referred to as “lower-tier PFICs,” and will be subject to U.S. federal income tax in the manner discussed below on (1) a distribution to us on the
shares of a “lower-tier PFIC” and (2) a disposition by us of shares of a “lower-tier PFIC,” both as if the holder directly held the shares of such “lower-tier PFIC.”
If we are considered a PFIC for any taxable year during which a U.S. Holder holds (or, as discussed in the previous paragraph, is deemed to hold) its ordinary
shares, such holder will be subject to adverse U.S. federal income tax rules. In general, if a U.S. Holder disposes of shares of a PFIC (including an indirect
disposition or a constructive disposition of shares of a “lower-tier PFIC”), gain recognized or deemed recognized by such holder would be allocated ratably over
such holder’s holding period for the shares. The amounts allocated to the taxable year of disposition and to years before the entity became a PFIC, if any, would be
treated as ordinary income.
The amount allocated to each other taxable year would be subject to tax at the highest rate in effect for such taxable year for individuals or corporations, as
appropriate, and an interest charge would be imposed on the tax attributable to such allocated amounts. Further, any distribution in respect of shares of a PFIC (or a
distribution by a lower-tier PFIC to its shareholders that is deemed to be received by a U.S. Holder) in excess of 125% of the average of the annual distributions on
such shares received or deemed to be received during the preceding three years or the U.S. Holder’s holding period, whichever is shorter, would be subject to
taxation in the manner described above. In addition, dividend distributions made to you will not qualify for the preferential rates of taxation applicable to long-term
capital gains discussed above under “Distributions.”
Where a company that is a PFIC meets certain reporting requirements, a U.S. Holder can avoid certain adverse PFIC consequences described above by making a
“qualified electing fund”, or QEF, election to be taxed currently on its proportionate share of the PFIC’s ordinary income and net capital gains. However, we do not
intend to prepare or provide the information that would enable U.S. Holders to make a qualified electing fund election.
If we are a PFIC and our ordinary shares are “regularly traded” on a “qualified exchange,” a U.S. Holder may make a mark-to-market election with respect to our
ordinary shares (but generally, not the shares of any lower-tier PFICs), which may help mitigate the adverse tax consequences resulting from our PFIC status (but
generally, not that of any lower-tier PFICs). Shares will be treated as “regularly traded” in any calendar year in which more than a de minimis quantity of the
ordinary shares are traded on a qualified exchange on at least 15 days during each calendar quarter (subject to the rule that trades that have as one of their principal
purposes the meeting of the trading requirement are disregarded). Nasdaq is a qualified exchange for this purpose and, consequently, if our ordinary shares are
regularly traded, the mark-to-market election will be available to a U.S. Holder; however, there can be no assurance that trading volumes will be sufficient to
permit a mark-to-market election. In addition, because a mark-to-market election with respect to us generally does not apply to any equity interests in “lower-tier
PFICs” that we own, a U.S. Holder generally will continue to be subject to the PFIC rules with respect to its indirect interest in any investments held by us that are
treated as equity interests in a PFIC for U.S. federal income tax purposes.
87
�If a U.S. Holder makes the mark-to-market election, for each year in which we are a PFIC, the holder will generally include as ordinary income the excess, if any,
of the fair market value of ordinary shares at the end of the taxable year over their adjusted tax basis, and will be permitted an ordinary loss in respect of the excess,
if any, of the adjusted tax basis of our ordinary shares over their fair market value at the end of the taxable year (but only to the extent of the net amount of
previously included income as a result of the mark-to-market election). A U.S. Holder that makes a valid mark-to-market election will not include mark-to-market
gain or loss in income for any taxable year that we are not classified as a PFIC (although cessation of our status as a PFIC will not terminate the mark-to-market
election). Thus, if we are classified as a PFIC in a taxable year after a year in which we are not classified as a PFIC, the U.S. Holder’s original election (unless
revoked or terminated) continues to apply and the U.S. Holder must include any mark-to-market gain or loss in such year. If a U.S. Holder makes the election, the
holder’s tax basis in our ordinary shares will be adjusted to reflect any such income or loss amounts. Any gain recognized on a sale or other disposition of our
ordinary shares will be treated as ordinary income. Any losses recognized on a sale or other disposition of our ordinary shares will be treated as ordinary loss to the
extent of any net mark-to-market gains for prior years. U.S. Holders should consult their tax advisors regarding the availability and consequences of making a
mark-to-market election in their particular circumstances. In particular, U.S. Holders should consider carefully the impact of a mark-to-market election with respect
to our ordinary shares if we have “lower-tier PFICs” for which such election is not available. Once made, the mark-to-market election cannot be revoked without
the consent of the IRS unless our ordinary shares cease to be “regularly traded.”
If a U.S. Holder owns ordinary shares during any year in which we are a PFIC, the U.S. Holder generally will be required to file an IRS Form 8621 (Information
Return by a Shareholder of a Passive Foreign Investment Company or Qualified Electing Fund) with respect to the company (regardless of whether a QEF or mark-
to-market election is made), generally with the U.S. Holder’s federal income tax return for that year. If our company were a PFIC for a given taxable year, then you
should consult your tax advisor concerning your annual filing requirements.
U.S. Holders should consult their tax advisors regarding whether we are a PFIC and the potential application of the PFIC rules.
Medicare Tax
Certain U.S. Holders that are individuals, estates or trusts are subject to a 3.8% tax on all or a portion of their “net investment income,” which may include all or a
portion of their dividend income and net gains from the disposition of ordinary shares. Each U.S. Holder that is an individual, estate or trust is urged to consult its
tax advisors regarding the applicability of the Medicare tax to its income and gains in respect of its investment in our ordinary shares.
Backup Withholding Tax and Information Reporting Requirements
United States backup withholding tax and information reporting requirements may apply to certain payments to certain holders of stock. Information reporting
generally will apply to payments of dividends on, and to proceeds from the sale or redemption of, our ordinary shares made within the United States, or by a United
States payor or United States middleman, to a holder of our ordinary shares, other than an exempt recipient (including a payee that is not a United States person that
provides an appropriate certification and certain other persons). A payor will be required to withhold backup withholding tax from any payments of dividends on,
or the proceeds from the sale or redemption of, ordinary shares within the United States, or by a United States payor or United States middleman, to a holder, other
than an exempt recipient, if such holder fails to furnish its correct taxpayer identification number or otherwise fails to comply with, or establish an exemption from,
such backup withholding tax requirements. Backup withholding is not an additional tax. Any amounts withheld under the backup withholding rules may be allowed
as a credit against the beneficial owner’s United States federal income tax liability, if any, and any excess amounts withheld under the backup withholding rules
may be refunded, provided that the required information is timely furnished to the IRS.
Foreign Asset Reporting
Certain U.S. Holders who are individuals or certain other non-corporate entities may be required to report information relating to an interest in our ordinary shares,
subject to certain exceptions (including an exception for shares held in accounts maintained by U.S. financial institutions) by filing IRS Form 8938 (Statement of
Specified Foreign Financial Assets) with their federal income tax return. U.S. Holders are urged to consult their tax advisors regarding their information reporting
obligations, if any, with respect to their ownership and disposition of our ordinary shares.
88
�The above description is not intended to constitute a complete analysis of all tax consequences relating to acquisition, ownership and disposition of our
ordinary shares. You should consult your tax advisor concerning the tax consequences of your particular situation.
F.
Dividends and Paying Agents
Not applicable.
G.
Statement by Experts
Not applicable.
H.
Documents on Display
We are subject to the informational requirements of the Exchange Act that are applicable to foreign private issuers, and under those requirements file reports with
the SEC. Those other reports or other information may be inspected without charge at the locations described above. As a foreign private issuer, we are exempt
from the rules under the Exchange Act related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders will be
exempt from reporting under short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the
Exchange Act to file annual, quarterly and current reports and financial statements with the SEC as frequently or as promptly as United States companies whose
securities are registered under the Exchange Act. However, we will file with the SEC, within 120 days after the end of each subsequent fiscal year, or such
applicable time as required by the SEC, an annual report on Form 20-F containing financial statements audited by an independent registered public accounting firm,
and will submit to the SEC reports on Form 6-K containing unaudited quarterly financial information.
Our filings with the SEC are also available to the public through the SEC’s website at http://www.sec.gov. This site contains reports, proxy and information
statements and other information regarding issuers that file electronically with the SEC. The information on that website is not part of this annual report and is not
incorporated by reference herein.
I.
Subsidiary Information
Not applicable.
ITEM 11.
QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
We are exposed to a variety of risks, including foreign currency exchange fluctuations, changes in interest rates and inflation. We regularly assess currency, interest
rate and inflation risks to minimize any adverse effects on our business as a result of those factors.
Foreign Currency Risk
Our results of operations and cash flows are affected by fluctuations due to changes in foreign currency exchange rates. In 2020, the majority of our revenues were
denominated in U.S. dollars and the remainder in other currencies, primarily euros and British pounds sterling. In 2020, the majority of our cost of revenues and
operating expenses were denominated in U.S. dollars and NIS and the remainder in other currencies, primarily euros and British pounds sterling. Our foreign
currency-denominated expenses consist primarily of personnel, marketing programs, rent and other overhead costs. Since the portion of our expenses generated in
NIS and British pounds sterling is greater than our revenues in NIS and British pounds sterling, respectively, any appreciation of the NIS or the British pounds
sterling relative to the U.S. dollar could adversely impact our operating income. In addition, since the portion of our revenues generated in euros is greater than our
expenses incurred in euros, any depreciation of the euro relative to the U.S. dollar would adversely impact our operating income.
89
�The following table presents information about the changes in the exchange rates of the NIS against the U.S. dollar:
Period
2020
2019
2018
Change in Average Exchange
Rate of the NIS Against the U.S.
dollar (%)
(3.6)
(0.9)
(0.1)
The figures above represent the change in the average exchange rate in the given period compared to the average exchange rate in the immediately preceding
period. Negative figures represent depreciation of the U.S. dollar compared to the NIS. A 10% strengthening or weakening in the value of the NIS against the U.S.
dollar would have decreased or increased, respectively, our operating income by approximately $9.2 million in 2020. We estimate that a 10% strengthening or
weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our operating income by approximately $3.2 million in
2020. We estimate that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would have decreased or increased,
respectively, our operating income by approximately $0.4 million in 2020. These estimates of the impact of fluctuations in currency exchange rates on our historic
results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising
our revenues and expenses may change.
For purposes of our consolidated financial statements, monetary assets and liabilities in local currency are translated at the rate of exchange to the U.S. dollar on the
balance sheet date and local currency revenues and expenses are translated at the exchange rate at the date of the transaction or the average exchange rate during the
reporting period.
In addition, starting January 1, 2019, in accordance with a new lease accounting standard, we are required to present a significant NIS linked liability related to our
operational leases in Israel.
To protect against the increase in value of forecasted foreign currency cash flow resulting from expenses paid in NIS during the year, we have instituted a foreign
currency cash flow hedging program. We hedge portions of the anticipated payroll of our Israeli employees in NIS for a period of one to twelve months with
forward contracts and other derivative instruments. In addition, from time to time we enter into foreign exchange forward transactions to economically hedge a
portion of account receivables in Euros and British pounds sterling. We do not use derivative financial instruments for speculative or trading purposes.
Interest Rate Risk
The primary objectives of our investment activities are to preserve principal, support liquidity requirements, and maximize income without significantly increasing
risk. Our investments are subject to market risk due to changes in interest rates, which may affect our interest income and fair market value of our investments.
To minimize this risk, we maintain our portfolio of cash, cash equivalents and short and long-term investments in a variety of securities, including money market
funds, U.S. government and agency securities, and corporate debt securities. We do not believe that a 10% increase or decrease in interest rates would have a
material impact on our operating results or cash flows.
Other Market Risks
We do not believe that we have any material exposure to inflationary risks.
In November 2019, we issued $575.0 million aggregate principal amount of 0.00% Convertible Senior Notes due 2024. We carry these instruments at face value
less unamortized discount and unamortized issuance costs on our consolidated balance sheets. As these instruments have no interest rate, we have no financial or
economic interest exposure associated with changes in interest rates. However, the fair value of these instruments fluctuates when interest rates change, and
additionally when the market price of our common stock fluctuates. The change in fair value does not impact our financial position, cash flows or result of
operation due to the fixed nature of the debt obligation.
ITEM 12.
DESCRIPTION OF SECURITIES OTHER THAN EQUITY SECURITIES
Not applicable.
90
�ITEM 13.
DEFAULTS, DIVIDEND ARREARAGES AND DELINQUENCIES
PART II
None.
ITEM 14.
MATERIAL MODIFICATIONS TO THE RIGHTS OF SECURITY HOLDERS AND USE OF PROCEEDS
None.
ITEM 15.
CONTROLS AND PROCEDURES
Disclosure controls and procedures
Our Chief Executive Officer and Chief Financial Officer, after evaluating the effectiveness of our disclosure controls and procedures (as defined in Rule 13a-15(e)
and 15d-15(e) of the Exchange Act) as of December 31, 2020, have concluded that, based on such evaluation, as of such date, our disclosure controls and
procedures were effective such that information required to be disclosed by us in reports that we file or submit under the Exchange Act is accumulated and
communicated to our management, including our Chief Executive Officer and Chief Financial Officer, to allow timely decisions regarding required disclosure and
is recorded, processed, summarized and reported within the time periods specified by the SEC’s rules and forms.
Management annual report on internal control over financial reporting and attestation report of the registered public accounting firm
Our management, under the supervision of our Chief Executive Officer and Chief Financial Officer, is responsible for establishing and maintaining adequate
internal control over financial reporting as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act. Our internal control over financial reporting is a
process to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in
accordance with generally accepted accounting principles. Our internal control over financial reporting includes those policies and procedures that:
•
•
•
pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of our assets;
provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally
accepted accounting principles, and that our receipts and expenditures are being made only in accordance with authorizations of our management and
directors; and
provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of our assets that could have a
material effect on the financial statements.
Our management assessed the effectiveness of internal control over financial reporting as of December 31, 2020 based on the criteria established in “Internal
Control-Integrated Framework (2013)” published by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment,
management has concluded that our internal control over financial reporting was effective as of December 31, 2020.
Our independent registered public accounting firm, Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, has audited the consolidated financial
statements included in this annual report on Form 20-F, and as part of its audit, has issued its audit report on the effectiveness of our internal control over financial
reporting as of December 31, 2020. The report of Kost Forer Gabbay & Kasierer is included with our consolidated financial statements included elsewhere in this
annual report and is incorporated herein by reference.
Changes in internal control over financial reporting
There were no changes in our internal control over financial reporting (as such term is defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) that
occurred during the period covered by this annual report that have materially affected, or that are reasonably likely to materially affect, our internal control over
financial reporting.
91
�ITEM 16A.
AUDIT COMMITTEE FINANCIAL EXPERT
Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by the SEC rules, have the requisite
financial experience as defined by Nasdaq corporate governance rules and are “independent” as such term is defined in Rule 10A-3(b)(1) under the Exchange Act.
ITEM 16B.
CODE OF ETHICS
We have adopted a corporate code of business conduct applicable to our executive officers, directors and all other employees. A copy of the code of conduct is
made available to every employee of CyberArk Software Ltd. and all of its subsidiaries and is also available to investors and members of the public on our website
at http://investors.cyberark.com or by contacting our investor relations department. The corporate code of business conduct includes, in compliance with Section
406 of the Sarbanes-Oxley Act of 2002, our code of ethics which is applicable to our chief executive officer, our chief financial officer and all other senior financial
officers. Pursuant to Item 16B of Form 20-F, if a waiver or amendment of the code of conduct (including the code of ethics) applies to our chief executive officer,
chief financial officer or other persons performing similar functions and relates to standards promoting any of the values described in Item 16B(b) of Form 20-F,
we will disclose such waiver or amendment on our website within five business days following the date of amendment or waiver in accordance with the
requirements of Instruction 4 to such Item 16B. We granted no waivers under our code in 2020.
ITEM 16C.
PRINCIPAL ACCOUNTANT FEES AND SERVICES
Principal Accountant Fees and Services
We have recorded the following fees for professional services rendered by Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, an independent
registered public accounting firm, for the years ended December 31, 2019 and 2020:
Audit Fees
Audit-Related Fees
Tax Fees
All Other Fees
Total
2019
2020
($ in thousands)
$
852
75
332
115
633
275
312
11
1,374
$
1,231
$
$
“Audit fees” include fees for the audit of our annual financial statements. This category also includes services that generally the independent accountant provides,
such as consents and assistance with and review of documents filed with the SEC as well as certain fees related to the audit in connection with our issuance of
convertible senior notes in November 2019.
“Audit-related fees” include fees for assurance and related services that are reasonably related to the performance of the audit and are not reported under audit fees.
These fees primarily include accounting consultations regarding the accounting treatment of matters that occur in the regular course of business, implications of
new accounting pronouncements, acquisitions and other accounting issues that occur from time to time.
“Tax fees” include fees for professional services rendered by our independent registered public accounting firm for tax compliance and tax advice on actual or
contemplated transactions.
“All other fees” include fees for services rendered by our independent registered public accounting firm with respect to government incentives, IT risk assessment,
and other matters.
Our audit committee has adopted a pre-approval policy for the engagement of our independent accountant to perform certain audit and non-audit services. Pursuant
to this policy, which is designed to assure that such engagements do not impair the independence of our auditors, the audit committee pre-approves each type of
audit, audit-related, tax and other permitted service. The audit committee has delegated the pre-approval authority with respect to audit, audit-related, tax and
permitted non-audit services up to a maximum of $25,000 to its chairperson and may in the future delegate such authority to one or more additional members of the
audit committee, provided that all decisions by that member to pre-approve any such services must be subsequently reported, for informational purposes only, to
the full audit committee. All audit and non-audit services provided by our auditors in 2019 and 2020 were approved in accordance with our policy.
92
�ITEM 16D.
EXEMPTIONS FROM THE LISTING STANDARDS FOR AUDIT COMMITTEES
Not applicable.
ITEM 16E.
PURCHASES OF EQUITY SECURITIES BY THE ISSUER AND AFFILIATED PURCHASERS
Not applicable.
ITEM 16F.
CHANGE IN REGISTRANT’S CERTIFYING ACCOUNTANT
Not applicable.
ITEM 16G.
CORPORATE GOVERNANCE
As a foreign private issuer, we are permitted to comply with Israeli corporate governance practices instead of certain of Nasdaq Listing Rules, provided that we
disclose those Nasdaq Listing Rules with which we do not comply and the equivalent Israeli requirements that we follow instead. We currently rely on this “foreign
private issuer exemption” as follows:
Quorum requirement. As permitted under the Companies Law, pursuant to our articles of association, the quorum required for an ordinary meeting of shareholders
consists of at least two shareholders present in person or by proxy who hold or represent between them at least 25% of the voting power of our shares (and, with
respect to an adjourned meeting, generally one or more shareholders who hold or represent any number of shares), instead of 33 1/3% of the issued share capital
provided under Nasdaq Listing Rule 5260(c).
Distribution of Annual and Interim Reports. Unlike Nasdaq Listing Rule 5250(d), which requires listed issuers to make annual reports on Form 20-F available to
shareholders in one of a number of specific manners, Israeli law does not require us to distribute such reports directly to shareholders, and the generally accepted
business practice in Israel is not to distribute such reports to shareholders but to make such reports available through a public website. In addition, we will make our
annual report on Form 20-F containing audited financial statements available to our shareholders at our offices (in addition to a public website). Otherwise, we
comply with Nasdaq corporate governance rules requiring that listed companies have a majority of independent directors and maintain audit, compensation and
nominating committees composed entirely of independent directors.
ITEM 16H.
MINE SAFETY DISCLOSURE
Not applicable.
ITEM 17.
FINANCIAL STATEMENTS
Not applicable.
ITEM 18.
FINANCIAL STATEMENTS
See pages F-2 through F-48 of this annual report.
PART III
93
�ITEM 19.
EXHIBITS
The following are filed as exhibits hereto:
Exhibit No.
Description
INDEX OF EXHIBITS
1.1
2.1
2.2
2.3
2.4
2.5
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
Amended and Restated Articles of Association of the Registrant (incorporated by reference to Exhibit 1.1 to the Registrant’s Annual Report on
Form 20-F for the year ended December 31, 2017)
Specimen share certificate (incorporated by reference to Exhibit 4.1 to the Registrant’s Registration Statement on Form F-1, as amended
(Registration No. 333-196991))
Fourth Amended Investor Rights Agreement, dated July 10, 2014, by and among the Registrant and the other parties thereto (incorporated by
reference to Exhibit 10.1 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
Description of the Registrant’s Securities Registered Pursuant to Section 12 of the Securities Exchange Act of 1934 (incorporated by reference to
Exhibit 2.3 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2019)
Indenture between CyberArk Software Ltd. And U.S. Bank National Association, as trustee, for the 0% Convertible Senior Notes due 2024
(incorporated by reference to Exhibit 4.1 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18,
2019)
Form of 0% Convertible Senior Note due 2024 (incorporated by reference to Exhibit 4.2 to the Registrant’s Report of Foreign Private Issuer on
Form 6-K filed with the SEC on November 18, 2019)
Form of Indemnification Agreement (incorporated by reference to Exhibit 10.2 to the Registrant’s Registration Statement on Form F-1, as
amended (Registration No. 333-196991))
Office Lease Agreement, dated October 28, 2013, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to
Exhibit 10.4 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
First Amendment of Lease, dated October 23, 2014, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to
Exhibit 10.6 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-202329))
Letter Agreement, dated June 28, 2018 between CyberArk Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 4.4 to
the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2018)
Summary of Office Lease Agreement, dated February 26, 2015, between the Registrant and Azorei Mallal Industries Ltd., as amended from time
to time ∞ (incorporated by reference to Exhibit 4.5 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2019)
Second Amendment of Lease, dated February 27, 2018 between CyberArk Software, Inc. and Wells 60 Realty LLC (incorporated by reference to
Exhibit 4.4 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2017)
2011 Share Incentive Plan (incorporated by reference to Exhibit 10.8 to the Registrant’s Registration Statement on Form F-1, as amended
(Registration No. 333-196991))
CyberArk Software Ltd. 2014 Share Incentive Plan, as amended (incorporated by reference to Exhibit 4.10 to the Registrant’s Annual Report on
Form 20-F for the year ended December 31, 2015)
94
�4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
8.1
12.1
12.2
13.1
13.2
15.1
CyberArk Executive Compensation Policy (incorporated by reference to Appendix A of Exhibit 99.1 to the Registrant’s Report of Foreign
Private Issuer on Form 6-K filed with the SEC on May 21, 2019)
Letter Agreement, dated as of November 13, 2019 between Morgan Stanley & Co. LLC and the Company regarding the Base Capped Call
Transaction (incorporated by reference to Exhibit 10.1 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on
November 18, 2019)
Letter Agreement, dated as of November 13, 2019 between Goldman Sachs & Co. LLC and the Company regarding the Base Capped Call
Transaction (incorporated by reference to Exhibit 10.2 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on
November 18, 2019)
Letter Agreement, dated as of November 13, 2019 between Barclays Bank PLC and the Company regarding the Base Capped Call Transaction
(incorporated by reference to Exhibit 10.3 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18,
2019)
Letter Agreement, dated as of November 13, 2019 between Nomura Global Financial Products Inc. and the Company regarding the Base Capped
Call Transaction (incorporated by reference to Exhibit 10.4 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC
on November 18, 2019)
Letter Agreement, dated as of November 14, 2019 between Morgan Stanley & Co. LLC and the Company regarding the Additional Capped Call
Transaction (incorporated by reference to Exhibit 10.5 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on
November 18, 2019)
Letter Agreement, dated as of November 14, 2019 between Goldman Sachs & Co. LLC and the Company regarding the Additional Capped Call
Transaction (incorporated by reference to Exhibit 10.6 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on
November 18, 2019)
Letter Agreement, dated as of November 14, 2019 between Barclays Bank PLC and the Company regarding the Additional Capped Call
Transaction (incorporated by reference to Exhibit 10.7 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on
November 18, 2019)
Letter Agreement, dated as of November 14, 2019 between Nomura Global Financial Products Inc. and the Company regarding the Additional
Capped Call Transaction (incorporated by reference to Exhibit 10.8 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with
the SEC on November 18, 2019)
List of subsidiaries of the Registrant (filed herewith)
Certification of Principal Executive Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications) (filed herewith)
Certification of Principal Financial Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications) (filed herewith)
Certification of Principal Executive Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith
Certification of Principal Financial Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith
Consent of Kost Forer Gabbay & Kasierer (a member of Ernst & Young Global)
101.INS
iXBRL Document
101.SCH
iXBRL Taxonomy Extension Schema Document
101.CAL
iXBRL Taxonomy Extension Calculation Linkbase Document
101.DEF
iXBRL Taxonomy Definition Linkbase Document
101.LAB
iXBRL Taxonomy Extension Label Linkbase Document
101.PRE
iXBRL Taxonomy Extension Presentation Linkbase Document
104
Cover Page Interactive Data File (the cover page iXBRL tags are embedded within the Inline iXBRL document)
∞
English summary of original Hebrew document
95
�The registrant hereby certifies that it meets all of the requirements for filing on Form 20-F and that it has duly caused and authorized the undersigned to sign this
annual report on its behalf.
SIGNATURES
Date: March 11, 2021
CyberArk Software Ltd.
By: /s/ Ehud Mokady
Ehud Mokady
Chairman of the Board &
Chief Executive Officer
96
�CYBERARK SOFTWARE LTD.
CONSOLIDATED FINANCIAL STATEMENTS
AS OF DECEMBER 31, 2020
INDEX
Reports of Independent Registered Public Accounting Firm
Consolidated Balance Sheets
Consolidated Statements of Comprehensive Income (Loss)
Consolidated Statements of Shareholders' Equity
Consolidated Statements of Cash Flows
Notes to Consolidated Financial Statements
- - - - - - - - - -
Page
F-2 - F-4
F-5 - F-6
F-7
F-8
F-9 - F-10
F-11 - F-48
�To the Shareholders and the Board of Directors of CyberArk Software Ltd.
Opinion on the Financial Statements
Report of Independent Registered Public Accounting Firm
We have audited the accompanying consolidated balance sheets of CyberArk Software Ltd. (the Company) as of December 31, 2019 and 2020, the related
consolidated statements of comprehensive income (loss), shareholders' equity and cash flows for each of the three years in the period ended December 31, 2020,
and the related notes (collectively referred to as the "consolidated financial statements"). In our opinion, the consolidated financial statements present fairly, in all
material respects, the financial position of the Company at December 31, 2019 and 2020, and the results of its operations and its cash flows for each of the three
years in the period ended December 31, 2020, in conformity with U.S. generally accepted accounting principles.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's
internal control over financial reporting as of December 31, 2020, based on criteria established in Internal Control-Integrated Framework issued by the Committee
of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated March 11, 2021 expressed an unqualified opinion thereon.
Basis for Opinion
These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company's financial
statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in
accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to
assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such
procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the
accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe
that our audits provide a reasonable basis for our opinion.
Critical Audit Matters
The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or
required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our
especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the consolidated
financial statements, taken as a whole, and we are not, by communicating critical audit matters below, providing separate opinions on critical audit matters or on
the accounts or disclosures to which they relate.
Revenue recognition
Description of the Matter
As explained in Note 2 to the consolidated financial statements, the Company generates revenues mainly from licensing the rights to
use its software products, maintenance and professional services. The Company enters into contracts with customers that include
combinations of products and services, which are generally distinct and recorded as separate performance obligations. The
transaction price is then allocated to the distinct performance obligations based on a relative standalone selling price basis and
revenue is recognized when control of the distinct performance obligation is transferred to the customer. For example, license
revenue is recognized at a point in time, while maintenance and professional services revenues are recognized over time.
Auditing the Company's recognition of revenue involved a high degree of auditor judgment due to the effort to evaluate 1) the
identification and determination of whether products and services, such as software licenses and related services, are considered
distinct performance obligations that should be accounted for separately versus together, 2) the determination of stand-alone selling
prices for each distinct performance obligation and 3) the pattern of delivery (i.e., timing of when revenue is recognized) for each
distinct performance obligation.
How We Addressed the
Matter in Our Audit
We obtained an understanding, evaluated the design and tested the operating effectiveness of internal controls related to the
identification of distinct performance obligations, determination of stand-alone selling prices for each distinct performance
obligation and the pattern of delivery of revenue recognition.
Our audit procedures also included, among others, selecting a sample of customer contracts and reading contract source documents
for each selection, including the executed contract and purchase order and evaluating the appropriateness of management's
application of significant accounting policies on the contracts. We tested management's identification of significant terms for
completeness, including the identification and determination of distinct performance obligations. We also evaluated the
reasonableness of management's estimate of stand-alone selling prices for products and services and tested the mathematical
accuracy of management's calculations of revenue and the associated timing of revenue recognition.
�F - 2
�Acquisition accounting for IDaptive Holdings, Inc. business combination
Description of the Matter
As described in Note 1 to the consolidated financial statements, on May 12, 2020, the Company acquired all of the share capital of
IDaptive Holdings, Inc. ("Idaptive") for a net consideration of $69 million (the "Idaptive acquisition"). The Company accounted for
the Idaptive acquisition under the acquisition method of accounting for business combinations in accordance with ASC 805
"Business Combinations." Accordingly, the purchase price was allocated to the assets acquired and liabilities assumed based on their
respective fair values, including total intangible assets of $23.4 million, which consist primarily of $19 million of current
technology.
Auditing the Company's accounting for the Idaptive acquisition included a high degree of auditor judgement and subjectivity in
applying procedures relating to the fair value measurement of the current technology intangible asset. The Company used the relief
from royalty method to measure the current technology. Significant audit effort, including involving valuation specialists, was
required in performing procedures and evaluating the significant assumptions relating to the estimate, including forecasted revenue
and discount rates.
How We Addressed the
Matter in Our Audit
We obtained an understanding, evaluated the design and tested the operating effectiveness of internal controls related to the
acquisition accounting, including controls over the measurement of the current technology intangible asset and controls over the
development of the assumptions related to the valuation, including forecasted revenue and discount rates, and controls over the
completeness and accuracy of the underlying data.
To test the estimated fair value of the intangible asset, we performed audit procedures that included, among others, reading the
purchase agreement, evaluating the appropriateness of the relief from royalty method, testing the completeness, accuracy and
relevance of underlying data used in the relief from royalty method and evaluating the reasonableness of the significant
assumptions, which involved considering the past performance of the acquired business and comparable industry data related to
forecasted revenues and discount rates. We involved our valuation specialists to assist the evaluation of the relief from royalty
method used by management and significant assumptions included in the fair value estimate.
/s/ KOST FORER GABBAY & KASIERER
A Member of Ernst & Young Global
We have served as the Company`s auditor since 2000.
Tel-Aviv, Israel
March 11, 2021
F - 3
�To the Shareholders and the Board of Directors of CyberArk Software Ltd.
Opinion on Internal Control Over Financial Reporting
Report of Independent Registered Public Accounting Firm
We have audited CyberArk Software Ltd.'s internal control over financial reporting as of December 31, 2020, based on criteria established in Internal
Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our
opinion, CyberArk Software Ltd. (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31, 2020,
based on the COSO criteria.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated
balance sheets of the Company as of December 31, 2019 and 2020, the related consolidated statements of comprehensive income (loss), shareholders' equity and
cash flows for each of the three years in the period ended December 31, 2020, and the related notes and our report dated March 11, 2021 expressed an unqualified
opinion thereon.
Basis for Opinion
The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of
internal control over financial reporting included in the accompanying Management's Annual Report on Internal Control over Financial Reporting. Our
responsibility is to express an opinion on the Company's internal control over financial reporting based on our audit. We are a public accounting firm registered
with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and
regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable
assurance about whether effective internal control over financial reporting was maintained in all material respects.
Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and
evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary
in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting
and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over
financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the
transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of
financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in
accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of
unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of
effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with
the policies or procedures may deteriorate.
/s/ KOST FORER GABBAY & KASIERER
A Member of Ernst & Young Global
Tel-Aviv, Israel
March 11, 2021
F - 4
�CONSOLIDATED BALANCE SHEETS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
ASSETS
CURRENT ASSETS:
Cash and cash equivalents
Short-term bank deposits
Marketable securities
Trade receivables (net of allowance for credit losses of $67 and $101 at December 31, 2019 and 2020, respectively)
Prepaid expenses and other current assets
$
792,363 $
140,067
132,412
72,953
8,406
499,992
256,143
196,856
93,128
15,312
Total current assets
LONG-TERM ASSETS:
Marketable securities
Property and equipment, net
Intangible assets, net
Goodwill
Other long-term assets
Deferred tax assets
Total long-term assets
TOTAL ASSETS
The accompanying notes are an integral part of the consolidated financial statements.
F - 5
1,146,201
1,061,431
54,408
16,472
9,143
82,400
72,091
24,451
202,190
18,537
23,676
123,717
99,992
32,809
258,965
500,921
$
1,405,166 $
1,562,352
�CONSOLIDATED BALANCE SHEETS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
LIABILITIES AND SHAREHOLDERS' EQUITY
CURRENT LIABILITIES:
Trade payables
Employees and payroll accruals
Accrued expenses and other current liabilities
Deferred revenue
Total current liabilities
LONG-TERM LIABILITIES:
Convertible senior notes, net
Deferred revenue
Other long-term liabilities
Total long-term liabilities
TOTAL LIABILITIES
COMMITMENTS AND CONTINGENCIES
SHAREHOLDERS' EQUITY:
Ordinary shares of NIS 0.01 par value – Authorized: 250,000,000 shares at December 31, 2019 and 2020; Issued and
outstanding: 38,043,516 shares and 39,034,759 shares at December 31, 2019 and 2020, respectively
Additional paid-in capital
Accumulated other comprehensive income
Retained earnings
Total shareholders' equity
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
$
$
5,675
41,345
27,132
118,519
8,250
52,169
24,915
161,679
192,671
247,013
485,119
71,836
31,408
502,302
80,829
24,920
588,363
608,051
781,034
855,064
99
396,437
818
226,778
101
481,992
4,175
221,020
624,132
707,288
TOTAL LIABILITIES AND SHAREHOLDERS' EQUITY
$
1,405,166
$
1,562,352
The accompanying notes are an integral part of the consolidated financial statements.
F - 6
�CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME (LOSS)
U.S. dollars in thousands (except per share data and unless otherwise indicated)
Revenues:
License
Maintenance and professional services
Cost of revenues:
License
Maintenance and professional services
Gross profit
Operating expenses:
Research and development
Sales and marketing
General and administrative
Total operating expenses
Operating income
Financial income (expense), net
Income (loss) before taxes on income
Taxes on income
Net income (loss)
Basic net income (loss) per ordinary share
Diluted net income (loss) per ordinary share
Other comprehensive income (loss)
Change in unrealized income (losses) on marketable securities:
Unrealized income (loss) arising during the year
Change in unrealized gain (loss) on cash flow hedges:
Unrealized gain (loss) arising during the year
Loss (gain) reclassified into earnings
CYBERARK SOFTWARE LTD.
Year ended
December 31,
2019
2018
2020
$
192,514
150,685
$
237,879
196,016
$
226,113
238,318
343,199
433,895
464,431
10,526
37,935
48,461
10,569
52,046
62,615
19,341
63,230
82,571
294,738
371,280
381,860
$
$
$
57,112
148,290
42,044
247,446
47,292
4,551
51,843
(4,771)
47,072
1.30
1.27
(43)
(43)
(2,469)
1,466
(1,003)
$
$
$
72,520
184,168
52,308
95,426
219,999
60,429
308,996
375,854
62,284
7,800
70,084
(7,020)
63,064
1.68
1.62
$
$
$
777
777
1,538
(558)
980
6,006
(6,395)
(389)
(5,369)
(5,758)
(0.15)
(0.15)
2,152
2,152
2,676
(1,471)
1,205
Other comprehensive income (loss), net of taxes of $143, $(240) and $(458) for 2018, 2019 and
2020, respectively
Total comprehensive income (loss)
(1,046)
1,757
3,357
$
46,026
$
64,821
$
(2,401)
The accompanying notes are an integral part of the consolidated financial statements.
F - 7
�CYBERARK SOFTWARE LTD.
STATEMENTS OF SHAREHOLDERS’ EQUITY
U.S. dollars in thousands (except share data and unless otherwise indicated)
Ordinary shares
Shares
Amount
Additional
paid-in capital
Accumulated
other
comprehensive
income (loss)
Retained
earnings
Total
shareholders'
equity
Balance as of January 1, 2018
35,274,888
$
91
$
249,874
$
107
$
103,893
$
353,965
Cumulative effect adjustment resulting
from adoption of new accounting
pronouncements
Exercise of options and vested RSUs
granted to employees
Other comprehensive loss, net of tax
Share-based compensation
Net income
—
1,563,635
—
—
—
—
4
—
—
—
—
18,035
—
35,991
—
—
—
(1,046)
—
—
12,749
—
—
—
47,072
12,749
18,039
(1,046)
35,991
47,072
Balance as of December 31, 2018
36,838,523
$
95
$
303,900
$
(939) $
163,714
$
466,770
Exercise of options and vested RSUs
granted to employees
Equity component of convertible senior
notes, net of tax
Purchase of capped calls
Other comprehensive income, net of tax
Share-based compensation
Net income
1,204,993
—
—
—
—
—
4
—
—
—
—
—
24,543
65,932
(53,648)
—
55,710
—
—
—
—
1,757
—
—
—
—
—
—
—
63,064
24,547
65,932
(53,648)
1,757
55,710
63,064
Balance as of December 31, 2019
38,043,516
$
99
$
396,437
$
818
$
226,778
$
624,132
Exercise of options and vested RSUs
granted to employees
Other comprehensive income, net of tax
Share-based compensation
Net loss
991,243
—
—
—
2
—
—
—
13,094
—
72,461
—
—
3,357
—
—
—
—
—
(5,758)
13,096
3,357
72,461
(5,758)
Balance as of December 31, 2020
39,034,759
$
101
$
481,992
$
4,175
$
221,020
$
707,288
The accompanying notes are an integral part of the consolidated financial statements.
F - 8
�CONSOLIDATED STATEMENTS OF CASH FLOWS
U.S. dollars in thousands (except per share data and unless otherwise indicated)
Cash flows from operating activities:
Net income (loss)
Adjustments to reconcile net income (loss) to net cash provided by operating activities:
Depreciation and amortization
Share-based compensation
Amortization of premium and accretion of discount on marketable securities, net
Deferred income taxes, net
Amortization of debt discount and issuance costs
Increase in trade receivables
Increase in prepaid expenses and other current and long-term assets
Increase in trade payables
Increase in short-term and long-term deferred revenue
Increase in employees and payroll accruals
Increase (decrease) in accrued expenses and other current and long-term liabilities
CYBERARK SOFTWARE LTD.
Year ended December 31,
2019
2018
2020
$
47,072
$
63,064
$
(5,758)
10,078
35,964
293
(7,056)
—
(3,116)
(11,893)
1,955
47,818
6,896
2,114
10,646
55,517
(47)
(6,974)
1,966
(24,522)
(14,321)
1,571
40,821
7,337
6,652
15,475
71,849
3,068
(1,988)
17,183
(17,315)
(20,487)
558
45,397
7,846
(9,059)
Net cash provided by operating activities
130,125
141,710
106,769
Cash flows from investing activities:
Proceeds from (investment in) short-term and long-term deposits
Investment in marketable securities
Proceeds from maturities of marketable securities
Purchase of property and equipment
Business acquisitions, net of cash acquired (Schedule A)
Net cash used in investing activities
Cash flows from financing activities:
Proceeds from withholding tax related to employee stock plans
Proceeds from exercise of stock options
Proceeds from the issuance of convertible senior notes, net of issuance costs
Purchase of capped calls
Net cash provided by financing activities
Increase (decrease) in cash, cash equivalents and restricted cash
Cash, cash equivalents and restricted cash at the beginning of the year
Cash, cash equivalents and restricted cash at the end of the year
Non-cash activities:
Lease liabilities arising from obtaining right-of-use-assets
Non-cash purchase of property and equipment
Exercise of stock options
$
$
$
$
F - 9
1,600
(61,118)
37,838
(8,613)
(18,450)
(33,961)
(165,714)
63,489
(7,036)
—
(123,054)
(403,279)
189,723
(7,174)
(68,603)
(48,743)
(143,222)
(412,387)
—
17,980
—
—
17,980
99,362
162,521
1,155
24,428
560,107
(53,648)
532,042
530,530
261,883
1,069
12,180
—
—
13,249
(292,369)
792,413
261,883
$
792,413
$
500,044
— $
$
$
1,613
59
27,926
960
119
$
$
$
3,237
1,639
916
�CONSOLIDATED STATEMENTS OF CASH FLOWS
U.S. dollars in thousands (except per share data and unless otherwise indicated)
CYBERARK SOFTWARE LTD.
Supplemental disclosure of cash flow activities:
Cash paid during the year for taxes, net
$
6,375
$
10,548
$
11,424
Year ended
December 31,
2019
2018
2020
Reconciliation of cash, cash equivalents and restricted cash:
Cash and cash equivalents
Restricted cash included in other long-term assets
Total cash, cash equivalents and restricted cash
Schedule A - Payments for businesses acquired (See note 1b.)
260,636
1,247
792,363
50
499,992
52
$
261,883
$
792,413
$
500,044
Fair value of assets acquired and liabilities assumed at the date of Vaultive's acquisition was as follows:
Working capital, net (excluding $21 of cash and cash equivalents acquired)
Property and equipment
Goodwill
Other intangible assets
Deferred taxes, net
Fair value of assets acquired and liabilities assumed at the date of Idaptive's acquisition was as follows:
Working capital, net (excluding $1,934 of cash and cash equivalents acquired)
Property and equipment
Goodwill
Technology
Customer relationships
Other long-term assets
Deferred taxes, net
Other long-term liabilities
The accompanying notes are an integral part of the consolidated financial statements.
F - 10
$
$
$
Year ended
December 31,
2018
(996)
83
13,183
5,424
756
18,450
Year ended
December 31,
2020
(6,965)
654
41,317
18,908
4,466
1,076
10,845
(1,698)
$
68,603
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 1:- GENERAL
a. CyberArk Software Ltd. (together with its subsidiaries, the "Company") is an Israeli company that develops, markets and sells software-based
security solutions and services. The Company's solutions and services secure access for any identity - human or machine - to help organizations
secure critical business assets, protect their distributed workforce and customers, and accelerate business in the cloud. The Company's software
extends its leadership in Privileged Access Management, or PAM, to offer a comprehensive set of Identity Security capabilities.
b.
In March 2018, the Company acquired all of the share capital of Vaultive, Ltd. ("Vaultive") for total gross consideration of $18,471. Vaultive
specializes in privileged account security in cloud environments. The Company expensed the related acquisition costs of $268 in general and
administrative expenses.
In May 2020, the Company acquired all of the share capital of IDaptive Holdings, Inc. ("Idaptive") for total gross consideration of $68,603.
Idaptive specializes in Identity and Access Management as a Service (IDaaS) which provides a comprehensive Artificial Intelligence (AI)-
based and security-first approach to managing identities that is both adaptive and context-aware. The Company expensed the related
acquisition costs of $2,932 substantially in general and administrative. Goodwill generated from this business combination is primarily
attributable to the assembled workforce and expected post-acquisition synergies from integrating Idaptive`s technology into the Company`s
portfolio. The goodwill is not deductible for income tax purposes. Pro forma results of operations have not been presented because the
acquisition was not material to the Company's results of operations.
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES
The consolidated financial statements have been prepared in accordance with U.S. generally accepted accounting principles ("U.S. GAAP").
a. Use of estimates:
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates, judgments and assumptions
that affect the amounts reported in the consolidated financial statements and accompanying notes. Such management estimates and
assumptions are related, but not limited to contingent liabilities, income tax uncertainties, deferred taxes, share-based compensation, fair value
of assets acquired and liabilities assumed in business combinations, fair value of the liability component of the convertible senior notes, as well
as the determination of standalone selling prices in revenue transactions with multiple performance obligations and the estimated period of
benefit for deferred contract costs. The Company's management believes that the estimates, judgment and assumptions used are reasonable
based upon information available at the time they are made. These estimates, judgments and assumptions can affect the reported amounts of
assets and liabilities and disclosure of contingent assets and liabilities at the dates of the consolidated financial statements, and the reported
amounts of revenues and expenses during the reporting periods.
Actual results could differ from those estimates.
F - 11
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
In March 2020, the World Health Organization (WHO) declared the outbreak of coronavirus disease (COVID-19). The Company considered
the impact of COVID-19 on the assumptions and estimates used and determined that there were no material adverse impacts on the
consolidated financial statements for the year ended December 31, 2020. As events continue to evolve and additional information becomes
available, the Company`s assumptions and estimates may change materially in future periods.
b.
Principles of consolidation:
The consolidated financial statements include the financial statements of CyberArk Software Ltd. and its wholly-owned subsidiaries. All
intercompany transactions and balances have been eliminated upon consolidation.
c.
Financial statements in U.S. dollars:
A majority of the Company's revenues are generated in U.S. dollars. In addition, the equity investments were in U.S. dollars and a substantial
portion of the Company's costs are incurred in U.S. dollars. The Company's management believes that the U.S. dollar is the currency of the
primary economic environment in which the Company and each of its subsidiaries operates. Thus, the functional and reporting currency of the
Company is the U.S. dollar.
Accordingly, monetary accounts maintained in currencies other than the U.S. dollar are re-measured into U.S. dollars in accordance with
Accounting Standard Codification ("ASC") No. 830 "Foreign Currency Matters." All transaction gains and losses of the re-measured monetary
balance sheet items are reflected in the statement of comprehensive income (loss) as financial income or expenses, as appropriate.
d. Cash and cash equivalents:
Cash equivalents are short-term highly liquid deposits that are readily convertible to cash with original maturities of three months or less, at the
date acquired.
e.
Short-term bank deposits:
Short-term bank deposits are deposits with maturities of up to one year. As of December 31, 2019 and 2020, the Company's bank deposits are
denominated in U.S. dollars and New Israeli Shekels ("NIS") and bear yearly interest at weighted average rates of 2.27% and 0.86%,
respectively. Short-term bank deposits are presented at their cost, including accrued interest.
F - 12
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
f.
Investments in marketable securities:
CYBERARK SOFTWARE LTD.
The Company accounts for investments in debt marketable securities in accordance with ASC No. 320, "Investments - Debt and Equity
Securities". The Company determines the appropriate classification of its investments at the time of purchase and reevaluates such designation
at each balance sheet date. The Company classifies all of its marketable securities as available-for-sale as the Company may sell these
securities at any time for use in its current operations or for other purposes, even prior to maturity. Available-for-sale securities are carried at
fair value, with the unrealized gains and losses, net of tax, reported in accumulated other comprehensive income (loss) in shareholders' equity.
In 2020 the Company adopted ASU 2016-13, Topic 326 "Financial Instruments – Credit Losses: Measurement of Credit Losses on Financial
Instruments" which modified the other than temporary impairment model for available for sale debt securities. Available-for-sale securities are
periodically evaluated for unrealized losses. For unrealized losses in securities that the Company intends to hold and will not more likely than
not be required to sell before recovery, the Company further evaluates whether declines in fair value below amortized cost are due to credit or
non-credit related factors. The Company considers credit related impairments to be changes in value that are driven by a change in the
creditor's ability to meet its payment obligations and records an allowance and recognizes a corresponding loss in financial income (expense),
net when the impairment is incurred. Unrealized non-credit related losses and unrealized gains are reported as a separate component of
accumulated other comprehensive income (loss) in the consolidated balance sheets until realized. Realized gains and losses on sale of
marketable securities are included in financial income (expense), net and are derived using the specific identification method for determining
the cost of securities sold. The amortized cost of marketable securities is adjusted for amortization of premiums and accretion of discounts to
maturity. Such amortization together with interest on securities is included in financial income (expense), net. During the year ended December
31, 2020, no credit loss impairments have been identified.
For the years ended December 31, 2018 and 2019, the Company's securities were reviewed for impairment in accordance with ASC No. 320-
10-35. According to this standard, if such assets were considered to be impaired, the impairment charge was recognized in earnings when a
decline in the fair value of its investments below the cost basis was judged to be Other-Than-Temporary Impairment (OTTI). Factors
considered in making such a determination include the duration and severity of the impairment, the reason for the decline in value, the potential
recovery period and the Company's intent to sell, including whether it is more likely than not that the Company will be required to sell the
investment before recovery of cost basis. Based on the above factors, the Company concluded that unrealized losses on its available-for-sale
securities for the years ended December 31, 2018 and 2019 were not OTTI.
g.
Property and equipment:
Property and equipment are stated at cost, net of accumulated depreciation. Depreciation is calculated using the straight-line method over the
estimated useful lives of the assets at the following annual rates:
Computers, software and related equipment
Office furniture and equipment
Leasehold improvements
h.
Long-lived assets:
%
20 – 33
15 – 20
Over the shorter of the related lease period or
the life of the asset
The long-lived assets of the Company are reviewed for impairment in accordance with ASC No. 360, "Property, Plant and Equipment",
whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. The recoverability of assets
to be held and used is measured by a comparison of the carrying amount of an asset to the future undiscounted cash flows expected to be
generated by the assets.
F - 13
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which the carrying amount of the
assets exceeds the fair value of the assets. During the years ended December 31, 2018, 2019 and 2020, no impairment losses have been
identified.
i.
Business combination:
The Company accounts for its business acquisitions in accordance with ASC No. 805, "Business Combinations." The Company uses its best
estimates and assumptions as part of the purchase price allocation process to value assets acquired and liabilities assumed at the business
combination date. The total purchase price allocated to the tangible and intangible assets acquired is assigned based on the fair values as of the
date of the acquisition. Goodwill generated from the business combinations is primarily attributable to synergies between the Company and
acquired companies` respective products and services. Acquisition-related expenses are recognized separately from the business combination
and are expensed as incurred.
j.
Goodwill and other intangible assets:
Goodwill and certain other purchased intangible assets have been recorded in the Company's financial statements as a result of acquisitions.
Goodwill represents excess of the purchase price in a business combination over the fair value of identifiable tangible and intangible assets
acquired. Goodwill is not amortized, but rather is subject to an impairment test.
ASC No. 350, "Intangible—Goodwill and other" requires goodwill to be tested for impairment at least annually and, in certain circumstances,
between annual tests. The accounting guidance gives the option to perform a qualitative assessment to determine whether further impairment
testing is necessary. The qualitative assessment considers events and circumstances that might indicate that a reporting unit's fair value is less
than its carrying amount. If it is determined, as a result of the qualitative assessment, that it is more likely than not that the fair value of a
reporting unit is less than its carrying amount, a quantitative test is performed. The Company operates as one reporting unit. Therefore,
goodwill is tested for impairment by comparing the fair value of the reporting unit with its carrying value. The Company elects to perform an
annual impairment test of goodwill as of October 1 of each year, or more frequently if impairment indicators are present.
For the years ended December 31, 2018, 2019 and 2020, no impairment losses were identified.
Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated
useful lives of the respective assets, which range from two to twelve years. Intangible assets, consisting primarily of technology and customer
relationships, are amortized over their estimated useful lives on a straight-line basis or in proportion to their economic benefits realized.
F - 14
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
k. Derivative instruments:
CYBERARK SOFTWARE LTD.
ASC No. 815, "Derivative and Hedging," requires companies to recognize all of their derivative instruments as either assets or liabilities on the
balance sheet at fair value.
For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument,
based upon the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.
As a result of adopting ASU 2017-12, "Targeted Improvements to Accounting for Hedging Activities", beginning January 1, 2019, gains and
losses on the derivatives instruments that are designated and qualify as a cash flow hedge are recorded in accumulated other comprehensive
income (loss) and reclassified into earnings in the same accounting period in which the designated forecasted transaction or hedged item affects
earnings. Prior to January 1, 2019, cash flow hedge ineffectiveness was separately measured and reported immediately in earnings. Cash flow
hedge ineffectiveness was immaterial during 2018.
To hedge against the risk of changes in cash flows resulting from foreign currency salary payments during the year, the Company instituted a
foreign currency cash flow hedging program. The Company hedges portions of its forecasted expenses denominated in NIS. These forward and
option contracts are designated as cash flow hedges, as defined by ASC No. 815, and are all effective, as their critical terms match underlying
transactions being hedged.
As of December 31, 2019 and 2020, the amount recorded in accumulated other comprehensive income (loss) from the Company's currency
forward and option transactions was $254, net of tax of $35 and $1,459, net of tax of $200, respectively.
At December 31, 2020, the notional amounts of foreign exchange forward contracts into which the Company entered were $19,063. The
foreign exchange forward contracts will expire by September 2021. The fair value of derivative instruments assets balances as of December 31,
2019 and 2020, totaled $288 and $1,654, respectively. As of December 31, 2019 and 2020, the Company did not have any derivative
instruments that were classified as liabilities.
In addition to the derivatives that are designated as hedges as discussed above, the Company enters into certain foreign exchange forward
transactions to economically hedge certain account receivables in Euros, British Pounds Sterling and Canadian Dollars. Gains and losses
related to such derivative instruments are recorded in financial income (expense), net.
As of December 31, 2020, the notional amounts of foreign exchange forward contracts into which the Company entered were $23,377. The
foreign exchange forward contracts will expire by December 2021. The fair value of derivative instruments assets balances as of December 31,
2019 and 2020, totaled $514 and $0, respectively. The fair value of derivative instruments liabilities balances as of December 31, 2019 and
2020 totaled $134 and $1,561, respectively.
F - 15
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
For the years ended December 31, 2018, 2019 and 2020, the Company recorded financial income (expense), net from hedging transactions of
$977, $515 and $(1,317), respectively.
l.
Severance pay:
The Israeli Severance Pay Law, 1963 ("Severance Pay Law"), specifies that employees are entitled to severance payment, following the
termination of their employment. Under the Severance Pay Law, the severance payment is calculated as one month salary for each year of
employment, or a portion thereof.
The majority of the Company's liability for severance pay is covered by the provisions of Section 14 of the Severance Pay Law ("Section 14").
Under Section 14, employees are entitled to monthly deposits, at a rate of 8.33% of their monthly salary, made on behalf of the employee with
insurance companies. Payments in accordance with Section 14 release the Company from any future severance payments in respect of those
employees. As a result, the Company does not recognize any liability for severance pay due to these employees and the deposits under Section
14 are not recorded as an asset in the Company's balance sheet.
For the Company's employees in Israel who are not subject to Section 14, the Company calculated the liability for severance pay pursuant to
the Severance Pay Law based on the most recent salary of these employees multiplied by the number of years of employment as of the balance
sheet date. The Company's liability for these employees is fully provided for via monthly deposits with severance pay funds, insurance policies
and accruals. The value of these deposits recorded as an asset on the Company's balance sheet under other long-term assets as of December 31,
2019 and 2020 is $4,313 and $4,952, respectively. The amount of accrued severance payable recorded as a liability on the Company's balance
sheet under long-term liabilities as of December 31, 2019 and 2020 is $6,751 and $7,963, respectively.
Severance expenses for the years ended December 31, 2018, 2019 and 2020, amounted to $3,326, $4,035 and $4,813, respectively.
m. U.S. defined contribution plan:
The U.S. subsidiary has a 401(k) defined contribution plan covering certain full time and part time employees in the U.S. who meet certain
eligibility requirements, excluding leased employees and contractors. All eligible employees may elect to contribute up to an annual maximum,
of the lesser of 100% of their annual compensation to the plan through salary deferrals, subject to Internal Revenue Service limits, but not
greater than $19.5 per year (for certain employees over 50 years of age the maximum contribution is $26 per year).
F - 16
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
The U.S. subsidiary matches amounts equal to 100% of the first 3% of the employee's compensation that they contribute to the defined
contribution plan and 50% of the next 2% of their compensation that they contribute to the defined contribution plan with a limit of $11.4 per
year per employee. For the years ended December 31, 2018, 2019 and 2020, the U.S. subsidiary recorded expenses for matching contributions
of $2,171, $2,697 and $3,533, respectively.
n. Convertible senior notes:
The Company accounts for its convertible senior notes in accordance with ASC 470-20 "Debt with Conversion and Other Options". The
Company allocated the principal amount of the convertible senior notes between its liability and equity component. The liability component at
issuance is recognized at fair value, based on the fair value of a similar instrument of similar credit rating and maturity that does not have a
conversion feature. The equity component is based on the excess of the principal amount of the convertible senior notes over the fair value of
the liability component and is recorded in additional paid-in capital. The equity component, net of issuance costs and deferred tax effects is
presented within additional paid-in-capital and is not remeasured as long as it continues to meet the conditions for equity classification. The
Company allocated the total issuance costs incurred to the liability and equity components of the convertible senior notes based on the same
proportions as the proceeds from the notes.
Relating to the convertible senior notes issued in 2019, issuance costs attributable to the liability and equity components were $12.9 million
and $2.0 million, respectively. Issuance costs attributable to the liability are netted against the principal balance and are amortized to interest
expense using the effective interest method over the contractual term of the notes. The effective interest rate of the liability component of the
notes is 3.50%. This interest rate was based on Company's credit risk rating using software industry rating methodology.
Issuance costs attributable to the equity component are netted with the equity component in additional paid-in capital.
o. Revenue recognition:
The Company substantially generates revenues from licensing the rights to use its software products, maintenance and professional services.
License revenues include perpetual and on-premises subscription licenses, as well as software as a service ("SaaS") offerings which were
recognized during the reported period. The Company sells its products through its direct sales force and indirectly through resellers. Payment is
typically due within 30 to 90 calendar days of the invoice date.
The Company recognizes revenues in accordance with ASC No. 606, "Revenue from Contracts with Customers" ("ASC No. 606"). As such,
the Company identifies a contract with a customer, identifies the performance obligations in the contract, determines the transaction price,
allocates the transaction price to each performance obligation in the contract and recognizes revenues when (or as) the Company satisfies a
performance obligation.
F - 17
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
The Company enters into contracts that can include combinations of products and services, which are generally capable of being distinct and
accounted for as separate performance obligations and may include an option to provide products or services. The license is distinct as the
customer can derive the economic benefit of the software without any professional services, updates or technical support.
The transaction price is determined based on the consideration to which the Company will be entitled in exchange for transferring goods or
services to the customer. The Company does not grant a right of return to its customers.
In instances of contracts where revenue recognition differs from the timing of invoicing, the Company generally determined that those
contracts do not include a significant financing component. The primary purpose of the invoicing terms is to provide customers with simplified
and predictable ways of purchasing the Company's products and services, not to receive or provide financing. The Company uses the practical
expedient and does not assess the existence of a significant financing component when the difference between payment and revenue
recognition is a year or less.
The Company records unbilled receivables from contracts when the revenue recognized exceeds the amount billed to the customer. As of
December 31, 2019 and 2020 $5,526 and $15,530 long-term unbilled receivables are included in other long-term assets.
The Company allocates the transaction price to each performance obligation based on its relative standalone selling price. For maintenance, the
Company determines the standalone selling price based on the price at which the Company separately sells a renewal contract. For professional
services, the Company determines the standalone selling prices based on the prices at which the Company separately sells those services. For
licenses, the Company determines the standalone selling prices by taking into account available information such as historical selling prices,
contract value, geographic location, and the Company's price list and discount policy.
Perpetual license and the license portion of on-premises subscription are recognized at the point of time when the license is made available for
download by the customer. Maintenance and SaaS revenues are recognized ratably, on a straight-line basis over the term of the related contract,
which is generally one to three years, once the service is made available to the customer. Professional services revenues consist mostly of time
and material services that are recognized as the services are performed.
F - 18
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
The following table presents the Company's revenue by category:
License
Maintenance and support
Professional services
CYBERARK SOFTWARE LTD.
2018
December 31,
2019
$
192,514
123,986
26,699
$
237,879
159,730
36,286
2020
226,113
197,270
41,048
343,199
$
433,895
$
464,431
$
$
For additional information regarding disaggregated revenues, please refer to Note 16 below.
Contract liabilities consist of deferred revenue and include unearned amounts received under maintenance and support contracts and
professional services that do not meet the revenue recognition criteria as of the balance sheet date. Contract liabilities also include unearned,
invoiced amounts in respect of SaaS services whereby there is an unconditional right for the consideration. Deferred revenue are recognized as
(or when) the Company performs under the contract. During the year ended December 31, 2020, the Company recognized $111,330 that were
included in the deferred revenues balance as of December 31, 2019.
Remaining Performance Obligations:
Transaction price allocated to remaining performance obligations represents non-cancelable contracts that have not yet been recognized, which
includes deferred revenues and amounts not yet received that will be recognized as revenue in future periods.
The aggregate amount of the transaction price allocated to remaining performance obligations was $363 million as of December 31, 2020. The
Company expects to recognize approximately 59% in 2021 from remaining performance obligations as of December 31, 2020 and the
remainder thereafter.
p. Deferred contract costs:
The Company pays sales commissions primarily to sales and certain management personnel based on their attainment of certain predetermined
sales goals. Sales commissions are considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions
paid for initial contracts, which are not commensurate with sales commissions paid for renewal contracts, are capitalized and amortized over an
expected period of benefit. Based on its technology, customer contracts and other factors, the Company has determined the expected period of
benefit to be approximately five years. Sales commissions for initial contracts, which are commensurate with sales commissions paid for
renewal contracts, are capitalized and amortized correspondingly to the recognized revenue of the related initial contracts. Sales commissions
for renewal contracts are capitalized and amortized on a straight-line basis over the related contractual renewal period and aligned with the
revenue recognized from these contracts. Amortization expense of these costs are substantially included in sales and marketing expenses.
F - 19
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
For the year ended December 31, 2019 and 2020, the amortization of deferred contract costs was $33,853 and $39,592, respectively.
As of December 31, 2019 and 2020, the Company presented deferred contract costs from contracts which are for periods of less than 12
months of $1,014 and $3,079 in prepaid expenses and other current assets, respectively, and deferred contract costs in respect of contracts
which are greater than 12 months of $37,074 and $48,716 in other long-term assets, respectively.
q.
Trade Receivable and Allowances:
Trade receivables include original invoiced amounts less an allowance for any potential uncollectible amounts and unbilled receivables
amounts that will be paid in the following year. The Company makes estimates of expected credit losses for the allowance for doubtful
accounts based upon its assessment of various factors, including historical experience, the age of the trade receivable balances, credit quality of
its customers, current economic conditions, reasonable and supportable forecasts of future economic conditions, and other factors that may
affect its ability to collect from customers. The estimated credit loss allowance is recorded as general and administrative expenses on the
Company's consolidated statements of income (loss).
r.
Leases:
On January 1, 2019, the Company adopted ASU No. 2016-02, Leases (ASC 842). The Company determines if an arrangement is a lease and
the classification of that lease at inception based on: (1) whether the contract involves the use of a distinct identified asset, (2) whether the
Company obtains the right to substantially all the economic benefits from the use of the asset throughout the period, and (3) whether the
Company has a right to direct the use of the asset. The Company elected to not recognize a lease liability and a right-of-use ("ROU") asset for
leases with a term of twelve months or less. The Company also elected the practical expedient to not separate lease and non-lease components
for its leases.
ROU assets represent the right to use an underlying asset for the lease term and lease liabilities represent the obligation to make minimum lease
payments arising from the lease. ROU assets are initially measured at amounts, which represents the discounted present value of the lease
payments over the lease, plus any initial direct costs incurred. The lease liability is initially measured at lease commencement date based on the
discounted present value of minimum lease payments over the lease term. The implicit rate within the operating leases is generally not
determinable, therefore the Company uses the Incremental Borrowing Rate ("IBR") based on the information available at commencement date
in determining the present value of lease payments. The Company’s IBR is estimated to approximate the interest rate for collateralized
borrowing with similar terms and payments and in economic environments where the leased asset is located. Certain leases include options to
extend or terminate the lease. An option to extend the lease is considered in connection with determining the ROU asset and lease liability
when it is reasonably certain that the Company will exercise that option. An option to terminate is considered unless it is reasonably certain that
the Company will not exercise the option.
Payments under the Company's lease arrangements are primarily fixed, however, certain lease agreements contain variable payments, which
are expensed as incurred and not included in the operating lease right-of-use assets and liabilities. Variable lease payments are primarily
comprised of payments affected by common area maintenance and utility charges. The Company subleases certain office spaces to third-
parties. Sublease income is recognized over the term of the agreement.
F - 20
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
s.
Research and development costs:
CYBERARK SOFTWARE LTD.
Research and development costs are charged to the statements of comprehensive income (loss) as incurred except to the extent that such costs
are associated with internal-use software that qualifies for capitalization.
ASC No. 985-20, "Software - Costs of Software to Be Sold, Leased, or Marketed," requires capitalization of certain software development
costs subsequent to the establishment of technological feasibility. Based on the Company's product development process, technological
feasibility is established upon completion of a working model. Costs incurred by the Company between completion of the working model and
the point at which the product is ready for general release, have been insignificant.
t.
Internal use software:
The Company capitalizes qualifying costs incurred during the application development stage related to software developed for internal-use in
accordance with ASC No. 350- 40 "Internal-use Software" ("ASC No. 350- 40"). These costs are capitalized based on qualifying criteria. Such
costs are amortized over the software's estimated life of three to five years. Costs incurred to develop software applications consist of (a)
certain external direct costs of materials and services incurred in developing or obtaining internal-use computer software, and (b) payroll and
payroll-related costs for employees who are directly associated with, and who devote time to, the development or implementation of the
software. Capitalized internal-use software costs are included in property and equipment, net in the consolidated balance sheet.
The Company also capitalizes implementation costs incurred in a cloud computing arrangement that is a service contract, according to the
internal-use software guidance in ASC No. 350-40. The capitalized implementation costs and their related amortization and cash flows are
presented on the financial statements in consistent with the prepaid amounts and fees related to the associated cloud computing arrangement.
Capitalized implementation costs are amortized over the term of the arrangement, beginning when the module or component of the cloud
computing arrangement that is a service contract is ready for its intended use.
u. Marketing expenses:
Marketing expenses consist primarily of marketing campaigns and tradeshows. Marketing expenses are charged to the statement of
comprehensive income (loss), as incurred. Marketing expenses for the years ended December 31, 2018, 2019 and 2020, amounted to $16,171,
$20,055 and $22,082, respectively.
F - 21
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
v.
Share-based compensation:
CYBERARK SOFTWARE LTD.
The Company accounts for share-based compensation in accordance with ASC No. 718, "Compensation - Stock Compensation" ("ASC No.
718"). ASC No. 718 requires companies to estimate the fair value of equity-based payment awards on the date of grant using an option-pricing
model. The value of the award is recognized as an expense over the requisite service periods, which is generally the vesting period of the
respective award, on a straight-line basis when the only condition to vesting is continued service. If vesting is subject to a performance
condition, recognition is based on the implicit service period of the award. Expense for awards with performance conditions is estimated and
adjusted on a quarterly basis based upon the assessment of the probability that the performance condition will be met.
The Company has selected the Black-Scholes-Merton option-pricing model as the most appropriate fair value method for its option awards.
The fair value of restricted stock units ("RSU") and performance stock units ("PSU") without market conditions, is based on the closing market
value of the underlying shares at the date of grant. For PSU subject to market conditions, the Company uses a Monte Carlo simulation model,
which utilizes multiple inputs to estimate payout level and the probability that market conditions will be achieved.
The option-pricing and Monte Carlo models require a number of assumptions, of which the most significant are the expected share price
volatility and the expected option term. The Company recognizes forfeitures of equity-based awards as they occur.
w.
Income taxes:
The Company accounts for income taxes in accordance with ASC No. 740-10, "Income Taxes" ("ASC No. 740-10"). ASC No. 740-10
prescribes the use of the asset and liability method whereby deferred tax asset and liability account balances are determined based on
temporary differences between financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws
that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance, if necessary, to reduce
deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred tax assets will not be
realized.
The Company established reserves for uncertain tax positions based on the evaluation of whether or not the Company's uncertain tax position is
"more likely than not" to be sustained upon examination based on its technical merits. The Company records interest and penalties pertaining to
its uncertain tax positions in the financial statements as income tax expense.
F - 22
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
x. Basic and diluted net income (loss) per share:
CYBERARK SOFTWARE LTD.
Basic net income (loss) per ordinary share is computed by dividing net income (loss) for each reporting period by the weighted-average
number of ordinary shares outstanding during each year. Diluted net income (loss) per ordinary share is computed by dividing net income
(loss) for each reporting period by the weighted average number of ordinary shares outstanding during the period, plus dilutive potential
ordinary shares considered outstanding during the period, in accordance with ASC No. 260-10 "Earnings Per Share". The Company
experienced a loss in the year ended December 31, 2020; hence all potentially dilutive ordinary shares were excluded due to their anti-dilutive
effect.
y. Comprehensive income (loss):
The Company accounts for comprehensive income (loss) in accordance with ASC No. 220, "Comprehensive Income." This statement
establishes standards for the reporting and display of comprehensive income (loss) and its components in a full set of general purpose financial
statements. Comprehensive income (loss) generally represents all changes in shareholders' equity during the period, except changes resulting
from investments by, or distributions to, shareholders.
z. Concentration of credit risks:
Financial instruments that potentially subject the Company to concentrations of credit risk consist principally of cash and cash equivalents,
short-term bank deposits, marketable securities, trade receivables, severance pay funds and derivative instruments.
The majority of the Company's cash and cash equivalents and short-term bank deposits are invested with major banks in Israel and the United
States. Such investments in the United States are primarily in excess of insured limits and are not insured in other jurisdictions. Generally,
these investments may be redeemed upon demand and the Company believes that the financial institutions that hold the Company's cash
deposits are financially sound and, accordingly, bear minimal risk.
The Company's marketable securities consist of investments, which are highly rated by credit agencies, in government, corporate and
government sponsored enterprises debentures. The Company's investment policy limits the amount that the Company may invest in any one
type of investment or issuer, in order to reduce credit risk concentrations.
The trade receivables of the Company are mainly derived from sales to a diverse set of customers located primarily in the United States,
Europe and Asia. The Company performs ongoing credit evaluations of its customers and, to date, has not experienced any significant losses.
The Company has entered into forward contracts with major banks in Israel to protect against the risk of changes in exchange rates. The
derivative instruments hedge a portion of the Company's non-dollar currency exposure.
F - 23
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
aa. Fair value of financial instruments:
CYBERARK SOFTWARE LTD.
The estimated fair value of financial instruments has been determined by the Company using available market information and valuation
methodologies. Considerable judgment is required in estimating fair values. Accordingly, the estimates may not be indicative of the amounts
the Company could realize in a current market exchange.
The following methods and assumptions were used by the Company in estimating the fair value of their financial instruments:
The carrying values of cash and cash equivalents, short-term bank deposits, trade receivables, prepaid expenses and other current assets, trade
payables, employees and payroll accruals and accrued expenses and other current liabilities approximate their fair values due to the short-term
maturities of these instruments.
The Company applies ASC No. 820, "Fair Value Measurements and Disclosures" ("ASC No. 820"), with respect to fair value measurements of
all financial assets and liabilities.
The fair value of foreign currency contracts (used for hedging purposes) is estimated by obtaining current quotes from banks and third party
valuations.
Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction
between market participants at the measurement date. As such, fair value is a market-based measurement that should be determined based on
assumptions that market participants would use in pricing an asset or a liability. A three-tier fair value hierarchy is established as a basis for
considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:
Level 1 -
Inputs are unadjusted quoted prices in active markets for identical assets or liabilities that can be accessed at the measurement
date.
Level 2 -
Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or
liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments.
Level 3 -
Inputs are unobservable inputs based on the Company's own assumptions used to measure assets and liabilities at fair value. The
inputs require significant management judgment or estimation.
The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when
measuring fair value.
F - 24
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
CYBERARK SOFTWARE LTD.
In accordance with ASC No. 820, the Company measures its foreign currency derivative instruments, at fair value using the market approach
valuation technique. Foreign currency derivative contracts as detailed in note 2k are classified within Level 2 value hierarchy, as the valuation
inputs are based on quoted prices and market observable data of similar instruments.
ab. Recently adopted accounting standards:
In June 2016, FASB issued ASU 2016-13, Financial Instruments - Credit Losses (Topic 326): Measurement of Credit Losses on Financial
Instruments. ASU 2016-13 amends the impairment model to utilize an expected loss methodology in place of the currently used incurred loss
methodology, which will result in the more timely recognition of losses. ASU 2016-13 requires that expected credit losses relating to financial
assets be measured on an amortized cost basis be recorded through an allowance for credit losses. ASU 2016-13 also requires an investor to
determine whether a decline in the fair value below the amortized cost basis (i.e., impairment) of an available for sale debt security is due to
credit-related factors or noncredit-related factors. Any impairment that is not credit related is recognized in OCI, net of applicable taxes.
However, if an entity intends to sell an impaired available for sell debt security or more likely than not will be required to sell such a security
before recovering its amortized cost basis, the entire impairment amount must be recognized in earnings with a corresponding adjustment to the
security's amortized cost basis.
Credit-related impairment is recognized as an allowance on the balance sheet with a corresponding adjustment to earnings. The Company
adopted ASU 2016-13 using the modified retrospective approach as of January 1, 2020. The adoption by the Company of the new guidance did
not have a material impact on its consolidated financial statements.
In January 2017, the FASB issued ASU 2017-04, Simplifying the Test for Goodwill Impairment (Topic 350). This standard eliminates Step 2
from the goodwill impairment test, instead requiring an entity to recognize a goodwill impairment charge for the amount by which the goodwill
carrying amount exceeds the reporting unit's fair value. This guidance is effective for interim and annual goodwill impairment tests in fiscal
years beginning after December 15, 2019 with early adoption permitted. This guidance must be applied on a prospective basis. The Company
adopted the standard beginning January 1, 2020. The standard did not have a material impact on the consolidated financial statements.
In August 2018, the FASB issued ASU 2018-15, "Intangibles – Goodwill and Other – Internal-Use Software (Subtopic 350-40): Customer's
Accounting for Implementation Costs Incurred in a Cloud Computing Arrangement That Is a Service Contract." The new standard requires a
customer in a cloud computing arrangement (i.e., hosting arrangement) that is a service contract to follow the internal-use software guidance in
Accounting Standards Codification 350-40 to determine which implementation costs to capitalize as assets or expense as incurred. The
Company adopted the standard beginning January 1, 2020 using the prospective method. The standard did not have a material impact on the
consolidated financial statements.
F - 25
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 2:-
SIGNIFICANT ACCOUNTING POLICIES (Cont.)
ac. Recently issued accounting standards:
CYBERARK SOFTWARE LTD.
In August 2020, the FASB issued ASU No. 2020-06, Accounting for Convertible Instruments and Contracts in an Entity's Own Equity (ASU
2020-06), which simplifies the accounting for certain financial instruments with characteristics of liabilities and equity, including convertible
instruments and contracts in an entity's own equity. Among other changes, ASU 2020-06 removes from GAAP the liability and equity
separation model for convertible instruments with a cash conversion feature and a beneficial conversion feature, and as a result, after adoption,
entities will no longer separately present in equity an embedded conversion feature for such debt. Similarly, the embedded conversion feature
will no longer be amortized into income as interest expense over the life of the instrument. Instead, entities will account for a convertible debt
instrument wholly as debt unless (1) a convertible instrument contains features that require bifurcation as a derivative under ASC Topic 815,
Derivatives and Hedging, or (2) a convertible debt instrument was issued at a substantial premium. Additionally, ASU 2020-06 requires the
application of the if-converted method to calculate the impact of convertible instruments on diluted earnings per share (EPS). ASU 2020-06 is
effective for fiscal years beginning after December 15, 2021, with early adoption permitted for fiscal years beginning after December 15, 2020
and can be adopted on either a fully retrospective or modified retrospective basis. The Company is currently evaluating the impact of the new
guidance on its consolidated financial statements.
In December 2019, the FASB issued Accounting Standards Update ("ASU") No. 2019-12, Income Taxes (Topic 740): "Simplifying the
Accounting for Income Taxes" (ASU 2019-12), which simplifies the accounting for income taxes. The guidance is effective for interim and
annual periods beginning after December 15, 2020, with early adoption permitted. The Company is currently evaluating the impact of the new
guidance and estimates that there will be no material impact on its consolidated financial statements.
ad. Reclassification:
Certain comparative figures have been reclassified to conform to the current year presentation.
F - 26
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 3:- MARKETABLE SECURITIES
The following tables summarize the amortized cost, unrealized gains and losses, and fair value of available-for-sale marketable securities as of
December 31, 2019 and 2020:
CYBERARK SOFTWARE LTD.
Corporate debentures
U.S. agencies debentures
Total
December 31, 2019
Gross
unrealized
losses*)
Gross
unrealized gains
Fair value
(21) $
(10)
(31) $
$
651
21
105,582
81,238
672
$
186,820
Amortized cost
$
$
104,952
81,227
$
186,179
$
*) Out of the total unrealized losses, an amount of $5 has been in a continuous unrealized loss position for twelve months or longer.
Corporate debentures
Government debentures
Total
December 31, 2020
Gross
unrealized
losses
Gross
unrealized
gains
Fair value
Amortized cost
$
$
354,775
41,185
$
(115) $
(17)
$
3,004
214
357,664
41,382
395,960
$
(132) $
3,218
$
399,046
The following table summarizes the amortized cost and fair value of available-for-sale marketable securities as of December 31, 2019 and 2020, by
contractual years-to maturity:
Due within one year
Due between one and four years
December 31,
2019
2020
Amortized cost
Fair value
Amortized cost
Fair value
132,321
53,858
$
132,412
54,408
$
196,587
199,373
$
196,856
202,190
186,179
$
186,820
$
395,960
$
399,046
$
$
F - 27
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 4:-
PREPAID EXPENSES AND OTHER CURRENT ASSETS
Prepaid expenses
Hedging transaction assets
Government authorities
Deferred commissions
Other current assets
NOTE 5:-
PROPERTY AND EQUIPMENT, NET
The composition of property and equipment is as follows:
Cost:
Computers, software and related equipment *)
Leasehold improvements
Office furniture and equipment
Less - accumulated depreciation
Depreciated cost
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
$
$
$
5,002
802
1,162
1,014
426
7,346
1,654
1,720
3,079
1,513
8,406
$
15,312
December 31,
2019
2020
$
17,470 $
6,775
4,369
25,828
7,490
3,870
28,614
37,188
12,142
18,651
$
16,472 $
18,537
*) For the years ended December 31, 2019 and 2020, the Company capitalized $2,397 and $3,369 including $193 and $612 of share-based
compensation costs, relating to its internal use software development, respectively.
Depreciation expense amounted to $3,722, $5,057 and $6,634 for the years ended December 31, 2018, 2019 and 2020, respectively.
NOTE 6:-
GOODWILL AND OTHER INTANGIBLE ASSETS, NET
Changes in the carrying amount of goodwill:
Balance as of beginning of the year
Goodwill acquired
Closing balance
F - 28
December 31,
2019
2020
$
$
82,400 $
—
82,400
41,317
82,400 $
123,717
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 6:-
GOODWILL AND OTHER INTANGIBLE ASSETS, NET (Cont.)
The composition of intangible assets is as follows:
Original amount:
Technology
Customer relationships
Other
Less - accumulated amortization
Intangible assets, net
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
$
$
26,141
5,120
664
31,925
22,782
39,625
9,586
664
49,875
26,199
$
9,143
$
23,676
Amortization expense amounted to $6,356, $5,589 and $8,841 for the years ended December 31, 2018, 2019, and 2020, respectively.
As of December 31, 2020, the weighted-average remaining useful lives (in years) of Technology and Customer relationships was 4.1 and 11,
respectively.
The estimated future amortization expense of intangible assets as of December 31, 2020 is as follows:
2021
2022
2023
2024
2025
Thereafter
F - 29
$
5,809
4,877
4,329
4,282
1,849
2,530
$
23,676
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 7:-
ACCRUED EXPENSES AND OTHER CURRENT LIABILITIES
Government authorities
Accrued expenses
Unrecognized tax benefits
Lease liability, current
Hedging transaction liabilities
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
$
$
$
11,890
5,455
3,728
5,925
134
4,871
6,825
4,633
7,025
1,561
27,132
$
24,915
NOTE 8:-
COMMITMENTS AND CONTINGENT LIABILITIES
a.
Legal contingencies:
From time to time, the Company becomes involved in legal proceedings or is subject to claims arising in its ordinary course of business. Such
matters are generally subject to many uncertainties and outcomes are not predictable with assurance. The Company accrues for contingencies
when the loss is probable and it can reasonably estimate the amount of any such loss. The Company is currently not a party to any material
legal or administrative proceedings and is not aware of any material pending or threatened material legal or administrative proceedings against
the Company.
b.
Pledges and bank guarantees:
The Company pledged a bank deposit of $52, mainly in respect of an office lease agreement. This balance is presented as part of other long-
term assets.
The Company obtained bank guarantees of $1,442 primarily in connection with an office lease agreement.
NOTE 9:-
LEASES
The Company entered into operating leases primarily for offices. The leases have remaining lease terms of up to 5.5 years, some of which may
include options to extend the leases for up to an additional 8 years.
The components of operating lease costs were as follows:
Operating lease cost
Short-term lease cost
Variable lease cost
Sublease income
Total net lease costs
F - 30
Year ended December 31,
2020
2019
$
$
$
5,897
733
1,014
(279)
6,495
1,709
1,193
(273)
7,365
$
9,124
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 9:-
LEASES (Cont.)
Supplemental balance sheet information related to operating leases is as follows:
CYBERARK SOFTWARE LTD.
Year ended December 31,
2020
2019
Operating lease ROU assets (under other long-term assets in the balance sheet)
Operating lease liabilities, current
Operating lease liabilities, long-term (under other long-term liabilities in the balance sheet)
Weighted average remaining lease term (in years)
Weighted average discount rate
$
$
$
$
$
$
22,484
5,925
18,579
4.8
1.7%
20,363
7,025
16,202
3.8
1.7%
Minimum lease payments for the Company's ROU assets over the remaining lease periods as of December 31, 2020, are as follows:
2021
2022
2023
2024
2025
Thereafter
Total undiscounted lease payments
Less: imputed interest
Present value of lease liabilities
F - 31
December
31, 2020
$
7,080
6,769
5,803
3,725
389
198
23,964
(737)
$
23,227
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 10:- FAIR VALUE MEASUREMENTS
CYBERARK SOFTWARE LTD.
The following tables present the fair value of money market funds and marketable securities for the years ended December 31, 2019 and 2020:
Cash equivalents:
Money market funds
U.S. agencies debentures
Commercial paper
Marketable securities:
Corporate debentures and
commercial paper
Government debentures
Total assets measured at fair
value
2019
Level 2
December 31,
Total
Level 1
2020
Level 2
Total
$
— $
25,058
—
$
213,494
25,058
—
$
260,940
—
—
— $
—
13,555
260,940
—
13,555
Level 1
$
213,494
—
—
—
—
105,582
81,238
105,582
81,238
—
—
357,664
41,382
357,664
41,382
$
213,494
$
211,878
$
425,372
$
260,940
$
412,601
$
673,541
As of December 31, 2020, the estimated fair value of the Company's convertible senior notes, as further described in Note 11, was $705.7 million.
The fair value was determined based on the closing quoted price of the convertible senior notes as of the last day of trading for the period, and is
considered Level 2 measurement. The fair value of the convertible senior notes is primarily affected by the trading price of the Company`s common
stock and market interest rates.
NOTE 11:- CONVERTIBLE SENIOR NOTES, NET
a. Convertible senior notes, net:
In November 2019, the Company issued $500 million aggregate principal amount, 0% coupon rate, of convertible senior notes due 2024 and an
additional $75 million aggregate principal amount of such notes pursuant to the exercise in full of the over-allotment option of the initial
purchasers (collectively, "Convertible Notes").
The Convertible Notes are convertible based upon an initial conversion rate of 6.3478 of the Company's ordinary shares, par value NIS 0.01
per share per $1 principal amount of Convertible Notes (equivalent to a conversion price of approximately $157.53 per ordinary share). The
conversion rate will be subject to adjustment upon the occurrence of certain specified events. The Convertible Notes are senior unsecured
obligations of the Company.
The Convertible Notes will mature on November 15, 2024 (the "Maturity Date"), unless earlier repurchased, redeemed or converted. Prior to
May 15, 2024, a holder may convert all or a portion of its Convertible Notes only under the following circumstances:
(1) During any calendar quarter commencing after the calendar quarter ending on March 31, 2020 (and only during such calendar quarter), if
the last reported sale price of the Company's ordinary shares for at least 20 trading days (whether or not consecutive) during a period of 30
consecutive trading days ending on, and including, the last trading day of the immediately preceding calendar quarter is greater than or
equal to 130% of the conversion price on each applicable trading day;
(2) During the five business day period after any 10 consecutive trading day period ("measurement period") in which the trading price,
determined pursuant to the terms of the Convertible Notes, per $1 principal amount of Convertible Notes for each trading day of the
measurement period was less than 98% of the product of the last reported sale price of the ordinary shares and the conversion rate on each
such trading day;
(3) If the Company calls such Convertible Notes for redemption in certain circumstances, at any time prior to the close of business on the third
scheduled trading day immediately preceding the redemption date; or
(4) Upon the occurrence of specified corporate events.
On or after May 15, 2024 until the close of business on the third scheduled trading day immediately preceding the Maturity Date, a holder may
convert its Convertible Notes at any time, regardless of the foregoing circumstances.
Upon conversion, the Company can pay or deliver cash, ordinary shares or a combination of cash and ordinary shares, at the Company's
election.
F - 32
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 11:- CONVERTIBLE SENIOR NOTES, NET (Cont.)
CYBERARK SOFTWARE LTD.
b.
The Company may not redeem the notes prior to November 15, 2022, except in the event of certain tax law changes. The Company may, at any
time and from time to time, redeem for cash all or any portion of the notes, at the Company's option, on or after November 15, 2022, if the last
reported sale price of the Company`s ordinary shares has been at least 130% of the conversion price then in effect for at least 20 trading days
(whether or not consecutive) during any 30 consecutive trading day period (including the last trading day of such period) ending on, and
including, the trading day immediately preceding the date on which it delivers notice of redemption at a redemption price equal to 100% of the
principal amount of the notes to be redeemed.
Upon the occurrence of a Fundamental Change as defined in the Indenture, holders may require the Company to repurchase for cash all or any
portion of their Convertible Notes at a fundamental change repurchase price equal to 100% of the principal amount of the Convertible Notes to
be repurchased (plus accrued and unpaid special interest payable under certain circumstances set forth in the terms of the Convertible Notes (if
any) to, but excluding, the fundamental change repurchase date). In addition, in connection with a make-whole fundamental change (as defined
in the Indenture), or following the Company's delivery of a notice of redemption, the Company will, in certain circumstances, increase the
conversion rate for a holder who elects to convert its notes in connection with such a corporate event or redemption, as the case may be.
During the year ended December 31, 2020, the conditions allowing holders of the Notes to convert were not met. The Notes are therefore not
convertible as of December 31, 2020 and are classified as long-term liability.
The net carrying amount of the liability and equity components of the Convertible Notes for the periods presented is as follows:
Liability component:
Principal amount
Unamortized discount
Unamortized issuance costs
Net carrying amount
Equity component, net of issuance costs of $2,046 and deferred taxes of $11,022
F - 33
December 31,
2019
2020
$
$
$
575,000
(77,287)
(12,594)
485,119
65,932
$
$
$
575,000
(62,356)
(10,342)
502,302
65,932
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 11:- CONVERTIBLE SENIOR NOTES, NET (Cont.)
Interest expense related to the Convertible Notes was as follows:
Amortization of debt discount
Amortization of debt issuance costs
Total interest expense recognized
c. Capped Call Transactions:
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
$
$
1,713
253
1,966
$
$
14,931
2,252
17,183
In connection with the pricing of the Convertible Notes and the exercise by the Initial Purchasers of the over-allotment option, the Company
entered into privately negotiated capped call transactions ("Capped Call Transactions") with certain financial institutions ("Option
Counterparties"). The Capped Call Transactions cover, collectively, the number of the Company's ordinary shares underlying the Convertible
Notes, subject to anti-dilution adjustments substantially similar to those applicable to the Convertible Notes.
The Capped Call Transactions have an initial strike price of approximately $157.53 per share, subject to certain adjustments, which
corresponds to the approximate initial conversion price of the Convertible Notes.
The cap price of the Capped Call Transactions is initially $229.14 per share and is subject to certain adjustments under the terms of the Capped
Call Transactions. The Capped Call Transactions are separate transactions, in each case, entered into by the Company with the Option
Counterparties, and are not part of the terms of the Convertible Notes and will not change the holders' rights under the Convertible Notes.
As the Capped Call Transactions are considered indexed to the Company's stock and are considered equity classified, they are recorded in
shareholders' equity on the consolidated balance sheet and are not accounted for as derivatives. The cost of the Capped Call Transactions was
approximately $53.6 million and was recorded as a reduction to additional paid-in capital.
F - 34
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 12:-
SHAREHOLDERS' EQUITY
a. Composition of share capital of the Company:
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
Authorized
Issued and
outstanding
Authorized
Issued and
outstanding
Number of shares
Ordinary shares of NIS 0.01 par value each
250,000,000
38,043,516
250,000,000
39,034,759
b. Ordinary shares:
The ordinary shares of the Company confer upon the holders the right to receive notices of and to participate and vote in general meetings of
the Company, rights to receive dividends and rights to participate in distribution of assets upon liquidation.
c.
Share-based compensation:
Under the Company's 2014 share incentive plan (the "2014 Plan"), options, RSUs, PSUs and other share-based awards may be granted to
employees, officers, non-employee consultants and directors of the Company.
Under the 2014 Plan, as of December 31, 2020, an aggregate number of 836,117 ordinary shares were reserved for future grant. Any share
underlying an award that is cancelled, terminated or forfeited for any reason without having been exercised will automatically be available for
grant under the 2014 Plan.
F - 35
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 12:-
SHAREHOLDERS' EQUITY (Cont.)
The total share-based compensation expense related to all of the Company's equity-based awards, recognized for the years ended December 31,
2018, 2019 and 2020 is comprised as follows:
CYBERARK SOFTWARE LTD.
Cost of revenues
Research and development
Sales and marketing
General and administrative
Total share-based compensation expense
Year ended
December 31,
2019
2018
2020
$
$
$
3,350
7,922
12,708
11,984
$
5,690
10,960
20,976
17,891
8,734
14,691
28,220
20,204
35,964
$
55,517
$
71,849
The total unrecognized compensation cost amounted to $169,791 as of December 31, 2020 and is expected to be recognized over a weighted
average period of 2.72 years.
d. Options granted to employees:
A summary of the activity in options granted to employees for the year ended December 31, 2020 is as follows:
Balance as of December 31, 2019
Granted
Exercised
Forfeited
Balance as of December 31, 2020
Exercisable as of December 31, 2020
Amount
of
options
Weighted
average
exercise
price
916,513
31,100
261,447
37,393
648,773
502,172
$
$
$
$
$
$
57.29
102.58
50.10
61.87
62.09
55.83
Weighted
average
remaining
contractual
term
(in years)
6.96
Aggregate
intrinsic value
54,762
$
5.94
5.35
$
$
64,555
53,108
Starting October 1, 2018, the expected volatility of the Company's common stock is based on the Company's historical volatility. Prior to
October 1, 2018, the computation of expected volatility was based on actual historical share price volatility of comparable companies and the
Company's historical equity volatility. The expected option term represents the period of time that options granted are expected to be
outstanding. Prior to January 1, 2020, it was determined based on the simplified method in accordance with SAB No. 110, as adequate
historical experience was not available to provide a reasonable estimate. Starting January 1, 2020, the expected term is based upon historical
experience.
The Company has historically not paid dividends and has no foreseeable plans to pay dividends and, therefore, uses an expected dividend yield
of zero in the option pricing model. The risk-free interest rate is based on the yield of U.S. treasury bonds with equivalent terms.
F - 36
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 12:-
SHAREHOLDERS' EQUITY (Cont.)
CYBERARK SOFTWARE LTD.
The following table sets forth the parameters used in computation of the options compensation to employees for the years ended December 31,
2018, 2019 and 2020:
Expected volatility
Expected dividends
Expected term (in years)
Risk free rate
Year ended December 31,
2019
2018
2020
47%-48%
0%
5.00-6.20
2.38%- 3.12%
48%
0%
5.90-6.10
1.49%- 2.49%
40%-41%
0%
4.02-4.20
0.22%- 1.61%
A summary of options data for the years ended December 31, 2018, 2019 and 2020, is as follows:
Year ended December 31,
2019
2018
2020
Weighted-average grant date fair value of options granted
Total intrinsic value of the options exercised
$
$
28.26
53,398
$
$
55.43
45,326
$
$
33.82
18,790
The aggregate intrinsic value is calculated as the difference between the per-share exercise price and the fair value of an ordinary share for each
share subject to an option multiplied by the number of shares subject to options at the date of exercise.
F - 37
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 12:-
SHAREHOLDERS' EQUITY (Cont.)
The following tables summarize information about the Company's outstanding and exercisable options granted to employees as of December
31, 2020:
CYBERARK SOFTWARE LTD.
Exercise price
$ 1.46 – 14.00
$ 37.44 – 47.29
$ 47.40 – 51.86
$ 55.25 – 64.65
$ 75.73 – 138.98
Options
outstanding as
of December
31, 2020
Weighted
average
remaining
contractual
term
(years)
Options
exercisable as
of December
31, 2020
Weighted
average
remaining
contractual
term
(years)
30,104
115,759
147,456
226,948
128,506
648,773
2.84
5.92
6.01
4.93
8.40
5.94
30,104
95,647
123,894
211,755
40,772
502,172
2.84
5.74
5.84
4.75
7.99
5.35
e. A summary of RSUs and PSUs activity for the year ended December 31, 2020 is as follows:
Unvested as of December 31, 2019
Granted
Vested
Forfeited
Unvested as of December 31, 2020
Amount of
RSUs and
PSUs
Weighted
average grant
date fair value
1,959,644
$
85.00
1,085,790
729,796
194,005
105.99
76.76
83.97
2,121,633
$
98.67
The total fair value of RSUs and PSUs vested (based on fair value of the Company's ordinary shares at vesting date) during the years ended
December 31, 2018, 2019 and 2020 was $23,762, $67,737 and $76,027, respectively.
F - 38
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES
CyberArk Software Ltd.'s subsidiaries are separately taxed under the domestic tax laws of the jurisdiction of incorporation of each entity.
a. Corporate tax in Israel:
Ordinary taxable income is subject to a corporate tax rate of 23% for the years 2018-2020.
b.
Income (loss) before taxes on income is comprised as follows:
Domestic income (loss)
Foreign income (loss)
F - 39
Year ended
December 31,
2019
2018
2020
$
$
52,158
(315)
$
52,254
17,830
$
(12,643)
12,254
51,843
$
70,084
$
(389)
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
c. Deferred income taxes:
Deferred taxes reflect the net tax effect of temporary differences between the carrying amounts of assets and liabilities for financial reporting
purposes and the amounts recorded for tax purposes. Significant components of the Company's deferred tax assets and liabilities are as follows:
CYBERARK SOFTWARE LTD.
Deferred tax assets:
Carry-forwards losses and credits
Capital losses carry-forwards
Research and development expenses
Deferred revenues
Intangible assets
Share-based compensation
Operating lease liability
Accruals and other
Deferred tax assets before valuation allowance
Less: Valuation allowance
Total deferred tax assets
Deferred tax liabilities:
Intangible assets
Convertible senior notes
Deferred commission
Operating lease ROU asset
Property and equipment and other
Deferred tax liabilities
Net deferred tax assets
F - 40
December 31,
2019
2020
$
19,205
90
1,932
8,043
—
8,841
1,400
1,783
41,294
1,299
36,314
94
2,521
10,345
8,037
11,547
1,351
3,695
73,904
19,591
39,995
$
54,313
$
1,950
10,786
6,463
1,308
471
1,606
8,724
8,251
1,254
1,669
20,978
19,017
$
$
21,504
32,809
$
$
$
$
$
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
As of December 31, 2020, approximately $39,690 of undistributed earnings held by the Company's foreign subsidiaries are designated as
indefinitely reinvested. If these earnings were repatriated to Israel, it would be subject to income taxes and to an adjustment for foreign tax
credits and foreign withholding taxes. Determination of the amount of unrecognized deferred tax liability related to these earnings is not
practicable.
d.
Income taxes are comprised as follows:
Current
Deferred
Domestic
Foreign
Year ended
December 31,
2019
2018
2020
$
$
$
$
11,827
(7,056)
$
13,994
(6,974)
$
7,357
(1,988)
4,771
$
7,020
$
5,369
Year ended
December 31,
2019
2018
2020
8,359
(3,588)
$
$
8,093
(1,073)
(1,431)
6,800
4,771
$
7,020
$
5,369
e. A reconciliation of the Company's theoretical income tax expense to actual income tax expense is as follows:
Income (loss) before income taxes
Statutory tax rate
Theoretical income tax expense (benefit)
Excess tax benefits related to share-based compensation
Non-deductible expenses
Intra-entity intellectual property transfer
Unrecognized tax benefits
Foreign and preferred enterprise tax rates differential
Impact of CARES Act
Other
Year ended
December 31,
2019
2018
2020
$
51,843
$
70,084
$
23.0%
23.0%
11,924
16,119
(6,726)
3,011
1,768
697
(5,710)
—
(193)
(6,391)
3,002
—
1,343
(6,717)
—
(336)
(389)
23.0%
(89)
(3,645)
3,054
5,036
(322)
1,714
(683)
304
Income tax expense
$
4,771
$
7,020
$
5,369
F - 41
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
f. Net operating loss carry-forwards:
CYBERARK SOFTWARE LTD.
As of December 31, 2020, the Company had net operating losses substantially derived from excess tax benefits from share-based payments and
capital tax losses, totaling approximately $139,947 and $197, respectively, out of which $127,800 and none of losses, respectively, were
federal net operating losses attributed to the U.S. subsidiary. The rest were attributed to Israel, can be carried forward indefinitely and resulted
from acquisitions made by the Company. Out of these federal net operating losses attributed to the U.S. subsidiary, $41,969 are subject to up to
20-year carryforward period. The remaining $85,831 can be carried forward indefinitely, but are subject to the 80% taxable income limitation
upon utilization. Utilization of some of these U.S. net operating losses are subject to annual limitation due to the "change in ownership"
provisions of the U.S. Internal Revenue Code and similar state provisions. The annual limitation may result in the expiration of net operating
losses before utilization.
g.
Tax benefits under the Law for the Encouragement of Capital Investments, 1959:
As of December 31, 2020, approximately $15,819 was derived from tax exempt profits earned by the Company's "Approved Enterprises" and
"Beneficiary Enterprise". The Company and its Board of Directors have determined that such tax-exempt income will not be distributed as
dividends and intends to reinvest the amount of its tax-exempt income earned by the Company. Accordingly, no provision for deferred income
taxes has been provided on income attributable to the Company's "Approved Enterprises" and "Beneficiary Enterprises" as such income is
essentially permanently reinvested.
If the Company's retained tax-exempt income is distributed, the income would be taxed at the applicable corporate tax rate as if it had not
elected the alternative tax benefits under the Law for the Encouragement of Capital Investments and an income tax liability of up to $3,884
would be incurred as of December 31, 2020.
In December 2016, the Israeli Knesset passed Amendment 73 to the Investment Law which included a number of changes to the Investment
Law regimes through regulations approved on May 1, 2017 and that have come into effect from January 1, 2017.
F - 42
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
Applicable benefits under the new regime include:
CYBERARK SOFTWARE LTD.
-
-
-
Introduction of a benefit regime for "Preferred Technology Enterprises," granting a 12% tax rate in central Israel – on qualified income
deriving from Benefited Intellectual Property, subject to a number of conditions being fulfilled, including a minimal amount or ratio of
annual R&D expenditure and R&D employees, as well as having at least 25% of annual income derived from exports to large markets.
Preferred Technological Enterprise ("PTE") is defined as an enterprise which meets the aforementioned conditions and for which total
consolidated revenues of its parent company and all subsidiaries are less than NIS 10 billion.
A 12% capital gains tax rate on the sale of a preferred intangible asset to a foreign affiliated enterprise, provided that the asset was
initially purchased from a foreign resident at an amount of NIS 200 million or more.
A withholding tax rate of 20% for dividends paid from PTE income (with an exemption from such withholding tax applying to dividends
paid to an Israeli company). Such rate may be reduced to 4% on dividends paid to a foreign resident company, subject to certain
conditions regarding percentage of foreign ownership of the distributing entity.
The Company adopted the PTE since 2017 and believes it is generally eligible for its benefits.
h.
Tax benefits under the Law for the Encouragement of Industry (Taxation), 1969:
Management believes that the Company currently qualifies as an "industrial company" under the above law and as such, is entitled to certain
tax benefits including accelerated depreciation, deduction of public offering expenses in three equal annual installments and amortization of
other intangible property rights for tax purposes.
i.
Tax Benefits for Research and Development:
Israeli tax law (section 20A to the Israeli Tax Ordinance) allows, under certain conditions, a tax deduction for research and development
expenses, including capital expenses, for the year in which they are paid. Such expenses must relate to scientific research in industry,
agriculture, transportation, or energy, and must be approved by the relevant Israeli government ministry, determined by the field of research.
Furthermore, the research and development must be for the promotion of the company's business and carried out by or on behalf of the
company seeking such tax deduction. However, the amount of such deductible expenses is reduced by the sum of any funds received through
government grants for the finance of such scientific research and development projects. As for expenses incurred in scientific research that is
not approved by the relevant Israeli government ministry, they will be deductible over a three-year period starting from the tax year in which
they are paid. The Company believes that it is eligible for the above mentioned benefit for the majority of its research and development
expenses.
F - 43
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
j.
Tax Reform- United States of America:
CYBERARK SOFTWARE LTD.
On December 22, 2017, the Tax Cuts and Jobs Act of 2017 ("Tax Act") was signed into law making significant changes to the Internal
Revenue Code of 1986, as amended ("Code"). Such changes include a reduction in the corporate tax rate and limitations on certain corporate
deductions and credits, among other changes. The changes include, but are not limited to:
Rate Reduction
The Tax Act reduces the U.S. federal corporate income tax rate from 35% to 21% for tax years beginning after December 31, 2017. In addition,
the Tax Act makes certain changes to the depreciation rules and implements new limits on the deductibility of certain expenses and deduction.
Tax Deductibility of Executive Compensation
Prior to the Tax Act being signed into law on December 22, 2017, Section 162(m) of the Code generally disallowed tax deductions for publicly
held companies for compensation paid to certain of its executive officers who were "covered employees" under this rule in excess of $1 million
per officer in any year. Performance-based compensation was exempt from this deduction limitation if specific requirements set forth in the
Code and applicable Treasury Regulations were met.
The Tax Act repealed the exemption from Section 162(m)'s deduction limit for performance-based compensation, effective for the taxable
years after December 31, 2017. Accordingly, compensation paid to the Company's covered executive officers in excess of $1 million during
such taxable years will not be deductible unless such compensation qualifies for the transition grandfathering relief applicable to certain
binding arrangements in place as of November 2, 2017, and which was not modified in any material respect on or after such date.
Global Intangible Low-Taxed Income ("GILTI")
The TCJA introduced the rules for tax on the global intangible low-taxed income ("GILTI") on foreign income in excess of a deemed return on
tangible assets of foreign corporations.
The U.S. subsidiary is entitled to offset the GILTI income inclusion against losses.
F - 44
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
k. Coronavirus Aid, Relief, and Economic Security Act ("CARES Act"):
CYBERARK SOFTWARE LTD.
On March 27, 2020, the U.S. government enacted the Coronavirus Aid, Relief, and Economic Security Act ("CARES Act") to provide certain
relief as a result of the COVID-19 outbreak. Some of the key income tax-related provisions of the CARES Act include modification in the
usage of net operating losses, interest deductions and payroll benefits. During the year 2020, the Company recorded a tax benefit (see Note
13e).
l.
Tax assessments:
As of December 31, 2020, CyberArk Software Ltd.'s tax years until December 31, 2015 have become subject to statute of limitations effective
in Israel. As of the date of the approval of the financial statements, CyberArk Software Ltd is under initial stages of a corporate tax
examination by the Israeli Tax Authorities for the tax years 2016 through 2019.
As of that date, the U.K. subsidiary's tax years until December 31, 2018 are subject to statutes of limitation effective in the U.K.
For the U.S. subsidiary's tax years ended December 31, 2017 through 2020, statute of limitation have not yet expired. For companies acquired
by the U.S. subsidiary, there are open loss years from 2008 through 2020.
m. Unrecognized tax benefits:
A reconciliation of the opening and closing amounts of total unrecognized tax benefits is as follows:
Opening balance
Decrease related to settlements with taxing authorities
Increase related to prior year tax positions
Decrease related to expiration of statutes of limitations
Increase related to current year tax positions
Closing balance
Year ended
December 31,
2019
2020
$
1,993 $
-
120
(242)
1,857
$
3,728 $
3,728
(796)
74
(92)
1,719
4,633
During the years ended December 31, 2018, 2019 and 2020, the Company recorded $(38), $47 and $21, respectively, for interest expense
(income) related to uncertain tax positions. As of December 31, 2019 and 2020, accrued interest was $112 and $133, respectively.
F - 45
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 13:-
INCOME TAXES (Cont.)
Although the Company believes that it has adequately provided for any reasonably foreseeable outcomes related to tax audits and settlement,
there is no assurance that the final tax outcome of its tax audits will not be different from that which is reflected in the Company's income tax
provisions. Such differences could have a material effect on the Company's income tax provision, cash flow from operating activities and net
income in the period in which such determination is made.
NOTE 14:- FINANCIAL INCOME (EXPENSE), NET
Bank charges
Exchange rate income (loss), net
Interest income
Amortization of debt discount and issuance costs
Financial income (expense), net
NOTE 15:- BASIC AND DILUTED NET INCOME (LOSS) PER SHARE
Year ended
December 31,
2019
2018
2020
$
$
(177) $
(1,050)
5,778
—
(274) $
(803)
10,843
(1,966)
(275)
683
10,380
(17,183)
4,551
$
7,800
$
(6,395)
Year ended
December 31,
2019
2018
2020
Numerator:
Net income (loss) available to shareholders of ordinary shares
$
47,072
$
63,064
$
(5,758)
Denominator:
Shares used in computing basic net income (loss) per ordinary shares
36,174,316
37,586,387
38,628,770
Year ended
December 31,
2019
2018
2020
Numerator:
Net income (loss) available to shareholders of ordinary shares
$
47,072
$
63,064
$
(5,758)
Denominator:
Shares used in computing diluted net income (loss) per ordinary shares
37,065,727
38,890,108
38,628,770
F - 46
�CYBERARK SOFTWARE LTD.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 15:- BASIC AND DILUTED NET INCOME (LOSS) PER SHARE (Cont.)
The total weighted average number of shares related to outstanding options, RSUs and PSUs that have been excluded from the calculation of diluted
net income (loss) per ordinary share was 1,175,311, 495,975 and 2,823,985 for the years ended December 31, 2018, 2019 and 2020, respectively.
Additionally, 3.6 million shares underlying the conversion option of the Convertible Notes are not considered in the calculation of diluted net
income (loss) per share as the effect would be anti-dilutive. The Company intends to settle the principal amount of Convertible Notes in cash and
therefore will use the treasury stock method for calculating any potential dilutive effect on diluted net income per share, if applicable. The
conversion will have a dilutive impact on diluted net income per share when the average market price of a common stock for a given period exceeds
the conversion price of $157.53 per share.
NOTE 16:-
SEGMENTS, CUSTOMERS AND GEOGRAPHIC INFORMATION
a.
The Company identifies operating segments in accordance with ASC Topic 280, "Segment Reporting". Operating segments are defined as
components of an entity for which separate financial information is available and is regularly reviewed by the chief operating decision maker in
making decisions regarding resource allocation and evaluating financial performance. The Company determined it operates in one reportable
segment as the Company's chief operating decision maker is the Chairman and Chief Executive Officer who makes operating decisions,
assesses performance and allocates resources on a consolidated basis, accompanied by information about revenue by geographic region.
b.
The total revenues are attributed to geographic areas based on the location of the Company's channel partners which are considered as end
customers, as well as direct customers of the Company.
The following tables present total revenues for the years ended December 31, 2018, 2019 and 2020 and long-lived assets as of December 31,
2019 and 2020:
Revenues:
United States
Israel
United Kingdom
Europe, the Middle East and Africa *)
Other
Year ended
December 31,
2019
2018
$
$
187,704
6,909
26,652
78,525
43,409
$
233,945
7,827
36,146
85,757
70,220
2020
246,811
7,312
33,101
101,453
75,754
$
343,199
$
433,895
$
464,431
For the years ended December 31, 2018, 2019 and 2020, no single customer contributed more than 10% to the Company's total revenues.
F - 47
�NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
U.S. dollars in thousands (except share and per share data and unless otherwise indicated)
NOTE 16:- SEGMENTS, CUSTOMERS AND GEOGRAPHIC INFORMATION (Cont.)
Long-lived assets, including property and equipment, net and operating lease right-of-use assets:
United States
Israel
United Kingdom
Europe, the Middle East and Africa *)
Other
*)
Excluding United Kingdom and Israel
- - - - - - - - -
F - 48
CYBERARK SOFTWARE LTD.
December 31,
2019
2020
$
$
8,448
26,736
2,385
412
974
9,363
26,438
1,756
274
1,069
$
38,955
$
38,900
�List of Subsidiaries of CyberArk Software Ltd.
Exhibit 8.1
Name of Subsidiary
CyberArk Software, Inc.
Cyber-Ark Software (UK) Limited
CyberArk Software (Singapore) PTE. LTD.
CyberArk Software (DACH) GmbH
CyberArk Software Italy S.r.l.
CyberArk Software (France) SARL
CyberArk Software (Netherlands) B.V.
CyberArk Software (Australia) Pty Ltd.
CyberArk Software (Japan) K.K.
CyberArk Software Canada Inc.
CyberArk USA Engineering LP
CyberArk Software (Spain), S.L.
IDaptive India Private Limited
IDaptive Europe Limited
Place of Incorporation
Delaware, United States
United Kingdom
Singapore
Germany
Italy
France
Netherlands
Australia
Japan
Canada
Delaware, United States
Spain
India
United Kingdom
�Exhibit 12.1
CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER PURSUANT TO
EXCHANGE ACT RULE 13A-14(A)/15D-14(A)
AS ADOPTED PURSUANT TO SECTION 302
OF THE SARBANES-OXLEY ACT OF 2002
I, Ehud Mokady, certify that:
1.
I have reviewed this Annual Report on Form 20-F of CyberArk Software Ltd. (the “company”);
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements
made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial
condition, results of operations and cash flows of the company as of, and for, the periods presented in this report;
4. The company's other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act
Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the company and
have:
a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to
ensure that material information relating to the company, including its consolidated subsidiaries, is made known to us by others within those
entities, particularly during the period in which this report is being prepared;
b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our
supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting principles;
c. Evaluated the effectiveness of the company's disclosure controls and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d. Disclosed in this report any change in the company's internal control over financial reporting that occurred during the period covered by the
annual report that has materially affected, or is reasonably likely to materially affect, the company's internal control over financial reporting; and
5. The company's other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the company's
auditors and the audit committee of the company's board of directors (or persons performing the equivalent functions):
a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably
likely to adversely affect the company's ability to record, process, summarize and report financial information; and
b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the company's internal control
over financial reporting.
/s/ Ehud Mokady
Ehud Mokady
Chairman of the Board & Chief Executive Officer
Date: March 11, 2021
�Exhibit 12.2
CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER PURSUANT TO
EXCHANGE ACT RULE 13A-14(A)/15D-14(A)
AS ADOPTED PURSUANT TO SECTION 302
OF THE SARBANES-OXLEY ACT OF 2002
I, Joshua Siegel, certify that:
1.
I have reviewed this Annual Report on Form 20-F of CyberArk Software Ltd. (the “company”);
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements
made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial
condition, results of operations and cash flows of the company as of, and for, the periods presented in this report;
4. The company’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act
Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the company and
have:
a. Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to
ensure that material information relating to the company, including its consolidated subsidiaries, is made known to us by others within those
entities, particularly during the period in which this report is being prepared;
b. Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our
supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for
external purposes in accordance with generally accepted accounting principles;
c. Evaluated the effectiveness of the company’s disclosure controls and procedures and presented in this report our conclusions about the
effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d. Disclosed in this report any change in the company’s internal control over financial reporting that occurred during the period covered by the
annual report that has materially affected, or is reasonably likely to materially affect, the company’s internal control over financial reporting; and
5. The company’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the company’s
auditors and the audit committee of the company’s board of directors (or persons performing the equivalent functions):
a. All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably
likely to adversely affect the company’s ability to record, process, summarize and report financial information; and
b. Any fraud, whether or not material, that involves management or other employees who have a significant role in the company’s internal control
over financial reporting.
/s/ Joshua Siegel
Joshua Siegel
Chief Financial Officer
Date: March 11, 2021
�Exhibit 13.1
CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER PURSUANT TO
18 U.S.C. SECTION 1350
AS ADOPTED PURSUANT TO SECTION 906
OF THE SARBANES-OXLEY ACT OF 2002
In connection with the Annual Report of CyberArk Software Ltd. (the “Company”) on Form 20-F for the fiscal year ended December 31, 2020 as filed with the
Securities and Exchange Commission on the date hereof (the “Report”), I, Ehud Mokady, do certify, pursuant to 18 U.S.C. § 1350, as adopted pursuant to
Section 906 of the Sarbanes-Oxley Act of 2002, that to my knowledge:
(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
/s/ Ehud Mokady
Ehud Mokady
Chairman of the Board and Chief Executive Officer
Date: March 11, 2021
�CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER PURSUANT TO
18 U.S.C. SECTION 1350
AS ADOPTED PURSUANT TO SECTION 906
OF THE SARBANES-OXLEY ACT OF 2002
Exhibit 13.2
In connection with the Annual Report of CyberArk Software Ltd. (the “Company”) on Form 20-F for the fiscal year ended December 31, 2020 as filed with the
Securities and Exchange Commission on the date hereof (the “Report”), I, Joshua Siegel, do certify, pursuant to 18 U.S.C. § 1350, as adopted pursuant to
Section 906 of the Sarbanes-Oxley Act of 2002, that to my knowledge:
(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.
/s/ Joshua Siegel
Joshua Siegel
Chief Financial Officer
Date: March 11, 2021
�CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
We hereby consent to the incorporation by reference in the Registration Statements on Form S-8 (Nos. 333-200367, 333-202850, 333-216755, 333-223729, 333-
230269 and 333-236909) of CyberArk Software Ltd. of our reports dated March 11, 2021 with respect to the consolidated financial statements of CyberArk
Software Ltd. and the effectiveness of internal control over financial reporting of CyberArk Software Ltd. included in this annual report on Form 20-F for the year
ended December 31, 2020.
Tel Aviv, Israel
March 11, 2021
/s/ KOST FORER GABBAY & KASIERER
A member of Ernst & Young Global
Exhibit 15.1
�