This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
CyberArk Software Ltd.
8/10/2022
Good morning. My name is Rex, and I'll be your conference operator today. At this time, I would like to welcome everyone to the CyberArk Q2 2022 earnings conference call. All lines have been placed on mute to prevent any background noise. After the speaker's remarks, there will be a question and answer session. If you would like to ask a question during this time, simply press star followed by the number one on your telephone keypad. If you would like to withdraw your question, again, press star one. Thank you. At this time, I'd like to introduce Erica Smith, SVP Investor Relations and EFG. Ms. Smith, you may begin your conference.
Thank you, Rex. Good morning. Thank you for joining us today to review CyberArk's second quarter 2022 financial results. With me on the call today are Udi Mokadi, Chairman and Chief Executive Officer, and Josh Siegel, Chief Financial Officer. After prepared remarks, we will open the call up to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the third quarter, full year 2022, and beyond. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission, and those referenced in the press release today that are posted to CIDARC's website. CIDARC expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call. We also want to remind you we provide the calculated revenue headwind for additional color on the impact of our subscription bookings mix shift, but it should not be viewed as comparable to or a substitute for reported GAAP revenues or other GAAP metrics. The webcast of today's call is also available on our website in the IR section. With that, I'd like to turn the call over to our Chairman and Chief Executive Officer, Udi Mokadi. Udi?
Thanks, Erica, and thanks everyone for joining the call. We had an outstanding second quarter, best characterized by momentum. Momentum for our identity security platform, momentum across our solutions, PAM, Endpoints, Secrets Management and Access, momentum in the channel, and momentum with new logos and existing customers. Before diving into the details, I wanted to provide a few financial metrics that underscore our stellar performance. ARR remains the best metric to measure our success. Subscription ARR reached $255 million, growing 133% year-over-year, demonstrating the continued acceleration of our subscription engine. Total ARR grew 48% year-over-year, reaching $465 million, we are pleased with how quickly our recurring revenue business is scaling to our 1 billion ARR target. And total revenue exceeded our guidance range, coming in at $142 million, with growth accelerating to 21%. It is important to keep in mind that the subscription transition continues to impact our reported P&L. Or said another way, we are growing much faster than the 21% revenue growth we posted in Q2. In fact, Our bookings were again well above our guidance framework, best evidenced by the combination of higher subscription bookings mix at 88%, revenue above the guidance range, and nearly 50% ARR growth. The revenue headwind from the subscription bookings mix was about $16 million in the second quarter. Normalizing the mix to the second quarter of last year, our total revenue line would have grown by 35% this quarter. Josh will talk about it later, but given the strength of our execution, we are raising our full year revenue and AR guidance. Our pillars continue to be growth, innovation, and profitability. Starting with growth, over the last few weeks from the RSA conference to our recent impact customer event, we met with hundreds of chief information security officers and senior security professionals. Nearly every discussion centered on the major challenges facing the industry. The race to digitize, adopting zero trust, and staying ahead of attacker innovation are accelerating trends, pushing identity security to the top of the CISO priority list. Our strong secular tailwinds and execution have kicked our platform selling motion into a higher gear, which you see in some of the trends from the quarter. We surpassed 1,000 customers with over $100,000 in annual recurring revenue, up over 50% from Q2 last year. SAS continues to serve as the foundation of our growth, leading the way in almost all regions. Our move to a subscription business model is delivering transformative value both to us and to our customers. While PAM remains the predominant landing spot for customers, increasingly new logos are beginning their identity security program with endpoint and access, and then expanding back into PAM. And when it comes to access, our truly differentiated approach is resonating, delivering another strong quarter in Q2. we are creating seamless access across the entire workforce. The combination of single sign-on and adaptive MFA with innovations like secure web session and workforce password management, all based on intelligent privilege controls, is enhancing security and increasing productivity, a combination not replicated by any other vendor. We had impressive diversification in our new logos, signing nearly 250 customers in the second quarter, up over 30% year over year, and included enterprise wins like Fortune 500 manufacturing companies, banks, major retailers, critical infrastructure, and energy and power companies. Momentum continues to pick up in our commercial segment as well, with wins like a next-gen cloud fintech, a well-known conservation society, and multiple school systems, among many others. A few new business highlights include, in a Greenfield PAM deal, a North American retailer had two catalysts for implementing identity security, digital transformation, and cyber insurance requirements, one of the many examples of cyber insurance contributing to our business. This customer embraced our platform, buying Privileged Cloud, Endpoint Privileged Manager, Access, and Secrets Manager enterprise-wide, including protecting UiPath and ServiceNow through our C-cubed integrations. A restaurant chain landed with adaptive MFA, SSO, workforce password management, and advanced lifecycle management to help mitigate risk. Expanding to PAM is next on its horizon. Our landed expense strategy is demonstrated across examples like a Fortune 500 manufacturing company, landed with EPM in Q4, and after just two quarters is replacing a legacy PAM solution with our privileged cloud because of the amazing customer experience. In a highly competitive access deal, an existing PAM customer in the healthcare vertical expanded with single sign-on and MFA. The CISO cited key differentiators, such as our security-first mindset, and our unwavering commitment to maintaining long-term vision and purpose. A financial services company is expanding from PAM to protect Kubernetes at the edge and CI-CD pipelines with our Secrets Management solution. Secrets Manager has had a strong quarter and was included in eight of our top 10 largest wins. Momentum also continued across the partner ecosystem. We are particularly excited about strengthening our relationships with the SIs, managed security service providers, and with AWS. Our partners are building identity security practices with plans to significantly increase their business with CyberArk. Year to date, the number of CyberArk certified professionals has nearly tripled, with the average number of certifications across our products also trending up, a very strong indicator of the momentum with partners. We also deepened our relationship with AWS Marketplace, The deals close in Q2, and our strong pipeline gives us confidence that AWS will be a contributor to our growth over the long term. Moving on to innovation, the cornerstone of our strategy. Our DNA is innovation, and we challenge ourselves every day to lead the industry. We were pleased to be named a leader in the July 2022 Gartner Magic Quadrant for Privilege Access Management, positioned both highest in ability to execute and furthest in completeness of vision for the fourth time in a row. At our recent annual Impact Live customer event, we showcased the depth, breadth, and considerable differentiation of our identity security platform. We hosted more than 1,000 people in person and 2,000 virtually at our marquee event, and the feedback was incredible. Customers and partners recognized that we are putting much more distance between us and the competition. The benefits of our security-first approach are well understood and increasingly a priority in this severe threat landscape. We also demonstrated how we can elegantly secure all identities across environments while driving the business forward. A few highlights from the product announcements. Secrets Hub positions CyberArk as the backbone for secrets management for all application types across the enterprise. Developers seamlessly access secrets through familiar workflows in AWS. At the same time, the security team can secure and rotate all secrets in CyberArk. centralizing visibility and control with a single pane of glass across hybrid and cloud environments. This win-win solution increases alignment between cloud-native DevOps and security. It is a game changer. Conjure Cloud is now in early availability. In addition to faster deployment and time to value with SaaS delivery, much of the power of Conjure Cloud comes from the tight integration into our identity security platform. In Access, we introduced Identity Flows, which streamlines workflow with advanced and modern no-code application integration and automation. And Identity Compliance streamlines Access certifications campaigns with comprehensive risk-driven identity analytics. Secure Cloud Access marks the third solution, along with Cloud Entitlements Manager and Dynamic Privilege Access in our Cloud Privilege Security Pillar. Going well beyond just-in-time, basic just-in-time, secure cloud access integrates session monitoring and enhanced least-privileged permissions for DevOps and cloud consoles. This functionality significantly enhances security and better aligns to the principle of zero trust. To accelerate our development in cloud security, in July, we acquired C3M, a provider of multi-cloud security and compliance solutions for AWS, Azure, and Google Cloud Platforms. We are pleased to welcome about 40 talented cloud security experts and are looking forward to working together to deliver against our cloud-privileged security roadmap. Moving on to profitability. Our reported P&L continues to be impacted by the subscription transition. We haven't changed our investment approach. We are delivering excellent returns, including rapid revenue growth rates and accelerated innovation. We expect to be a Rule of 40 company with strong growth, profitability, and cash flow, we move past the subscription transition dynamics before I turn it over to Josh I want to talk about the macro environment the broader economic uncertainty we are all hearing about has not impacted our business we are watching very closely and analyzing the trends in our business more frequently we continue to execute our strategy our close rates are strong our pipeline is at record levels and we are seeing an acceleration in demand in fact The first half of 2022 was one of the best in the company's history and our Q2 performance demonstrates. First and foremost, identity security is more critical than ever. Second, our identity security platform is gaining momentum and we are increasingly protecting across workforce identities, privileged users, and machines. Third, we are in the best competitive position in our history. And lastly, we are increasingly confident in our ability to execute against a multi-year durable growth opportunity. I will now turn the call over to Josh, who will discuss our great financial results in more detail and provide you with our outlook for the third quarter and full year 2022, including raising our total revenue and ARR guidance.
Josh, off to you. Thanks, Udi. As in prior quarters, we posted slides to the website that walk through our results. As Udi mentioned just now, we had a stellar second quarter. Momentum continues to build in our business, fueled by amazing execution, strong secular tailwinds, and a robust demand environment. In terms of the headline P&L, total revenue exceeded guidance coming in at $142.3 million in the second quarter, with growth accelerating sequentially to 21% year-on-year from the 13% growth rate in the first quarter of 2022. We are thrilled to begin exiting the revenue trough created by the subscription transition and be back again above 20% growth. Annual recurring revenue continues to be the best metric to evaluate the business and remained incredibly strong in the second quarter, growing 48% year-on-year and reaching $465 million. The business continues to fire on all cylinders and grow at high rates. The subscription portion of ARR reached $255 million. That's increasing 133%, and now represents 55% of our total ARR. Just a year ago, the subscription portion was only $109 million, or 35% of the total. The maintenance portion was $210 million on June 30th, and in large part because of the timing of renewals. Moving into the details. Subscription revenue generated from SaaS and self-hosted subscription contracts reached $66 million and represented 46% of total revenue in the second quarter, with growth accelerating to 144% year-on-year. Consistent with the progression of our business model to subscription, perpetual license revenue came in at about $11 million. Our maintenance and professional services revenue was $65.3 million with $54.4 million from recurring maintenance and $10.9 million in professional services revenue. Recurring revenue reached $120.4 million. That's 85% of total revenue with growth accelerating to 49% year-on-year. We are pleased to be quickly approaching our target of more than 90% of revenue coming from recurring. Before moving on, I wanted to point out that we did have a negative currency impact, which lowered our total revenue by about $2 million in the second quarter, making our outperformance even that much more impressive. Our subscription bookings mix was 88% in the second quarter compared to our guidance of 87% booking mix. With our mix and revenue both above expectations, highlights that total bookings again exceeded our guidance framework. Economically, the headwind created by the mix was approximately $16 million in the second quarter when we compare it like for like to the second quarter last year with only 65%. Taking the calculated revenue headwind into consideration, total revenue growth would have accelerated to 35% year on year. As a reminder, our second quarter guidance implied about a 30% growth rate normalized for the transition. So exceeding that by a full five percentage points is just another indication of the strength of our outperformance in the second quarter. Geographically, the business is well diversified. The Americas revenue reached $84 million, representing 59% of total revenue. The Americas grew by 21%, and again, had the strongest percentage of SaaS bookings during the quarter. EMEA also grew by 21% year on year, with $44 million in revenue, or 31% of total revenue. APJ grew by 25% to $15 million in revenue, or 10% of total, and continues to gain traction with subscription and staff ahead of our expectations. If we look across all the geographies, normalizing for the mix, the Americas and EMEA revenue would have grown by approximately 35%, and APJ by about 40%. Now moving to the P&L. All line items in the P&L will be discussed on a non-GAAP basis, and please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our second quarter gross profit was $116.9 million, or an 82% gross margin. That's compared with 84% gross margin in Q2 last year, and it's primarily the result of the increase in our SaaS business. We continued to make investments to drive innovation and growth, resulting in operating expenses of $127.5 million, a 33% increase year-on-year, and an operating loss of $10.7 million in the quarter. Our operating results were lowered by approximately $16 million from the calculated revenue headwinds. Normalizing for this mix, operating margin would have been a positive 3% in the second quarter. As a reminder, this only level sets the mix to the prior year and not all the way back to the beginning of the transition, which would result in even a much higher operating margin. Net loss was $10.7 million, or 27 cents per diluted share, for the second quarter. We continue to attract and retain top talent. That's a testament to our culture. We added just over 130 employees in the second quarter, ending June with over 2,400 employees worldwide, including about $1,100 in sales and marketing. For the first half of 2022, free cash flow was $6.6 million, a 2% free cash flow margin, and we continue to have a strong balance sheet, ending the quarter with $1.2 billion in cash investments. Turning to our guidance. Our guidance for the third quarter and the full year reflects robust industry tailwinds, strong execution, and our growing ARR base. For the third quarter of 2022, we expect total revenue of $147 to $153 million, which represents another sequential acceleration of our growth to 23% year-on-year at the midpoint. We expect a non-GAAP operating loss of about $11 million to $6 million for the third quarter, and we expect EPS to range from a non-GAAP net loss of $0.27 to $0.14 per basic and diluted share. Our guidance assumes that our subscription bookings mix will remain over 85% and that the resulting calculated revenue and profitability headwind will be between $9 and $11 million for the third quarter. If you normalize for the mix, our estimated revenue growth at the midpoint of the range is over 30%. Since we have now exceeded our target for subscription bookings mix for the last two quarters, Going forward in the second half of 2022, we will only start to provide a range for MIPS and HEDWIN versus the specific targets. Our guidance also assumes 41.4 million basic and diluted shares and about $2 million in taxes. For the full year of 2022, we are raising the midpoint of our guidance and now expect the total revenue in the range of $589 to $601 million. Our guidance assumes a subscription bookings mix in the high 80s and our revenue headwind of between $61 and $63 million. So if you normalize for the mix, our estimated revenue growth at the midpoint is over 30%. For the full year, we are improving the range for our non-GAAP operating loss to be $30.5 million and $20.5 million, and we expect our non-GAAP debt loss for basic and diluted share to be in the range of 82 to 57 cents. For the full year, we expect about $40.7 million basic and desert shares and about $11 million in taxes. We are pleased that our operating loss and EPS range are improving while facing currency headwinds and absorbing the increased operating expenses from the acquisitions of Appy and C3M. Our improved bottom line is further validation that our approach to profitability has not changed. Today, the profitability of our business is still masked by this subscription transition, and we expect to return to a Rule 40 company once the transition dynamics play out. We are also meaningfully increasing our full-year guidance for ARR, which we now expect to be between $543 million and $549 million at December 31, 2022, or that's 38% to 40% year-on-year growth, respectively. We are thrilled to raise our ARR guidance, which demonstrates the considerable strength we continue to see in our business. While we experienced over a $2 million sequential increase in maintenance ARR in the second quarter, we still anticipate that maintenance ARR will decline in the back half of the year. I would also add, we do not anticipate products from APPE and C3M to contribute to ARR or recognized revenue in 2022. I did want to mention FX. While we do not plan to provide our results in constant currency, isolating the impact from FX reinforces the overall strength of our outperformance and our guidance raised. We expect to see a full-year estimated currency impact to annual recurring revenue of about $5 million for the full year, and that's related to the pound and the euro. We also estimate that the recent currency moves will lower our recognized revenue by about $5 million and that the net impact will lower operating income by about $3 million for the full year of 2022. That's compared to the rates last year. These currency moves are already reflected in the guidance I provided just a few minutes ago. Moving to free cash flow, we still anticipate that it will be in line with our non-GAAP net income margin over a 12-month period. Second quarter was another strong quarter. As Udi mentioned, our results demonstrate that momentum is our in our business is still building. We are confident that demand for our identity security platform is highly durable. We remain focused on capitalizing on the massive opportunity in front of us that will deliver profitable growth and strong cash flow, creating long-term value for our shareholders. I will now turn the call back over to the operator for Q&A.
At this time, I would like to remind everyone, in order to ask a question, Press star then the number one on your telephone keypad. We'll pause for just a moment to compile the Q&A roster. Your first question comes from the line of Saket Kalia. Your line is open.
Okay, great. Hey, good morning, guys, and thanks for taking my questions here. Good morning, Saket.
Hey, good morning, Udi. Maybe just to start with you, from a product perspective, it sounds like you're seeing more deals include Access and Conjure, or Secrets Management rather, given the competitors in those spaces, can you just talk about why you think Cybark is winning and whether you think the strength in cross-selling here is sustainable?
Absolutely. I would say that the go-to-market motion of selling identity security as a platform, and again, with our leadership position, coming from a leadership position in Privileged Access Management, is really continuing to gain traction. Customers are recognizing the need for complete security solutions all the way from human identities to workforce and machines. And to your point, we're seeing customers land with more solutions and adding on more users faster. We had more than 60% of our new logos landed with multiple products in Q2. Now it's highly differentiated. On the access side, we're highly differentiated with having security controls wrapped around the various use cases with secure web sessions, with workforce password management, which gives customers peace of mind that we're taking a security approach to access. And on the secret side, customers are appreciating that we can support all types of applications at scale and with the new innovation like Secrets Hub that we announced that we're taking an approach that bridges to the DevOps, allowing them to work transparently and with high productivity. So all of that is taking place and definitely we expect both the landing with more products and that cross-sell motion to continue. Got it. Got it.
That's really helpful. Josh, maybe for you as a follow-up, just to address the topic of macro backdrop. Both of you have seen ebbs and flows in the macro backdrop before here at Zybruck. Josh, maybe for you, how are you handicapping that potential in the guide? Because it is a very strong guide, particularly when you adjust for FX. Whether you have a quantitative answer there or a qualitative answer, I think it'd just be helpful to hear kind of how you thought about that.
Yeah. Thanks, Zach, for the question. And I think it's both quantitative and qualitative to a lot of extent. You heard our remarks already today. On a quantitative perspective, we're doing and looking at our guide in the same way we always have. We look at our historical trends, but we're also looking at the current pipeline, our current close rates. And of course, quantitatively, I already discussed in my remarks kind of the impact of taking into consideration the change in FX, how that's affected, how that's impacted both our revenue net income and our ARR guidance, but we still were able to raise even with that FX impact. From a qualitative perspective, I mean, you heard a lot of comments by Udi and by myself, you know, The macro environment, we're hearing still very strong feedback from customers. And we're seeing in terms of our responses on the pipeline that identity security is remaining a top priority. And there, you know, budgets seem to still be safe. So we're using that as well in our guide. But we are an experienced team. all of us around this table, and we have a lot of fingers on the pulse and we're increasing our touch points all the time with the field, and we feel like we're in good shape and confident in the way we're looking at the second half.
And I would say, second, that I love that we finished our transition because it sets up, with this high priority for identity security and previous access management, it sets us up for this long-term durable growth
including in this market environment. Very helpful. Thanks, guys. Your next question comes from the line of Hamza Faderwala.
Your line is open.
Hey, guys. Good morning. Thank you for taking my question. Maybe jump off for either Udi or Josh. Can you talk a little bit about how the SaaS transition or the subscription transition overall has perhaps made you more resilient in this current macro backdrop? It seems like, you know, is there something going on in terms of shortening of sales cycles or more upsell momentum through the partners even that's kind of separating your performance versus maybe prior macro cycles where, you know, you would have seen those headwinds more upfront? Yeah, absolutely.
I think like I mentioned now, we're pleased to be in this position where our market, I would say from a demand environment, we are in high priority and build such a big pipeline. And then we can execute on it with this SaaS motion where we can land, provide quick time to value so quickly to the customers and then get them into the add-on motion much faster and And again, also the variety of landing spots that we now have across the portfolio. Again, SaaS landing spots with APM, with Access. We now came out with Conjure SaaS and, of course, with Privileged Cloud. So having the multiple landing points on all centralized platform were really beneficial for this, including in this environment. And I think, like Josh emphasized, we really have strong controls into the field to see the increased demand, the record pipeline, and so it's kind of a perfect way to execute with the SaaS platform on the opportunity.
Maybe just a quick follow-up perhaps for Josh. I know it's really early, but when you look at the early cohorts of the subscription or SaaS customers that have started to come up for renewal, what do those net expansion rates look like so far?
Yeah, I mean, you are right, Hamza. It's still early. But what we've seen now so far is really what we consider best in class in terms of what, you know, how we're getting renewals and also expanding and retention rates for them. But, you know, we're still early in that cycle in the first duration period of the transition. But we like what we see so far. Okay.
Thank you. Your next question comes from the line of Rob Owens. Your line is open.
Great. Thanks for taking my question. Josh, as you talk about making it through the revenue transition, but you obviously have a lag when it comes to operating profitability, free cash flow. Can you remind us how long that lag is and when you expect to return to kind of that rule of 40 company from a profitability standpoint? Thanks.
Yeah, Rob. Yeah, you're right. You know, we've always talked about kind of the lag, you know, being, you know, a couple of quarters past the transition. So, you know, we're not obviously guiding it into later years, but we definitely, you know, feel comfortable and confident that, you know, 2023 operating margin will already improve incrementally to 2022. And, yeah, you know, where, you know, we believe that over the, in the next couple of years, we will already be seeing, you know, Rule 40, you know, results. But, you know, stay tuned. We'll talk about, you know, out years as we finish up 2022. But we are confident that in a couple of quarters, the operating income margins will start to improve as it should coming out of the transition.
Great, thank you. Your next question comes from the line of Fatima Bulani. Your line is open.
Good morning. Thank you for taking my questions. Hey, Udi, I wanted to go back to your comments in the script around SIDELARC landing new logos within EPM and the AAM suite of solutions. I thought that was really interesting because PEM is, of course, your flagship. I'm curious to get your perspective on what it's going to take either from you from a sales execution standpoint or from a market level standpoint to get the AAM franchise to be as large as the PAM franchise and then have a follow-up for Josh, please.
That's great. I would say we're seeing, like I said, landing with Privileged Cloud, EPM, Secrets Management, and Access. So those have all become landing spots from us. And in fact, the subscription ARR for all of these doubled if you look at queue over queue in all of those solutions. So we're very excited how they're performing. As you recall, we structured a speedboat structure to allow us to really execute on the opportunity and be very agile on both access and and our secrets management areas. I love your question. I mean, that's the approach we have with secrets management. We believe that human identities, that the non-human identities are fast expanding. In the recent conference, we put out a survey that we had that there are 45 non-human identities for every human identity in enterprise. So those are exploding with digital transformation, and we're going after that with a single platform. So we see the opportunity, we're executing on it. Part of the how is what I mentioned, bridging the gap between security and DevOps, and we're doing it the CyberArk way, not coming in with a very strong security solution, but understanding that developers want to work transparently. The announcement of Secrets Hub, which is our first foray, was Secrets Hub integrating with AWS, a key management solution so that the developer can develop on AWS and transparently work the same way while security gets our central backbone with CyberArk being behind the scenes rotating and managing all those secrets. So that's an example of how we're expanding and we're going to go after all of the cloud providers in the same fashion.
I think you had a follow-on question. Hi, Russ. Greg Moskowitz, your line is open.
Okay. Thank you very much, and congratulations on a very good Q2. The increased ARR guidance was impressive, and especially on a constant currency basis, given the macro environment that we're in. So, you know, two questions here, if I may. Udi, some security and broader software vendors who have recently reported earnings have spoken about longer sales cycles among larger enterprise customers. Obviously, CyberArk's focus is the enterprise, so I just wanted to... you know, confirmed that you are not seeing any elongation in sales cycles among any of your customer segments, including at the enterprise level. And then secondly, for Josh, you know, did the prior ARR guidance, which I believe was 535 to 541, did that not include any FX headwinds? Just wanted to clarify that as well. Thanks.
Great. So, Greg, you're correct. We are not seeing that. I think we're performing exceptionally well as we as we've shown in the results and have not seen any impact on close rates. And actually I talked about the strong pipeline or on the speed of going through the cycle. So things are business as usual. And I think it's really down to us being a very impactful security layer for our customers and our projects are important and going through. As Josh mentioned, we keep a close eye. We're very connected to the field. And we're seeing the same cycles and priority actions actually continuing to move up. In some of the large deals, we've seen more approvals in the process, but it did not slow down the business. And again, identity security is a top priority. Okay.
And Greg, with response to the FX question, so the last ARR guide that we put out there included about 1 to 2 million of FX impact, consider that.
All right, super helpful. Thanks, guys. Thank you. Your next question comes from the line of Brian Essex. Your line is open.
Great, thank you. Good morning, and thank you for taking the questions and really nice set of results here. Maybe, Josh, your end, really nice sequential increase in net new ARR. As we think about the guidance and the setup for the back half of the year, how do you think about seasonality, perhaps a mix of term and SAS in there, and how do we get confidence? I mean, it looks like you've got a little bit more difficult comp in 4Q for net new ARR growth, but just maybe give us a sense of how you're thinking about the guidance. and the level of confidence you have to hit that and considerations you might need to make as we, you know, fine tune our model.
Yeah, thanks, Brian. So, you know, level of confidence, and we've been talking about it all morning, you know, we're confident to guide for the increase, which is significant, as you pointed out. So, and it's going to come from the SaaS and subscription piece of the business, as we talked about. Actually, the maintenance, You know, ARR could see some decline in the back half, and we're going to go into more than make up for that with SaaS and self-hosted subscription. I think the business is continuing, you know, with two-thirds of it being SaaS-heavy versus self-hosted, so I would continue to see that, you know, going into the second half. In terms of seasonality, you're right, Q4 has a difficult compare. And, of course, we're much closer. So I think that it'll be probably a slower growth rate than Q4 compared to Q3.
Got it. That's super helpful. Maybe if I could just sneak one more in. You mentioned marketplaces, the traction there. It sounds like this quarter, particularly within identity, there's an increasing amount of business going around the resellers and through the marketplaces. I know it's kind of early stages for you, but could you give us maybe a sense of what you're seeing and what are the dynamics of those deals? Or is it enterprises just kind of chewing up commitment? Or is there kind of like new initial traction going through that channel?
You're referring to our commentary on AWS marketplace? Yeah. I would say it's down to the increased awareness of the ability of enterprises to leverage their relationship with AWS and procure and I would say leverage the faster process. We saw an incredible pipeline build up and I can say that that in this first half we had more business through AWS than in the entire year 2021, which was kind of the year that we announced the marketplace. And that's augmenting the channel, and that's what we really love about it is that we can work with our system integrators and with our VARs, but the last mile can be fulfilled through that AWS marketplace. Resellers. AWS, I would say, streamlined that process. So it's inclusive to the channel partners, and it's all part of an ecosystem that's working together. They actually really recognize that it's also good for them. I mean, they being the VARs and the integrators, it's good for them to also partner on the AWS front.
Your next question comes from the line of Roger Boyd. Your line is open.
Great. Thanks for taking my question, and congrats on the nice results. Udi, you had mentioned MSSP partners in your prepared remarks, which I think is a relatively new channel for CyberArk. You talked a little bit about the certifications of 3x, but can you just talk about the momentum you're seeing there, the potential for that channel maybe as you work further into the commercial cohort?
Yeah, exactly. We see that as a long-term important channel movement for us. Many of our existing partners are in strong relationship. Our partners are actually building managed security service providers capability because their customers are coming to them with that motion of shortage of staff or as they go further down market and they want them to manage it completely. And the identity security platform, our platform really resonates to that, that our partner can deliver value by by being a managed service provider. So I would say it's a relatively early program, but we're seeing that kick in. We sometimes see large enterprises benefit from, for example, from a telco that launched an MSP and is managing end-to-end PAM for a customer or or an MSP that launches and goes after and helps us go after the mid-market, like you mentioned. So it's a dual motion, and we're making it continuously easier for these partners to learn how to onboard new customers and certify and leverage our platform. I would say it's early days, but on fast growth, and we'll see it be an important motion for us for many years.
Your next question comes from the line of Adam Borg. Your line is open.
Hey, guys, and thanks so much for taking the question. Maybe just on cyber insurance, you talked about that in the script. I know we've talked about that in the past. It just seems that there's more and more challenges and heightened awareness about organizations getting cyber insurance to begin with. So I'd love to hear more about the demand driver of cyber insurance overall. What ending are we in with that? And even if there's regional differences between what you're seeing in the U.S. and internationally. Thanks so much.
Absolutely. So I'll start with the innings. I think it's still early innings, but we added kind of to the list. We already have a lot of secular trends pushing offering, but we would add it as an additional driver where customers trying to obtain cyber insurance, the requirement is for them to have privilege access management controls, MFA, single sign-on, really the important proactive security hygiene layers, and they know that CyberArk is market leading and can be, they can also achieve success with us. Of course, the insurers also view CyberArk as a market leader in the space. So we primarily, like you mentioned, we primarily see it in the U.S. It's often this additional driver or accelerator on a deal, or I would say not often, but when it shows up, it becomes an additional accelerator on a deal, but it's still early innings. And then we're actually investing in educating both insurers and, of course, everything that we do around the broad customer base and prospect base, because we believe it will trickle to additional markets like the European market, where where it will become a requirement, and with all the experience we have, and insurance customers as customers themselves, really, the major ones, that it gives us a great advantage in capitalizing on that.
Your next question comes from the line of Jonathan Ho. Your line is open.
Hi, good morning, and congrats on the strong quarter. I wonder, you know, could you maybe quantify or help us understand, you know, how much of your existing license base is shifting from permanent license to SAS and maybe how that impacts ARR?
Yeah, and still, if we're talking about, you know, the notion of converting from perpetual to SAS, it's still a very small percentage of the book. Of the ARR, it's still in single digit percentages. of the ARR growth that we're seeing is coming from conversion.
Which is great upside for us because we're seeing that we're landing a lot of SaaS. The vast, vast majority of new logos have been landing with SaaS and subscription and we're working closely with the customer base to convert when they are ready to convert. Of course, we We've shortened maintenance cycles to usually be a year, and it gives us more opportunities for those conversion conversations. But also existing on-prem customers are buying, complementing, and adding SaaS solutions to complement their on-premise solutions. So we have all of that at the same time.
And thanks for the congrats, Jonathan. Your next question comes from the line of Eric Heath.
Your line is open.
Hey, Uri, Josh. I'll echo my congrats as well. So Uri, I mean, you continue to execute really well. It's pretty clear, but I think it's also pretty clear that PAM is kind of having really strong kind of demand as well. So just curious your thoughts on kind of why PAM continues to see such strong demand and even accelerating demand. And I guess how it sees us thinking about PAM strategically as part of their kind of broader move to the cloud and and zero trust architectures?
Yeah, it's exactly that. It's exactly that. It's become increasingly clear that the CISO cannot sleep at night if they don't have controls over privilege access, where basically an insider or an outsider can take over their entire infrastructure, turn off security controls. So it becomes a fundamental layer one before you can really put additional security layers in place. And then in parallel, we're seeing the proliferation of privilege. So it was maybe a little easier to map out where organizations had privileged users to be managed in more on-prem infrastructure and with the proliferation and adoption of cloud. And of course, more and more examples where a workforce employee or a developer has privileges, they need a holistic solution to go to go after all of this. Now, you can't achieve zero trust if you don't have privilege access management controls in place, if you don't apply least privilege on the endpoint, which is our EPM. And it's been really, the market has been understanding that. Our strong channel network that we've built, including the big fours and advisory firms that are educating CISOs out there and, of course, the VARs. And it's become a clear layer on how do you achieve an impactful layer. And, of course, every time a company does red teaming exercise or brings a third party to analyze their security posture, first and foremost, if they capture the flag and they achieve privilege access, it's game over. And so that's why it's so important for them to to invest in this, and that's why it is in such high priority. As a company, we're going after it, like Josh mentioned, we're investing in the opportunity, leveraging our market leadership positioning, leveraging the strong channel network to go after both the PAM and the broader identity security opportunity.
Your next question comes from the line of Joshua Tilton. Your line is open.
Hey, guys. Thanks for taking my question, and congrats on the quarter as well. I wanted to follow up on Hamza's question, but I wanted to put the macro aside. How much easier for you guys has the cross-sell conversation become with customers simply because it's now just one SaaS-based platform where, as a customer, I can just easily turn on additional functionality versus when you sold separate perpetual licenses?
Yeah, it's exactly that. The fact that they are onboarded on a SaaS platform, they can get early access to additional functionality. They see the light and we saw the light. All of the investment in pushing out and investing in creating the SaaS platform, leveraging our strong credibility out there in the market for our leadership is paying off to exactly that motion. This is why I would say in the last two years, we really invested in the customer success team to measure and continuously take the customer on these journeys to success so that they can expand within the solution they first acquired, but also cross-solution as they go with no need to set up infrastructure like you mentioned with really the power of SaaS.
Your next question comes from the line of Trevor Walsh. Your line is open.
Great. Good morning. Thanks for taking my question. Udi, maybe just for you a quick one. I appreciate the fact that the demand has remained strong and no lengthening of sales cycles, et cetera. But as we move into 2023 and things potentially get more challenging for customers, How do you balance the innovation pillar versus growth as far as maintaining your competitive edge around the products and engineering org versus the go-to-market team? How do you think about that as you might have to either tighten belts in certain places or pick one over the other, or is there an option three? Thanks.
Josh alluded to it. There's a real advantage of being experienced. We've been around. We've been around cycles. I would say we keep close attention to changing themes probably earlier than others do, and we're very, very diversified. So we're very diversified geographically. We're very diversified vertically. And now we have such a huge portfolio, a SaaS portfolio to go on the market with. So we have a lot of different levers. As Josh mentioned, we're investing in the opportunity because we're seeing that high demand and record pipeline. And we'll continue to stay close to that. On the innovation side, it's been a big differentiator for us. And customers appreciate that. So it kind of... Success breeds success. They see us coming out the first to come to market with any new innovation on the PAM side or an identity security side or secure web session, coming out with Secrets Hub. The various announcements we just did at Impact are strengthening the customer conviction to invest in us and go for the platform. So the short answer, we're going to continue to do both. because that innovation leads to that success in this very important market. And, of course, you know, we've always stayed away from nice-to-have innovation. It's always been protecting against attacker innovation, so we'll always keep it real.
Your next question comes from the line of Alex Henderson. Your line is open.
Great, thanks. I have two questions, one on the product side and one on the OpEx side. On the product side, I was wondering if you could talk a little bit about your success in penetrating the coding community and to what extent you're finding an ability to compete more aggressively on the code as infrastructure side of things. But the primary question is really on the impact of FX on operational costs. Can you talk a little bit about how you're structured against the currency changes, to what extent that's going to play through the cost structure in the back half of the year, or if it's hedged, how you would be impacted in 2023 if the exchange rates, particularly the shekels, stay where they are today? how much of a benefit would that accrue?
Great. So I'll start and I'll hand it over to Josh to talk about FX. I think we're making great progress on penetrating the coding community, but doing it the Cyborg way. So coming in with that credibility from the security teams, where the security teams know that this is a solution that they trust, and increasingly making it more transparent to the coders. So reducing the need to even educate them Secrets Hub, of course, is a great example where an AWS, where a developer using the AWS platform will not even feel or know that behind the scenes CyberArk is the backbone that is managing secrets. But also before that, we made it continuously a very, very native approach to the developers. I would say we're kind of digging the tunnel from both sides, coming in from security where it's our stronghold. but also having ease of use and slash transparency for that developer. And again, we're very confident that executing on the Secrets Hub solution and doing more of that will really make it easy for developers to adopt.
Yeah, hi, Alex. With regard to the FX, so as I talked about earlier today, While we're getting about a $5 million hit on the P&L from a revenue perspective, it's only a $3 million hit on the operating income because we're getting this year some benefit on the expense side in sterling and euro by about $2 million in that guide. The shekel is not really moving for us this year relative to guide because we've been pretty well hedged for this year from the beginning of the year. If we think about next year, you know, again, on the shekel side, it really depends. I mean, we've gotten a little bit of some benefit towards the beginning of next year because of where the shekel has weakened in the last quarter. But it's still too early to tell what will be the impact for all of next year because we typically won't go a hedge out further than 9 to 12 months.
Your next question comes from the line of Andrew Nowinski. Your line is open. Great. Thank you.
I was wondering if you think the acquisition of Ping Identity could have the same near-term impact that we saw when some of your primary PAM competitors were acquired in 2018, given the disruption that these acquisitions typically create. And then related to that, Are customers asking CyberArk for a more integrated IGA solution to complete the platform? Thanks.
Okay, great. So we weren't seeing ping a lot in competitive situations, but fully agree with the premise, and we've seen it again and again that as companies have been acquired by private equity, there was disruption out there. We've even seen channel partners really worry about those companies that – that went private. Are they going to continue to invest in the enablement and all the things that channels need for success? And of course, customers want to know that in critical investments that they have a long-term partner out there. So there will be some disruption. And again, we're going after that market. We haven't seen them as much, but I agree on that premise. And with regards to IGA, our approach, and you saw that we've released our identity compliance or announced our identity compliance solution at impact. It's really taking care of, I would say, very focused use cases, allowing our PAM or Access customers to certify access. And if they want a full-fledged IGA solution, we continue to refer them to our partner SailPoint. I think in the long term, we will see more convergence with more modern use cases that we will be able to answer within the platform.
There are no further questions.
At this time, I would like to turn the call over to Udi Mokati for closing remarks.
Great. Thank you. We are thrilled with another stellar conversation. and the momentum of our identity security platform. And as always, I want to thank our customers and partners for being the cornerstone of this success. I also want to extend special appreciation to the entire CyberArk team around the world for their hard work and strong execution this quarter. Thank you very much, and thank you for all those who joined the call today. Thank you.
This concludes today's conference call. You may now disconnect.