8/10/2023

speaker
Operator

Today's conference is being recorded. All lines have been placed on mute to prevent any background noise. After the speaker's remarks, there will be a question and answer session. If you would like to ask a question during this time, simply press the star key followed by the number one on your telephone keypad. If you would like to withdraw your question, press star one again. At this time, I would like to turn the conference over to Erica Smith, SVP, Investor Relations, and ESG. Please go ahead.

speaker
Erica Smith

Thank you, Audra. Good morning. Thank you for joining us today to review CyberArk's second quarter 2023 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer, and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the third quarter, full year 2023, and beyond. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20F, filed with the U.S. Securities and Exchange Commission, and those referenced in today's press release that are posted on CyberArk's website. Cyber expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in the updated investor presentation that outlines the financial discussion in today's call. A webcast of this call is available on our website in the investor relations section. With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?

speaker
Audra

Thanks, Erica, and thanks everyone for joining the call today. Momentum continues to build across our business. Our strong second quarter performance underscores the three key reasons we are winning. First, the power of our identity security platform to drive our land and expand motion. Our comprehensive portfolio and the depth of our SaaS solutions are continuing to increase the velocity in our business. Second, identity security is a non-negotiable requirement for organizations. This is only amplified by the ever-increasing importance of protecting hybrid and cloud-native environments. And third, we are executing against their strategic imperatives, accelerating our platform selling motion, extending our reach through the channel, enhancing our customer success organization, and delivering cutting-edge innovation. The strength of our execution and the durability of demand is evident in our performance. Subscription ARR reached 451 million, growing 77% year over year. Total ARR reached 653 million, growing 40 percent. We added a robust 49 million in net new ARR, and we exceeded our guidance range across revenue, operating loss, and EPS, with total revenue growing 24 percent to 176 million, non-GAAP operating loss coming in at 6 million, and non-GAAP earnings per share of 3 cents, all above the range. I am incredibly proud of how we are navigating the macroeconomic backdrop. Our go-to-market teams continue to adjust their selling approach to overcome the increased deal scrutiny and longer approval cycles that we have seen for several quarters, enabling us to deliver a really well-executed performance. We had a strong new business quarter, and customers continued to broaden their CyberArk relationships, buying new users and expanding to new solutions across the platform. Our pipeline continues to build at a record pace. Deals are progressing, and our win rates are really strong. We hosted our Impact customer event in May. It was great to see so many of you who attended in person, and we appreciate those who tuned into the virtual sessions. Impact in Boston is our marquee event, but we are also hosting our Impact World Tour across 20 cities across the world throughout the summer and fall. Over the last few months, we have touched thousands of customers, prospects, and partners as part of this program. The feedback is resoundingly positive. We are helping customers mitigate risk and drive efficiency as they manage the explosion of new identities, new environments, and new attack methods. Moving on to the details of the quarter, we will frame the discussion around growth, innovation, and profitability. Starting with our growth drivers, A typical organization has thousands of unique identities, and those identities have more access today than ever before. In a recently released identity security threat landscape report, every organization we surveyed expects an identity-related compromise in the year ahead. And more than half say this will happen as part of a digital transformation initiative. Generative AI is compounding these trends. Attackers are innovating faster than ever. and are more sophisticated, further elevating the urgency for comprehensive identity security. As a result, organizations are consolidating across security vendors based on trust, what we refer to as a consolidation of trust. They are choosing long-term partners like CyberArk because of deep domain expertise, leadership position, breadth of platform, and superior technology. Our differentiation includes our ability to secure all identities, human and machine, as they access all environments, including hybrid and multi-cloud environments, while applying our comprehensive intelligent privilege controls across standing access, just-in-time access, and our zero standing privilege approach. Our most recent product introduction, Secure Cloud Access, which provides secure native access with zero standing privileges across multi-cloud environments is resonating with customers. When combined with just-in-time access for cloud workloads, it creates the ability for customers to reimagine their PAM programs. In addition, when secure cloud access is combined with Secrets Hub and Conjure Cloud, developers and the security teams can innovate even faster in the cloud. For the workforce, we take this one step further, providing privileged controls to the enterprise with secure web sessions and workforce password management. These are great examples of how our platform is delivering compelling value to customers and driving our long-term growth. Our innovation engine and go-to-market execution contributed to our strong new business quarter and 235 new logos. While PAM continues to be the primary landing spot Our platform has been key to our success, with customers increasingly landing with two or more solutions. Digging into a few wins in the quarter, driven by cyber insurance requirements, an industry-leading Fortune 500 transportation company wanted a solution that would evolve and scale with the company's cloud strategy. In addition to Privileged Cloud, the customer will centrally secure human and non-human privilege access, across its global multi-cloud infrastructure with secure cloud access and Secrets Hub. As part of its zero trust strategy, a leading cybersecurity company landed with our endpoint privilege manager to remove local admin rights from all endpoints and help mitigate the risk of ransomware attacks. A leading telecommunication provider in South America is embracing our identity security platform to achieve operational efficiencies and measurable risk reduction. This customer is consolidating vendors and will be using the CyberArk platform, including PAM, Endpoint Privilege Manager, and Secrets Manager across all seven of its companies. The velocity of our business is also picking up as customers achieve faster time to value with our SaaS solutions. The success of our land and expand motion is represented by the nearly 40% increase in customers with more than 100,000 in annual recurring revenue to approximately 1,500 at the end of Q2. A few examples include a global 500 energy company embraced our identity security vision and expanded from a large PAM footprint to DevOps and cloud security in Q2 with Conjure Cloud, Secrets Hub, and Secure Cloud Access. An auto manufacturing company who bought CyberArk PAM in the third quarter of 2022 was looking to expand with a modern identity security partner. During the second quarter, they bought more privileged cloud and added Workforce Password Manager as its first CyberArk identity solution. Accenture is one of our most successful advisory partners with a strong CyberArk identity security practice. Given their deep understanding of the security market, we are pleased they will expand their use of CyberArk Privileged Cloud to deliver advanced cybersecurity controls for clients and also utilize it themselves. We look forward to continuing to extend our relationship with Accenture. The channel is extending our market reach with more feet on the street and more services power. Certifications for Endpoint Privilege Manager, CyberArk Identity, and Secrets Management are growing quickly. MSPs remain a key pillar for the future growth, and we are gaining traction with GuidePoint, Kendrell, NTT, among others, who delivered key wins in Q2 and are helping us reach new customer segments. In fact, BT, a leading British multinational telecommunications company, needed a modern, scalable security partner as it rapidly scales its global managed services operations to help ensure their customers' critical identities are protected. During the second quarter, they made the strategic decision to leverage CyberArk Identity as their key access solution. Moving on to innovation. At our impact customer event in May, we were excited to share how we are at the leading edge of innovation in identity security, including the introduction of AI-powered automation and policy creation for EPM to help reduce risk and implement least privilege at the endpoint. CyberArk has a long track record of working to stay ahead of both the competition and attackers. Today, the attackers are leveraging AI to exponentially increase their effectiveness, and capacity to change tactics and techniques and procedures continues to increase. While attack methods are evolving rapidly, the common denominator in these attacks remains identities. We are harnessing generative AI to develop new security solutions and enhancements for our customers innovation to combat innovation. We have a team dedicated to integrating AI across our product portfolio, as well as new innovations, and we are looking forward to sharing information about our initiatives later in the year. At Impact, we also launched Secrets Hub for Azure and Pam self-hosted. Since launching last year, security professionals love the security controls, while developers can continue their workflow, but with frictionless protection. making CyberArk the secrets backbone of the enterprise. CyberArk Secure Browser was one of the highlights of the event. Secure Browser is purpose-built for the enterprise and delivers security, privacy, and productivity. It can act as a front end to CyberArk's identity security platform while also securing the overall browsing experience for privileged users. One of the areas that our customers are most intrigued by is the ability to stop session hijacking. an increasingly dangerous form of attack where hackers are looking to steal cookies and take over sessions to harvest critical data and IP. Moving on to profitability. As the dynamics of the subscription transition begin to subside, we are marching towards our Rule of 40 goal. As you see in our full year bottom line raise, our identity security platform will not only help increase our go-to-market productivity, but also drive operating leverage by supporting rapid, cost-effective innovation across all of our product groups. We have always made disciplined investments to support our growth, and I remain very confident in the long-term profit goals we put out at our investor day just a few months ago. In summary, our go-to-market organization and innovation engine are delivering. We are accelerating our platform selling motion, our new platform services, and how we leverage our robust partner relationships to extend our reach and drive our growth. We are thrilled with the early adoption of our cloud security solutions and the momentum we are seeing in the market. Securing all identities, not just managing human access, is a requirement at the center of our customer cybersecurity strategies. As we look ahead, the momentum in our business, strong execution in the first half, and disciplined investment approach positioned us to confidently raise our full-year guidance for ARR and improve our operating profitability. I will now turn the call over to Josh, who will discuss our outperformance in more detail and provide you with our guidance for the third quarter of the year.

speaker
Erica

Thanks, Matt. We delivered yet another strong quarter, beating our guidance across the board. ARR grew an exceptional 40% and reached $653 million at June 30th, while the subscription portion increased 77% and reached $451 million. Momentum continues to pick up, and in the second quarter, we added $49 million in net new subscription ARR. This represents the largest amount of net new subscription ARR outside the seasonally strong fourth quarter of 2022. As Matt mentioned already, our identity security strategy is resonating with customers, embracing our SaaS solutions, and expanding across our platform. The maintenance portion of annual recurring revenue was $201 million at June 30th. In the second quarter, we were thrilled particularly in today's macro environment, to capture an increase in annual maintenance rates, which combined with our strong continuous renewal rates, demonstrate that our solutions are mission critical and deliver amazing value to our customers. Like for like, the conversion activity still just represents a single digit percent of our year-on-year ARR growth. Total revenue exceeded our guidance and came in at $175.8 million, with growth of 24% year-on-year. Year-to-date, our total revenue grew 25%. That's an acceleration from 17% in the first half of last year. Our subscription bookings mix came in at 95% in the quarter. That's compared to 88% in the second quarter of last year. Our growth was well-balanced across new and expansion business. Self-hosted subscription duration again came in at the lower bound of our range, continuing to put pressure on recognized revenue, and that's about $3 million. Moving into the details of the revenue lines for the second quarter, subscription revenue reached $106.2 million, growing 61% year-on-year and representing 60% of total revenue in the second quarter. Consistent with our move to a subscription business model, perpetual license revenue came in at $5.1 million. Our maintenance and professional services revenue was $64.6 million, with $51.6 million coming from recurring maintenance and $13 million in professional services revenue. The recurring revenue portion reached $157.8 million, or 90% of total revenue. That's growing 31% year-on-year from the $120.4 million, or just 85% of total revenue in the second quarter of last year. Geographically, the business continues to be well diversified. The Americas revenue reached $107.1 million, growing 28% year-on-year. APJ grew by 24% to $18.3 million in revenues, and EMEA grew by 15% year-on-year to $50.4 million in revenues. The EMEA region had nearly a 13 percentage point increase in subscription bookings mix to 95% in the second quarter from about 82% in the second quarter last year, creating a meaningful recognized revenue headwind in the quarter. All line items in the P&L will now be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our second quarter gross profit was $143.3 million, or an 81% gross margin compared to the 82% gross margin in the second quarter last year. Our operating loss of $5.6 million came in better than the top end of our guidance. As a reminder, we incurred expenses from our impact event in the second quarter of approximately $4 million. Even with the increase in expenses from impact, we are demonstrating leverage in our business with our revenue growing 24% and operating expenses increasing only 17% year-on-year. Net income exceeded guidance, coming in at $1.3 million or 3 cents per diluted share. We ended June with over 2,950 employees worldwide, including 1,300 in sales and marketing. the six months of 2023 free cash flow was a negative 8.6 million dollars or negative two and a half percent free cash flow margin as a reminder we expected operating margin free cash flow to be lower sequentially in the second quarter as a result of the impact customer event and other seasonal expenses turning to our guidance for the for for the third quarter in the full year 2023 our guidance reflects our strong execution leading competitive position and platform selling motion. And that's balanced against still the uncertainty in the macro environment. For the third quarter of 2023, we expect total revenue of $181.5 to $186.5 million, which represents 21% year-on-year growth at the midpoint. We expect the subscription mix will continue to be about the 95% level. We expect non-GAAP operating income in the range of $4 million to $8 million for the third quarter, and we expect our non-GAAP EPS to range from 19 cents to 27 cents per diluted share. Our guidance assumes 46.8 million weighted average diluted shares and about $6 million in taxes. For the full year of 2023, we expect total revenue in the range of $726 to $736 million representing 24% year-on-year growth at the midpoint of the range and an acceleration from the 18% for full year last year. We are significantly raising our full year operating results to be in the range of break-even to operating income of $9 million. We expect our EPS range to be 44 cents to 63 cents per diluted share, and we expect about $46.4 million of weighted average diluted shares and about $24 million in taxes for the full year of 2023. On the back of a strong ARR growth, we are also raising our guidance for annual recurring revenue. to now be between $743 million and $753 million at December 31, 2023. That's about a 31% year-on-year growth at the midpoint of the range. Overall, we were pleased with our execution, particularly in this macro environment. Our subscription transition is playing out against our playbook. Revenue in the first six months of the year accelerated to 25%. Growth in our operating margin is improving. As we talked about at our investor day, we are driving towards our near and long-term goals as momentum in our business continues to build. I will now turn the call over to the operator for Q&A. Operator?

speaker
Operator

Thank you. At this time, I would like to remind everyone in order to ask a question, press star then the number one on your telephone keypad. We'll go first to Saket Kalia at Barclays.

speaker
Josh

Okay, great. Hey, good morning, guys. Thanks for taking my questions here. Hey, Matt. Hey, Josh. Good morning.

speaker
Matt

Great to hear from you.

speaker
Josh

Same here, same here. Matt, maybe to start with you, it's just great to see the resilience of the subscription ARR line, just to the point made earlier in this macro and the continued sort of net new ARR growth. Maybe the question that's most appropriate to start with is, why do you think this space, identity, PAM, et cetera, is just doing so much better than other areas of security? Do you feel like this is cyber specific? Do you think that identity in general is just a healthier area of security spending? Any thoughts on why you feel like cyber and identity in general is just doing so much better? Thanks.

speaker
Audra

No, it's a great question, and it starts with this idea that we are so thrilled with the results to see the kind of continued ARR growth that we're able to achieve. And I think when we look at it internally, we kind of map it back to three main causes, right? of our success from this perspective. One certainly is the market we play in, as you mentioned. We talk a lot about this idea that at the core of where the attackers are trying to get to is identities, and as identities proliferate through organizations, the cybersecurity strategies need to evolve and they need to focus in on identity as the centerpiece of the overall strategy. And so that's maybe the market we play in and the particular area of cyber that we chose to participate in. But I think the other two reasons which are cyber arc specific are really driving the success. This ability for us to be able to differentiate in the market with our identity security platform, the ability to be able to protect any identity, human and non-human and machine identities, regular workforce users as well as the most privileged users sitting in IT, and be able to do that all from one platform with one solution set, I think that resonates with our customers as they build their longer-term plans. and point them in the direction of CyberArk. And then the third area, and a lot of the team members listen to this call, and I'll tell you, they're doing a phenomenal job executing out there. They're adjusting their execution to the macro environment. We've talked about this a little bit before, but they come in and they change their value story to make it easier for the customer to buy. They're mapping to the board initiatives that are out there. For example, they're able to pivot a lot of their story to deal with people like Josh sitting next to me, the CFO in the company, and actually pitch a value story for them to go side by side with how we're talking to IT, to the CIO, and to the CISO. And so I think phenomenal execution kind of rounds out the picture that starts with participating in a great market and having a differentiated solution. Got it.

speaker
Josh

Got it. That makes a ton of sense. Josh, maybe for my follow-up for you, great to see the upside on the income statement this quarter, both in revenue and operating income, and also great to see the operating income guide go up so much for the year, I think more than this quarter's beat. Maybe the question for you, though, is I think we're taking the revenue guide up slightly at the bottom end. Maybe the question is what were some of the puts and takes that you sort of considered when thinking about how just the ARR success is going to flow through to the revenue line? Does that make sense?

speaker
Erica

Yeah, yeah, it does, Zach. And thanks for the question. And yes, we are thrilled that we were able to raise the ARR guide for the full year by $7 million. And we're also, you know, happy that we were able to pass, you know, and eke up the revenue full year as well. And when we think about kind of the take then on the ARR, You know, one of the things that we want to preserve for the back half is that our pipeline has been growing at record levels, but we're also seeing it very heavily weighted towards SAS. And so we want to, while we are getting that increase in the ARR, we also want to preserve that the second half could eke up even above our 95% of SAS and subscription mix, and we want to preserve consider that. And I think where we'll definitely see it roll into, though, is into 2024.

speaker
Operator

We'll move next to Jonathan Ho at William Blair.

speaker
Jonathan Ho

Hi there, and let me congratulate the strong performance on the quarter. I wanted to maybe dig into maybe individual products. Was there anything that sort of surprised you in terms of strength on the quarter or that stood out relative to your expectations?

speaker
Audra

Hey, Jonathan, it's Matt here. So listen, I think across the board, it was a strong quarter. You know, we saw a really good performance back in the PAM business itself, particularly on the privileged cloud front. We saw, you know, strong ARR growth in EPM and in Secrets. You know, in the identity and access space, especially in some of the areas that we say differentiate us there, you know, secure web sessions, workforce password manager, and some of the areas there. So I think it was one of the quarters where we were kind of strong across the board. You know, we highlighted in the prepared remarks some of the newer stuff because I think maybe that's where we were a little more surprised, you know, kind of the intake. of our secure cloud access solution for protecting native cloud environments, you know, maybe took us a little bit by surprise in terms of how quickly it's being brought into deals, even more so into the pipeline of deals looking forward. We saw the SaaS side of the secrets business, Conjure Cloud and Secrets Hub, start to take off. And so I would tell you it was a strong quarter across the board and with really nice signs on some of the newer innovations that we were able to talk about at Impact.

speaker
Operator

We'll go next to Rob Owens at Piper Sandler.

speaker
Matt

Great, and thanks for taking my question. Last quarter you did note some downsizing of deals. And just curious, given the puts and takes with the economy, what you guys are seeing now in terms of deal sizes?

speaker
Audra

Yeah, so I think we talked about it a little bit in depth last quarter, and we talked about two things, the downsizing of deals. We also talked about, though, that the component parts that were downsized maybe were put into the back half of the year pipeline and were ready for expansion motion. The deals, first of all, to double down on that or come back to that, the deals that we saw happen in Q1, the other component parts still do sit in the back half of the year and actually are progressing really nicely. So we're really happy with that. I think what I would say as related to the second quarter here is the team did a better job of actually positioning the right deal up front for the customer based upon a better understanding of their budgets, based upon a better understanding of you know, what they needed to procure, and maybe weren't seeking out the supersized deal to begin with. And in that case, we didn't see as much downsizing, you know, at the end of the quarter. We actually just saw a strong performance, strong execution, and the ability to be able to, you know, kind of deliver against the close rates that we would expect. So, I would say the market itself continues to stabilize around us. You know, we feel like we're in a strong position vis-a-vis the macros at the moment. And, you know, I wouldn't say there's been any change in trends of a dramatic nature.

speaker
Matt

Great. And I guess building on that, if I look at ARR and ARR guide for the second half, this year implies about 45% of your ARR would come in the first half of the year, 55 in the back half. And that's about a five-point shift from last year, which was So what's implied in that ARR guidance as we kind of contemplate the second half and any help around Q3 versus Q4 would be great. Thanks.

speaker
Erica

Yeah, thanks, Rob. So, I mean, essentially where the guiding implies a flat net new ARR for subscription business. because we anticipate definitely some reduction on the maintenance side of the ARR that could even get to $10 million for the second half. So we're looking at flat on the net new ARR, and we were glad that we were able to overachieve on the net new ARR for the first half, and then the take is the decline in the maintenance business ARR for the second half.

speaker
Audra

And then I would just add that I think we see a normal seasonal kind of split between Q3 and Q4 consistent with prior years. Great. Thank you, guys.

speaker
Operator

We'll go next to Angie Sollum at Morgan Stanley.

speaker
Angie Sollum

Hi, everyone. Thanks so much for taking my question today. So could you just talk a little bit about the success that you've been seeing with bundling? You know, what percentage of customers bought multiple products this quarter?

speaker
Audra

Yeah, so we continue to see, not just through bundling, by the way, but just through selection in the deal process, we continue to see customers purchase multiple solutions. When we talk about new logos, generally speaking, it's greater than 50%. It can even tick up higher than that, that are buying more than one solution on their landing spot. And certainly that trend continues, if not more, in the base as we expand our customers. kind of in that land and expand motion. So what we generally see, though, is that the customers have a prioritization process. At one level they're focused in on core PAM controls, and then they're looking ahead to what are they going to do next or what are they going to do in parallel. And for some customers it's about locking down the least privilege on the endpoint, and so EPM becomes a priority. For other customers, they're seeing this need to really understand the non-human component, the machine identities, and so secret management becomes a priority kind of side by side with PAM. And then for some, they're really looking to swap out their legacy IDP and thinking about access and their understanding that actually they can do that with the identity security platform from CyberArk. So, you know, each customer pool would be a little bit different, but in general, customers are wanting to either start or expand with more than just PAM. And we're really happy with that. We also do do a nice job, though, of seeding some of our more innovative products into our packages. You know, when you buy Privileged Cloud, you get a little bit of workforce password management. You get a little bit of the identity suite. And that helps us so that when we go back for the expansion motion, the customers are already familiar with our products and they're ready to adopt and expand later. So, That's a little bit around how we see that world, packaging, but also just the very nature of how customers are buying more than one product from us.

speaker
Operator

We'll take our next question from Greg Moskowitz at Mizuho.

speaker
Greg Moskowitz

Thank you very much for taking the question and nice job executing in the Q2. Matt, I think everyone would agree that generative AI is spawning more cyber attacks and that this is only going to increase. And, you know, you spoke in your prepared remarks about innovations that you're working on in this area. But is GenAI something that you look at as an incremental revenue opportunity for CyberArk? What are your thoughts here?

speaker
Audra

Yeah, it's an interesting topic and one that comes up in almost every conversation at this point in time. And the nice thing about what we're talking about is it's very practical and real. You know, we're not talking about some some some mystical thing. We're talking about what's happening out there in enterprises today. You know, our threat landscape. talking with CISOs and security practitioners of thousands of enterprises around the world, it was over 85% of them that were anticipating a generative AI-based attack in the year ahead. So on that kind of offensive side, we certainly see this ability for attackers to innovate, and innovate by really making their existing attack methods more effective. And I think that kind of sets the stage to a degree for how we will operate from a defensive perspective. You know, if they're making their existing attacks, which are generally targeting identities, more effective with AI, then we need to make our existing solutions AI enabled to be able to protect against those attacks. And I said it in the prepared remarks, but fight innovation with innovation. So for sure, there'll be some new pockets of innovation or creativity where we might create some new solutions that harness the power of the data we're collecting to be able to do analytics better and provide that insight into the product suite. But in general, I would tell you our strategy is Let's go make our solutions more effective. Let's go make our solutions easier to deploy so that they can cover more identities. And let's make sure that we understand how attackers are using AI and defend against that using what we believe is the primary mechanism we have, which is intelligent privilege controls.

speaker
Operator

We'll go next to Brian Essex at J.P. Morgan.

speaker
Brian Essex

Hi, good morning, and thank you for taking the question. I want to follow up on Rob's question, particularly with regard to some of the dynamics around ARR and conversions. I noticed you had a little bit of a spike in perpetual this quarter, and Josh, I think you noted, what, about four points help on conversions for subscription ARR? So, I guess, And I also caught the comment that there's a $10 million, I think, decline anticipated for maintenance in the back half of the year. So maybe if you could unpack a little bit how conversions from the installed base are trending, how you're approaching those, and what expectations might be in the future quarters for that versus new logo ads.

speaker
Audra

Sure, sure. And I'll start and then maybe Josh will jump in and add some color. But first of all, I want to just say the perpetual business itself didn't grow. It actually was pretty consistent quarter over quarter. And that's what we're seeing now, which is really kind of an absolute number versus even a percentage. And you know, as we look out into the pipe going forward, we see perpetual at the best flat and maybe even trailing down a little bit as we go forward. So the perpetual business definitely is, you know, seeing its last notes here at CyberArk. And, you know, I think we're good with that, obviously. You know, I think from a conversion perspective, I'm not sure Josh actually gave a number, but he talked about single digit impact from conversions in terms of our overall growth. And I think that continues to be the case. You've heard me talk about this maybe before, but we believe fundamentally that we're getting such a big upside when people do convert, meaning not what we charge for the like-for-like, although that's incremental as well. We get 2 to 3x on maintenance rates for like-to-like conversions. We also create such a strong, compelling buying opportunity to expand into new products and even to upsell existing products that we're not coming at customers with a stick and saying you have to convert. We're actually approaching them and figuring out when it makes sense to slot it into their roadmap. And since we're such a core security control and we want customers primarily to go to SaaS, it takes a little bit of planning to figure out when that customer should go. And I think it's going to materialize over the next two to three years and it's not going to be any big jump in any given quarter as we kind of move forward. So, I think that's how we see the kind of conversion activity happening. I would say on the maintenance ARR decline, what we are seeing is not, that's not due to some big uptick in conversions, that's due to the fact that we're not selling much perpetual anymore. You know, just think about we were 95% in this quarter and the year before we were in the upper 80s. You're starting to really tick down in the new maintenance that's coming in. And when we look towards the back half of the year where we see 95% or better, we are anticipating the maintenance AR coming down pretty strongly. in respect of that kind of tail-off. Now, in Q2, we were able to see some nice realization from a captured rate perspective. You know, renewal rates overall were actually in the best shape they've been. Price increase has started to materialize its way through and helped us to the tune of maybe a million dollars. So we didn't see as much tail-off here in Q2, but we definitely see it starting to kick in in the back half of the year.

speaker
Operator

We'll take our next question from Eric Heath at KeyBank Capital Markets.

speaker
Eric Heath

Thanks for taking the question, and great to see the great results there. Just two-parter for me, Matt and Josh, if I could. Just first, any uptick in noise in the market or any change in sales cycles at all as it relates to Hashi's self-managed boundary offering or Fox's upcoming payment release? And secondarily, I just wanted to ask on M&A matches, if there's any areas of interest for you as you look to kind of accelerate the product roadmap? And that's it. Thanks.

speaker
Audra

Yeah, sure. Great questions. And from a competitive landscape perspective, we haven't seen, you know, any change, and that would be across the entire portfolio. You know, specific to the two areas you talked about, you know, from a secrets management, Hashi perspective, Hashi Vault, and then, you know, kind of on the PAM side with Hashi Boundary, you know, we don't see any difference in the competitive dynamic there. And, you know, I'll just take a second there to maybe double click and try to help explain a little bit of our competitive posture against Hashi. You know, what happens with these development groups that are going on, and Hashi offers a fabulous developer platform across the board. Developers get started, they're using the Hashi tool set, and they need to actually manage secrets in a local vault. So they're at least no longer hard-coding secrets into the applications they're building, and they're setting up a Hashi vault instance, for example, locally for their work group as they work on their project. And what happens at enterprises is that one Hashi vault becomes multiple Hashi vaults, and then there's other development efforts going on, and it's in AWS Secret Store or Microsoft Key Vault, and you end up with this kind of vault sprawl across the enterprise, and at some point in time, security gets involved and says, great that you're not hard coding your passwords anymore into your applications, but how do we actually manage policy on the back end at an enterprise grade at an enterprise scale? How do we make sure that those passwords are actually being rotated? How do we make sure that the other policies are being implemented? And now they have a decision to make. Do they actually go and upgrade and basically swap out tool sets to a more bigger offering from Hashi? Or do they bring in a security vendor that they're already used to dealing with on their PAM portfolio and expand with us into secrets? And that's the competitive fight that we have. And it's a competitive fight that we're very confident in that we can become the enterprise backbone for secrets, not only in those modern scenarios, but also back into the legacy applications that we're able to provide options around, and in the multi-cloud environments that we're able to deliver secrets through with our Secrets Hub. Now, as they move into boundary, it's not really PAM, and it would be the same answer then that I would pivot on, over into what we're seeing around Okta, which is, you know, they are coming at it from an ease of use perspective and a light use case scenario perspective. And, you know, I think it maybe has some room to play down market for people who are just getting started on their PAM journey. But we don't see that as a current competitive threat within our market. Our enterprise customers are not talking about, you know, pitches around Okta's PAM solution. And, you know, we'll keep an eye on it when it finally comes out and see what it looks like and we'll be ready to respond. But, you know, I'm giving you a little bit of a longer answer here because it's an area that we feel we're strongly positioned against and we continue to see that dynamic be beneficial for us. From the second question perspective, you know, I think when we think about M&A, it's kind of similar to some answers we've given in the past. You know, we continue to look at, we have a clear vision for our identity security platform and where it will go over the next three to five years. And we always are looking and trying to understand, is there an inorganic method to significantly accelerate any component parts of that identity security vision? We're sitting on a $50 billion TAM, so we don't need to go someplace else with our acquisition strategy. But we might need to accelerate key component parts. And you hear us talk about cloud and you hear us talk about, you know, access and endpoint in these non-human areas. And they're really exciting areas. And we're always looking to see if there's a good match between us and something out in the market with a realistic valuation that can help accelerate our organic roadmap and get us to market faster. And that's how we think about the kind of M&A approach going forward.

speaker
Operator

We'll take our next question from Roger Boyd at UBS.

speaker
Roger Boyd

Great. Thanks for taking the question, and again, congrats on a very nice execution. This is definitely a difficult environment for customer additions, but Matt, I think you mentioned 235 in the quarter, which is certainly an impressive result. Last quarter, you made the comment that you're expecting maybe fewer but bigger lands this year. I wonder if that was still the case this quarter. And then again, with the record pipeline, any color on what you're expecting from a new logo perspective through the end of the year. Thanks.

speaker
Audra

Yeah, sure. Thanks. And I think it's a really important point because it's really sequentially up, you know, 15% new logos from Q1 to Q2. And that's a good sign for us. We did see in Q1, we mentioned it, that it was harder to go land. And I think in any macro environment that's a headwind, you're always a little harder to close the deals with a new customer. They take a little bit longer. We definitely saw an uptick here in Q2, which is nice. We certainly expect it to continue into Q3 and Q4. But the secondary point you made absolutely played out once again, which is, our average selling price and average deal size for those new logos was up pretty dramatically in Q2 and helped fuel our results. And so the ones we are landing are landing with much more of the identity security portfolio, and they're making a bigger bet on CyberArk. And so that's why we look at the new logo quarter and really a new business quarter in Q2, and we're really, really happy with the step function change we saw versus Q1.

speaker
Operator

We'll go next to Joshua Tilton at Wolf Research.

speaker
Joshua Tilton

Hey, guys. Thanks for taking my questions, and I'll echo my congrats. You're on a great quarter. I actually just have one for me. Any updates on how we should think about free cash flow for the balance of the year, and maybe what are some of the puts and takes around outperforming free cash flow in the back end?

speaker
Erica

Yeah, Josh, thanks for the question. This is, you know, we're, first of all, we're glad we're in line with our expectations as we report through the first half of the year. You know, and I think that, and we're certainly in line with where we are for full year, with full year expectations. You know, I think when you ask about puts and takes, you know, this is still a transition year. And so some of the puts and takes are around duration on the self-hosted. And, of course, on the maintenance as well, which can create some headwind or tailwind on the free cash flow as it relates to billings. And we see in both of them, certainly in Q2, we saw some reduction in duration around the subscription, and I talked about that as an impacted revenue. And anyway, maintenance, we're seeing a decline over already for the last year. Since we started our transition for the last two years, we're seeing the decline where we did a lot of three-year deals going down now to one-year deal, and that's our initiative to renew maintenance contracts only on a one-year basis as opposed to a three-year basis. So we're in line with what we expect for this year, and those are the puts.

speaker
Audra

Yeah, and I would just add, just jumping in, I think for sure, first of all, like Josh said, the quarter played out as we expected. I think we were pretty clear up front that this was going to be not the strongest cash flow quarter given the dynamic of our quarterization of expenses and some other areas around insurance and other areas that we talked about. But I want to reiterate that I said in the prepared remarks, I'll say it again, that the cash flow story starts to kick in in 2024 and accelerate in 2025 into 2027. And we are extremely confident in the $200 million of cash flow that we put out for 2025, the $375 million in cash flow for 2027. And we're right on track with that as we get into next year and expand from there.

speaker
Joshua Tilton

Super helpful. Thank you, guys.

speaker
Operator

We'll take our next question from Adam Borg at Stiefel.

speaker
Adam Borg

Awesome. And thanks so much for taking the questions. Maybe just for Matt on the channel and the MSP opportunity in particular, you talked about that a little bit in the script. Maybe talk more about the opportunities for partners to introduce managed PAM offerings and how that could broaden your reach even more down market. And then I have a follow-up.

speaker
Audra

Yeah, I mean, I think this MSP market for us is – I don't know how to describe it other than it's captivated us. I think we've been always looking at it. You heard me talk about it last quarter with some excitement. You'll hear me talk about it now. I think it's because it's actually broader than what we thought. I think when you start out, you think MSPs, you think down market, oh, it's going to help us reach a bunch of new logos. I think what we're seeing actually is it playing out as a dynamic across upper end of the enterprise enterprise corporate all the way down and it's because you know this growing trend that organizations really can't afford to sustain and support the the Fast spend on IT, specifically on cyber, that's going on within their enterprises. And so, you know, there's a recent Gartner report that came out that estimated something like 30 or 40 percent of the cyber spend will move to MSP in the next three years. And I think that trend line kind of feels real to us. The exciting piece is what you just said, which is if you get into the MSPs as the backbone of their offering, and they build and embed their value-added services around it, it's a very sticky approach. And so, you know, we see our MSPs not only, by the way, wanting to bring our PrivCloud, it's generally a SaaS motion, wanting to bring our PrivCloud to market. We see, as we mentioned about BT, you know, looking over into our access solution portfolio, we see the increasing uptake on our secrets management and non-human side. And so we really believe that actually it's a great way to reach all types of customers, obviously to go out and find new customer segments down market, but also to get the broader portfolio adopted out into the market. And I think you can hear it as I start talking. I just think it's going to be such a strong growth driver for us going forward, early days. early days, but I can point to specific wins in Q2 that we would not have had if we didn't have the great MSP partnerships that we built up.

speaker
Adam Borg

That's great. I appreciate that. Maybe just as a quick follow-up, just on the vertical mix in the quarter, I did see that financial services still is your top mix, but I think it did tick down sequentially. I do think the definition may have changed as well. So maybe anything to call out there on what you're seeing in your largest vertical. Again, really appreciate it. Thanks.

speaker
Erica

Yeah, I'll just jump in. I mean, our big growth verticals were manufacturing, and we also saw nice growth in retail as well, and probably followed up by pharma. Banking and financials are still strong in our vertical mix. And overall, we always like to go back to the fact that we're really well diversified across many verticals. I think we have you know, nine verticals that are 5% more of the business of the pie. And, you know, we see them move around in the quarters. But overall, we continue to be really strong across no matter where the enterprise sits. Great. Thanks so much for the call.

speaker
Operator

We'll go next to Trevor Walsh at JMP Securities.

speaker
Trevor Walsh

Great. Good morning, team. Thanks for taking my question. Just a quick one for me. Matt, maybe best for you, but Josh, feel free to chime in as well. You mentioned in your prepared remarks about the telco deal in South America, and it was more of a consolidation play. Just curious if you can dive in a little bit deeper there. Was there displacement involved? If there were, how many other tools approximately, maybe without naming names? Of course, but just gives a sense maybe of when you do see that consolidation motion, kind of how it's playing out, kind of what's the critical mass of tools around identity that might be there to start and what's going to look like when the customer gets to their end state. Thanks.

speaker
Audra

Yeah, sure. On that particular deal, it was consistent with what we would normally see on a bigger enterprise offering, which is, yeah, we're displacing a legacy PAM tool and consolidating in access and in secrets. in that particular case. I think what we see in general when we land a new enterprise logo is that customers are foundational on our privilege controls, on our PAM offering. And then as I mentioned earlier, they're partaking of a couple other solutions in order to be able to get started on their journey. We use this phrase and we use it a lot because it's the foundation of how we view the market, which is it's a consolidation of trust that it's happening. And that can happen with a new logo. That can also happen with an existing customer as we expand the footprint. And it's the idea that it's not about just that we offer all of these things in the market and maybe we can give a better price point because you're buying it from one vendor. That's the traditional vendor consolidation and one throat to choke. It's really the idea that our customers trust us as a core security control in their stack. They know that we're security first. They know that actually our mindset every day when we wake up is that we're in partnership with them to secure their enterprise. And so as they look to understand within the identity space how they can consolidate, how they can get to a vendor that they trust in this increasingly threat landscape that's, you know, again, hard to operate in, They look and they say, oh, I know CyberArk. I trust CyberArk. Come talk to us, CyberArk. And that's a really interesting place to be, too, because we're actually receiving the inbound and saying, hey, can you come talk to us versus having to always be out there positioning ourselves. So it's a great position to be in, and that was an excellent deal that we're really proud of that they delivered down there in the LATAM team.

speaker
Operator

We'll go next to Alex Henderson at Needham & Company.

speaker
Alex Henderson

Great, thanks. And thanks for the consistency and strong execution you guys have been delivering quarter after quarter after quarter. I was hoping you could move to a little bit broader view of the world than just looking at what CyberArk is seeing and talk to us about what you're hearing from the C-suite at your customers and in the marketplace. There seems to be two specific dynamics that have set up the fear after the Fortinet print that people are cutting back on spending. Conversely, the software companies seem to be talking about an improved normalization and stability. So what are you seeing from the aggregate C-suite about what their intentions are on overall spending on security? Thanks.

speaker
Audra

Sure. I mean, I'll comment from my vantage point. And really, it's coming from my conversations, like you said, with the C-suite of customers that still happens, you know, day in and day out. And what we see out there is that the C-suite understands that the threat landscape is getting worse. They understand that work from home or now hybrid work makes things harder. They understand that digital transformation can't slow down. More and more they're understanding that all this great work that's being done by developers to build modern applications are being done kind of outside the purview of the security organization and the controls that have been put in place. And so what you see is, you know, I think actually awareness of the need of the cybersecurity spend, full stop, not cyber arc spend, but cybersecurity spend is going up. It's even more on the board agenda. You know, and you see regulation coming out here in the U.S. that actually even pushes that even further to say around disclosure requirements and making the board maybe even more aware. So I think cyber as a topic, believe it or not, continues to elevate in its importance. I think then in this macro environment, the C-suite does have to make difficult decisions and they need to prioritize. And to be honest, that's where they look towards the experts in their organization to say, how can we do primary risk reduction? Where is the threats most severe? And what are the tool sets that either I have in-house or I need in-house that are going to drive us to a better security posture? And, you know, I think then in those cases, they're certainly willing to spend. And we saw it in our results. We see it in our pipeline. And I think that then becomes to a degree within cyber spend, haves and have nots for the time being, because in a more tight environment, they are going to make more discriminating choices. We're lucky to be part of the choice, and we're happy with that position.

speaker
Operator

We'll move next to Rudy Kessinger at DA Davidson.

speaker
Brian Essex

Hey, great. Thanks for taking my questions. Just one for me. Matt, you've talked about this a little bit, but I think it's applied more to the new customer side. You've talked about 50%, 60% landing with two-plus products. I guess I'm curious with the existing customers, how much emphasis are you putting on the cross-sell motion know take the conversions out of it you've talked about building those road maps with with those perpetual customers to migrate them potentially with multiple products but if you look at your existing you know subscription customers what kind of expansion rates are you seeing with that installed base and how much emphasis are you placing on the cross-sell motion yeah no i i think it's the uh you know at some level the backbone of our growth story you know we still see

speaker
Audra

By the way, strong upsell of Pam seats. They own some and they're expanding to more. And as more users become privileged, they need to expand out. But I would tell you that the sales team is eating their dinners off of the cross-sell motion because it is the compelling story in the market. It's the compelling story of our identity security platform. Hey, you know, you're protecting IT. Protect the workforce. You're protecting the on-prem environment. Protect the cloud. Protect the hybrid and lift and shift environments. You're doing human. Now you need to start doing non-human or machine identities. So I would tell you that we are thrilled, I would use that word, with our expansion selling capabilities, our expansion selling performance. And I think that's what sets us up for such a strong future. I think at our investor day, we talked about an $8 billion TAM within our install base. And those motions, to be honest, are easier than going and landing a new logo. And so when we have that kind of well lubricated and working, the growth story really takes off. from the base.

speaker
Operator

We'll take our final question from Andrew Nowinski at Wells Fargo.

speaker
Andrew Nowinski

Great. Thank you for squeezing me in. So, you know, there were many instances this quarter where I think privilege escalation was used as part of that move it file transfer breach. I'm wondering if that had a positive impact on your quarter or the pipeline. Then I was also hoping you could comment on the Fed, the pipeline you have in the Fed, given that we're heading into the fiscal year on there. Thank you.

speaker
Audra

yeah sure i'll take them josh will sit to my side not not talking too much but uh uh i think when we think about uh the the kind of threat landscape listen when we when we understand a little bit more about any of these any of these uh well publicized breaches it comes back to privilege escalation it comes back to credential theft it comes back to the things that we at cyber arc do And so, you know, I would tell you that it's always a help. It always is a tailwind. It never drives a deal in the quarter, more or less. Obviously, there's a few deals that come with someone who's particularly breached and they need to recover quickly, and that's a quick sales cycle. But it's the second part of what you said. It drives the pipeline expansion, the pipeline growth that we see out there in the market because any of these breaches By the way, same thing we would say about generative AI. It causes organizations to have to think the way we want them to think, which is assume breach. And the minute you assume breach as an organization, it's not enough to detect. It's not enough to lock down the perimeter. You have to actually implement controls that stop somebody once they get inside because you have to assume they're already inside. And the move it breach and kind of the play out of that just reemphasizes that factor. To your second question here before we wrap, you know, we continue to see a Fed environment that's consistent with what we've seen before. Now, we talked about before, it's kind of become more ordinary course of business that happens each quarter versus some big, big buildup that happens at the end of the year. people are having to buy each quarter because the priority is evident. So we've embedded our Fed business into our guidance for Q3. You know, we're happy with our overall Fed business, our overall global government, which I think is 11 percent of our of our overall vertical mix. By the way, I would highlight we see a strong growth potential in the sled business, the state and local areas. We closed a really nice deal in Q2 at a state entity. It was a large deal, adopting the full identity security suite. So we see that as a growth driver as well, even when you get beyond the traditional federal market.

speaker
Operator

And that does conclude our question and answer session. I would like to turn the conference back over to Matt Cohen for closing remarks.

speaker
Audra

Yeah, so I want to end by really thanking our employees for their hard work, their commitment. You heard me talk about their execution, and I'm incredibly proud by everything that everybody does at CyberArk. I want to thank our partners for helping us drive the business and, of course, our customers. And thank you for all the informative questions, and we'll talk to you soon. Thanks.

speaker
Operator

And this concludes today's conference call. Thank you for your participation. You may now disconnect.

Disclaimer

This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.

-

-