UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

---

---

---

CYBERARK SOFTWARE LTD.

(Exact name of Registrant as specified in its charter)

---

ISRAEL

(Jurisdiction of incorporation or organization)

9 Hapsagot St.

Park Ofer B, P.O. BOX 3143

Petach-Tikva 4951040, Israel

(Address of principal executive offices)

Donna Rahav

Chief Legal Officer

Telephone: +972 (3) 918-0000

CyberArk Software Ltd.

9 Hapsagot St.

Park Ofer B, P.O. BOX 3143

Petach-Tikva  4951040, Israel

(Name, telephone, e-mail and/or facsimile number and address of company contact person)

Securities registered or to be registered pursuant to Section 12(b) of the Act:

Securities registered or to be registered pursuant to Section 12(g) of the Act: None.

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.

Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report: As of December 31, 2021, the registrant had outstanding 40,041,870 ordinary shares, par value NIS 0.01 per share.

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.

Yes ☒       No ☐

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.

Yes ☐       No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☒       No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).

Yes ☒       No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒

Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:

Item 17 ☐       Item 18 ☐

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).

Yes ☐       No ☒

 

Introduction		1
Special Note Regarding Forward-Looking Statements		1
PART I
Item 1.	Identity of Directors, Senior Management and Advisers	2
Item 2.	Offer Statistics and Expected Timetable	2
Item 3.	Key Information	2
Item 4.	Information on the Company	26
Item 4A.	Unresolved Staff Comments	37
Item 5.	Operating and Financial Review and Prospects	37
Item 6.	Directors, Senior Management and Employees	55
Item 7.	Major Shareholders and Related Party Transactions	74
Item 8.	Financial Information	76
Item 9.	The Offer and Listing	77
Item 10.	Additional Information	77
Item 11.	Quantitative and Qualitative Disclosures About Market Risk	85
Item 12.	Description of Securities Other Than Equity Securities	86
PART II
Item 13.	Defaults, Dividend Arrearages and Delinquencies	87
Item 14.	Material Modifications to the Rights of Security Holders and Use of Proceeds	87
Item 15.	Controls and Procedures	87
Item 16A.	Audit Committee Financial Expert	87
Item 16B.	Code of Ethics	88
Item 16C.	Principal Accountant Fees and Services	88
Item 16D.	Exemptions from the Listing Standards for Audit Committees	89
Item 16E.	Purchases of Equity Securities by the Issuer and Affiliated Purchasers	89
Item 16F.	Change in Registrant’s Certifying Accountant	89
Item 16G.	Corporate Governance	89
Item 16H.	Mine Safety Disclosure	89
Item 16I.	Disclosure Regarding Foreign Jurisdictions that Prevent Inspections	89
PART III
Item 17.	Financial Statements	89
Item 18.	Financial Statements	89
Item 19.	Exhibits	90

•

changes to the drivers of our growth and our ability to adapt our solutions to IT security market demands;

•

the transition of our business to a subscription model that began in 2021 and our ability to complete our transition goals in the time frame expected;

•

our sales cycles and multiple pricing and delivery models;

•

unanticipated product vulnerabilities or cybersecurity breaches of our, or our customers’ or partners’ systems;

•

an increase in competition within the Privileged Access Management and Identity Security markets;

•

our ability to hire, train, retain and motivate qualified personnel;

•

our ability to sell into existing and new customers and industry verticals;

•

risks related to our compliance with privacy and data protection laws and regulations;

•

our history of incurring net losses and our ability to achieve profitability in the future;

•

the duration and scope of the COVID-19 pandemic and its impact on global and regional economies and the resulting effect on the demand for our solutions and on our expected revenue growth rates and costs;

•

our ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions;

•

our reliance on third-party cloud providers for our operations and SaaS solutions;

•

our ability to expand our sales and marketing efforts and expand our channel partnerships across existing and new geographies;

•

risks related to sales made to government entities;

•

regulatory and geopolitical risks associated with our global sales and operations (including the current conflict between Russia and Ukraine) and changes in regulatory requirements or fluctuations in currency exchange rates;

•

the ability of our products to help customers achieve and maintain compliance with government regulations or industry standards;

•

risks related to intellectual property claims or our ability to protect our proprietary technology and intellectual property rights;

•

risks related to stock price volatility or activist shareholders;

•

any failure to retain our “foreign private issuer” status or the risk that we may be classified, for U.S. federal income tax purposes, as a “passive foreign investment company”;

•

risks related to our Convertible Notes, including the potential dilution to existing shareholders and our ability to raise the funds necessary to pay amounts due under our Convertible Notes;

•

our expectation to not pay dividends on our ordinary shares for the foreseeable future; and

•

risks related to our incorporation and location in Israel.

ITEM 1.

IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS

ITEM 2.

OFFER STATISTICS AND EXPECTED TIMETABLE

ITEM 3.

KEY INFORMATION

o

our revenues may fluctuate as a result of variations in our booking mix from the different licensing and delivery models and the corresponding timing of revenue recognition – ratably for SaaS subscriptions and the maintenance portion of self-hosted subscriptions, and upon delivery for perpetual licenses and the license portion of self-hosted subscriptions. For example, if our customers continue to prefer to buy our solutions as a subscription at a greater rate than we anticipate, our recognized revenues may lag our expectations and guidance;

o

since fiscal year 2020, we have incurred net losses with declining operating margins, and we expect our operating and net income losses to continue to increase, and our cash flow from operations to decline (see “—We have incurred net losses, and may not be able to generate sufficient revenue to achieve and sustain profitability.”);

o

the introduction of new product offerings and solutions may result in longer sales cycles, lost opportunities or less predictable revenues if our new or existing customers, prospects and partners are less receptive of such advancements (including a transition to SaaS in order to receive certain functionalities) or require a longer period to assess and select the solutions appropriate to them;

o

the introduction of more SaaS offerings may lead to extended presale periods due to, among others, comprehensive product and security reviews and requirements by customers, extensive contract negotiations and more stringent compliance and operational obligations (such as those related to data protection);

o	our sales force may struggle with selling multiple pricing, licensing and delivery models to customers, prospects and partners, which may extend sales cycles, reduce the likelihood of sales closing, or lead to increased turnover rates and lower headcount;

o	our research and development teams may find it difficult to deliver functionality and drive innovation across multiple code bases on a timely basis; and

o	customer demand for migration from self-hosted solutions to SaaS may happen faster than we anticipate, in which case we might not be able to meet this demand and associated scalability requirements.

o

our ability to attract new customers and to retain existing customers by and through renewals of maintenance services and subscriptions (see “—If we are unable to acquire new customers or sell additional products and services to our existing customers, our future revenues and operating results will be harmed.”);

o

the amount and timing of our operating costs and cash collection, which may vary also as a result of fluctuations in foreign currency exchange rates or changes in taxes or other applicable regulations (see “—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.”);

o	the rate at which our customers fully deploy their purchased solutions, and our ability to sell additional solutions and services to current customers;

o	the ability of our support and customer success operations to keep pace with sales to new and existing customers and the expansion of our solution portfolio and to satisfy customer demands for consultancy and professional services;

o	our ability to successfully expand our business globally;

o	the release timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the cybersecurity market, including consolidation among our competitors;

o	the introduction of new accounting pronouncements or changes in our accounting policies or practices;

o	changes in our pricing policies or those of our competitors; and

o	the size and discretionary nature of our prospective and existing customers’ IT budgets.

o	greater name recognition, a longer operating history and a larger customer base;

o	larger sales and marketing budgets and resources;

o	broader distribution and established relationships with channel partners, advisory firms and customers;

o	increased effectiveness in protecting, detecting and responding to cyberattacks;

o	greater or localized resources for customer support and provision of services;

o	greater speed at which a solution can be deployed and implemented;

o	greater resources to make acquisitions;

o	lower pricing and attractive packaging;

o	greater operational flexibility and less stringent accounting, auditing and legal standards, applicable to privately held companies;

o	larger intellectual property portfolios; and

o	greater financial, technical and other resources.

o

failure to fully comply with various, global data privacy and data protection laws (see “—The dynamic regulatory environment around privacy and data protection may limit our offering or require modification of our products and services, which could limit our ability to attract new customers and support our current customers and increase our operational expenses. We could also be subject to investigations, litigation, or enforcement actions alleging that we fail to comply with the regulatory requirements, which could harm our operating results and adversely affect our business.”);

o

continuing uncertainty of the long term economic, financial, regulatory, trade, tax and legal implications of the withdrawal of the U.K. from the European Union (“Brexit”). Our U.K. subsidiary is the main entity for sales into Europe. In 2021, the revenues generated by our U.K. subsidiary from the European Union countries (excluding the U.K.) accounted for 23% of our total global revenue. Our London office is also our European headquarters and third largest office globally;

o	fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (see “—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.”);

o	social, economic and political instability, war, civil disturbance or acts of terrorism, conflicts (including the current conflict between Russia and Ukraine) and security concerns in general, and any wide-spread viruses or epidemics, such as COVID-19;

o	greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

o

noncompliance with specific anti-bribery laws, without limitation, the U.S. Foreign Corrupt Practices Act and the U.K Bribery Act of 2010 and the heightened risk of unfair or corrupt business practices in certain geographies, which may include the improper or fraudulent sales arrangements by us or by our channel partners or service providers that may impact financial results and result in restatements of, or irregularities in, financial statements;

o

unexpected changes in regulatory practices and foreign legal requirements, including uncertain tax obligations and effective tax rates, which may result in recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, or changes in the valuation of our deferred tax assets and liabilities;

o

compliance with, and the uncertainty of, laws and regulations that apply to our areas of business, including corporate governance, anti-trust and competition, local and regional employment (including cross-border travel), employee and third-party complaints, limitation of liability, conflicts of interest, securities regulations and other regulatory requirements affecting trade, local tariffs, product localization and investment;

o	reduced or uncertain protection of intellectual property rights in some countries; and

o	management communication and integration problems resulting from cultural and geographic dispersion.

o

actual or anticipated fluctuations in our results of operations and the results of other similar companies;

o

variance in our financial performance from the expectations of market analysts;

o

announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;

o

changes in the prices of our products and services or in our pricing models;

o

our involvement in litigation;

o

our sale of ordinary shares or other securities in the future;

o

market conditions in our industry;

o

changes in key personnel;

o

speculation in the press or the investment community;

o

the trading volume of our ordinary shares;

o

changes in the estimation of the future size and growth rate of our markets;

o

any merger and acquisition activities; and

o

general economic and market conditions.

ITEM 4.

INFORMATION ON THE COMPANY

A.

History and Development of the Company

B.

Business Overview

•

Privileged Access Manager. CyberArk Privileged Access Manager includes risk-based credential security and session management to protect against attacks involving privileged access. CyberArk’s self-hosted Privileged Access Manager solution (formerly known as Core PAS) can be deployed in a self-hosted data center or in a hybrid cloud or a public cloud environment, either as a perpetual license or as a subscription. CyberArk’s Privileged Access Manager is also provided as a SaaS solution through CyberArk Privilege Cloud.

•

Vendor Privileged Access Manager. CyberArk Vendor Privileged Access Manager combines Privileged Access Manager and Remote Access (formerly known as Alero) to provide fast, easy and secure privileged access to third-party vendors who need access to critical internal systems via CyberArk, without the need to use passwords. By not requiring VPNs or agents, Vendor Privileged Access Manager removes operational overhead for administrators, makes it easier and quicker to deploy and improves organizational security.

•

Endpoint Privilege Manager. CyberArk Endpoint Privilege Manager is a SaaS solution that secures privileges on the endpoint (Windows servers, Windows desktops and Mac desktops) and helps contain attacks early in their lifecycle. It enables revocation of local administrator rights, while minimizing impact on user productivity, by seamlessly elevating privileges for authorized applications or tasks. Application control, with automatic policy creation, allows organizations to prevent malicious applications from executing, and runs unknown applications in a restricted mode. This, combined with credential theft protection, helps prevent malware such as ransomware from gaining a foothold and contains attacks on the endpoint.

•

Cloud Entitlements Manager. CyberArk Cloud Entitlements Manager is a SaaS solution that reduces risks that arise from excessive privileges by implementing Least Privilege across cloud environments. From a centralized dashboard, Cloud Entitlements Manager provides visibility and control of permissions across an organization’s cloud landscape. Within this single display, Cloud Entitlements Manager offers automatically deployable remediations based on the principle of Least Privilege, to help organizations strategically remove excessive permissions without disrupting cloud operations.

•

Adaptive Multi-factor Authentication (MFA). Adaptive MFA enables an enterprise to enforce risk-aware and strong identity assurance controls within the organization.

•

Single Sign-On (SSO). SSO is the ability to use a single secure identity to access all applications and resources within an organization. CyberArk Identity enables SSO for all types of users (workforce, partners, and consumers) to all types of workstations, systems, VPNs, and applications both in the cloud and on-premises.

•

Secure Web Sessions. Secure Web Sessions records, audits and protects end-user activity within designated web applications. The solution uses a browser extension on an end-user’s endpoint to monitor and segregate web apps that are accessed through SSO and deemed sensitive by business application owners, enterprise IT and security administrators.

•

Application Gateway. With the CyberArk Identity Application Gateway service, customers can enable secure remote access and expand SSO benefits to on-premises web apps — like SharePoint and SAP — without the complexity of installing and maintaining VPNs.

•

Identity Lifecycle Management. This module enables CyberArk Identity customers to automate the joiner, mover, and leaver processes within the organization. This automation is critical to ensure that privileges don’t accumulate, and a user’s access is turned off as soon as the individual changes roles or leaves the organization.

•

Directory Services. Allows customers to use identity where they control it. In other words, we do not force our customers to synchronize their on-premises Active Directory implementation with our cloud. Our cloud architecture can work seamlessly with any existing directory, such as Active Directory, LDAP-based directories, and other federated directories. CyberArk Identity also provides its own highly scalable and flexible directory for customers who choose to use it.

•

Secrets Manager Credential Providers. Credential Providers can be used to provide and manage the credentials used by third-party solutions such as security tools, RPA, and IT management software, and also supports internally developed applications built on traditional monolithic application architectures. Credential Providers works with CyberArk’s on-premises and SaaS based solutions.

•

Secrets Manager Conjur. For cloud-native applications built using DevOps methodologies, Conjur Enterprise provides a secrets management solution tailored specifically to the unique requirements of these environments. We also provide an open-source version to better meet the needs of the developer community.

o

the breadth and completeness of a security solution;

o

reliability and effectiveness in protecting, detecting and responding to cyber-attacks;

o

analytics and accountability at an individual user level;

o

ability of customers to achieve and maintain compliance with compliance standards and audit requirements;

o

strength of sale and marketing efforts, including advisory firms and channel partner relationships;

o

global reach and customer base;

o

scalability and ease of integration with an organization’s existing IT infrastructure and security investments;

o

brand awareness and reputation;

o

innovation and thought leadership;

o

quality of customer support and professional services;

o

speed at which a solution can be deployed and implemented; and

o

price of a solution and cost of maintenance and professional services.

C.

Organizational Structure

Name of Subsidiary	Place of Incorporation
CyberArk Software, Inc.	Delaware, United States
Cyber-Ark Software (UK) Limited	United Kingdom
CyberArk Software (Singapore) PTE. LTD.	Singapore
CyberArk Software (DACH) GmbH	Germany
CyberArk Software Italy S.r.l.	Italy
CyberArk Software (France) SARL	France
CyberArk Software (Netherlands) B.V.	Netherlands
CyberArk Software (Australia) Pty Ltd. CyberArk Software (Japan) K.K. CyberArk Software Canada Inc. CyberArk USA Engineering, GP, LLC	Australia Japan Canada Delaware, United States
CyberArk Software (Spain), S.L.	Spain
CyberArk Software (India) Private Limited	India

D.

Property, Plant and Equipment

ITEM 4A.

UNRESOLVED STAFF COMMENTS

ITEM 5.

OPERATING AND FINANCIAL REVIEW AND PROSPECTS

		Year ended December 31,
		2019				2020				2021
		($ in millions)
Total ARR (as of period-end)		$	192			$	274			$	393
Subscription Portion of Annual Recurring Revenue (as of period-end)		$	19			$	74			$	183
Recurring revenues		$	176			$	247			$	349
Deferred revenue (as of period-end)		$	190			$	243			$	317

A.

Operating Results

		Year ended December 31,
		2019								2020								2021
		Amount				% of Revenues				Amount				% of Revenues				Amount				% of Revenues
		($ in thousands)
United States		$	233,945				53.9	%		$	246,811				53.1	%		$	253,811				50.5	%
EMEA			129,730				29.9				141,866				30.6				163,328				32.5
Rest of World			70,220				16.2				75,754				16.3				85,778				17.0
Total revenues		$	433,895				100.0	%		$	464,431				100.0	%		$	502,917				100.0	%

o

Cost of Subscription Revenues. Cost of subscription revenues consists primarily of cloud infrastructure costs, amortization of intangible assets, personnel costs for our global cloud organization that consist primarily of salaries, benefits, bonuses and share-based compensation and depreciation of internal use software capitalization. As we shift more of our sales to SaaS and self-hosted subscription offerings, we expect the absolute cost of subscription revenues and the cost of subscription revenues as a percentage of revenues to increase.

o

Cost of Maintenance and Professional Services Revenues. Cost of maintenance related to perpetual license contracts and professional services revenues primarily consists of allocated personnel costs for our global customer support and professional services organization. Such costs consist primarily of salaries, benefits,  bonuses, share-based compensation and subcontractors’ fees. We expect the absolute cost of maintenance and professional services revenues to increase as our customer base grows and as we hire additional professional services and technical support personnel.

		Year ended December 31,
		2019								2020								2021
		Amount				% of Revenues				Amount				% of Revenues				Amount				% of Revenues
		($ in thousands)
Revenues:
Subscription		$	18,168				4.2	%		$	56,425				12.1	%		$	134,628				26.8	%
Perpetual license			221,955				51.1				176,061				37.9				115,738				23.0
Maintenance and professional services			193,772				44.7				231,945				50.0				252,551				50.2
Total revenues			433,895				100.0				464,431				100.0				502,917				100.0
Cost of revenues:
Subscription			5,611				1.3				17,513				3.8				25,837				5.2
Perpetual license			7,900				1.8				4,925				1.1				3,904				0.8
Maintenance and professional services			49,104				11.3				60,133				12.9				63,566				12.6
Total cost of revenues			62,615				14.4				82,571				17.8				93,307				18.6
Gross profit			371,280				85.6				381,860				82.2				409,610				81.4
Operating expenses:
Research and development			72,520				16.7				95,426				20.5				142,121				28.2
Sales and marketing			184,168				42.4				219,999				47.4				274,401				54.6
General and administrative			52,308				12.1				60,429				13.0				71,425				14. 2
Total operating expenses			308,996				71.2				375,854				80.9				487,947				97. 0
Operating income (loss)			62,284				14.4				6,006				1.3				(78,337	)			(15.6	)
Financial income (expense), net			7,800				1.8				(6,395	)			(1.4	)			(12,992	)			(2.6	)
Income (loss) before taxes on income			70,084				16.2				(389	)			(0.1	)			(91,329	)			(18.2	)
Tax benefit (taxes on income)			(7,020	)			(1.6	)			(5,369	)			(1.2	)			7,383				1.5
Net income (loss)		$	63,064				14.5	%		$	(5,758	)			(1.2	)%		$	(83,946	)			(16.7	)%

		Year ended December 31,
		2020								2021								Change
		Amount				% of Revenues				Amount				% of Revenues				Amount				%
		($ in thousands)
Revenues:
Subscription		$	56,425				12.1	%		$	134,628				26.8	%		$	78,203				138.6	%
Perpetual license			176,061				37.9				115,738				23.0				(60,323	)			(34.3	)
Maintenance and professional services			231,945				50.0				252,551				50.2				20,606				8.9
Total revenues		$	464,431				100.0	%		$	502,917				100.0	%		$	38,486				8.3	%

		Year ended December 31,
		2020								2021								Change
		Amount				% of Revenues				Amount				% of Revenues				Amount				%
		($ in thousands)
Cost of revenues:
Subscription		$	17,513				3.8	%		$	25,837				5.2	%		$	8,324				47.5	%
Perpetual license			4,925				1.1				3,904				0.8				(1,021	)			(20.7	)
Maintenance and professional services			60,133				12.9				63,566				12.6				3,433				5.7
Total cost of revenues		$	82,571				17.8	%		$	93,307				18.6	%		$	10,736				13.0	%
Gross profit		$	381,860				82.2	%		$	409,610				81.4	%		$	27,750				7.3	%

		Year ended December 31,
		2020								2021								Change
		Amount				% of Revenues				Amount				% of Revenues				Amount				%
		($ in thousands)
Operating expenses:
Research and development		$	95,426				20.5	%		$	142,121				28.2	%		$	46,695				48.9	%
Sales and marketing			219,999				47.4				274,401				54.6				54,402				24.7
General and administrative			60,429				13.0				71,425				14.2				10,996				18.2
Total operating expenses		$	375,854				80.9	%		$	487,947				97.0	%		$	112,093				29.8	%

B.

Liquidity and Capital Resources

		Year Ended December 31,
		2020				2021
		($ in thousands)
Net cash provided by operating activities		$	106,769			$	74,740
Net cash used in investing activities			(412,387	)			(228,194	)
Net cash provided by financing activities			13,249				10,949

($ in thousands)		Total				Less than 1 year				1 – 3 years				3 – 5 years
Operating lease obligations(1)		$	17,596			$	7,017			$	9,993			$	586
Uncertain tax obligations(2)			3,870				—				—				—
Severance pay(3)			8,271				—				—				—
0.00% Convertible Senior Notes due 2024(4)			575,000				—				575,000				—
Total		$	604,737			$	7,017			$	584,993			$	586

C.

Research and Development, Patents and Licenses, etc.

D.

Trend Information

E.

Critical Accounting Estimates

o

the expenditures are approved by the relevant Israeli government ministry, determined by the field of research;

o

the research and development is for the promotion or development of the company; and

o

the research and development is carried out by or on behalf of the company seeking the deduction.

o

amortization of the cost of purchased know-how, patents and rights to use a patent and know-how which are used for the development or promotion of the Industrial Enterprise, over an eight-year period commencing on the year in which such rights were first exercised;

o

under limited conditions, an election to file consolidated tax returns together with Israeli Industrial Companies controlled by it; and

o

expenses related to a public offering of shares in a stock exchange are deductible in equal amounts over three years commencing on the year of offering.

ITEM 6.

DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES

A.

Directors and Senior Management

Name		Age		Position
Senior Management
Ehud (Udi) Mokady		53		Chairman of the Board and Chief Executive Officer and Founder
Joshua Siegel		58		Chief Financial Officer
Chen Bitan		52		General Manager Israel, Chief Product Officer
Matthew Cohen		46		Chief Operating Officer
Donna Rahav		43		Chief Legal Officer
Directors
Gadi Tirosh(1)(3)(4)(5)		55		Lead Independent Director
Ron Gutler(1)(2)(4)(5)		64		Director
Kim Perdikou(1)(2)(3)(4)(5)		64		Director
David Schaeffer(5)		65		Director
Amnon Shoshani(3)(5)		58		Director
François Auque(2)(5)		65		Director
Avril England(4)(5)		53		Director

(1)	Member of our compensation committee.

(2)	Member of our audit committee.

(3)	Member of our nominating and corporate governance committee.

(4)	Member of our strategy committee.

(5)	Independent director under the rules of Nasdaq.

B.

Compensation

		Information Regarding the Covered Executive(1)
Name and Principal Position(2)		Base Salary				Benefits and Perquisites (3)				Variable Compensation (4)				Equity-Based Compensation (5)
Ehud (Udi) Mokady, Chairman of the Board & CEO		$	415,000			$	325,324			$	695,320			$	10,970,738
Joshua Siegel, Chief Financial Officer			422,231				127,886				393,740				4,306,569
Matthew Cohen, Chief Operating Officer			412,000				88,662				690,432				3,674,682
Chen Bitan, General Manager Israel, Chief Product Officer			366,493				206,051				323,690				2,227,113
Clarence Hinton, Chief Strategy Officer			330,000				71,012				300,010				1,788,878

(1)	In accordance with Israeli law, all amounts reported in the table are in terms of cost to our Company, as recorded in our financial statements for the year ended December 31, 2021.

(2)	All current officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were converted into U.S. dollars at the average conversion rate for the year ended December 31, 2021.

(3)

Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include, to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car allowance, medical insurances and benefits, risk insurances (such as life, disability and accident insurances), convalescence pay, payments for Medicare and social security, tax gross-up payments and other benefits and perquisites consistent with our guidelines, regardless of whether such amounts have actually been paid to the executive.

(4)	Amounts reported in this column refer to Variable Compensation such as incentives and earned or paid bonuses as recorded in our financial statements for the year ended December 31, 2021.

(5)

Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2021 with respect to equity-based compensation, reflecting also equity awards made in previous years which have vested during the current year. Assumptions and key variables used in the calculation of such amounts are described in Note 12 to our audited consolidated financial statements, which are included in this annual report.

		RSUs	Business PSUs	Relative TSR PSUs
2020	Percentage	50%	30%	20%
	Amount	27,700	16,600	11,100
2021	Percentage	~40%	~40%	20%
	Amount	25,300	25,290	12,650
2022	Percentage	40%	40%	20%
	Amount	24,600	24,600	12,300

Year of Grant	Number of Business PSUs Granted (on Target)	Performance Targets	Performance Criteria Achievement Rate	Number of PSUs Earned	Earning Rate
2020	16,600	•          Annual revenue •          Non-GAAP profitability •          License-derived revenue	80%	9,830	60%
2021	25,290	•          Annual recurring revenue •          Percentage of new license subscription             bookings out of total new license bookings,             on an annualized basis	111%	46,370	183%
2022	24,600	•          Annual recurring revenue •          Total new license             bookings, on an             annualized basis	To be determined at the end of the performance period

C.

Board Practices

o

providing leadership to the board of directors if circumstances arise in which the role of the Chairman of the Board may be, or may be perceived to be, in conflict, and responding to any reported conflicts of interest, or potential conflicts of interest, arising for any director;

o

presiding as chairman of meetings of the board of directors at which the Chairman of the Board is not present, including executive sessions of the independent members of the board of directors;

o

serving as liaison between the Chairman of the Board and the independent members of the Board;

o

approving meeting agendas for the board of directors;

o

approving information sent to the board of directors;

o

approving meeting schedules to assure that there is sufficient time for discussion of all agenda items;

o

having the authority to call meetings of the independent members of the board;

o

ensuring that he or she is available for consultation and direct communication with shareholders, as appropriate;

o

recommending that the board of directors retain consultants or advisers that report directly to the board;

o

conferring with the Chairman of the Board on important board of directors matters and ensuring the board of directors focuses on key issues and tasks facing the Company; and

o

performing such other duties as the board of directors may from time to time delegate to assist the board of directors in the fulfillment of its duties.

o

overseeing of our accounting and financial reporting process and the audits of our financial statements, the effectiveness of our internal control over financial reporting and making such reports as may be required of an audit committee under the rules and regulations promulgated under the Exchange Act;

o

retaining and terminating our independent registered public accounting firm subject to the approval of our board of directors and, in the case of retention, of our shareholders and recommending the terms of audit and non-audit services provided by the independent registered public accounting firm for pre-approval by our board of directors and related fees and terms;

o

establishing systems of internal control over financial reporting, including communication and implementation thereof and the assessment of the internal controls in accordance with the Sarbanes-Oxley Act, and any attestation by the independent registered public accounting firm;

o

determining whether there are deficiencies in the business management practices of our Company, including in consultation with our internal auditor or the independent registered public accounting firm, and making recommendations to the board of directors to improve such practices;

o

determining whether to approve certain related party transactions (see “Item 6.C. Board Practices —Approval of Related Party Transactions under Israeli Law”);

o

recommending to the board of directors the retention and termination of our internal auditor, and determining the internal auditor's fees and other terms of engagement, in accordance with the Companies Law;

o

approving the working plan proposed by the internal auditor and reviewing and discussing the work of the internal auditor on a quarterly basis;

o

reviewing our cybersecurity risks and controls with senior management, keeping our board informed of key issues related to cybersecurity;

o

performing such other duties consistent with the audit committee charter, our governing documents, stock exchange rules and applicable law that may be requested by the board of directors from time to time, including discussing with management policies and practices that govern the process by which the Company undertakes risk assessment and management in sensitive areas.

o

recommending to the board of directors for its approval a compensation policy and subsequently reviewing it from time to time, assessing its implementation and recommending periodic updates, whether a new compensation policy should be adopted or an existing compensation policy should continue in effect;

o

reviewing, evaluating and making recommendations regarding the terms of office, compensation and benefits for our office holders, including the non-employee directors, taking into account our compensation policy;

o

exempting certain compensation arrangements from the requirement to obtain shareholder approval under the Companies Law (including with respect to the Chief Executive Officer); and

o

reviewing and granting equity-based awards pursuant to our equity incentive plans to the extent such authority is delegated to the compensation committee by our board of directors and the reserving of additional shares for issuance thereunder.

o

overseeing and assisting our board of directors in reviewing and recommending nominees for election as directors and as members of the committees of the board of directors;

o

establishing procedures for, and administering the performance of the members of our board and its committees;

o

evaluating and making recommendations to our board of directors regarding the termination of membership of directors;

o

reviewing, evaluating and making recommendations regarding management succession and development;

o

reviewing and making recommendations to our board of directors regarding board member qualifications, composition and structure and the nature and duties of the committees and qualifications of committee members;

o

establishing and maintaining effective corporate governance policies and practices, including, but not limited to, developing and recommending to our board of directors a set of corporate governance guidelines applicable to our Company; and

o

provide oversight of the Company’s efforts with regard to environmental, social and governance (“ESG”) matters, disclosure and strategy, as well as coordinate, as necessary, with other committees of the board of directors and the Company’s ESG committee and steering committee, which are comprised of key Company employees and management.

o

a person (or a relative of a person) who holds more than 5% of the company’s outstanding shares or voting rights;

o

a person (or a relative of a person) who has the power to appoint a director or the general manager of the company;

o

an office holder (including a director) of the company (or a relative thereof); or

o

a member of the company’s independent accounting firm, or anyone on his or her behalf.

o

information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position; and

o

all other important information pertaining to any such action.

o

refrain from any conflict of interest between the performance of his or her duties to the company and his or her duties or personal affairs;

o

refrain from any action which competes with the company’s business;

o

refrain from exploiting any business opportunity of the company in order to receive a personal gain for himself or herself or others; and

o

disclose to the company any information or documents relating to the company’s affairs which the office holder received as a result of his or her position as an office holder.

o

a transaction other than in the ordinary course of business;

o

a transaction that is not on market terms; or

o

a transaction that may have a material impact on a company’s profitability, assets or liabilities.

o

an amendment to the company’s articles of association;

o

an increase of the company’s authorized share capital;

o

a merger; or

o

the approval of related party transactions and acts of office holders that require shareholder approval.

o

a monetary liability incurred by or imposed on him or her in favor of another person pursuant to a judgment, including a settlement or arbitrator’s award approved by a court. However, if an undertaking to indemnify an office holder with respect to such liability is provided in advance, then such undertaking must be limited to certain events which, in the opinion of the board of directors, can be foreseen based on the company’s activities when the undertaking to indemnify is given, and to an amount or according to criteria determined by the board of directors as reasonable under the circumstances, and such undertaking shall detail the foreseen events and described above amount or criteria;

o

reasonable litigation expenses, including reasonable attorneys’ fees, incurred by the office holder (1) as a result of an investigation or proceeding instituted against him or her by an authority authorized to conduct such investigation or proceeding, provided that (i) no indictment was filed against such office holder as a result of such investigation or proceeding; and (ii) no financial liability was imposed upon him or her as a substitute for the criminal proceeding as a result of such investigation or proceeding or, if such financial liability was imposed, it was imposed with respect to an offense that does not require proof of criminal intent; or (2) in connection with a monetary sanction or liability imposed on him or her in favor of an injured party in certain Administrative proceedings;

o

expenses incurred by an office holder in connection with Administrative proceedings instituted against such office holder, or certain compensation payments made to an injured party imposed on an office holder by Administrative proceedings, including reasonable litigation expenses and reasonable attorneys’ fees; and

o

reasonable litigation expenses, including attorneys’ fees, incurred by the office holder or imposed by a court in proceedings instituted against him or her by the company, on its behalf, or by a third party, or in connection with criminal proceedings in which the office holder was acquitted, or as a result of a conviction for an offense that does not require proof of criminal intent.

o

a breach of duty of care to the company or to a third party, to the extent such a breach arises out of the negligent conduct of the office holder;

o

a breach of the duty of loyalty to the company, provided that the office holder acted in good faith and had a reasonable basis to believe that the act would not harm the company;

o

a monetary liability imposed on the office holder in favor of a third party;

o

a monetary liability imposed on the office holder in favor of an injured party in certain Administrative proceedings; and

o

expenses incurred by an office holder in connection with certain Administrative proceedings, including reasonable litigation expenses and reasonable attorneys’ fees.

o

a breach of the duty of loyalty, except for indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the office holder acted in good faith and had a reasonable basis to believe that the act would not prejudice the company;

o

a breach of duty of care committed intentionally or recklessly, excluding a breach arising out of the negligent conduct of the office holder;

o

an act or omission committed with intent to derive illegal personal benefit; or

o

a civil or criminal fine, monetary sanction or forfeit levied against the office holder.

D.

Employees

		As of December 31,
Department		2019				2020				2021
Sales and marketing			656				772				941
Research and development			349				464				643
Services and support			253				309				381
General and administrative			122				144				175
Total			1,380				1,689				2,140

•

each person or entity known by us to own beneficially 5% or more of our outstanding shares;

•

each of our directors and senior management individually; and

•

all of our senior management and directors as a group.

		Shares Beneficially Owned
Name of Beneficial Owner		Number				%
Principal Shareholders
Wasatch Advisors, Inc. (1)			3,691,565				9.2	%
Senior Management and Directors
Ehud (Udi) Mokady(2)			*				*
Joshua Siegel			*				*
Chen Bitan			*				*
Matthew Cohen			*				*
Donna Rahav			*				*
Gadi Tirosh			*				*
Ron Gutler			*				*
Kim Perdikou			*				*
David Schaeffer			*				*
Amnon Shoshani			*				*
François Auque			*				*
Avril England			*				*
All senior management and directors as a group (12 persons)			578,502				1.4	%

(1)

Based on a Schedule 13G/A filed on February 10, 2022, by Wasatch Advisors, Inc. (“Wastach”), shares beneficially owned consist of 3,691,565 ordinary shares over which Wastach has sole voting and dispositive power. The address of Wasatch is 505 Wakara Way, Salt Lake City, UT 84108.

(2)

Mr. Mokady’s shares include 12,600 shares held in trust for family members over which Mr. Mokady is the beneficial owner.

ITEM 8.

FINANCIAL INFORMATION

ITEM 9.

THE OFFER AND LISTING

ITEM 10.

ADDITIONAL INFORMATION

•

banks, financial institutions or insurance companies;

•

real estate investment trusts, regulated investment companies or grantor trusts;

•

brokers, dealers or traders in securities, commodities or currencies;

•

tax-exempt entities, accounts or organizations, including an “individual retirement account” or “Roth IRA” as defined in Section 408 or 408A of the Code, respectively;

•

certain former citizens or long-term residents of the United States;

•

persons that receive our ordinary shares as compensation for the performance of services;

•

persons that hold our ordinary shares as part of a “hedging,” “integrated” or “conversion” transaction or as a position in a “straddle” for United States federal income tax purposes;

•

persons subject to special tax accounting rules as a result of any item of gross income with respect to the ordinary shares being taken into account in an applicable financial statement;

•

partnerships (including entities or arrangements classified as partnerships for United States federal income tax purposes) or other pass-through entities or arrangements, or indirect holders that hold our ordinary shares through such an entity or arrangement;

•

S corporations;

•

holders whose “functional currency” is not the U.S. dollar; or

•

holders that own directly, indirectly or through attribution 10.0% or more of the voting power or value of our shares.

•

a citizen or individual resident of the United States;

•

a corporation (or other entity treated as a corporation for United States federal income tax purposes) created or organized in or under the laws of the United States or any state thereof, including the District of Columbia;

•

an estate the income of which is subject to United States federal income taxation regardless of its source; or

•

a trust if such trust has validly elected to be treated as a United States person for United States federal income tax purposes or if (1) a court within the United States is able to exercise primary supervision over its administration and (2) one or more United States persons have the authority to control all of the substantial decisions of such trust.

•

at least 75% of its gross income is “passive income”; or

•

at least 50% of the average quarterly value of its total gross assets (which may be measured in part by the market value of our ordinary shares, which is subject to change) is attributable to assets that produce “passive income” or are held for the production of passive income.

ITEM 11.

QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

Period		Change in Average Exchange Rate of the NIS Against the U.S. dollar (%)
2021			(6.2	)
2020			(3.6	)
2019			(0.9	)

ITEM 12.

DESCRIPTION OF SECURITIES OTHER THAN EQUITY SECURITIES

ITEM 13.

DEFAULTS, DIVIDEND ARREARAGES AND DELINQUENCIES

ITEM 14.

MATERIAL MODIFICATIONS TO THE RIGHTS OF SECURITY HOLDERS AND USE OF PROCEEDS

ITEM 15.

CONTROLS AND PROCEDURES

•

pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of our assets;

•

provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that our receipts and expenditures are being made only in accordance with authorizations of our management and directors; and

•

provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of our assets that could have a material effect on the financial statements.

ITEM 16A.

AUDIT COMMITTEE FINANCIAL EXPERT

ITEM 16B.

CODE OF ETHICS

ITEM 16C.

PRINCIPAL ACCOUNTANT FEES AND SERVICES

		2020				2021
		($ in thousands)
Audit Fees		$	633			$	746
Audit-Related Fees			275				155
Tax Fees			312				367
All Other Fees			11				48
Total		$	1,231			$	1,316

ITEM 16D.

EXEMPTIONS FROM THE LISTING STANDARDS FOR AUDIT COMMITTEES

ITEM 16E.

PURCHASES OF EQUITY SECURITIES BY THE ISSUER AND AFFILIATED PURCHASERS

ITEM 16F.

CHANGE IN REGISTRANT’S CERTIFYING ACCOUNTANT

ITEM 16G.

CORPORATE GOVERNANCE

ITEM 16H.

MINE SAFETY DISCLOSURE

ITEM 16I.

DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS

ITEM 17.

FINANCIAL STATEMENTS

ITEM 18.

FINANCIAL STATEMENTS

ITEM 19.

EXHIBITS

Exhibit No.		Description
1.1		Amended and Restated Articles of Association of the Registrant (incorporated by reference to Exhibit 1.1 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2017)
2.1		Specimen share certificate (incorporated by reference to Exhibit 4.1 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
2.2		Fourth Amended Investor Rights Agreement, dated July 10, 2014, by and among the Registrant and the other parties thereto (incorporated by reference to Exhibit 10.1 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
2.3		Description of the Registrant’s Securities Registered Pursuant to Section 12 of the Securities Exchange Act of 1934 (incorporated by reference to Exhibit 2.3 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2019)
2.4		Indenture between CyberArk Software Ltd. And U.S. Bank National Association, as trustee, for the 0% Convertible Senior Notes due 2024 (incorporated by reference to Exhibit 4.1 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
2.5		Form of 0% Convertible Senior Note due 2024 (incorporated by reference to Exhibit 4.2 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.1		Form of Indemnification Agreement (incorporated by reference to Exhibit 10.2 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
4.2		Office Lease Agreement, dated October 28, 2013, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 10.4 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
4.3		First Amendment of Lease, dated October 23, 2014, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 10.6 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-202329))
4.4		Letter Agreement, dated June 28, 2018 between CyberArk Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 4.4 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2018)
4.5		Summary of Office Lease Agreement, dated February 26, 2015, between the Registrant and Azorei Mallal Industries Ltd., as amended from time to time ∞ (filed herewith)
4.6		Second Amendment of Lease, dated February 27, 2018 between CyberArk Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 4.4 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2017)
4.7		2011 Share Incentive Plan (incorporated by reference to Exhibit 10.8 to the Registrant’s Registration Statement on Form F-1, as amended (Registration No. 333-196991))
4.8		CyberArk Software Ltd. 2014 Share Incentive Plan, as amended (incorporated by reference to Exhibit 4.10 to the Registrant’s Annual Report on Form 20-F for the year ended December 31, 2015)
4.9		CyberArk Executive Compensation Policy (incorporated by reference to Appendix A of Exhibit 99.1 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on May 21, 2019)

4.10		Letter Agreement, dated as of November 13, 2019 between Morgan Stanley & Co. LLC and the Company regarding the Base Capped Call Transaction (incorporated by reference to Exhibit 10.1 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.11		Letter Agreement, dated as of November 13, 2019 between Goldman Sachs & Co. LLC and the Company regarding the Base Capped Call Transaction (incorporated by reference to Exhibit 10.2 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.12		Letter Agreement, dated as of November 13, 2019 between Barclays Bank PLC and the Company regarding the Base Capped Call Transaction (incorporated by reference to Exhibit 10.3 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.13		Letter Agreement, dated as of November 13, 2019 between Nomura Global Financial Products Inc. and the Company regarding the Base Capped Call Transaction (incorporated by reference to Exhibit 10.4 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.14		Letter Agreement, dated as of November 14, 2019 between Morgan Stanley & Co. LLC and the Company regarding the Additional Capped Call Transaction (incorporated by reference to Exhibit 10.5 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.15		Letter Agreement, dated as of November 14, 2019 between Goldman Sachs & Co. LLC and the Company regarding the Additional Capped Call Transaction (incorporated by reference to Exhibit 10.6 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.16		Letter Agreement, dated as of November 14, 2019 between Barclays Bank PLC and the Company regarding the Additional Capped Call Transaction (incorporated by reference to Exhibit 10.7 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
4.17		Letter Agreement, dated as of November 14, 2019 between Nomura Global Financial Products Inc. and the Company regarding the Additional Capped Call Transaction (incorporated by reference to Exhibit 10.8 to the Registrant’s Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 18, 2019)
8.1		List of subsidiaries of the Registrant (filed herewith)

12.1		Certification of Principal Executive Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications) (filed herewith)
12.2		Certification of Principal Financial Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications) (filed herewith)
13.1		Certification of Principal Executive Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith
13.2		Certification of Principal Financial Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith
15.1		Consent of Kost Forer Gabbay & Kasierer (a member of Ernst & Young Global)
101.INS		iXBRL Document
101.SCH		iXBRL Taxonomy Extension Schema Document
101.CAL		iXBRL Taxonomy Extension Calculation Linkbase Document
101.DEF		iXBRL Taxonomy Definition Linkbase Document
101.LAB		iXBRL Taxonomy Extension Label Linkbase Document
101.PRE		iXBRL Taxonomy Extension Presentation Linkbase Document
104		Cover Page Interactive Data File (the cover page iXBRL tags are embedded within the Inline iXBRL document)

	CyberArk Software Ltd.
Date: March 10, 2022	By:	/s/ Ehud Mokady
		Ehud Mokady
		Chairman of the Board & Chief Executive Officer