Good morning. My name is Rob, and I will be your conference operator today. At this time, I would like to welcome everyone to the CyberArk First Quarter 2023 Earnings Conference Call. [Operator Instructions]. Erica Smith, SVP, Investor Relations and ESG. You may begin your conference..
Thank you, Rob. Good morning. Thank you for joining us today to review CyberArk's First Quarter 2023 Financial Results. With me on the call today are Matt Cohen, our Chief Executive Officer; and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question-and-answer session.
Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements which reflect management's best judgment based on currently available information.
I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the second quarter full year 2023 and beyond. Our actual results might differ materially from those projected in these forward-looking statements.
I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted on CyberArk's website.
CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on this conference call.
Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call.
We also want to remind you that we provide information for additional color regarding subscription mix bookings, but it should not be viewed as comparable to or a substitute for reported GAAP revenues or other GAAP metrics. A webcast of today's call is also available on our website in the IR section.
With that, I'd like to turn the call over to our CEO, Matt Cohen.
Matt?.
Thanks, Erica. And thanks, everyone, for joining my first earnings call at CyberArk's CEO. Since starting my new role about six weeks ago, I have met extensively with our team and with customers and partners from around the world. The support, passion, and commitment to our mission is palpable.
My meetings reinforce that we have amazing people, an impressive base of customers and partners. And we are the only vendor tackling the critical security challenge of applying privileged controls to all human and machine identities through a unified identity security platform.
We are adding the mission-critical controls that stop attacks from progressing, a requirement in today's threat landscape. Because of our unique value proposition, CyberArk is being prioritized even in today's macroeconomic backdrop, and I am pleased with how we are navigating the current environment.
Subscription ARR reached $403 million and grew 84% year-over-year. Total ARR reached $604 million and grew 42% year-over-year.
Total revenue growth accelerated to 27% and came in at $161.7 million for the first quarter, and our subscription bookings mix reached 95%, an all-time high, driven by demand for our SaaS solutions and our platform selling motion. Before getting into the details of the quarter, I wanted to talk about the macro environment itself.
We are pleased that our SaaS and subscription bookings outperformed the macro assumptions embedded in our Q1 guidance.
We did continue to see longer cycles in Q1 and select larger deals downsized, reducing the scope of these initial engagements, but we are confident that identity security programs are moving forward because many of those customers are already back in the pipeline, and we expect expansion opportunities as we move through the year.
The strength of our subscription ARR, our ARR guidance, and our ability to maintain our full-year revenue guidance despite a material increase in subscription bookings mix speaks to the durability of demand and the prioritization of our identity security platform.
Deals are progressing through the pipeline, and we are seeing record pipeline growth across the entire portfolio with strong momentum in our Access, EPM, and Secrets business as well as for our Privilege Cloud offering. Moving on to the quarter, we will frame the discussion, as always, around growth, innovation, and profitability.
The persistent secular tailwinds of digital transformation, cloud migration, and attacker innovation are only accelerating. AI is a new powerful example of technology that will shape the cyber landscape.
With weaponized AI, organizations become even more vulnerable to attacks that are difficult, if not impossible to detect an assumed breach posture, including, implementing privilege controls and lease privilege is one of the best ways to protect against these emerging threats.
At our Impact customer event taking place in just under two weeks, you will not only hear about AI as an attack vector, but also how we can leverage AI to make our customers more secure.
Recently conducted a survey of 1,500 cybersecurity professionals and 92% consider identity security is mission-critical, but only 9% stated that they had a comprehensive strategy in place. There is an enormous gap between the level of identity protection and the maturity of organizations. And massive opportunity for us at CyberArk.
We have architected our platform strategy to capitalize on these secular tailwinds and our go-to-market engine is built to scale CyberArk well beyond our $1 billion ARR target.
Our recent innovations are gaining traction, workforce password management, secure web sessions, privileged life cycle management, compliance, flows, Conjur Cloud, and Secret Hub, all had key wins in the quarter and are contributing to customer excitement.
Our land and expand motion begins with new logos, and we signed over 200 customers in the first quarter. A few key Q1 wins include a major insurance company, we're struggling to scale and secure its cloud-first strategy with a point PAM provider.
This customer wanted deeper protection and to increase security and control by layering privileged controls across every identity. Our identity security platform will be deployed globally, including secure web sessions, identity flows, identity compliance, and of course, Privilege Cloud.
For many customers, the AWS marketplace is reducing friction in our sales cycle, in the first quarter, a leading health-care provider leverage this new route to market to buy workforce password management as well as Privilege Cloud and secrets management to secure the DevOps pipeline.
Regulation, compliance, and cyber insurance are broad drivers that contributed to our results, including wins in the banking, insurance, and health-care verticals. Early in Q2, we formalized the cyber insurance referral program with a leading company and already we're receiving opportunities in the pipe.
In addition to signing marquee customers, we had a strong expansion quarter for SaaS and subscriptions. Our land and expand motion is accelerating across the identity security platform, and the most visible metric is the over 40% increase in customers with more than $100,000 in annual recurring revenue, which reached 1,400 customers at the end of Q1.
A few examples include an existing IT software company, that purchased identity flows to automate PAM workflows in order to increase efficiency and also expanded its protection with workforce password management to provide peace of mind by not only managing but securing employee passwords.
A Fortune 100 transportation company who has been a long-time PAM customer and began protecting end-points in the second half of 2022, cited the threat of weaponized AI and our ability to protect against ransomware as key motivators and a significant Q1 expansion deal.
The channel is extending our market reach with more feet on the street and momentum is building with partner certifications in CyberArk Identity and now also in Secrets Management.
While still a relatively small contributor to our overall business, MSPs across APJ, EMEA, and Americas are helping us move down market and reach customers who rely on managed services to secure and scale their environments.
On the innovation side, we were recognized by KuppingerCole as a leader in privileged access management, further validation of the strength of our solutions. Workforce password management is another example where we are setting the pace of innovation in identity security.
In the first quarter, we announced that Workforce password management used in conjunction with secure web sessions create an industry-first way of accessing sensitive applications. The platform effect is accelerating.
Today, early access customers are leveraging EPM and Privilege Cloud to discover, review, and automatically onboard all local Windows and MacOS endpoint privileged accounts. This enhanced capability improves security and lowers risk of credential theft and privilege escalation at the endpoint.
Josh will cover profitability in just a few moments, but I wanted to reiterate that as we look into 2023, we will continue to invest with discipline and leverage each of our operating expense lines this year and beyond.
Importantly, with our growth, we have the ability to be agile in our investment plans and make adjustments as we move through the year. As I've done around with investors, I've been asked about what will I be changing as CEO, as we talked about in February with Udi, at the highest level, we're not changing the strategy.
We have all the ingredients to execute and deliver growth and profitability. That said, there remains areas where we can improve our execution and drive the next level of performance.
One key focus area is harnessing the data that comes with the subscription transition to drive expansion opportunities, boost productivity, and deliver operational excellence.
This data, combined with the same rigorous programmatic execution that allowed us to shift our entire business model in only five quarters will empower the company to take customer success to the next level, increase our sales and marketing productivity and drive more efficiency through our innovation engine as we enhance our identity security platform.
A second focus area and one that we are all laser-focused on is our role as the leader in identity security and fully realizing this tremendous opportunity. Consolidation of trust for identity is underway within our customers.
Identity is more critical than ever, and organizations are increasingly moving towards trusted partners that can secure the broadest set of use across identities and environments.
With this in mind, we are accelerating our platform selling motion, our new platform services, and how we leverage our robust partner ecosystem to extend our reach and drive our growth. Securing all identities, not just managing human access is a requirement at the center of our customers' cybersecurity strategies.
And with our approach based on privileged controls, we are best positioned to capture the market. We are becoming the platform of choice for customers and driving deep alignment across the organization while creating a disciplined execution machine will help ensure we extend our commanding lead in the identity security market.
In the first quarter, we made great progress executing our strategy, and we delivered strong results as we navigated a challenging macro environment. We are executing and on pace to accelerate growth, improve profitability and generate strong cash flow for the year.
I will now turn the call over to Josh, who will discuss our financial results in more detail and provide you with our outlook for the second quarter, the increase in our full-year ARR guidance, and what is essentially a guidance raise for the full 2023 when you look through the subscription bookings mix headwind.
Josh?.
Thanks, Matt. In the first quarter, we delivered exceptional ARR growth once again. Annual recurring revenue grew 42%, reaching $604 million at March 31, and the subscription portion reached $403 million. That's increasing 84%, representing 67% of our total ARR.
We also added $39 million of net new subscription ARR from Q4 2022, which is higher than the sequential increase of the $36 million in the first quarter of last year. Demand for our SaaS offerings drove our subscription bookings mix up to an all-time high of 95% of total bookings, above our guidance framework of 93%.
The 95% compares to only 86% in the first quarter of last year. The maintenance portion of ARR was $202 million at March 31. The decline in maintenance was due to lower perpetual license sales over the last two years as a result of our subscription transition.
Like-for-like conversion activity still only represented a single-digit percent of our year-on-year ARR growth. Total revenue was $161.7 million with growth accelerating to 27% year-on-year. While our record subscription bookings mix resulted in strong ARR growth, it also lowered our total recognized revenue in the first quarter.
Normalizing for the higher mix than we assumed in our guidance framework, our recognized revenue would have been at the high end of our guidance range. Like every company, we are also navigating the current macroeconomic environment.
As Matt mentioned, longer approved sales cycles persisted towards the end of the quarter, select large deals were downsized as customers bought for their immediate needs versus longer-term planning, which would have contributed to more upside in our performance.
For [indiscernible] subscription deals, duration again came in at the lower bound of our range, putting pressure on long-term deferred and recognized revenue. While we signed 200 new logos in the quarter, it was a more challenging environment for new customer acquisition, primarily in our corporate or mid-market segment.
Looking across the metrics, our strong ARR and record pipeline growth illustrate that we are navigating the current macro environment, customers are moving forward with their identity security programs, and that we remain a priority. Moving into the details of the revenue lines for the first quarter.
Subscription revenue reached $92.7 million, growing 78% year-on-year and representing 57% of total revenue in the first quarter. Consistent with our move to our subscription business model, perpetual license revenue did decline coming in at $3.9 million.
Our maintenance and professional services revenue was $65.1 million with $53.2 million from recurring maintenance and $11.9 million in services revenue. The recurring revenue portion reached $145.9 million, now hitting 90% of total revenue. That's growing 37% year-on-year from $106.9 million in the first quarter last year.
Geographically, the business continues to be well diversified. Americas revenue reached $98.4 million, growing 31% year-on-year, APJ grew by 28% to $16.8 million, and EMEA grew by 18% year-on-year to $46.5 million in revenue.
The EMEA region continued to experience some FX headwinds and had a nearly 10 percentage point increase in subscription bookings mix to 93%, and in the first quarter. That's compared to 84% in the first quarter last year, creating a meaningful recognized revenue headwind in the quarter. All line items of the P&L will be discussed on a non-GAAP basis.
Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our first quarter gross profit was $131.5 million or an 81% gross margin. That's compared with 82% gross margin in the first quarter last year as a result of lower perpetual revenue and higher SaaS business.
Our operating expenses increased by 24% to $144.1 million, and that resulted in an operating loss of $12.6 million. Net loss was $6.9 million or $0.17 per diluted share, while overall profitability continues to be significantly impacted by the mix shift to recurring revenue. Our margin profile has begun to improve as we have planned.
We ended March with over 2,860 employees worldwide, including nearly 1,230 in sales and marketing. For the first three months of 2023, free cash flow was $4 million or a 3% free cash flow margin. Turning to our guidance.
Our guidance for the second quarter and the full year 2023 balances our strong competitive position, the increased headwind created from our higher-than-expected subscription bookings mix, and the durable demand for our platform against the uncertainty in the macro environment.
For the second quarter of 2023, we expect total revenue of $170 million to $175 million, which represents 21% year-on-year growth at the midpoint. We expect the subscription mix to be in the mid-90% range and our perpetual license revenue to be similar to the levels we saw in the first quarter.
The mix we are assuming for the second quarter is higher than our initial guidance in February, increasing the headwind to reported revenue.
We expect a non-GAAP operating loss of about -- of $10.5 million to $6.5 million for the second quarter, and we expect our non-GAAP EPS to range from a net loss of $0.19 to net loss of $0.09 per basic and diluted shares. Our guidance also assumes 41.7 million weighted average basic and diluted shares and about $5.1 million in taxes.
For the full year 2023, given the increase in our subscription bookings mix in the first quarter and our expectation that it will remain at this level for the rest of the year, we are still maintaining our guidance for total revenue in the range of $724 million to $736 million.
The subscription bookings mix assumption for the full-year is now about 95%. That's compared to prior expectation in the low 90% range. Maintaining our revenue guidance for the year at a higher mix is essentially a meaningful raise of our full year revenue guidance given the more ratable revenue of our SaaS and subscription bookings.
We are maintaining our full year operating results to be in the range of an operating loss of $5 million, and operating income of $5 million and we are improving our EPS range to a net income per share of $0.16 to $0.38 because of increased interest income for the first quarter.
We expect about 46.3 million weighted average diluted shares and about $21.5 million in taxes for the full year of 2023.
On the back of our strong ARR growth and subscription bookings increased in the first quarter, we are raising our guidance for annual recurring revenue to be between $735 million and $745 million at December 31, 2023, or about a 30% year-on-year growth at the midpoint of the range. Our free cash flow came in at 3% free cash flow margin.
As a result of our performance in the first quarter, we are revising the guardrails for free cash flow margin for the full year 2023 upward to the range of non-GAAP net income margin to 5%, above our non-GAAP net income margin.
We expect there to be fluctuations between the quarters and in -- for example, in the second quarter, we have cash expenses from our impact customer event and other seasonal expenses that will affect our free cash flow. Overall, we were pleased with our execution, particularly in this macro environment.
The strength of our demand and prioritization of our identity security platform are evidenced by accelerating revenue growth, strong net subscription ARR, overall ARR growth, and record pipeline build with 90% of our revenue now recurring, we have a more resilient business model that is beginning to deliver strong growth, operating leverage and improving cash flows.
I will now turn the call over to the operator for Q&A. Operator..
[Operator Instructions] Your first question comes from the line of Saket Kalia from Barclays. Your line is open..
Good morning, guys. Thanks for taking my question. Matt, congrats on your first six weeks as CEO..
Thanks, Saket. Good to hear from you..
Yes. Matt, maybe we'll start there since the last couple of months have been interesting to say the least for security. I know you spend a lot of time with customers.
So maybe the question is, can we just talk about how the March quarter progressed in terms of linearity and conversations? It's just been such mixed results from other March quarter security companies.
Curious what you saw just in terms of progression? And maybe if you can comment on just anything that you're seeing more recently?.
Yes, sure. I mean I think as we talked about, we're really pleased with the results on the quarter when we look back into the quarter and try to analyze what's occurring, we continue to see this phenomenon where when we show up and we're having these conversations with customers, we are at the top of the list of conversations they want to have.
There's a prioritization process, obviously, across the entire tech stack but even within cybersecurity and when we are a mission-critical solution for these organizations. And so, while macros are on the mind of everybody, when we're having conversations with the customers, they understand the importance of their investments in these areas.
They understand that actually, this is something they need to be implementing and implementing fast in order to secure in this threat landscape. And overall, we just feel this level of partnership and awareness within our customer base. As we mentioned in the prepared remarks here, we do see approval cycles take a little bit longer.
One of the thing I tell the sales team all the time is, since we're selling something that's needed, let's make sure that we're going out and actually addressing people who might pop up in the approval cycle. Even some of our sponsors are -- are not always aware of who's going to show up.
So, we talk to the teams about actually engage with them early, talk about who else might come in. And let's go pre-brief them in that conversation. Make sure they're aware. So that when it gets to their approval level, they're able to actually sign off on it. And we see that type of behavior and execution help us throughout the length of the quarter.
We also talked for a second there about this kind of downsizing of deals, and I just want to hit that head-on. What that kind of looks like is more of a -- maybe there's a 400-seat expansion deal for PAM.
And when the customer gets there, they realize that there's 300 seats that they can buy right now, they need right now because identities are proliferating. And maybe there's 100 seats that they need in the summer. And so, they'll buy the 300 now, and then they'll push off the 100 to later in the summer.
Now we never want to see deals go a little smaller and definitely limit a little bit of our upside.
But what that actually opens up for us and as a selling team, it's actually an exciting fact is a compelling event in the summer to readdress the customer not only now for those 100 seats, but for any other needs that they have and as a sales team, you're always looking for those moments to kind of open up so that you can go back in.
So, across the board, that's kind of my sense of what's going on. It's a nice place to be being the type of security company we are, even in this tough macro environment..
Yes, absolutely, Matt, and it shows. Josh, maybe for my follow-up for you. A lot of focus on the financial services vertical in security this quarter. Can we just talk about how that vertical specifically performed? And Josh, if you could maybe go one level deeper into that exposure because, of course, not all financial institutions are created equal.
Can you just maybe talk about how much of that mix is regional banks versus other types of financial institutions?.
Yes. Thanks, Saket. Actually, I'll start off by saying our financial vertical was up year-on-year. So -- and overall, what I would also say is that we actually closed deals in kind of the regional bank level, even in the end of the quarter.
So, I think from our perspective, financials is an important vertical for us from the small to the large enterprise. Clearly, the majority of our business is going to be coming from mid- to large enterprises from the banks. They have a much larger footprint and a much larger footprint and are going broader across our entire portfolio.
So, when we look at our pipeline, it's going to be coming from the larger size of the financial enterprises. And I think the other thing that I would say is that as we look into our pipe going forward, we're not seeing any degradation of the financial service -- financial customer pipeline.
And I think out in the field, we're not seeing any tapering off of engagement with large financials and with the regional financials as well..
And your next question comes from the line of Roger Boyd from UBS Securities. Your line is open..
Thank you. Maybe a higher-level question for Matt. Matt, I'd be curious, I mean, you have tons of opportunities in Access and EPM and Secrets Management.
But where do you think we are in kind of the PAM adoption curve? And any view on what you're seeing in terms of greenfield, brownfield, shift to SaaS in this kind of environment would be helpful as well? Thanks..
Yes. I think sometimes we get so excited about the newer areas that we forget to talk about the opportunity in PAM. I think that when we are continually excited about is both the new opportunities, the new prospects out there, not even just in the low end of the market, but even in the kind of sweet spot of the enterprise space.
We see the kind of movement towards more mature PAM programs and all that brings. And then within our base, we actually feel that we're underpenetrated. And the reason for that is that when we started out, there was only a certain type of user that needed a privileged account.
And so, if you were that type of user within the core IT department, we were going to sell you a license.
And now as we start to see this notion of any user can become privileged at any time, the business user actually needs Privileged Access Management, a lot of functions outside of core IT need it, as well as the developer and the development community, the DevOps group.
You start to understand a little bit more about how much more room there is to run within our customer base themselves.
And so when you combine both the room to run in the customer base, as we broaden the circle of users that we can bring under the PAM umbrella, and we look out and see both midsized enterprise all the way down to mid-market, really starting to adopt new and modern PAM approaches, it really speaks to the market opportunity that's ahead of us and our ability as the leader in PAM to go out and capitalize on it..
Great. Thanks. And Josh, just a quick one on the guide. You raised the full-year ARR guide, but I think the deceleration looks a little steeper than we were modeling from the 42% growth in 1Q.
Can you just walk us through your assumptions in the macro environment there? And any change that you might be seeing as a little more conservative versus a quarter ago? Thanks..
Yes, sure, Roger. We're still keeping consistent on our -- on the trends around close rates in light of the macro with new logos, probably potentially being harder and longer approval cycles that Matt was referring to before, and so we're still persisting with that within our guide.
But at the same time, we're seeing record pipeline being generated and so that's what gave us the confidence.
That's what gives us the confidence to be able to raise the guide effectively, not just on the ARR that you pointed out, but by keeping the revenue guide at the same level despite really increasing the mix of SaaS subscription by a couple of percentage points..
And your next question comes from the line of Adam Borg from Stifel. Your line is open..
Thanks, for taking my question. Maybe for you, Matt. I know you talked a little bit about this in the script, but would love to hear anything more about the platform motion, how that's progressing, and we'll hear more about that at the customer event in a couple weeks. And then I have a follow-up..
Sure, Adam, and thanks for the question. Good to hear from you. So, I do get excited about this platform selling motion because I think it represents kind of the maturity or the nature of the market now that we're selling into.
We talk a lot about this idea that there is multiple types of identities that need to be secured and multiple types of environments that they're going after that need to be protected.
And so when you start to think about this idea again of human and machine identities and you think about core PAM users and as well as business users or the general workforce, and then you move over into the endpoint and least privilege at the end-point and the complexity of protecting all of those identities as they go after not just now on premium infrastructure, but hybrid and cloud infrastructure, customers are waking up to the fact that you can't plug in multiple point solutions to be able to solve all those problems.
They actually want an integrated approach that they can count on to make sure that all identities are secured.
And so, our entire approach with the platform is meeting that market need, talking to the customers in that context to make sure that actually, we can actually do things that those point solutions even when netted together, can't do because it's one integrated motion.
So, as you know, we've been focused on ramping up the sales team and making sure that they can position that. Our marketing team is out there messaging that. And I just get really excited by the opportunity of ours to be able to go do that. You heard us use this phrase in the prepared remarks around consolidation of trust.
And what we mean by that is that the customer themselves are looking to consolidate their vendors down to partners that they can trust and we feel like we're well positioned in that environment, well positioned within this identity space to take advantage of that market trend..
Super helpful. And maybe just as a quick follow-up. You did talk about adding over 200 new logos in the quarter, a little bit down year-on-year. You talked about the tough macro and record pipeline.
So, as I think about 2023, are we really looking at this as more of an upsell year? And if so, are we reorienting any go-to-market efforts back to the base? Thanks..
Yes, sure. No problem. So, when we think about new logos, I want to just paint a couple of different things here. One is, obviously, there is the new logo’s absolute number. And for sure, we saw some pressure there, particularly, by the way, down market in our mid-market space, where deals started to slip out a little bit around new logo acquisition.
But there's some other trends within our customer business, a new logo business that I think are important to understand. One is the actual deal size of the logos that we are closing is getting bigger, not smaller. The ability to be able to sell multiple products to those new logos beyond PAM, it continues to trend in the right direction.
And overall, the contribution, the net ARR contribution from new logos actually was really strong in the quarter. So, although the absolute number of new logos, and we always want to be planting as many seats as possible for the future, although that occurred in the quarter, we actually are pretty happy with the contribution from the new business.
And so, we don't actually see a need to shift our overall go-to-market approach. We can go focus on building and planting pipeline for new logos, even if it closes a little bit slower, it will come to us eventually. At the same time, as we can upsell and cross-sell with -- upsell and cross-sell within the base.
The final thing I'll just say is within our new logo business within our customer business, our win rates continue to be really strong. So, although, again, the overall number at 200, maybe a little bit less than we would have liked. Overall, we're actually really happy with the new customer business that we're seeing..
Helpful. Thanks, again..
And your next question comes from the line of Angie Song from Morgan Stanley. Your line is open..
Congratulations, Matt, on your first few weeks as CEO. I'm speaking on behalf of Hamza Fodderwala here at Morgan Stanley. So, I guess, Matt, just a question for you. It's been a couple of months since the transition of CEO has been announced.
So, could you just talk to us about your top three priorities for the company as CyberArk scaled beyond that $1 billion in ARR by around like fiscal year '25?.
Yes, sure. No. I always love to talk about that. And I think it's been a really fun last six weeks or so. I've had the opportunity to kind of travel around the world and go see employees in different locations. I was able to spend my first day as CEO over in our Israel headquarters and meet with our amazing R&D organization and talent there.
And around each one of those conversations when I meet with the customers, as I visit, it comes back to the same things and that's what sets our priority. Increasingly, again, as I was just talking about, they're looking for a platform provider.
They're looking for someone that can secure not just privileged users traditional PAM, but that it can actually secure the workforce, to cure the human -- the nonhuman identities.
Even more and more secure their cloud environments, and so the first priority for sure is our expansion, continued expansion to own our leadership position in identity security. And that really is the anchor point for everything else that we go and look at.
We have a second focus, and it's core to us, which is to get our go-to-market engine ramped up, fully ramped from a productivity perspective, from a contribution of marketing from a modern way of doing the sales process so that we can take advantage of that market.
And that becomes a continuation of something that obviously I was working on for several years, but our ability to be able to go do that. And then the third thing, and it's important for us because it's fundamental to our DNA is to make sure that we're scaling efficiently through these next couple of years.
We want to make sure that we're delivering the right level of profit back into the investor community to our shareholders.
And the best way to do that is to exit the subscription transition fully, which obviously we're ramping our way through, and get the leverage back into the business so that we're not just growing the top line, but we're able to deliver a strong cash flow number into the shareholder base..
Your next question comes from the line of Rob Owens from Piper Sandler. Your line is open..
Great. Thanks for taking my question this morning. Just one for me. I want to touch a little bit around the partner ecosystem, the indirect contribution you guys see overall, and maybe some of the green shoots and opportunities. I know you mentioned AWS Marketplace, but -- just are you seeing channel Swift expansion through some of these CSPs? Thanks..
Yes, sure. No, Rob. Thanks. Great. Great question. And I think one of our differentiators in the market is our partner ecosystem. We've always had a strong indirect component to our business. We run generally speaking, in the upper 70s, sometimes even touching below 80% of business that's run through our partner ecosystem.
And as you kind of mentioned, we've seen an increasing kind of shift in how those partners are going to market. One, they're following suit with us. They're leading with SaaS. They're able to actually get outside of PAM and actually embracing Access and Secrets Management. So, they're bringing the full CyberArk story to market.
But we also see newer types of partners emerge. And we did mention the AWS marketplace, which is a great way to kind of lubricate the sales process and actually partake of one might call found money in this macroeconomic environment because they already have purchased those AWS credits that they can use.
But we also see, as I highlighted in the prepared remarks, the emergence of the MSP or MSSP program. And I think that actually is taking on two flavors. One, it allows us to go down market more effectively.
But we see even in the enterprise space that more and more IT organizations and security organizations really do not want to be in the business of managing their solution stack.
And so, they're looking to even bigger SIs, telcos to actually one-off managed service their security environment, and we have great partnerships, as many of you know, with the biggest SIs. We've built up the telco program, and we have the MSPs. So as that market starts to mature and accelerate, we can take advantage of it.
Now it's a minimal part of the overall business at the moment, but it's one of the areas that we're exceptionally excited about as we move forward..
And your next question comes from the line of Tal Liani from Bank of America. Your line is open..
I have two questions. One is, we hosted Microsoft on Friday, and we see them in more and more and more markets in cybersecurity, extremely successful business. And I'm wondering how do you see Microsoft, if at all, in the market? And how is competition against them? And the second question is for Josh.
Great success on revenues, great sustainability, and stability, but margins are still negative.
What's the outlook for margins?.
Great. I'll take the first one, Josh. So, Microsoft, as you said, is a formidable software organization, and they've built up a strong cybersecurity core within their overall approach. They've been, frankly, in a kind of competition motion with us for a very long time. They're a good partner in a lot of ways.
And sometimes we see them show up within our customer base. What we've seen though is that the minute the conversation kind of turns to core security, like real security, for example, PAM, there really isn't a choice that comes up between Microsoft versus CyberArk.
The CISOs, understand that they do PAM right, to do core security right, they actually need the type of depth of solution that only CyberArk can provide. I think we also see them kind of emerge in other areas of the business that we took the fight to them, if you will, when we entered into Access.
And for basic MFA and single sign-on, I think they are a very credible force out there. And as you've heard us talk about before, when we're competing in the Access market versus Microsoft or Okta for that matter, our differentiation, again, is the applicability of privileged controls or deeper security even the commoditized MFA or SSO market.
And what that means is we bring solutions like secure web sessions or workforce password management that become the security bodyguards that can sit against a single sign or MFA solution, where there's comparability between their solution and ours.
You even saw them lately enter in and kind of validate the EPM or the endpoint privilege management market. Actually, to be honest, that's kind of thrilling for me because the biggest problem we have on EPM is not customers once they understand it, wanting to buy our solution. It's getting customers to be aware to begin with if they need the solution.
And Microsoft entering into a market like that is actually wonderful news for publicity. When we get into a deep conversation about features and functions and capabilities, I think our solutions come out on top. And so that's my view on the Microsoft landscape. Again, I'm very respectful of them.
And I think they kind of help the market overall, but we feel pretty confident when we're head to head against them..
And Tal, to your second question, so -- we're pleased that we're following our playbook, right, through the transition and which kind of drove the shift in our margins negative through last year. We're excited that this year, we're already now that we're post transition, getting our first year back for improvement to breakeven for our guidance.
And then we anticipate to continue to expand that gross margin next year '24 and further into '25. So -- we're on the right track for continuing following our playbook, post-transition, getting the benefit of the accelerated revenue on the top line.
And then as Matt pointed out earlier in one of the earlier answers, we are totally focused on making sure that we think about scaling efficiently and that's going to drive those expansions of the margins already this year that you're seeing in the guide and then next year and going forward..
Got it. Thank you..
Your next question comes from the line of Eric Heath from KeyBanc Capital Markets. Your line is open..
Congrats on a strong quarter here. Our conversation on the margins. A couple of things. I mean it's great to see the maintenance of the margins just given the increased mix shift to the ratable side of the business.
But Curious, one, just bigger picture, is there any change in your thoughts on the pace of investments for this year? Just given some of the macro and any change to your hiring plans on number one.
And a follow-up to that, just I think you changed your kind of guidance a little bit on the free cash flow, just that it should be five points ahead of net income margin, where I think it was previously kind of in line with net income margin.
So just curious the change has there given some of the -- what seems like duration pressure that hidden billings a little bit?.
Sure, Eric. I'll take the first part here, and as it relates to the hiring plan. And I think we continue to calibrate our investment versus the opportunity.
And we talked about it at the last earnings call, which is this year, we would see a little bit less overall headcount percentage increase versus what maybe we saw in 2022, and that was because we were taking into account both the macro backdrop and also our need to drive leverage back into the business. And I think we continue to see that play out.
We added roughly 95% license in Q1, and we will look towards the rest of the year and continue to make strategic investments in go-to-market where we feel like there is opportunity to go capture.
And then throughout the rest of the company to round out our ability to be able to, for example, deliver on the identity security platform vision, drive and support the scaling of the overall operations. So, I think we're measured in our headcount. Our headcount hiring were consistent with what we were talking about.
And our belief is, going forward, this is a lever that we can pull in any direction that we need to. So, we're very agile in our approach, and we'll make the decisions really quarter-by-quarter, should we accelerate more? Should we cut back a little less? And that's the beauty of the model that we're operating under..
Yes, Eric. And with regard to the cash flow, first of all, we're pleased that we're able to come in already now in the second quarter and start to -- and start to go up on our cash flow margin guidance to, as you pointed out, net income margin to net income plus -- net income margin plus 5% on a non-GAAP basis.
And I really think it's -- we have more visibility than we did three months ago, and Q1 tracked well. And I think it's a reflection of one where Q1 ended up.
But also, as we look at the guide and we look at our pipeline going forward, and our success with renewals and our expectations there, we feel comfortable that we'll be even in a better place on cash flow than we said three months ago..
Your next question comes from the line of Brian Essex from JPMorgan. Your line is open..
Hi, good morning, and thank you for taking my question. I guess maybe for Matt, what might be helpful is in the onset of the pandemic, we saw a pretty meaningful pause in spend, and we saw a downsizing deal facing shorter contract durations.
Could you maybe compare and contrast what you're seeing now versus what you're seeing then or you call right after that, we had like SolarWinds and [indiscernible] and everyone kind of like trued up realize the value of PAM and kind of trued up the deals and you saw a reacceleration.
But how does the -- I guess, recognition of the critical nature of PAM and the process of approval and coverage inside your customer base, how do things differ now compared to when we saw that pause a few years ago?.
Yes. As we look back on the Q1 and out towards the year ahead, we just -- we don't see that pause in business. We see our ability to be able to generate a record pipeline. We see our ability to be able to go out and be at the top of the list of priority at our customers. We see the conversations continuing to progress as we've been talking about.
And I do think I pull it back to where you hit, which is we are in a different place in terms of our portfolio, our solutions and the maturity of the market, and an understanding of the critical nature of the solutions that we sell.
The recognition of what it really means to secure identities and the importance of identity in the attack vector is in protecting against the attack vector it's just tremendously better. It's a good position to be in. And I think we show up now with a broad base of solutions and a platform to sell.
And it lends itself to better customer conversations and a better market backdrop despite obviously, macros being on everybody's mind..
Right. That makes sense. And maybe we could just circle back to one of the comments made on his expansion.
Any impact this quarter or recently from headcount reductions in your customer base and how they might be thinking about rationalizing their labor footprint and how that might impact your business?.
No. We're lucky from that perspective, as I said, that the notion of privileged accounts and privilege identities proliferate regardless.
And so, when you look at customers that may or may not be in difficult economic situations in certain verticals or industries, I don't think there's a correlation between their decision on headcount and what they need to buy from CyberArk. So that's not one of the things that we worry too much about..
Your next question comes from the line of Jonathan Ruykhaver from Cantor Fitzgerald. Your line is open..
Good morning. Thank you. So, in the past, the company has emphasized the sales motion for adaptive or access is largely installed base adoption. So, the question I have is, given your large enterprise installed base, I would think that some portion, if not a large portion of those organizations have an existing IAM solution.
So how do you see that? How much of that might be green field? And then also, if you could also just touch on the go-to-market strategy given the two large and successful incumbents within that market already?.
Yes, sure. So, I think as we talk about the Access business for us continues to accelerate in a nice way and become a more meaningful piece of our overall business.
And I think that when you look within the customer base, it is somewhat surprising to people how many customers are either completely on legacy solutions or more often than not, actually have multiple solutions throughout different divisions, through acquisition, through other kinds of vendor sprawl that's happened within their organizations on the access side.
And so, we do feel like there is this rich opportunity within our customer base to rip and replace legacy solutions. Obviously competing against those two significant competitors in that space, but not having to replace those competitors in that space in order to be able to win. From time to time, we're in a conversation about a replacement for sure.
But it really is the opportunity here to go in and rip and replace those solutions.
I also want to emphasize the notion and will connect to your point of how we differentiate or compete, that our solutions in that portfolio, for example, secure web sessions can sit on top of any [indiscernible] and so even if there is an embedded Microsoft account, we can go in and still talk to them about our overall identity security story, and we can talk to them about how they can still take advantage of a more secure way of doing single sign-on and connect it back to privilege controls and back to the overall identity security platform.
And so that becomes our special sauce when we're differentiating. It's not my SSO is better than your SSO. It's my identity security platform with strong SSO and MFA that can keep you more secure than their SSO, and MFA. And again, that's becoming more and more of our talk track.
Our team is becoming more and more comfortable with that talk track and that will be what drives the growth going forward as we continue to increase our position in that space. Again, as you said, two very formidable competitors directly in the Access space..
Your next question comes from the line of Shrenik Kothari from Baird. Your line is open..
This is Shrenik Kothari from Baird. Thanks for taking my question. Congrats on the first quarter, Matt. So, one for you and one quick follow-up for Josh. Matt, you mentioned about AI that's sharing the cyber landscape and weaponized AI in particular, organizations becoming more vulnerable to attacks that are difficult to detect.
You gave an example of a customer; the Fortune 100 transportation company cited the threat and was a key motivator in the expansion deal. Can you talk a little bit more about AI as a driver this past quarter? And in terms of the pipeline, what do you see in terms of the opportunity ahead? And then one quick follow-up for Josh..
Yes. I think in any market, there are things that help to educate the market sometimes through fear that gets the market more ready and understanding of new solutions that they need. And I think AI, because it's captivated so much attention, helps with that from a market perspective.
For sure, we and we're going to talk about it at our impact event which hopefully many of you will join.
We're going to talk about this idea of what does a weaponized AI look like and what is the attack path and what can you do about it? But the reason why we're emphasizing it is not because right now, the notion of weaponized AI is the single most important attack path for organizations.
But what it does is it wakes organizations up to the notion that detecting threats is not enough. We actually need to control the threat. And the only way to be able to do that in some cases is by controlling or securing identities.
And so, I'll give an example here, which is at the endpoint, and this is what the customer that you're referring to was talking about. At the endpoint, you would be silly to not have an EDR in solved. Let's be clear. We believe in it, if our own IT department was installing a new environment, they're going to put an EDR of some sort on the location.
But if you can get around that EDR or more significantly, if you can turn off that EDR because there's local privilege controls and local admin controls sitting at that end-point, then that EDR is relatively useless.
And AI is a way that you can weaponize that approach and figure out your attack path to be able to get in, get credentials, and actually turn off the EDR itself so that no longer can detect. Our EPM solution, removes the ability to be able to make changes on the local endpoint, on the local desktop, and on the local server.
And by doing that, you're actually ensuring your investment in your EDR system because you're now going to make sure that it's there, it's available to do what it does really well, which is to detect and respond.
And so, the AI concept is more of a concept at this point in time, although we'll talk through some more details but what it does is, it wakes organizations up it shakes them and says, assume breach, assume that they're going to get in. Now what do you do to control? And that's where CyberArk comes in because we're all about security and control..
Your next question comes from the line of Andrew Nowinski from Wells Fargo. Your line is open..
So, I just wanted to trying to go back to gross margin, it was slightly better than expected.
Do you think an increase in discounting might have prevented some of the downsizing of deals? And is that a tool you would consider using to get some of these deals over the finish line throughout the course of the summer?.
Andrew, I don't think that, that I think you're referring kind of to our pricing in -- with regard to the gross margin?.
Yes. I mean I just -- yes, I mean if the deals were downsized.
I'm just wondering if you could offered any better, more aggressive pricing on it to help get the full deal size?.
I'll let Matt take that in a second. I think, from our perspective, gross margin, we would not have seen that as necessarily the tactic. I'll let Matt talk on the pricing..
Yes. Listen, I think that we're operating in a tough macro environment, and we're always price conscious across the board, and we're understanding with our customers when the budget is a core concern, and we're working with those customers to make sure that we can fit within their budget, while we're getting as a partner or as a vendor, our value.
We continue to see good pricing even in this environment. By the way, we see good pricing on our renewals within this environment. And ultimately, we don't want to force or give away seats.
If we feel confident that those seats are still going to come our way just a month or two months or five months later, certainly, for certain customers, you're trying to get them to buy in, and you're trying to get them to take their first bite. And when that happens, you're aggressive or you work with them on price.
But overall, I'm pretty confident in how we approach the market from a pricing perspective. We're flexible when we need to be. But at the end of the day, we're actually creating a business for the long run, and we want to make sure that we're delivering value and then we're receiving the right level of value back in the deals that we sell..
And we have reached the end of our Q&A session. I will now turn the call back over to CEO, Matt Cohen, for some final closing remarks..
Thanks. So, I want to thank our employees for their hard work and commitment and our customers and partners for their continued support. As I said, it's been a wonderful six weeks so far.
We're looking forward to seeing many of you, hopefully, all of you over a week from now at our customer impact event, where we're going to be able to talk about the latest and greatest of our identity security platform and update everybody on the latest and greatest of the company. So, until then, thanks for the call today. Take care..
This concludes today's conference call. Thank you for your participation. You may now disconnect..