CyberArk Software - Q4 2023
February 8, 2024
Transcript
Operator (participant)
Good morning, my name is Dennis, and I will be your conference operator today. At this time, I would like to welcome everyone to the CyberArk Software fourth quarter and full year 2023 earnings conference call. All lines have been placed on mute to prevent any background noise. After the speaker's remarks, there will be a question and answer session. If you would like to ask a question during this time, simply press star, then the number one on your telephone keypad. To withdraw your question, press star one again. I would now like to turn the conference over to Erica Smith, Senior Vice President, Finance and Investor Relations. Please go ahead.
Erica Smith (SVP of Investor Relations)
Thank you, Dennis. Good morning. Thank you for joining us today to review CyberArk's strong fourth quarter and full year 2023 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer, and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open the call up to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the first quarter, full year 2024, and beyond. Our actual results might differ materially from those projected in these forward-looking statements.
I direct your attention to the risk factors contained in the company's Annual Report on Form 20-F, filed with the U.S. Securities and Exchange Commission, and those referenced in today's press release that are posted to our website. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is also available on our website in the IR section. With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?
Matt Cohen (CEO)
Thanks, Erica, and thanks, everyone, for joining the call today. We had an amazing fourth quarter to round out a momentous year for CyberArk. Early in the year, we were nimble and adjusted our selling motion in light of the macroeconomic backdrop, and in the fourth quarter, it continued to pay off, resulting in another great growth quarter. We entered 2024, a fully recurring revenue company with over 95% of our bookings coming from subscription. Demand for our Identity Security Platform accelerated in 2023, and we end the year having solidified our leadership position in the market. We delivered a record-breaking fourth quarter, beating our guidance across all metrics. Subscription ARR reached $582 million, growing 60% year-over-year. Total ARR reached $774 million, growing 36% year-over-year.
We were thrilled to add record sequential net new subscription and total ARR, and we exceeded our guidance range across revenue, operating income, and EPS. Total revenue growth accelerated to 32%, reaching $223 million. Non-GAAP operating income came in at approximately $35 million, and we generated non-GAAP earnings per share of $0.81. We also consistently outperformed throughout the year and delivered total revenue of $752 million, with growth accelerating to 27%, non-GAAP operating income of approximately $33 million or a 4% operating margin, well above the breakeven we guided for at the beginning of 2023. Non-GAAP earnings per share of $1.12, and while we did not guide for cash flow, we were thrilled to generate $51 million in free cash flow or a 7% margin for the full year 2023.
Our performance speaks volumes about our execution. We fine-tuned our go-to-market motion, including platform selling, channel strategy, and customer success. We improved the alignment between sales and marketing, generating record high-quality pipeline across all our solutions. Lastly, R&D delivered against our mission to secure all identities with the right level of privilege controls through our groundbreaking Identity Security Platform. In addition to strong execution, we're benefiting from durable demand trends driven by the proliferation of new identities, new environments, and new attack methods. Throughout 2023, organizations were reminded yet again that there is one constant in cyberattacks: all roads lead to identity. In the context of these urgent trends, the mission-critical nature of our platform becomes apparent. CyberArk is the only vendor with a platform that can effectively and securely address the new world security requirements, which center on controls.
Given our groundbreaking innovation and the changes in our business over the last few years, I'm going to break from our typical quarterly call cadence to outline how our identity security solutions are helping customers solve these challenges, which also speaks to the massive growth for CyberArk. Every organization today has a spectrum of identities, from core IT, to developers, to machines, and across the entire workforce, and the number of identities is increasing at an exponential rate. Access for each of these identities has its own unique level of risk and complexity, requiring different levels of controls. Let me take you through this spectrum of identities and what we are seeing from customers and how that has expanded our addressable market.
A CyberArk customer typically starts with core Privileged Access Management, and it's focused on securing standing access for IT users who have high levels of privileges, like a database or application administrator or maybe a cloud operations team. As they deploy, they follow a roadmap that brings a growing number of users within central IT, but also third-party vendors and even shadow IT organizations under PAM security controls. As a result, there's a continuous expansion of the number of users leveraging PAM. Adoption begins to accelerate when PAM is delivered as a service, given an easier adoption path and lower cost of ownership. It accelerates even further when we help customers tackle new use cases through revolutionary new access methods like just-in-time or dynamic access.
Just-in-Time Access cuts the adoption curve down even further by allowing federated access to databases, cloud workloads, and other modern targets, while also increasing the security controls by assigning entitlements dynamically at the time of access. The modern PAM program has evolved dramatically in the last few years and has opened up a significant expansion opportunity for CyberArk, even within the extended IT organization. You see this in our healthy PAM ARR growth rates that have continued to persist. But moving beyond IT for a second, one of the fastest-growing areas for human identities is the expanding developer community. Our Secure Cloud Access solution brings privilege controls to the cloud and has meaningfully expanded our TAM to include developers, as well as engineering teams and data scientists. We provide native access for developers with a zero standing privilege approach.
This innovative solution greatly and measurably reduces risk, and organizations can quickly go from dabbling in discovery to actual control of developers as they access their cloud environments. Always-on entitlements to cloud environments are a security nightmare, yet innovation speed is the true promise of modern cloud programs. Secure Cloud Access, or SCA, ensures that our customers never have to choose between security and innovation speed. While SCA is one of our newest offerings, we had a strong quarter in Q4, and pipeline continues to build. This is one of the areas we are most excited about as we enter 2024. But as these developers work in the cloud, they are focused on creating or extending applications, workloads, and APIs that need access to critical data infrastructure and other cloud workloads. This results in the rise of machine identities.
Machine identities represent one of the riskiest and most complex components of the modern enterprise. To protect these machines and the secrets that they use, customers turn to our Secrets Management solution. Our Secrets Management solution securely and centrally manages secrets at enterprise scale, all while avoiding vault sprawl. It satisfies the CISO's requirements while never impeding the developers' workflows. Machine identities are exploding, and our ability to bring together human and machine elevates the conversations with our customers. As we think about our fourth quarter results, Secrets Manager was included in six of our top 10 deals, and we are pleased with the early success of Conjur Cloud. We have covered IT, we've covered developers and machines, but now I want to move on to the part of the enterprise that is in need of an entirely new approach to identity security, securing workforce identities.
Legacy approaches of MFA and SSO are workforce requirements, but on their own, they provide limited security, evidenced time and time again in major breaches. Any identity can become privileged, causing CISOs to reconsider the way they secure the workforce. Leveraging intelligent privilege controls, CyberArk has reinvented workforce identity by building on top of traditional MFA and SSO with market-leading innovations like Secure Web Sessions, Workforce Password Manager, and CyberArk Secure Browser. When combined with MFA and SSO into one unified solution, we have created a more holistic and comprehensive approach to securing the workforce, where intelligent privilege controls once again are making the enterprise more secure. This approach is paying off, and we had a record fourth quarter for our workforce solutions. It's worth pausing for a moment to discuss our CyberArk Secure Browser.
Our Secure Browser is built with native integrations to all of our workforce capabilities and will help customers protect against one of the fastest rising attack methods, which is cookie harvesting and browser-based attacks. It's also built to be the gateway to all our solutions, allowing easy access to all enterprise targets and providing a seamless user experience to our entire Identity Security Platform. Our workforce solutions, however, do not stop there. The modern workforce logs into desktops, laptops, and servers every day as part of their regular workflow. These endpoints need their own form of intelligent privilege controls. Endpoint Privilege Manager, or EPM, is seamlessly integrated with our workforce solutions and our browser as well. We are doing this to implement least privilege and secure the endpoint. Least privilege access is a foundational security control.
Every endpoint needs EPM to be truly secured. Despite the great growth over the last few years, we still have a tremendous opportunity within our install base to further cross-sell EPM, and we also see EPM as a strong landing spot for new logos. As we kick off 2024, I wanted to make sure our investors understood how we are setting the pace of innovation, how our solutions work together, and how our Identity Security Platform delivers value by dynamically adjusting the level of controls based upon complexity and risk. We are delivering a game changer in the market. We are driving operational efficiency and at the same time, focusing on privileged controls that help customers to stay safe from cyber threats and move their business forward.
If we move back into the fourth quarter for a second, on the new business side, we signed about 340 new logos in the fourth quarter. As customers prioritize in-depth security controls in this severe threat landscape, new logos are increasingly landed with 2 or more solutions. In fact, in Q4, a number of our largest new customers landed with 5 or more solutions, contributing to the significant increase in new business deal sizes. A few of the new logo highlights in the quarter include. As the education sector continues to be targeted by bad actors, evolving practices to align with industry-leading security controls are top of mind. This quarter, the London School of Economics, a leading business school globally, was looking to significantly and measurably improve its security posture.
In this new logo win, they went broad across the platform with PAM, EPM, and Secrets Management. In an example of the power of our ecosystem, a partner introduced a Fortune 100 financial services customer to CyberArk. This all SaaS seven-figure ACV deal was closed through the AWS Marketplace. We are thrilled to see this customer applying a CyberArk everywhere approach out of the gate, securing privileged access, secrets, endpoint, third-party vendors, and workforce identities. Our focus on moving from land into expand motion is built into our platform strategy and is contributing to our outperformance. A few examples of expansion deals from the quarter include a government agency that landed with CyberArk last quarter, returned this quarter for more users and more products across our platform, buying PAM, EPM, Secrets, Identity Flows, Identity Compliance, Secure Web Sessions, in a seven-figure ACV deal.
A major Fortune 100 US retailer chose CyberArk as their trusted strategic advisor in 2020. Looking for defense in-depth, they are consolidating spend with CyberArk, and in another seven-figure ACV deal, extended their protection with more privileged users, Secrets Management, workforce and customer identity, Remote Access, and Secure Cloud Access. To summarize, all the land and expand deals demonstrate that every vertical, every business across all sizes, have identity security challenges that our platform can help address. Touching briefly on profitability, throughout the year, we demonstrated leverage in our business with each operating expense line improving as a percent of revenue. For the year, we grew revenue over 27%, while our non-GAAP operating expenses grew just over 15%. We are striking the right balance between investing in growth and innovation and driving profitability and cash flow.
With our stellar performance in 2023 and the strong guidance you will hear from Josh in just a few minutes, I remain very confident in the long-term targets we have set. As we look ahead, our top priorities for 2024 are: expanding our leadership position in driving identity security growth, delivering cutting-edge innovation, and strengthening our industry-leading platform, leveraging data and analytics to scale our business, including the use of artificial intelligence and machine learning, and delivering outstanding customer experience and value across the customer journey. I'm also very excited to welcome Eduarda Camacho as our Chief Operating Officer. I have worked closely with her for more than 20 years and have tremendous respect for her and her ability to drive customer outcomes and to lead our go-to-market strategy and field execution.
I also want to thank Chris Kelley for his contribution to CyberArk. He'll stay with CyberArk through the end of March to ensure a seamless transition, and we wish him well for the future. We are in a position of strength as the leader in identity security, and our competitive position is incredibly strong. We are addressing a critical customer need with our platform, and the threat landscape is keeping identity security a top priority at our customers. As I reflect on our accomplishments in 2023, I am even more enthusiastic about CyberArk's future coming into 2024. I did want to pause here to talk about October seventh and how we responded. I am so very proud of our global team and how they came together after the October seventh Hamas attack.
As families, friends, colleagues, and entire communities continue to navigate through great tragedy, loss, and increased stress, our culture and team are what drive our success. I will now turn the call over to Josh, who will discuss our record financial results and provide you with our outlook for 2024 in more detail.
Josh Siegel (CFO)
Thanks, Matt. We posted outstanding results in the fourth quarter and beat our guidance across all metrics. Total revenue growth accelerated again this quarter to 32%, coming in at a record $223.1 million, and significantly exceeding our guidance. Our Identity Security Platform continues to drive momentum of upsell, cross-sell, and new logos. This allowed us to meet the strategic financial objectives we set for ourselves at the beginning of the year. Durable top-line growth, improved operating leverage, and strong free cash flow generation. Demonstrating the continued momentum in our business, ARR reached $774 million at year-end, growing 36% year-on-year and coming in above the high end of our guidance range. The subscription portion increased 60% and reached $582 million, and is now 75% of total ARR.
We added a record $78 million in net new subscription ARR, as customers are consolidating on CyberArk and continue to land and expand with more of our platform. In addition, we had a record quarter for SaaS bookings, both in absolute dollars and mix of our bookings. Compared to year-end 2022, we added an impressive $218 million of net new subscription ARR, also a record. The maintenance portion of annual recurring revenue declined slightly to $192 million at 31 December, which was in line with our expectations. We continue to see strong renewal rates and like-for-like conversion activity still only represents a single-digit % of our year-on-year ARR growth. Our strong execution is also demonstrated by the 30% increase in customers with more than $100,000 in annual recurring revenue to over 1,700 at the end of the fourth quarter.
The cohort of customers with more than $500,000 in ARR also grew over 45% to now being nearly 300 customers. The biggest driver of this cohort is the upsell of additional users and cross-sell of new solutions across the platform. Matt touched upon our strong execution, and I wanted to briefly touch on the macro. Our solutions continue to be prioritized and budgets allocated. Close rates remain strong, productivity improved, and deals progressed nicely as we converted our pipeline, including several seven-figure ACV deals. We continued as well to build strong new pipeline to support our future growth. Moving into the details of the revenue lines for the fourth quarter. Recurring revenue reached $201.5 million, again, making up 90% of total revenue.
That's compared to 84% in the fourth quarter last year. Recurring revenue growth accelerated to 41% year-on-year, showing the momentum in our SaaS portfolio continues to gain steam. With total subscription bookings mix of 95% full year, and our recurring revenue reaching 90% of the total in each of the quarters of 2023, it is safe to say we are now a fully recurring revenue company. Digging into the specifics, our subscription revenue line reached $150.3 million, with growth accelerating to 70% year-on-year and representing 67% of total revenue in the fourth quarter. Our maintenance and professional services revenue was $64.8 million. Of that, $51.2 million coming from recurring maintenance and with professional services revenue at $13.6 million for the quarter. Geographically, each of our major territories grew revenue faster than 30% in the fourth quarter.
The Americas revenue was $130.3 million. That's growing 31% year-on-year, and the Americas had a record with SaaS reaching over 70% of bookings in the quarter. EMEA grew by 33% year-on-year to $68.7 million in revenue, and APJ grew by 35% to $24.1 million in revenue. Diversification has always been a foundation of our strategy, and it is great to see the strength across all of our geographies in the fourth quarter. We also see that universal strength reflected in the full year with the Americas, EMEA, and APJ, each growing 27% year-over-year. All line items of the P&L now will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our fourth quarter gross profit was $189.7 million.
That's an 85% gross margin, compared to the 83% in the fourth quarter last year. The expansion of our gross margin is due to revenue outperformance and tight management of our cloud costs. Our operating income of $34.7 million significantly exceeded the top end of our guidance. Our operating leverage was driven by disciplined investments and our revenue outperformance. Net income came in at $38.1 million. That's $0.81 per diluted share, also significantly outperforming our guidance. Moving on to review the full year 2023. We began the year expecting 29% growth in ARR, 23% revenue growth, and hitting break-even operating margin. We finished a great year. ARR grew 36%. Revenue came in at $752 million, with growth accelerating now to 27%, and we returned to meaningful profitability.
Delivering non-GAAP operating income of $33.5 million or about 4% operating margin for the full year, and we continue to march towards Rule of 40. Our EPS came in at $1.12 per diluted share. We ended December with approximately 3,000 employees worldwide, including over 1,320 in sales and marketing. For the full year 2023, free cash flow was $51.3 million or a 7% free cash flow margin. As a reminder, we still consider free cash flow to be the last piece of our model to inflect after the subscription transition, and we are confident that we are just at the beginning of this expansion with our 2023 results. Turning to our guidance, for the first quarter and the full year 2024, our guidance reflects the momentum we're seeing in the business, combined with our confidence to meet the 2024 priorities that Matt outlined earlier.
For the first quarter of 2024, we expect total revenue of $209 million-$215 million, which represents 31% year-on-year growth at the midpoint, and we expect non-GAAP operating income in the range of $7.5 million-$12.5 million for the first quarter. We expect our non-GAAP EPS to range from $0.21-$0.31 per diluted share. Our guidance assumes 47.8 million weighted average diluted shares and about $10.5 million in taxes. For the full year 2024, we expect total revenue in a range of $920 million-$930 million, representing 23% year-on-year growth at the midpoint of the range. Reflecting our continued commitment to operating leverage, we expect our full year operating income now to be in the range of $75.5 million-$84.5 million. We expect our EPS to be between $1.63-$1.81 per diluted share.
We expect about 48 million weighted average diluted shares and about $46.5 million in taxes for the full year 2024. We expect annual recurring revenue to be between $968 million and $983 million at December 31, 2024, or about 26% year-on-year growth at the midpoint. We are also issuing guidance for Free Cash Flow for the first time and expect Free Cash Flow to be in the range of $85 million-$95 million for the full year 2024, and we remain confident about the long-term target that we outlined at Investor Day. I also want to provide a few pointers to help model our expenses for the year. While we expect to continue to invest in our innovation engine and in sales and marketing in absolute dollars, we do expect to see an improvement in both line items as a percentage of revenue.
We will once again hold our Impact customer event, and our Impact World Tour in the second quarter in 2024, increasing our marketing expenses for that quarter. Our CapEx is expected to be 1.5% of total revenue. To sum up, we are thrilled to deliver another stellar quarter and amazing full year results, showing continued demand for our platform, the execution of our land and expand motion, and durable tailwinds that have made identity security a must-have. As a recurring revenue company and a leader in identity security, CyberArk is well positioned to drive leverage in our model across all areas and deliver the expanded profitability and cash flow levels in 2024, I just discussed. I will now turn the call over to the operator for Q&A. Operator?
Operator (participant)
At this time, I would like to remind everyone in order to ask a question, simply press star, then the number one on your telephone keypad. Your first question is from the line of Saket Kalia with Barclays. Please go ahead.
Saket Kalia (Managing Director)
Okay, great. Hey, guys. Thanks for taking my questions here, and nicely done.
Josh Siegel (CFO)
Thanks, Saket. It's great to hear from you.
Saket Kalia (Managing Director)
Same here. Matt, maybe to start with you. I'd love to dig into your prepared remarks on the workforce or single sign-on market. Very helpful, by the way, prepared remarks. The question is: given some of the noise in that market competitively, how do you think CyberArk is positioned, and what are you seeing in the pipeline there for just the broader identity platform? Does that make sense?
Matt Cohen (CEO)
It does, and it's a great question. You know, I think the first thing I would say is, independent of the competitive environment, and some of the things that are happening there, we feel really strongly, as I kinda outlined, that our approach to workforce security is differentiated, that is actually unique in the market. And that while MFA and SSO, as I said in the prepared remarks, are important, you must have them, they're no longer sufficient for how you actually cover the workforce from an identity security perspective.
And so our notion of a holistic or a unified solution that brings together MFA, SSO, but also brings in our workforce password management, our layers of security that sit within Secure Web Sessions, and the browser as the access point, actually, for us, kind of reinvents that space and puts us in a place where we can take some of the what we would consider kind of legacy approaches that are out there in the market, and put them on their heels in terms of our ability to have a conversation there. Then, when you connect that back to the Identity Security Platform, and the idea that you can actually manage those users in the same way or at the same time as you do your highly privileged users, it takes the differentiation even further.
So we feel like we're kind of entering a sweet spot in terms of our ability to compete in that market. We see it building in our pipeline. And certainly, you know, the competitive atmosphere out there for us hasn't really ever been better than we're seeing right now as we go into 2024.
Saket Kalia (Managing Director)
Got it. Got it. Very clear. Josh, maybe for my, for my follow-up for you, great to see the Free Cash Flow in flux this year, and appreciate the guide. And I know it's early to talk about that metric beyond 2024, but maybe anecdotally, what are some of the puts and takes for Free Cash Flow beyond 2024 structurally, that you want us to think about with that metric?
Josh Siegel (CFO)
Yeah. Thanks, Saket. You know, I think it's, it's mostly around puts as we think about the next couple of years, and it's, it's really the expanding leverage that we're getting in the operating income that, you know, we're seeing at each of the years on our, on our road to Rule of 40. And, and then, of course, it's the flywheel effect that, that we are going to increasingly get this year and then, and then again in 2025, which is, you know, really reflecting the, the renewals, the full-blown renewals of having already gone through round-tripping the SaaS and subscription bookings that we, you know, built up in the last couple of years. So that's, you know, gives us the strong confidence that we're on track to hitting our medium goals there.
Operator (participant)
Your next question is from the line of Shaul Eyal with Cowen. Please go ahead.
Shaul Eyal (Managing Director)
Thank you. Good morning, good afternoon. Congrats on the results and guidance. Matt, let me also echo my congrats on those kind of well-prepared remarks, taking us through a customer journey as it pertains to CyberArk's expanding platform. Maybe building on that journey, you know, you've just put out a press release on Indiana University Hospital, you know, expanding relations with CyberArk. Maybe a good opportunity here to share with us what is it that they're doing with CyberArk on top of their core PAM deployment, and where else can they expand with you guys in the coming years? I have a follow-up.
Matt Cohen (CEO)
Yeah. Thanks, Shaul, and thanks for, thanks for the comments on the remarks. And you know, what I really do wanna do is help everybody understand the full market opportunity that's before us as we go after these spectrum of identities, and we kinda move beyond where people have traditionally thought of us, which is in IT. It just opens up such a remarkable opportunity for us to expand as we cover the overall enterprise. When we think about that particular customer example, you know, it's a good indicator of what we see across the board when a customer starts to partake of our SaaS platform. You know, the. It kinda fits the bill, if you will, of the descriptions that I was walking everybody through.
The idea here is, the more solutions people get started on, the more identities they can start to bring into the platform. But even when customers like that get started with multiple solutions, there's such an expansion opportunity as we build out the longer term roadmap for them, as they bring on more identities. I think a good way to think about the market for us is, every proliferation of identity, whether it be human or non-human or machine, equals another point for us here at CyberArk, another area that we can secure.
And so if you take a customer like that, that's also sitting in healthcare, that's definitely under attack day in and day out by ransomware and other really, you know, kinda terrible threats, they can expand for years to come as we start to help them bring all aspects of their enterprise, all their identities into the platform. So it's a great example, actually, for us, and healthcare certainly is a vertical that we see exploding for us in the coming years.
Shaul Eyal (Managing Director)
Got it. Got it. Thank you for that. And, and, you know, for my next question, either you or Josh, a macro-driven one. I haven't heard you mentioning the term elongated sales cycle. I think maybe you're, like, amongst a handful of companies implying a stabilizing or a better than feared stabilizing macro environment, rather than alluding to elongated sales cycle. Why is that? Are things actually becoming better, and you guys, unlike other companies, are not covering your behinds then, you know, as, as kind of adding those elongated sales cycle commentary?
Matt Cohen (CEO)
Yeah, I'll take that one. And it is something that we're, you know, particularly both proud of and excited about. And throughout the whole year, you've heard us kinda talk about that, which is you know, listen, it is a tough macro. There's no question about it. When I talk with, you know, my colleagues and talk to the C-suite at our customers, they're living through, you know, tough budget cycles. That being said, everybody has money to spend on what's most important, and generally speaking, cyber is more important than the rest of the kinda tech stack.
But within cyber, there are areas that actually are prioritized, and we've been lucky to be one of those areas throughout the year, where when customers are putting together their budgets, they don't have the luxury of really avoiding spending on identity security, and when they're gonna spend, they're gonna spend with us. And so that opens the door, if you will, for a much more fertile ground for us to go harvest in within our customer base and even out into the broader market. Now, what we also are, as I said, proud about, is that we actually adjusted our execution arm to make sure that we were checking the extra boxes.
You know, we trained the team early on to bring the CFO into the discussion, to make sure the Joshes of the world were actually part of the discussion early. Don't avoid them, bring them in so they understand the value statement. We help them understand how to structure deals more appropriately for these macros. And so between the mission-critical nature of our solutions and the phenomenal execution of our teams, we've been able to navigate a tough macros throughout the year, but do it much more effectively. Now, I would say we start to see, you know, some shoring up of those macros as we get towards the back half of the year here and as we look forward. So, you know, that's encouraging for us as we look out.
But generally speaking, I think it is a testament to the role of identity security and the security stack today.
Operator (participant)
Your next question is from the line of Fatima Boolani with Citigroup. Please go ahead.
Fatima Boolani (Managing Director)
Thank you for taking my questions. Matt, just to start with you, talked a lot about the momentum you're seeing with the new customers coming into the CyberArk install base family and landing with multiple solutions. But what I wanted to pick your brain on is we're now essentially going to anniversary the two-year mark of when you did the massive SaaS transition. So I'd love any high-level commentary from you on what this potential wave or or renewal cycle tsunami could look like in terms of buying behavior and patterns. And then I have a quick follow-up for Josh, please.
Matt Cohen (CEO)
Yeah. So, great question. I think what we see, first of all, is that, as we go out and we are landing these logos, that the time to next purchase continues to compress. So we can land somebody in a Q1, and we can get a follow-on deal in a Q3, or a Q4. And so even before we get to the first anniversary of a renewal date, we're able to drive the land and expand motion. And to be honest, that's one of the things that gets us most excited because the flywheel of the sales process continues to accelerate. Now, that being said, as you mentioned, all of these contracts, as they start to come up for renewal, also creates a compelling event for an expansion play.
We think of that as, you know, a prime opportunity to not only upsell on the existing suite they have, but to introduce the new solutions and to cross-sell into the base. We see that kind of sales methodology change kinda kick in more and more over the last couple of quarters, where we're actually enabling our sales team and the conversation of you know, it's a different conversation at the point of renewal, of just understanding what have they consumed, read the telemetry, get the upsell in there 'cause that's a basic motion you should be able to do always, and then understand through adoption curves and roadmaps that we've seen with other customers, what's the next best solution to introduce, and make sure it's part of the renewal cycle when the wallet's already open.
And again, that's something that the sales team has really improved at and will continue to improve at, as they become even more proficient in the SaaS selling motion.
Fatima Boolani (Managing Director)
I appreciate that. Josh, on a related matter, as we, you know, work through the, the maturation, if you will, of the base as it relates to converting some of your, customers on the predecessor, you know, perpetual form factors and even any prior customers sitting on perpetual maintenance, I'm curious if you can help characterize what proportion of ARR growth is going to be coming from simply converting, the prior perpetual maintenance customer and customers, and any impact that had in this quarter to growth. Thank you.
Josh Siegel (CFO)
Yeah, thanks, Fatima. You know, I think as we look at conversions and we go back already a whole bunch of quarters into 2023 and even into 2022, we're still seeing it really reflecting you know single digits mid-single digits of our ARR growth coming from conversions. I think as we look into 2024, we're not really changing that view. We think it's you know it should behave similarly to what we saw in 2023 and already at the end of 2022.
Matt Cohen (CEO)
I'll just add on top of that just one element from a strategy perspective, if you will, which is, you know, when you analyze this base of customers and you try to understand, okay, what's their buying patterns? The first thing you're looking at is, while they're still on maintenance, are they buying other solutions? Is there any less expansion that we're seeing in that base versus the rest of the base? And if the answer was yes, then you're really wanting to push them as hard and fast as possible to get them to move, because otherwise, you're gated yourself on your expansion in those accounts.
When we actually analyze the maintenance-paying base, their expansion, sales, the rate at which they're buying the new solutions, is not that much different than people who are sitting in a subscription model or on a SaaS platform. And so that gives us a little bit more leeway to be flexible with that customer base, to keep them happy on that, self-hosted or perpetual product, and move when they're ready. And in fact, move them to SaaS when they're ready, not move them over to an on-prem subscription because when we move them to SaaS, the upsell is significantly higher. So strategically, as Josh said, I don't think you're gonna see us be that aggressive in 2025.
I think you'll see customers, you know, start to migrate because their own plans call for SaaS, but what we're really excited by our ability to be able to, to drive NRR out of any base that we have.
Operator (participant)
.Your next question comes from the line of Rob Owens with Piper Sandler. Please go ahead.
Rob Owens (Managing Director)
Yeah, thanks for taking my question. Matt, when you speak to the full identity market opportunity, what are your thoughts around IGA? Is it an IGA light approach, or is it something that you're going to look to dive into more fully?
Matt Cohen (CEO)
Rob, Rob, great question, and I think we still see fundamentally that the siloed nature of PAM access and IGA is at the detriment of customers and their security posture. And that organizations that implement kind of in that silo are not taking the most robust security posture that they can. So we increasingly focusing in on adding to our identity management stack, and being able to manage the modern IGA workflows that sit out there, you know, in combination with our SCA solution, even in combination with our PAM customer base. And so I think you'll see us continue to invest in that.
Now, again, if somebody needs to go and do a large scale IGA deployment across all legacy assets that sit in the data center, we have a great partnership with SailPoint, and we're fine with SailPoint taking that bigger business. But as you move these workloads to the cloud, as you move into a modern real estate, we increasingly believe that in order to win, that we need a, you know, a hybrid approach. And every solution that we bring to market from this point forward, and the team knows, they hear it from me all the time, has to have components of governance, components of access, and components of privilege controls. That is what makes us unique, that's what makes our platform unique.
I think you'll hear us talking more about that in the days to come.
Operator (participant)
Your next question is from the line of Jonathan Ho with William Blair. Please go ahead.
Jonathan Ho (Equity Research Analyst)
Hi, good morning, and congratulations on the strong results and guidance. Yeah, I just wanted to understand a little bit more about your Secure Cloud Access product, and, you know, whether you can give us some additional detail on how big of an opportunity you think this could become. Thank you.
Matt Cohen (CEO)
Thanks, Jonathan. And thanks for asking about my little favorite area here, so you give me a chance to pontificate a little bit about it. But listen, we believe fundamentally that the idea here in the cloud that customers have moved fast, and for good reason, into their cloud real estate. And as they moved, they granted unfettered access to all of these users out there in the developer community in order to facilitate speed. And that leads to a world of over entitlement and frankly, lack of control. Now, we have a lot of vendors out there that really look at discovery and trying to understand what that cloud real estate looks like, even presenting ways of managing posture and managing the overall cloud environments.
We think that's important, by the way, and we partner with some of them to make sure that we can tap into the great data that they're able to harvest. But ultimately, like the on-prem world, security comes back to control. And so our SCA solution is built on the idea that you need to have the same levels, the same concepts of control in your cloud estate as you did on-prem. You need to make sure that you're actually isolating sessions. You need to make sure that you understand and controlling entitlements. You need to actually make sure that there is the ability to be able to record, especially in audited industries. And so our SCA solution takes all the principles of PAM, but then what it does, it says, "Actually, in that environment, you don't need standing access.
You can actually have entitlements or privileges assigned at the point of access." So a cloud user or developer can use their federated access, their personal accounts, they can log into the cloud console, they can start to work in the cloud services, and we can apply the right level of entitlements and privileges right at that time for a period of time. And the minute they log out, we can remove those entitlements so that when that account is sitting inactive, it is actually a zero privilege account, and we can drive a least privilege approach. We believe, fundamentally, and as you can hear, I get excited when I talk about it, that moving into this control area of the cloud is an underrepresented piece of the market.
It's not actually represented in the TAMs of all these other cloud security vendors that are out there, and that we're uniquely positioned to actually capitalize on that. So while it's early days, and while we're, you know, a couple quarters into the market, I would tell you that at our enterprise accounts, the numbers of conversations that are actually leading with, "How do we secure our cloud?" is remarkable to me, and that then sets up a long-term TAM for us in this area that I believe can be a meaningful, significantly meaningful contribution to our ARR growth.
Operator (participant)
Your next question is from the line of Tal Liani with Bank of America. Please go ahead.
Tal Liani (Managing Director)
Hi, a few questions. The first one is, can you take us through a journey of a client, you spoke a lot about it, the journey of a client from a point of view of synergy with existing customers? I'm assuming that customers first land with a PAM. What happens when they wanna go to different products? Where is the synergy? Is there any synergy in terms of products or sales motion or management, et cetera? What's the incentive for them to continue with you with your other products?
Matt Cohen (CEO)
Sure.
Tal Liani (Managing Director)
You know what? Let's take it one by one.
Matt Cohen (CEO)
Hmm. Sure. So I think when we think about that synergy, or we think about that like expand motion, if you will, it really depends on the priorities of the organization. And I'll give you like two different examples. You know, you might be sitting in an organization where they have invested heavily in their non-human identities, in their machines, in their ability to build out a modern application environment. And in that case, you know, if that's the priority of the organization, it's the most likely next step from someone who secures IT and their PAM users to actually move over and secure the non-human identities. And you know, the synergy is, hey, we can take a least privilege approach.
We can help them understand how to create these controls that I'm talking about, but we can do it in a developer-friendly or a native way, especially with our Secrets Hub product and our easy-to-deploy Conjur Cloud product. And so you see some customers where that might be the first path they go towards expansion. An alternative is you might be sitting in an area of high attacks around ransomware, and you might be healthcare, it might be financial services. And in those areas, okay, they've locked down their core controls in IT. Now they need to secure their endpoints. They need to secure their servers, and the natural extension is to move into EPM. And in that case, that's the next expand motion for that customer.
And then there's a third type of customer, to be honest, that actually buys a little bit of everything, and they start to deploy in pockets, in different workgroups, in different areas of the enterprise, and then they look to upsell or expand over time within a broader set of three, four, or five solutions. So the other way to answer the question is, there is no one typical pattern. The underlying element, though, that drives the success is a unified platform with single shared services, a unified audit, an ability to be able to run identity across all of that, the ability to be able to run threat analytics across all of that.
And so the idea being, these customers, although they're not fully consolidating day one out across the platform, they're future-proofed in terms of the consolidation aims they have for the longer term. I think there was another question.
Tal Liani (Managing Director)
In these cases, do you replace an existing vendor, or is it kind of a greenfield, where you bring new features to areas where there's no such features? Do you have to compete with a legacy vendor or an existing vendor that is already there?
Matt Cohen (CEO)
Yeah, I think, again, it depends. You know, when you move into access, in general, we're competing with something that's there. In a lot of cases, it's legacy, and it's things that are outdated and not ready for the modern stack. When you move into EPM, sometimes it's greenfield. Actually, the concept of least privilege on the endpoint is a new concept for them, and they're sitting with their endpoints unprotected, maybe just having invested in EDR or XDR, but not understanding yet the power of the EPM agent. When you move into the secret space, generally speaking, they're working at the workgroup level. Maybe they're using some open source tools at the workgroup level, but now they're trying to make an enterprise buy, so you're replacing or you're sitting on top of that open source.
Or, for example, you're sitting on top of the cloud services providers in the native secret stores. In the cloud space, for sure, you're going in greenfield. You know, this idea of control and the developer themselves, that's something that's new. So I took you around really quickly there, the real estate, but I think that represents the kinda things that we see out there in the market.
Operator (participant)
Your next question is from the line of Joshua Tilton with Wolfe Research. Please go ahead.
Joshua Tilton (SVP in Equity Research)
Hey, guys. Thanks for taking my question. Matt, I thought it was very interesting you talked a lot about new identities in your prepared remarks. How do you, how do you see the potential for Copilot accounts to maybe act as a tailwind, to either PAM or just the broader identity market, as organizations pilot to secure what feels like a pretty big wave of incremental credentials that's about to hit the market?
Matt Cohen (CEO)
Yeah, Josh, it's a really good question, and it speaks to the larger point, which is any identity needs a level of identity security, right? And we believe that we can bring all of them into our platform. So if we take the Copilot example, it's almost like a hybrid of a human identity and a machine identity all in one, with, generally speaking, granted large swaths of privilege that mirror the human and machine that it's meant to augment or, or in some cases, replace. And so, you know, as AI technology kinda takes off, it creates a lot of vectors for growth. It creates vectors as we kind of compete or, or combat against the attack vectors fueled by AI.
It allows us to be able to build AI into our products, to make them more effective, to make them better able to secure environments, and then it also is the tools themselves that need to be secured. And Copilot is a great example of that, where we're gonna end up with multiple new identities, and you know, we're gonna need to secure it just as if it was a new developer coming on, or if it's a new member of the workforce coming on. And I think that speaks to the market we're in, where if you're in the identity security market, the number of identities is your market, and any increase is a good thing.
Operator (participant)
Your next question is from the line of Hamza Fodderwala with Morgan Stanley. Please go ahead. Hamza, your line is open.
Hamza Fodderwala (Executive Director)
Sorry about that. Good morning, good afternoon. Thank you for taking my question. I had one question around distribution for Matt.
You know, it seems like you're going after a really broad opportunity, and the prepared remarks were really helpful. I'm curious, how you plan to continue to improve on the sales velocity to go from, you know, 9, 10, 20,000 customers over time, or do you feel like there's more opportunity still within the install base, and that's gonna be driving the majority of growth going forward? Thank you.
Matt Cohen (CEO)
Yeah, Hamza, thanks for the question. And you know, I wanted to highlight the opportunity within the base because I think it's important that everybody understands how the expansion happens. But you can get me equally excited about our ability to be able to go and grab new logos. And, you know, if you were talking with our wonderful CMO, he'd, he walks around with a new logo T-shirt on every day, 'cause that's what he's going off and trying to drive for us and build up that channel. Now, as you said, it's not just about what we do direct, it's about our channel partners in that space.
We have the best channel partners in the world, whether it's the SIs, you heard an example of where one of them was able to bring us into a Fortune 100 account this quarter. Whether it's the reselling partners that are out there that are increasingly turning their attention to driving new logos. Or if it's an area which I'm even more excited about, which is the MSP programs. You know, as you start to embed your entire platform into the MSPs, and you start to be able to have them represent you within their vast customer base, even in the enterprise and down market, that becomes a flywheel of its own in terms of the ability to be able to go after new logos and to be able to go after new logos with all of the product set.
So I do think you're hitting on a key point here, which is the channel and the force multiplying effect of our channel is a critical ingredient of driving the productivity growth that we want to see, and we continue to want to see more productivity, and then also our ability to be able to get outside of our base and really capture this opportunity in the broader market.
Operator (participant)
Your next question is from the line of Ray McDonough with Guggenheim Securities. Please go ahead.
Ray McDonough (Director of Equity Research)
Great, thanks for taking the questions. Maybe one for Matt, and if I could, a follow-up for Josh after. But Matt, I wanted to follow up on your answer to Hamza's question around the MSSP opportunity. So what specifically are you doing to enable the channel from a product perspective to help them, you know, help you attack that market? And then, you know, how much of the demand and the need for cyber insurance plays into the role down market and what those MSSPs can help you achieve in terms of penetration?
Matt Cohen (CEO)
Yeah, great, great, great follow-up, by the way, and I think there is investments in the product to make it serve the MSP market better. We've got a whole wing of product management that's actually just thinking about the MSP market and what needs to happen. You know, some of that we've built and some of it's still being built. You know, the idea of easier reporting, the ability of easier way to manage tenancy within the platform. The idea of even on the finance side, which isn't in the product, but in the organization, to be able to bill more effectively and more flexibly. All these things are part of our MSP program holistically.
We think of it as a market for us, and we run it like that, where we're tracking, you know, the contribution and what do we need to do throughout the entire parts of CyberArk, including product, to serve that market. So, you know, I think that's one of the big shifts we've made in the last 18 months, is to think of it that way. It's not just a little bit of an offshoot of the channel partner program. It's its own thing. I think to your point, you know, there is intersections all the time between the growth drivers of our business. On one end, you've got cyber insurance, with absolutely in the lower end of the enterprise and in the mid-market, is a driver of people towards PAM, towards identity and security.
It's a factor in whether somebody can get cyber insurance, and by the way, it's a factor in what their premium would look like. Then, those companies are looking for an easy way to procure it. They might be procuring it, by the way, through not even only through MSPs. They might be procuring it through their AWS Marketplace and leveraging some of those lubricated routes to market. But in addition then, MSPs can manage the whole system for them, obscuring them from any of the complexity and make sure that they're able to stand it up quickly and meet the cyber insurance reinsurance requirements.
We could take any one of the tailwinds that we talk about and routes to market that we talk about, and there's always that juxtaposition, and the one you're picking on is a particularly nice one for us as we move forward.
Operator (participant)
This concludes the Q&A session. I will now turn the call back to the CEO, Matt Cohen, for any closing remarks.
Matt Cohen (CEO)
So thank you to everybody. I wanna finish up here by thanking our employees for their hard work and dedication. It's only because of them that we're able to talk about the success we had in 2023 and our optimism for the future. I wanna thank our customers and partners for their support and partnership. And personally, I also wanna thank Udi for his mentorship and support over the last year. You know, I look forward to continuing to partner with him on the long-term strategy and in his role as executive chair. But personally, I have a big thank you to him to add into the talk track here. With that being said, we look forward to seeing you all and talking to you all real soon. Take care.
Operator (participant)
This concludes the CyberArk Software fourth quarter and full year 2023 earnings conference call. Thank you for joining. You may now disconnect.