Cyberark Software Ltd
NASDAQ:CYBR

Watchlist Manager
Cyberark Software Ltd Logo
Cyberark Software Ltd
NASDAQ:CYBR
Watchlist
Price: 324.66 USD -1.36% Market Closed
Market Cap: 14B USD
Have any thoughts about
Cyberark Software Ltd?
Write Note

Earnings Call Transcript

Earnings Call Transcript
2023-Q2

from 0
Operator

Good morning. My name is Audra, and I will be your conference operator today. At this time, I would like to welcome everyone to the CyberArk Software Earnings Conference Call. Today’s conference is being recorded. All lines have been placed on mute to prevent any background noise. After the speakers’ remarks, there will be a question-and-answer session. [Operator Instructions]

At this time, I would like to turn the conference over to Erica Smith, SVP, Investor Relations and ESG. Please go ahead.

E
Erica Smith
Head of IR

Thank you, Audra. Good morning. Thank you for joining us today to review CyberArk's Second Quarter 2023 Financial Results. With me on the call today are Matt Cohen, our Chief Executive Officer; and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question-and-answer session.

Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the third quarter full year 2023 and beyond. Our actual results might differ materially from those projected in these forward-looking statements.

I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted on CyberArk's website. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today.

Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in the updated investor presentation that outlines the financial discussion in today's call. A webcast of this call is available on our website in the Investor Relations section.

With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?

M
Matt Cohen
CEO

Thanks, Erica, and thanks, everyone for joining the call today. Momentum continues to build across our business. Our strong second quarter performance underscores the three key reasons we are winning. First, the power of our Identity Security platform to drive our land and expand motion. Our comprehensive portfolio and the depth of our SaaS solutions are continuing to increase the velocity in our business.

Second, Identity Security is a non-negotiable requirement for organizations. This is only amplified by the ever increasing importance of protecting hybrid and cloud native environments. And third, we are executing against our strategic imperatives: accelerating our platform selling motion, extending our reach through the channel, enhancing our customer success organization and delivering cutting edge innovation. The strength of our execution and the durability of demand is evident in our performance.

Subscription ARR reached $451 million growing 77% year-over-year. Total ARR reached $653 million growing 40%. We added a robust $49 million in net new ARR. And we exceeded our guidance range across revenue, operating loss and EPS with total revenue growing 24% to $176 million, non-GAAP operating loss coming in at $6 million and non-GAAP earnings per share of $0.03, all above the range.

I’m incredibly proud of how we are navigating the macroeconomic backdrop. Our go-to-market teams continue to adjust their selling approach to overcome the increased deal scrutiny and longer approval cycles that we have seen for several quarters, enabling us to deliver a really well executed performance. We had a strong new business quarter and customers continue to broaden their CyberArk relationships, buying new users and expanding to new solutions across the platform.

Our pipeline continues to build at a record pace. Deals are progressing and our win rates are really strong. We hosted our Impact customer event in May. It was great to see so many of you, who attended in person and we appreciate those who tuned into the virtual sessions. Impact in Boston is our marquee event, but we are also hosting our Impact world tour across 20 cities across the world throughout the summer and fall.

Over the last few months, we have touched thousands of customers, prospects and partners as part of this program. The feedback is resoundingly positive. We are helping customers mitigate risk and drive efficiency, as they manage the explosion of new identities, new environments and new attack methods.

Moving on to the details of the quarter. We will frame the discussion around growth, innovation and profitability. Starting with our growth drivers. A typical organization has thousands of unique identities and those identities have more access today than ever before. In our recently released Identity Security Threat Landscape Report, every organization we surveyed expects an identity related compromise in the year ahead and more than half say this will happen as part of a digital transformation initiative.

Generative AI is compounding these trends. Attackers are innovating faster than ever and are more sophisticated, further elevating the urgency for comprehensive identity security. As a result, organizations are consolidating across security vendors based on trust, what we refer to as a consolidation of trust. They are choosing long-term partners like CyberArk because of deep domain expertise, leadership position, breadth of platform and superior technology.

Our differentiation includes our ability to secure all identities, human and machine, as they access all environments, including hybrid and multi-cloud environments while applying our comprehensive intelligent privileged controls across standing access, just-in-time access and our zero standing privilege approach. Our most recent product introduction, Secure Cloud Access, which provides secure native access with zero standing privileges across multi-cloud environments is resonating with customers.

When combined with just-in-time access for cloud workloads, it creates the ability for a customer for -- it creates the ability for customers to reimagine their PAM programs. In addition, when Secure Cloud Access is combined with Secrets Hub and Conjur Cloud, developers and the security teams can innovate even faster in the cloud. For the workforce, we take this one step further, providing privileged controls to the enterprise with secure web sessions and workforce password management.

These are great examples of how our platform is delivering compelling value to customers and driving our long-term growth. Our innovation engine and go-to-market execution contributed to our strong new business quarter and 235 new logos. While PAM continues to be the primary landing spot, our platform has been key to our success with customers increasingly landing with two or more solutions.

Digging into a few wins in the quarter, driven by cyber insurance requirements, an industry leading Fortune 500 transportation company wanted a solution that would evolve and scale with the company's cloud strategy. In addition to Privilege Cloud, the customer will centrally secure human and non-human privilege access across its global multi-cloud infrastructure with Secure Cloud Access and Secrets Hub.

As part of its zero trust strategy, a leading cybersecurity company landed with our Endpoint Privilege Manager to remove local admin rights from all endpoints and help mitigate the risk of ransomware attacks. A leading telecommunication provider in South America is embracing our Identity Security platform to achieve operational efficiencies and measurable risk reduction. This customer is consolidating vendors and will be using the CyberArk platform, including PAM, Endpoint Privilege Manager, and Secrets Manager across all seven of its companies.

The velocity of our business is also picking up as customers achieve faster time to value with our SaaS solutions. The success of our land and expand motion is represented by the nearly 40% increase in customers with more than $100,000 in annual recurring revenue to approximately 1,500 at the end of Q2. A few examples include: a Global 500 energy company embraced our Identity Security vision and expanded from a large PAM footprint to DevOps and cloud security in Q2, with Conjur Cloud, Secrets Hub and Secure Cloud Access.

An auto manufacturing company who bought CyberArk PAM in the third quarter of 2022 was looking to expand with a modern identity security partner. During the second quarter, they bought more Privilege Cloud and added workforce password manager as its first CyberArk identity solution. Accenture is one of our most successful advisory partners with a strong CyberArk Identity Security practice. Given their deep understanding of the security market, we are pleased they will expand their use of CyberArk Privilege Cloud to deliver advanced cybersecurity controls for clients and also utilize it themselves. We look forward to continuing to extend our relationship with Accenture.

The channel is extending our market reach with more feet on the street and more services power. Certifications for Endpoint Privilege Manager, CyberArk Identity and Secrets Management are growing quickly. MSPs remain a key pillar for the future growth and we are gaining traction with GuidePoint, Kendra (ph), NTT, among others, who delivered key wins in Q2 and are helping us reach new customer segments. In fact, BT, a leading British multi-national telecommunications company, needed a modern, scalable security partner as it rapidly scales its global managed services operations to help ensure their customers' critical identities are protected. During the second quarter, they made the strategic decision to leverage CyberArk Identity as their key access solution.

Moving on to innovation. At our Impact customer event in May, we were excited to share how we are at the leading edge of innovation in Identity Security, including the introduction of AI-powered automation and policy creation for EPM, to help reduce risk and implement lease privilege at the endpoint. CyberArk has a long track record of working to stay ahead of both the competition and attackers.

Today, the attackers are leveraging AI to exponentially increase their effectiveness. And capacity to change tactics and techniques and procedures continues to increase. While attack methods are evolving rapidly, the common denominator in these attacks remains identities. We are harnessing generative AI to develop new security solutions and enhancements for our customers, innovation to combat innovation.

We have a team dedicated to integrating AI across our product portfolio as well as new innovations, and we are looking forward to sharing information about our initiatives later in the year. At Impact, we also launched Secrets Hub for Azure and PAM self-hosted. Since launching last year, security professionals love the security controls, while developers can continue their workflow, but with frictionless protection, making CyberArk the Secrets backbone of the enterprise.

CyberArk Secure Browser was one of the highlights of the event. Secure Browser is purpose built for the enterprise and deliver security, privacy and productivity. It can act as a front end to CyberArk's Identity Security platform, while also securing the overall browsing experience for privileged users. One of the areas that our customers are most intrigued by, is the ability to stop session hijacking, an increasingly dangerous form of attack, where hackers are looking to steal cookies and takeover sessions to harvest critical data and IP.

Moving on to profitability. As the dynamics of the subscription transition begin to subside, we are marching towards our Rule of 40 goal, as you see in our full year bottom line raise. Our Identity Security platform will not only help increase our go-to-market productivity, but also drive operating leverage by supporting rapid cost effective innovation across all of our product groups. We have always made disciplined investments to support our growth, and I remain very confident in the long-term profit goals we put out at our Investor Day just a few months ago.

In summary, our go-to-market organization and innovation engine are delivering. We are accelerating our platform selling motion, our new platform services and how we leverage our robust partner relationships to extend our reach and drive our growth. We are thrilled with the early adoption of our cloud security solutions and the momentum we are seeing in the market. Securing all identities, not just managing human access is a requirement at the center of our customers' cybersecurity strategies.

As we look ahead, the momentum in our business, strong execution in the first half and disciplined investment approach positioned us to confidently raise our full year guidance for ARR and improve our operating profitability.

I will now turn the call over to Josh, who will discuss our outperformance in more detail and provide you with our guidance for the third quarter of the year.

J
Joshua Siegel
CFO

Thanks, Matt. We delivered yet another strong quarter, beating our guidance across the board. ARR grew an exceptional 40% and reached $653 million at June 30, while the subscription portion increased 77% and reached $451 million. Momentum continues to pick up.

And in the second quarter, we had $49 million in net new subscription ARR. This represents the largest amount of net new subscription ARR outside the seasonally strong fourth quarter of 2022. As Matt mentioned already, our Identity Security strategy is resonating with customers, embracing our SaaS solutions and expanding across our platform. The maintenance portion of annual recurring revenue was $201 million at June 30.

In the second quarter, we were thrilled, particularly in today's macro environment to capture an increase in annual maintenance rates, which combined with our strong continuous renewal rates, demonstrate that our solutions are mission-critical and deliver amazing value to our customers. Like-for-like, the conversion activity still just represents a single digit percent of our year-on-year ARR growth.

Total revenue exceeded our guidance and came in at $175.8 million with growth of 24% year-on-year. Year-to-date, our total revenue grew 25%, that's an acceleration from 17% in the first half of last year. Our subscription bookings mix came in at 95% in the quarter, that's compared to 88% in the second quarter of last year. Our growth was well balanced across new and expansion business. Self-hosted subscription duration again came in at the lower bound of our range, continuing to put pressure on recognized revenue and that's about $3 million.

Moving into the details of the revenue lines for the second quarter. Subscription revenue reached $106.2 (ph) million, growing 61% year-on-year and representing 60% of total revenue in the second quarter. Consistent with our move to a subscription business model, perpetual license revenue came in at $5.1 million. Our maintenance and professional services revenue was $64.6 million, with $51.6 million coming from recurring maintenance and $13 million in professional services revenue.

The recurring revenue portion reached $157.8 million or 90% of total revenue, that's growing 31% year-on-year from the $120.4 million or just 85% of total revenue in the second quarter last year. Geographically, the business continues to be well diversified. The Americas revenue reached $107.1 million, growing 28% year-on-year. APJ grew by 24% to $18.3 million in revenues, and EMEA grew by 15% year-on-year to $50.4 million in revenue. The EMEA region had nearly a 13 percentage point increase in subscription bookings mix to 95% in the second quarter from about 82% in the second quarter last year, creating a meaningful recognized revenue headwind in the quarter.

All line items in the P&L will now be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our second quarter gross profit was $143.3 million or an 81% gross margin compared to the 82% gross margin in the second quarter last year. Our operating loss of $5.6 million came in better than the top end of our guidance. As a reminder, we incurred expenses from our Impact event in the second quarter of approximately $4 million. Even with the increase in expenses from Impact, we are demonstrating leverage in our business with our revenue growing 24% and operating expenses increasing only 17% year-on-year.

Net income exceeded guidance coming in at $1.3 million or $0.03 per diluted share. We ended June with over 2,950 employees worldwide, including 1,300 in sales and marketing. For the six months of 2023, free cash flow was a negative $8.6 million or a negative 2.5% free cash flow margin. As a reminder, we expected operating margin free cash flow to be lower sequentially in the second quarter as a result of the Impact customer event and other seasonal expenses.

Turning to our guidance. For the third quarter and the full year 2023, our guidance reflects our strong execution, leading competitive position and platform selling motion and that's balanced against still the uncertainty in the macro environment. For the third quarter of 2023, we expect total revenue of $181.5 million to $186.5 million, which represents 21% year-on-year growth at the midpoint. We expect the subscription mix will continue to be above the 95% level. We expect non-GAAP operating income in the range of $4 million to $8 million for the third quarter. And we expect our non-GAAP EPS to range from $0.19 to $0.27 per diluted share. Our guidance assumes 46.8 million weighted average diluted shares and about $6 million in taxes.

For the full year 2023, we expect total revenue in the range of $726 million to $736 million, representing 24% year-on-year growth at the midpoint of the range and an acceleration from the 18% for full year last year. We are significantly raising our full year operating results to be in the range of breakeven to operating income of $9 million. We expect our EPS range to be $0.44 to $0.63 per diluted share. And we expect about 46.4 million of weighted average diluted shares and about $24 million in taxes for the full year of 2023.

On the back of a strong ARR growth, we are also raising our guidance for annual recurring revenue to now be between $743 million and $753 million at December 31, 2023, that's about a 31% year-on-year growth at the midpoint of the range. Overall, we were pleased with our execution, particularly in this macro environment. Our subscription transition is playing out against our playbook. Revenue in the first six months of the year accelerated to 25% growth and our operating margin is improving. As we talked about at our Investor Day, we are driving towards our near and long term goals as momentum in our business continues to build.

I will now turn the call over to the operator for Q&A. Operator?

Operator

Thank you. [Operator Instructions] We'll go first to Saket Kalia at Barclays.

S
Saket Kalia
Barclays Capital

Okay. Great. Hey. Good morning, guys. Thanks for taking my questions here. Hey, Matt. Hey, Josh.

M
Matt Cohen
CEO

Good morning. Great to hear from you.

S
Saket Kalia
Barclays Capital

Same here. Matt, maybe to start with you. It's just great to see the resilience of the subscription ARR line, just to the point made earlier in this macro and the continued sort of net new ARR growth. Maybe the question that's most appropriate to start with is, why do you think this space, identity, PAM, et cetera., is just doing so much better than other areas of security? Do you feel like that's CyberArk specific? Do you think that identity in general is just a healthier area of security spending? Any thoughts on why you feel like CyberArk and identity in general is just doing so much better? Thanks.

M
Matt Cohen
CEO

No. It's a great question and it starts with this idea that we are so thrilled with the results to see the kind of continued ARR growth that we're able to achieve. And I think when we look at it internally, we kind of map it back to three main causes of our success from this perspective. One certainly is the market we play in, as you mentioned. We talk a lot about this idea that at the core of where the attackers are trying to get to is identities. And as identities proliferate through organizations, the cybersecurity strategies need to evolve, and they need to focus in on identity as the centerpiece of the overall strategy. And so that's maybe the market we play in and the particular area of cyber that we chose to participate in.

But I think the other two reasons which are CyberArk specific are really driving the success. One is, this ability for us to be able to differentiate in the market with our Identity Security platform, the ability to be able to protect any identity, human and non-human machine identities, regular workforce users as well as the most privileged users sitting in IT and be able to do that all from one platform with one solution set. I think that resonates with our customers as they build their longer-term plans and point them in the direction of CyberArk.

And then the third area and a lot of the team members listen to this call, and I'll tell you, they're doing a phenomenal job executing out there. They are adjusting their execution to the macro environment. We talked about this a little bit before, but they come in and they've changed their value story to make it easier for the customer to buy. They're mapping to the Board initiatives that are out there. For example, they're able to pivot a lot of their story to deal with people like Josh sitting next to me, the CFO in the company and actually pitch a value story for them to go side-by-side with how we're talking to IT, to the CIO and to the CISO. And so I think phenomenal execution kind of rounds out the picture that starts with participating in a great market and having a differentiated solution.

S
Saket Kalia
Barclays Capital

Got it. That makes a ton of sense. Josh, maybe for my follow-up for you. Great to see the upside on the income statement this quarter, both in revenue and operating income. And also great to see the operating income guide go up so much for the year, I think more than this quarter's beat. Maybe the question for you, though, is I think we're taking the revenue guide up slightly at the bottom end. Maybe the question is, what were some of the puts and takes that you sort of considered when thinking about how just the ARR success is going to flow through to the revenue line? Does that make sense?

J
Joshua Siegel
CFO

Yeah. It does, Saket and thanks for the question. And yes, we are thrilled that we were able to raise the ARR guide for the full year by $7 million. And we're also happy that we were able to pass and eke (ph) up the revenue full year as well. And when we think about kind of the take then on the ARR, one of the things that we want to preserve for the back half is that we -- our pipeline has been growing at record levels. And -- but we're also seeing it very heavily weighted towards SaaS. And so we want to -- while we are getting that increase in the ARR, we also want to preserve that the second half could eke up even above our 95% of SaaS and subscription mix and we want to consider that. And I think where it could -- where we'll definitely see it roll into though is into 2024.

Operator

We'll move next to Jonathan Ho at William Blair.

J
Jonathan Ho
William Blair

Hi, there. Let me congratulate my -- the strong performance on the quarter. I wanted to maybe dig into maybe individual products. Was there anything that sort of surprised you in terms of strength in the quarter or that stood out relative to your expectations?

M
Matt Cohen
CEO

Hey, Jonathan. It's Matt here. So listen, I think across the board, it was a strong quarter. We saw a really good performance back in the PAM business itself, particularly on the Privilege Cloud front. We saw strong ARR growth in EPM and in Secrets in the identity and access space, especially in some of the areas that we say differentiate us there, Secure Web Sessions, workforce password manager and some of the areas there. So I think it was one of the quarters where we were kind of strong across the board.

We highlighted in the prepared remarks some of the newer stuff because I think maybe that's where we were a little more surprised kind of the intake of our Secure Cloud Access solution for protecting native cloud environments, maybe took us a little bit by surprise in terms of how quickly it's being brought into deals even more so into the pipeline of deals looking forward. We saw the SaaS side of the Secrets business, Conjur Cloud and Secrets Hub start to take off. And so, I would tell you it was a strong quarter across the board and with really nice signs on some of the newer innovations that we were able to talk about at Impact.

Operator

We'll go next to Rob Owens at Piper Sandler.

R
Robbie Owens
Piper Sandler

Great and thanks for taking my question. Last quarter, you did note some downsizing of deals. And just curious, given the puts and takes with the economy what you guys are seeing now in terms of deal size.

M
Matt Cohen
CEO

Yeah. So I think we talked about it a little bit in depth last quarter and we talked about two things, the downsizing of deals, we also talked about, though, that the component parts that were or downside maybe were put into the back half of the year pipeline and we're ready for expansion motion. The deals, first of all, to double down on that or come back to that, the deals that we saw happen in Q1, the other component parts still do sit in the back half of the year and actually are progressing really nicely. So we're really happy with that.

I think what I would say as it related to the second quarter here is the team did a better job of actually positioning the right deal upfront for the customer based upon a better understanding of their budget, based upon a better understanding of what they needed to procure and maybe weren't seeking out the supersize deal to begin with. And in that case, we didn't see as much downsizing at the end of the quarter. We actually just saw a strong performance, strong execution and the ability to be able to kind of deliver against the close rates that we would expect.

So I would say the market itself continues to stabilize around us. We feel like we're in a strong position vis-a-vis the macros at the moment. And I wouldn't say there's been any change in trends of a dramatic nature.

R
Robbie Owens
Piper Sandler

Great. And I guess building on that, if I look at ARR and ARR guide for the second half, this year implies about 45% of your ARR would come in the first half of the year, 55% in the back half. That's about a 5-point shift from last year, which was 40-60. So what's implied in that ARR guidance as we kind of contemplate the second half and any help around Q3 versus Q4 would be great. Thanks.

J
Joshua Siegel
CFO

Yeah. Thanks, Rob. So I mean, essentially, we're -- the guiding implies a flat net new ARR for subscription business because we anticipate definitely some reduction on the maintenance side of the ARR, that can even get to $10 million for the second half. So we're looking at flat on the net new ARR and we were glad that we were able to achieve -- overachieve on the net new ARR for the first half and then the take is the decline in the maintenance business ARR for the second half.

M
Matt Cohen
CEO

And then I would just add that I think we see a normal seasonal kind of split between Q3 and Q4, consistent with prior years.

R
Robbie Owens
Piper Sandler

Great. Thank you, guys.

Operator

We'll go next to Angie Song at Morgan Stanley.

A
Angie Song
Morgan Stanley

Hi, everyone. Thanks so much for taking my question today. So could you just talk a little bit about the success that you've been seeing with bundling? What percentage of customers bought multiple products this quarter?

M
Matt Cohen
CEO

Yeah. So we continue to see not just through bundling, by the way, but just through selection in the deal process, we continue to see customers purchase multiple solutions. When we talk about new logos, generally speaking, it's greater than 50%. It can even tick up higher than that, that are buying more than one solution on their landing spot. And certainly, that trend continues if not more in the base as we expand our customers kind of in that land-and-expand motion. So what we generally see though is that the customers have a prioritization process.

At one level, they're focused in on core PAM controls. And then they're looking ahead to what are they going to do next or what are they going to do in parallel. And for some customers, it's about locking down the least privilege on the endpoint, and so EPM becomes a priority. For other customers, they're seeing this need to really understand the nonhuman component, the machine identities, and so secret management becomes a priority kind of side-by-side with PAM.

And then for some, they're really looking to swap out their legacy IDP and thinking about access and their understanding that actually they can do that with the Identity Security platform from CyberArk. So each customer pool would be a little bit different. But in general, customers are wanting to either start or expand with more than just PAM and we're really happy with that. We also do, do a nice job, though, of seeding some of our more innovative products into our packages.

When you buy Privilege Cloud, you get a little bit of workforce password management, you get a little bit of the identity suite. And that helps us so that when we go back for the expansion motion, the customers are already familiar with our products and they're ready to adopt and expand later. So that's a little bit around how we see that world, packaging, but also just the very nature of how customers are buying more than one product from us.

Operator

We'll take our next question from Gregg Moskowitz at Mizuho.

G
Gregg Moskowitz
Mizuho

Thank you very much for taking the question and nice job executing in the Q2. Matt, I think everyone would agree that generative AI is spawning more cyberattacks and that this is only going to increase. And you spoke in your prepared remarks about innovations that you're working on in this area. But is gen AI something that you look at as an incremental revenue opportunity for CyberArk? What are your thoughts here?

M
Matt Cohen
CEO

Yes. It's an interesting topic and one that comes up in almost every conversation at this point in time. And the nice thing about what we're talking about is it's very practical and real. We're not talking about some mythical thing. We're talking about what's happening out there in enterprises today. Our threat landscape, talking with CISOs and security practitioners of thousands of enterprises around the world, it was over 85% of them that were anticipating a generative AI-based attack in the year ahead. So on that kind of offensive side, we certainly see this ability for attackers to innovate and innovate by really making their existing attack methods more effective.

And I think that kind of sets the stage to a degree for how we will operate from a defensive perspective. If they're making their existing attacks which are generally targeting identities more effective with AI then we need to make our existing solutions AI-enabled to be able to protect against those attacks. And I said it in the prepared remarks, but fight innovation with innovation. So for sure, there will be some new pockets of innovation or creativity where we might create some new solutions that harness the power of the data we’re collecting to be able to do analytics better and provide that insight into the product suite.

But in general, I would tell you our strategy is let’s go make our solutions more effective, let’s go make our solutions easier to deploy so that they can cover more identities. And let’s make sure that we understand how attackers are using AI and defend against that using what we believe is the primary mechanism we have, which is intelligent privilege controls.

Operator

We'll go next to Brian Essex at JPMorgan.

B
Brian Essex
JPMorgan

Hi. Good morning, and thank you for taking the question. I want to follow up on Rob's question, particularly with regard to some of the dynamics around ARR and conversions. I notice you had a little bit of spike in perpetual this quarter. But -- and Josh, I think you noted, what, about 4 points help on conversions for subscription ARR. So I guess -- and I also caught the comment that the $10 million, I think, decline anticipated for maintenance in the back half of the year. So maybe if you could unpack a little bit how conversions from the installed base are trending, how you're approaching those and what expectations might be in the future quarters for that versus new logo adds?

M
Matt Cohen
CEO

Sure. And I'll start, and then maybe Josh will jump in and add some color. But first of all, I want to just say the perpetual business itself didn’t grow. It actually was pretty consistent quarter-over-quarter. And that's what we're seeing now, which is really kind of an absolute number versus even a percentage. And as we look out into the pipe going forward, we see perpetual at the best flat and maybe even trailing down a little bit as we go forward. So the perpetual business definitely is seeing its last notes here at CyberArk. And I think we're good with that, obviously.

I think from a conversion perspective, I'm not sure Josh actually gave a number, but he talked about single-digit impact from conversions in terms of our overall growth. And I think that continues to be the case. You've heard me talk about this maybe before, but we believe fundamentally that we're getting such a big upside when people do convert, meaning not what we charge for the like-for-like, although that's incremental as well. We get 2x to 3x on maintenance rates for like-to-like conversion.

We also create such a strong compelling buying opportunity to expand into new products and even to upsell existing products that we're not coming at customers with a stick and saying you have to convert. We're actually approaching them and figuring out when it makes sense to slot it into their road map. And since we're such a core security control and we want customers primarily to go to SaaS, it takes a little bit of planning to figure out when that customer should go. And I think it's going to materialize over the next two to three years, and it's not going to be any big jump in any given quarter as we kind of move forward.

So I think that's how we see the kind of conversion activity happening. I would say on the maintenance ARR decline, what we are seeing is not -- that's not due to some big uptick in conversions. That's due to the fact that we're not selling much perpetual anymore. And just think about we were 95% in this quarter and the year before, we were in the upper 80s. You're starting to really tick down in the new maintenance that's coming in. And when we look towards the back half of the year, where we see 95% or better, we are anticipating the maintenance ARR coming down pretty strongly in respect of that kind of tail off.

Now in Q2, we were able to see some nice realization from a captured rate perspective. Renewal rates overall were actually in the best shape they've been. Price increase has started to materialize its way through and helped us to the tune of maybe $1 million. So we didn't see as much tail-off here in Q2, but we – what we definitely see it starting to kick in, in the back half of the year.

Operator

We'll take our next question from Eric Heath at KeyBanc Capital Markets.

E
Eric Heath
KeyBanc Capital Markets

Thanks for taking the question and great to see the great results there. Just a two-parter for me, Matt and Josh, if I could. Just first, any uptick in noise in the market or any change in sales cycles at all that relates to Hashi (ph) self-managed boundary offering or boxes upcoming PAM lease? And secondary, I just wanted to ask on M&A, Matt. Just if there's any areas of interest for you as you look to kind of accelerate the product road map and that's it? Thanks.

M
Matt Cohen
CEO

Yeah. Sure. Great questions. And from a competitive landscape perspective, we haven't seen any change and that would be across the entire portfolio. Specific to the two areas you talked about, from a Secrets Management, Hashi perspective, Hashi vault and then kind of on the PAM side with Hashi boundary, we don't see any difference in the competitive dynamic there. And I'll just take a second there to maybe double-click and try to help explain a little bit of our competitive posture against Hashi.

What happens with these development groups that are going on, and Hashi offers a fabulous developer platform across the board. Developers get started. They're using the Hashi tool set, and they need to actually manage secrets in a local vault. So they -- they're at least no longer hard coding secrets into the applications they're building. And they're setting up a Hashi vault instance, for example, locally for their work group as they work on their project.

And what happens at enterprises is that one Hashi vault becomes multiple Hashi vaults. And then there's other development efforts going on, and it's in AWS secret store or Microsoft key vault. And you end up with this kind of vault sprawl across the enterprise. At some point in time, security gets involved and says, great that you're not hard coding your passwords anymore into your applications. But how do we actually manage policy on the back end at an enterprise grade, at an enterprise scale?

How do we make sure that those passwords are actually being rotated? How do we make sure that the other policies are being implemented and now they have a decision to make. Do they actually go and upgrade and basically swap out tool sets to a more bigger offering from Hashi or do they bring in a security vendor that they're already used to dealing with on their PAM portfolio and expand with us into secrets?

And that's the competitive fight that we have, and it's a competitive fight that we're very confident in that we can become the enterprise backbone for secrets, not only in those modern scenarios, but also back into the legacy applications that we're able to provide options around and in the multi-cloud environments that we're able to deliver secrets through with our Secrets Hub.

Now as they move into boundary, it's not really PAM. And it would be the same answer then that I would pivot on over into what we're seeing around Okta, which is they are coming at it from an ease-of-use perspective and a light use case scenario perspective. And I think it maybe has some room to play down market for people who are just getting started on their PAM journey. But we don't see that as a current competitive threat within our market.

Our enterprise customers are not talking about pitches around Okta's PAM solution. And we'll keep an eye on it when it finally comes out and see what it looks like and we'll be ready to respond. But I give you a little bit of a longer answer here because it's an area that we feel we're strongly positioned against and we continue to see that dynamic be beneficial for us.

From the second question perspective, I think when we think about M&A, it's kind of similar to some answers we've given in the past. We continue to look at -- we have a clear vision for our Identity Security platform and where it will go over the next three to five years. And we always are looking and trying to understand, is there an inorganic method to significantly accelerate any component parts of that Identity Security vision. We're sitting on a $50 billion TAM. So we don't need to go someplace else with our acquisition strategy, but we might need to accelerate key component parts.

And you hear us talk about cloud and you hear us talk about access and endpoint in these nonhuman areas. And they're really exciting areas and we're always looking to see if there's a good match between us and something out in the market with a realistic valuation that can help accelerate our organic road map and get us to market faster and that's how we think about the kind of M&A approach going forward.

Operator

We'll take our next question from Roger Boyd at UBS.

R
Roger Boyd
UBS

Great. Thanks for taking the question and again, congrats on the very nice execution. This is definitely a difficult environment for customer additions. But Matt, I think you mentioned 235 in the quarter, which is certainly an impressive result. Last quarter, you made the comment that you're expecting maybe fewer but bigger lands this year. Wondering if that was still the case this quarter? And then again, with the record pipeline, any color on what you're expecting from a new logo perspective through the end of the year. Thanks.

M
Matt Cohen
CEO

Yeah. Sure. Thanks. And I think it's a really important point because it's really sequentially up 15% new logos from Q1 to Q2 and that's a good sign for us. We did see in Q1, we mentioned it that it was harder to go land. And I think in any macro environment that's a headwind. You're always a little harder to close the deals with a new customer. They take a little bit longer. We definitely saw an uptick here in Q2, which is nice. We certainly expect it to continue into Q3 and Q4.

But the secondary point you made absolutely played out once again, which is our average selling price and average deal size for those new logos was up pretty dramatically in Q2 and helped fuel our results. And so the ones we are landing are landing with much more of the Identity Security portfolio and they're making a bigger bet on CyberArk. And so that's why we look at the new logo quarter and really the new business quarter in Q2 and we're really, really happy with the step function change we saw versus Q1.

Operator

We'll go next to Joshua Tilton at Wolfe Research.

J
Joshua Tilton
Wolfe Research

Hey, guys. Thanks for taking my questions and I'll echo my congrats on a great quarter. I actually just had one for me. How -- any updates on how we should think about free cash flow for the balance of the year and maybe what are some of the puts and takes around outperforming free cash flow in the back half?

J
Joshua Siegel
CFO

Yeah, Josh. Thanks for the question. This is -- we're, first of all, we're glad we're in line with our expectations as we reported through the first half of the year. And I think that -- and we're certainly in line with where we are for full year -- with full year expectations. I think when you ask about puts and takes, this is still a transition year. And so some of the puts and takes are around duration on the self-hosted and of course, on the maintenance as well, which can create some headwind or tailwind on the free cash flow as it relates to billings. And we see in both of them, certainly in Q2, we saw some reduction in duration around the subscription, and I talked about that as it impacted revenue.

And anyway, maintenance, we're seeing a decline over already for the last year. Since we started our transition for the last two years, we're seeing the decline where we did a lot of three year deals going down out to one year deal. And that's our initiative to renew maintenance contracts only on a one year basis as opposed to a three year basis. So we're in line with what we expect for this year, and those are the puts.

M
Matt Cohen
CEO

Yeah. And I would just add, just jumping in, I think for sure, first of all, like Josh said, the quarter played out as we expected. I think we were pretty clear upfront that this was going to be a not the strongest cash flow quarter, given the dynamic of our quarterization of expenses and some other areas around insurance and other areas that we talked about. But I want to reiterate that I said in the prepared remarks, I'll say it again, that the cash flow story starts to kick in, in 2024 and accelerate in 2025 into 2027. And we are extremely confident in the $200 million of cash flow that we put out for 2025, the $375 million in cash flow for 2027 and we're right on track with that as we get into next year and expand from there.

J
Joshua Tilton
Wolfe Research

Super helpful. Thank you again.

Operator

We'll take our next question from Adam Borg at Stifel.

A
Adam Borg
Stifel

Awesome and thanks so much for taking the questions. Maybe just for Matt on the channel and the MSP opportunity in particular, you talked about that a little bit in the script. Maybe talk more about the opportunity for partners to introduce managed PAM offerings and how that could broaden your reach even more down market? And then I have a follow-up.

M
Matt Cohen
CEO

Yeah. I mean, I think this MSP market for us is, I don't know how to describe it other than its captivated us. I think we've been always looking at it. You heard me talk this quarter with some excitement. You'll hear me talk about it now. I think it's because it's actually broader than what we thought. I think when you start out, you think MSPs, you think down market, oh, it's going to help us reach a bunch of new logos. I think what we're seeing actually is it playing out on the dynamic across upper end of the enterprise, enterprise, corporate all the way down.

And it's because this growing trend that organizations really can't afford to sustain and support the vast (ph) spend on IT, specifically on cyber that's going on within their enterprises. And so there's a recent Gartner report that came out that estimated something like 30% or 40% of the cyber spend will move to MSP in the next three years. And I think that trend line kind of feels real to us. The exciting piece is what you just said, which is if you get into the MSPs as the backbone of their offering and they build and embed their value-added services around it; it’s a very sticky approach. And so we see our MSPs, not only by the way, wanting to bring our priv-cloud. It's generally a SaaS motion, wanting to bring our priv-cloud to market.

We see, as we mentioned, about BT looking over into our access solution portfolio. We see an increasing uptake on our Secrets Management and non-human side. And so we really believe that actually, it's a great way to reach all types of customers, obviously, to go out and find new customer segments down market, but also to get the broader portfolio adopted out into the market. And I think you can hear it as I start talking, I just think it's going to be such a strong growth driver for us going forward. Early days, but I can point to specific wins in Q2 that we would not have had if we didn't have the great MSP partnerships that we built up.

A
Adam Borg
Stifel

That's great. I appreciate that. Maybe just as a quick follow-up just on the vertical mix in the quarter. I did see that financial services still your top mix, but I think it did tick down sequentially. I do think the definition may have changed as well. Maybe anything to call out there on what you're seeing in your largest vertical. Again, really appreciate it. Thanks.

J
Joshua Siegel
CFO

Yeah. I'll just jump in. I mean, our big growth verticals were manufacturing and we also saw a nice growth in retail as well and probably followed up by pharma. Banking was -- and financial is still strong in our vertical mix. And overall, we always like to go back to the fact that we're really well diversified across many verticals. I think we have nine verticals that are 5% more of the business of the pie and we see them move around in the quarters. But overall, we continue to be really strong across no matter where the enterprise sits.

A
Adam Borg
Stifel

Great. Thanks so much for the color.

Operator

We'll go next to Trevor Walsh at JMP Securities.

T
Trevor Walsh
JMP Securities

Great. Good morning, team. Thanks for taking my question. Just a quick one for me. Matt, maybe best for you, but Josh, feel free to chime in as well. You mentioned in your prepared remarks about the telco deal in South America and it was more of a consolidation play. Just curious if you can dive in a little bit deeper there. Was that -- was there a displacement involved or if there were, how many other tools approximately maybe without naming names, of course, but just give us a sense maybe when you do see that consolidation motion kind of how it's playing out, kind of what's the critical mass of tools around identity that might be there to start and what's going to look like when the customer gets to their -- kind of their end state? Thanks.

M
Matt Cohen
CEO

Yeah. Sure. On that particular deal, it was consistent with what we would normally see on a bigger enterprise offering, which is, yeah, we're displacing a legacy PAM tool and consolidating in access and in secrets in that particular case. I think what we see in general when we land a new enterprise logo is that customers are foundational on our privileged controls on our PAM offering. And then as I mentioned earlier, they're partaking up a couple of other solutions in order to be able to get started on their journey. We use this phrase and we use it a lot because it's the foundation of how we view the market, which is it's a consolidation of trust that is happening.

And that can happen with a new logo. That can also happen with an existing customer as we expand the footprint. And it's the idea that it's not about just that we offer all of these things in the market and maybe we can give a better price point because you're buying it from one vendor. That's the traditional vendor consolidation and one throat to choke. It's really the idea that our customers trust us as a core security control in their stack. They know that we're security first. They know that actually our mindset every day when we wake up is that we're in partnership with them to secure their enterprise.

And so, as they look to understand within the identity space how they can consolidate, how they can get to a vendor that they trust in this increasingly threat landscape that's again hard to operate in, they look and they say, oh, I know CyberArk. I trust CyberArk, come talk to CyberArk. And that's a really interesting place to be too, because we're actually receiving the inbound and saying, hey, can you come talk to us versus having to always be out there positioning ourselves. So it's a great position to be in and that was an excellent deal that we're really proud of that they delivered down there in the LatAm team.

Operator

We'll go next to Alex Henderson at Needham & Company.

A
Alexander Henderson
Needham & Company

Great. Thanks and thanks for the consistency in strong execution, you guys have been delivering quarter after quarter after quarter. I was hoping you could move to a little bit broader view of the world from -- than just looking at what CyberArk is seeing and talk to us about what you're hearing from the C-suite at your customers and in the marketplace. There seems to be two specific dynamics that have set up the fear after the Fortinet print that people are cutting back on spending. Conversely, the software companies seem to be talking about an improved normalization and stability. So what are you seeing from the aggregate C-suite about what their intentions are on overall spending on security? Thanks.

M
Matt Cohen
CEO

Yeah. Sure. I mean, I'll comment to my vantage point. And really, it's coming from my conversations, like you said, with the C-suite of customers that still happens day in and day out. And what we see out there is that the C-suite understands that the threat landscape is getting worse. They understand that work-from-home or now hybrid work makes things harder. They understand that digital transformation can't slow down. More and more, they're understanding that all this great work that's being done by developers to build modern applications are being done kind of outside the purview of the security organization and the controls that have been put in place.

And so what you see is, I think, actually awareness of the need of the cybersecurity spend, full stop, not CyberArk spend, but cybersecurity spend is going up. It's even more on the Board agenda. And you see regulation coming out here in the U.S. that actually even pushes that even further to say around disclosure requirements and making the Board maybe even more aware. So I think cyber as a topic, believe it or not, continues to elevate in its importance. I think then in this macro environment, the C-suite does have to make difficult decisions and they need to prioritize.

And to be honest, that's where they look towards the experts in their organization to say, how can we do primary risk reduction? Where is the threats most severe? And what are the tool sets either I have in-house or I need in-house that are going to drive us to a better security posture? And I think then in those cases, they're certainly willing to spend. And we saw it in our results. We see it in our pipeline and I think that then becomes to a degree within cyber spend haves and have nots for the time being because in a more tight environment, they are going to make more discriminating choices. We're lucky to be part of the choice and we're happy with that position.

Operator

We'll move next to Rudy Kessinger at D.A. Davidson.

R
Rudy Kessinger
D.A. Davidson

Hey. Great. Thanks for taking my questions. Just one for me. Matt, you talked about this a little bit, but I think it's applied more to the new customer side. You've talked about 50%, 60% landing with two plus products. I guess I'm curious with the existing customers, how much emphasis are you putting on the cross-sell motion? Take the conversions out of it. You've talked about building those road maps with those perpetual customers to migrate them potentially with multiple products. But if you look at your existing subscription customers, what kind of expansion rates are you seeing with that installed base and how much emphasis are you placing on the cross-sell motion?

M
Matt Cohen
CEO

Yeah. No, I think it's some level of the backbone of our growth story. We still see, by the way, strong upsell of PAM seats. They own some, and they're expanding to more. And as more users become privileged, they need to expand out. But I would tell you that the sales team is eating their dinners off of the cross-sell motion because it is the compelling story in the market. It's the compelling story of our Identity Security platform. Hey, you're protecting IT, protect the workforce. You're protecting the on-prem environment, protect the cloud, protect the hybrid and lift-and-shift environments. You're doing human. Now you need to start doing non-human and machine identities.

So I would tell you that we are thrilled, I would use that word, with our expansion selling capabilities, our expansion selling performance. And I think that's what sets us up for such a strong future. I think at our Investor Day, we talked about an $8 billion TAM within our installed base. And those motions, to be honest, are easier than going and landing a new logo. And so when we have that kind of well lubricated and working, the growth story really takes off from the base.

Operator

We'll take our final question from Andrew Nowinski at Wells Fargo.

A
Andrew Nowinski
Wells Fargo

Great. Thank you for squeezing me in. So there were many instances this quarter where I think privilege escalation was used as part of that move it file transfer breach. I'm wondering if that had a positive impact on your quarter or the pipeline. And then I was also hoping you could comment on the Fed -- the pipeline you have in the Fed, given that we're heading into the fiscal year in there? Thank you.

M
Matt Cohen
CEO

Yeah. Sure. I'll take them, and Josh will sit to my side not talking too much. But I think when we think about the kind of threat landscape, listen, when we understand a little bit more about any of these well-publicized breaches, it comes back to privilege escalation. It comes back to credential theft. It comes back to the things that we at CyberArk do. And so I would tell you that it's always a help. It always is a tailwind. It never drives a deal in the quarter, more or less. Obviously, there's a few deals that come with someone who's particularly breached, and they need to recover quickly and that's a quick sales cycle.

But it's the second part of what you said. It drives the pipeline expansion, the pipeline growth that we see out there in the market because any of these breaches -- by the way, same thing we would say about generative AI. It causes organizations to have to think the way we want them to think, which is assume breach. And the minute you assume breach as an organization, it's not enough to detect. It's not enough to lock down the perimeter. You have to actually implement controls that stops somebody once they get inside because you have to assume they're already inside. And the move it breach and kind of the play out of that just reemphasizes that factor.

To your second question here before we wrap, we continue to see a Fed environment that's consistent with what we've seen before. Now we talked about before, it's kind of become more ordinary course of business that happens each quarter versus some big buildup that happens at the end of the year. People are having to buy each quarter because the priority is evident. So we embedded our Fed business into our guidance for Q3. We're happy with our overall Fed business, our overall global government, which I think is 11% of our overall vertical mix. By the way, I would highlight we see a strong growth potential in the SLED business, the state and local areas. We closed a really nice deal in Q2 at a state entity. It was a large deal adopting the full Identity Security suite. So we see that as a growth driver as well even when you get beyond the traditional federal market.

Operator

And that does conclude our question-and-answer session. I would like to turn the conference back over to Matt Cohen for closing remarks.

M
Matt Cohen
CEO

Yeah. So I want to end by really thanking our employees for their hard work, their commitment. You heard me talk about their execution and I'm incredibly proud by everything that everybody does at CyberArk. I want to thank our partners for helping us drive the business and of course, our customers. And thank you for all the informative questions and we'll talk to you soon. Thanks.

Operator

And this concludes today's conference call. Thank you for your participation. You may now disconnect.