Cyberark Software Ltd
NASDAQ:CYBR
US |
Fubotv Inc
NYSE:FUBO
|
Media
|
|
US |
Bank of America Corp
NYSE:BAC
|
Banking
|
|
US |
Palantir Technologies Inc
NYSE:PLTR
|
Technology
|
|
US |
C
|
C3.ai Inc
NYSE:AI
|
Technology
|
US |
Uber Technologies Inc
NYSE:UBER
|
Road & Rail
|
|
CN |
NIO Inc
NYSE:NIO
|
Automobiles
|
|
US |
Fluor Corp
NYSE:FLR
|
Construction
|
|
US |
Jacobs Engineering Group Inc
NYSE:J
|
Professional Services
|
|
US |
TopBuild Corp
NYSE:BLD
|
Consumer products
|
|
US |
Abbott Laboratories
NYSE:ABT
|
Health Care
|
|
US |
Chevron Corp
NYSE:CVX
|
Energy
|
|
US |
Occidental Petroleum Corp
NYSE:OXY
|
Energy
|
|
US |
Matrix Service Co
NASDAQ:MTRX
|
Construction
|
|
US |
Automatic Data Processing Inc
NASDAQ:ADP
|
Technology
|
|
US |
Qualcomm Inc
NASDAQ:QCOM
|
Semiconductors
|
|
US |
Ambarella Inc
NASDAQ:AMBA
|
Semiconductors
|
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
191.53
329.15
|
Price Target |
|
We'll email you a reminder when the closing price reaches USD.
Choose the stock you wish to monitor with a price alert.
Fubotv Inc
NYSE:FUBO
|
US | |
Bank of America Corp
NYSE:BAC
|
US | |
Palantir Technologies Inc
NYSE:PLTR
|
US | |
C
|
C3.ai Inc
NYSE:AI
|
US |
Uber Technologies Inc
NYSE:UBER
|
US | |
NIO Inc
NYSE:NIO
|
CN | |
Fluor Corp
NYSE:FLR
|
US | |
Jacobs Engineering Group Inc
NYSE:J
|
US | |
TopBuild Corp
NYSE:BLD
|
US | |
Abbott Laboratories
NYSE:ABT
|
US | |
Chevron Corp
NYSE:CVX
|
US | |
Occidental Petroleum Corp
NYSE:OXY
|
US | |
Matrix Service Co
NASDAQ:MTRX
|
US | |
Automatic Data Processing Inc
NASDAQ:ADP
|
US | |
Qualcomm Inc
NASDAQ:QCOM
|
US | |
Ambarella Inc
NASDAQ:AMBA
|
US |
This alert will be permanently deleted.
Earnings Call Analysis
Q3-2023 Analysis
Cyberark Software Ltd
CyberArk launched its Artificial Intelligence Center of Excellence, reaffirming its dedication to innovation by bolstering AI and machine learning capabilities within its Identity Security platform. As the cyber threat landscape grows more severe with attackers leveraging AI, CyberArk's new center and Labs team collaborate to advance threat detection and optimize user experience. The company introduced new risk-based controls for identities in the cloud, enhancing secure access to multi-cloud services. Thanks to continuous investment, CyberArk has strengthened its position, winning recognition as a PAM leader and achieving strong business momentum underpinned by upselling, cross-selling, and acquiring new logos.
CyberArk exceeded guidance for the third quarter, with revenue growth exponentiating to 25% and reaching $191.2 million. A subscription bookings mix of 97% signals robust sales performance. The Annual Recurring Revenue (ARR) increased by 38% to reach $705 million, with the subscription part growing by 68%. The ARR expansion is driven by high demand for the company's Identity Security platform, evidenced by a substantial $53 million in net new subscription ARR. Recurring revenue now constitutes 91% of total revenue, reaffirming CyberArk's successful transition to a subscription-based business model, while maintaining strong renewal rates and capturing price increases. With 83% gross margin and operating income of $16.9 million, the company's profitability strategy is proving to be effective.
Looking forward, CyberArk forecasts Q4 total revenue between $206.5 million and $211.5 million, with a year-on-year growth of 24% at the midpoint. The revenue growth outlook for the full year is raised to a range of $735 million to $740 million, indicating a 25% increase from the previous year. Profitability is also looking up with the expected operating income between $17.7 million and $21.7 million, and an EPS range of $0.72 to $0.80. Additionally, the company projects a cash flow margin of $33 million to $38 million and has elevated the annual recurring revenue (ARR) guidance to between $758 million and $768 million. These figures illustrate CyberArk's confidence in maintaining strong execution and adapting to the enduring demand for its identity security solutions.
Hello, and welcome to the CyberArk Earnings Conference Call. [Operator Instructions]
I will now turn the conference over to Erica Smith, SVP, Investor Relations and ESG. Please go ahead.
Thank you, Jay. Good morning. Thank you for joining us today to review CyberArk's Third Quarter 2023 Financial Results. With me on the call today are Matt Cohen, our Chief Executive Officer; and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open the call up to a question-and-answer session.
Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operations for the fourth quarter full year 2023 and beyond.
Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20-F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted to CyberArk's website.
CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release as well as in an updated investor presentation that outlines the financial discussion in today's call. A webcast of today's call is available on our website in the Investor Relations section.
With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?
Thanks, Erica, and thanks, everyone, for joining the call today. I want to start off by saying our hearts go out to Israel and the Global Israeli community as they navigate through this incredibly difficult time. The atrocities committed by Hamas in Israel are horrific and as an organization, we condemn these barbaric acts. The health and safety of our team continues to be our top priority. We are providing all of our employees with the flexibility required to care for their well-being for their families and for their communities.
The resiliency and spirit of our team has been nothing short of remarkable. The outreach and support from our customers, our partners, and the Wall Street community has helped us all through the last few weeks, and we greatly appreciate it.
Moving into the quarter. We had 1 of the best quarters in the company's history. We saw a significant step up in demand for our platform. Our go-to-market teams continue to deliver and identity security remains a top priority for global CISOs. In the third quarter, our bookings growth accelerated and total bookings significantly outpaced our guidance framework. Demand served across our platform, resulting in stellar results that beat our guidance across the board.
Subscription ARR reached $504 million, growing 68% year-over-year. Total ARR reached $705 million, growing 38%. We added a robust $52 million in net new ARR and we exceeded our guidance range across revenue, operating income and EPS, with total revenue accelerating to 25% growth, reaching $191 million.
Non-GAAP operating income came in at approximately $17 million, and we generated non-GAAP earnings per share of $0.42. Throughout the year, our team has personified excellence in execution, and we have navigated the macroeconomic landscape exceptionally well. While uncertainty persisted in the third quarter, we experienced a firming of the macro environment compared to the last few quarters. Our execution was even stronger in Q3 as seen in our meaningful top and bottom line outperformance and the significant step-up in our ARR guidance for the full year 2023.
Our close rates improved and we had strong conversion of our record pipeline. While we didn't see any outside deals in the third quarter, there was a healthy increase in 7-figure ACV contracts as customers are more than willing to allocate significant portions of their cybersecurity budgets to our mission-critical solutions. In addition to strong execution across our go-to-market and product development teams, we continue to benefit from robust secular tailwinds that are becoming even stronger. The exponential growth of identities, cloud migration and the elevated threat landscape are all contributing to the momentum in our business.
One thing remains constant in cybersecurity incidents. All roads in the attack chain lead to identity. The MGM incident is 1 of the most recent examples of identity and privilege access being leveraged to move laterally regardless of environment and how attackers can inflict devastating damage, including a complete shutdown of an organization. As identities across the enterprise become more powerful, cybersecurity leaders recognize that to be secure all identities need the right level of privileged controls.
Organizations are also grappling with how to assign privileges and provision access to provide each identity with the right level of security at the right time. We are the only company with an identity security platform that can offer our customers the flexibility to provide standing access, just-in-time access or 0 standing privileges, depending on the type of identity and the nature of the targets they need to access. What differentiates our platform even further is that we can do this across hybrid and cloud-native environments.
Based on our truly differentiated capabilities, our platform selling motion continues to gain traction and all our solutions are being adopted by customers at an accelerated pace, driving strong growth. This includes PAM, which despite having a much bigger base, it's still 1 of our fastest-growing areas. Equally exciting, customers today understand that EDR is not enough and they need endpoint privilege manager to lock down every endpoint with the least privileged approach.
Our access solutions remain both in expansion and landing opportunity. Conjur Cloud and Secrets Hub are leading a SaaS first strategy for our secrets management business, an equally exciting, the early momentum we are seeing with secure cloud access remains very strong and opens up an entirely new group of identities for CyberArk within the developer community.
We have an all-star lineup making up our portfolio. We are empowering our customers throughout their digital transformation journeys by securing access to their cloud environments and protecting their developer communities and the applications they are building, all without getting in the way of innovation. Ensuring every identity across the workforce is truly secure sets us apart and is helping us achieve these strong results.
Digging into some of the key deals in the quarter. The threat landscape is driving customers to adopt our robust identity security platform and has pushed CyberArk into the top competitive position. We had a strong new business quarter and signed about 230 new logos with customers increasingly landing with 2 or more solutions. A few great wins in the quarter included Pro desk and international government agency recognizing the mission-critical nature of Identity Security and went deep with CyberArk from the start, landing with PAM, EPM, access and secrets in a 7-figure deal.
A manufacturing company landed with PAM, vendor PAM and access. Our platform capabilities were a key differentiator over competing identity vendors, influence from both an advisory firm and a channel partner demonstrates the powerful combination of our platform and partner network in this great new logo win. Glasgow, Caledonian University was looking for a modernization and upgrade of their identity stack driven by a need for stronger security controls.
Recognizing the need to look at identities holistically, they brought CyberArk security first mindset on board broadly adopting Privilege Cloud, identity, workforce password manager and secure web sessions. The velocity of our business is picking up as customers achieve faster time to value with our SaaS solutions. One thing I want to drive home is that our expansion business is coming both from our new solutions as well as expanding TAM within our existing customers. The land and expand motion is built into our model and its success is represented by the 33% increase in customers with more than $100,000 in annual recurring revenue to 1,585 customers at the end of Q3. We're seeing even faster growth in the larger cohort of customers with over $500,000 ARR.
A few examples of expansion deals include a long-term CyberArk PAM customer in financial services, needed an additional layer of security for its broader workforce. This quarter, they added CyberArk identity, secure web sessions and Workforce Password Manager, taking the first step into our SaaS capabilities with discussions already underway to go deeper across the platform. We had a great quarter for our secrets management business. In a 7-figure ACV deal, a Fortune 500 financial services company who added Secrets management for the first time for a subsidiary at the end of 2022 is now deploying CyberArk as the de facto provider for all its data centers globally. This is another example of CyberArk serving as the secrets backbone for the enterprise.
With the recent uptick in high-profile breach activity, EPM remains a must-have. Adding to its existing CyberArk portfolio in a 7-figure ACV add-on deal, this Fortune 100 retailer was looking to deploy EPM across all its workstations and servers, allowing consistent policy adoption. Removing local admin rights and running in lease privilege at the endpoint delivered measurable risk reduction across the enterprise. We continue to see great alignment and momentum in the channel partners and partnerships providing new valuable routes to market that allow us to extend our footprint even more effectively and reach new customer segments. The number of certifications and unique certified partners continue to show healthy growth across PAM, access and secrets management. The partner community is a big part of our growth, and we are thrilled with the depth of our relationships. And while MSPs are still a small percentage of our business today, momentum is continuing to pick up. Our MSPs deals are on average about 50% larger in size than traditional channel deals with a faster sales cycle.
In the third quarter, a Nordic MSP doubled the number of PAM and workforce password manager users after an initial purchase in March. Their managed service operations have expanded significantly as they build out their identity security offering. Results like this are becoming commonplace and our MSP pipeline continues to see strong growth.
Moving on to innovation. In early September, we launched our Artificial Intelligence Center of Excellence. The center builds on our long track record of using artificial intelligence and machine learning to fortify and expand generative AI and ML capabilities across our identity security platform. We are harnessing these capabilities to drive risk analysis and risk reduction, threat detection to simplify the user experience through automation and optimize policy to be more effective and boost productivity. AI is also being weaponized by attackers, which is increasing the severity of the threat landscape. The CyberArk Labs team was founded on the principle of thinking like an attacker, and is providing ongoing research in how generative AI is driving attacker innovation.
The Labs team is working closely with the Center of Excellence, and together, they are fighting attacker innovation with innovation of our own to more effectively secure our global customers. In early October, we announced new risk-based controls for identities in the cloud, strengthening our Secure Cloud Access solution. These enhanced capabilities enable just-in-time access with 0 standing privilege to a diverse set of cloud services that sit behind the cloud management consoles for all cloud service providers.
These services run in multi-cloud environments with no added friction to the user experience. While many other vendors focus on visibility in the cloud, no other vendor can bring privileged controls to the cloud like CyberArk can. We were excited once again to be named a leader for PAM by 2 major industry analysts, including in the Forrester Wave for Privileged Identity Management. Our Identity Security platform received a top score in the current offering category and the highest possible score in 16 criteria including lease privilege access, just-in-time access, development and DevOps support, threat detection and response, innovation and partner ecosystem.
As you have heard from us for a while now, the investment in our identity security platform has dramatically increased our ability to innovate and bring new integrated services to market at an even faster rate, while driving down our overall cost of development. The threat landscape is evolving quickly, but we are well positioned to live our mission of securing our customers around the world against cyber threats with constant innovation and security first solutions.
Switching gears to profitability. The effects of our subscription transition are entering its final phase. Our top line growth is accelerating and our outperformance in Q3 shows the inherent operating leverage in our business. We are marching towards our goal of returning to a rule of 40 company or even beyond. We are striking the right balance between investing in growth and innovation and driving profitability.
In addition, the final piece of the transition is cash flow, which we expect to expand in 2024. With our stellar performance in the quarter, I remain very confident in the long-term targets we outlined earlier in the year.
To sum up my discussion today, we posted a stellar quarter with our business accelerating, our industry-leading platform drove strong new and add-on business. We offer a must-have layer of security that is truly differentiated in the market. Our competitive position has never been stronger, and you are seeing the momentum in our business. We are the only vendor in the market today who has a full identity security platform, one that can apply the right level of controls over any identity regardless of environment.
I'll now turn the call over to Josh, who will discuss our outperformance in more detail and how the significant increase in our full year revenue, operating income and ARR guidance demonstrates the confidence in our execution and the durability of the demand environment. Josh?
Thanks, Matt. We posted outstanding results in the third quarter and beat our guidance across all metrics. Our bookings outperformance compared to our guidance framework for the third quarter resulted in top line revenue growth accelerating to 25% coming in at a record $191.2 million. We were particularly pleased with our results because of our subscription bookings mix in the third quarter was 97% that's higher than our guidance framework of 95% evidence that the booking strength was even more impressive than the top line outperformance. Our business continues to be driven by upsell, cross-sell and new logos, landing with a bigger piece of our identity security platform.
ARR demonstrates the momentum in our business and reached $705 million at September 30, growing 38%. The subscription portion increased 68% and reached $504 million. The strong $53 million in net new subscription ARR shows the step-up in demand for our identity security platform as customers increasingly move to protect all identities with intelligent privileged controls. The maintenance portion of ARR was just over $200 million at September 30. Strong renewal rates persisted in the third quarter, and we were able to capture price increases resulting in a relatively flat maintenance ARR compared to the second quarter.
Like-for-like conversion activity still only represents a single-digit percent of our year-on-year ARR growth. Moving into the details of the revenue lines for the third quarter. Subscription revenue reached $122.9 million with growth accelerating to 65% year-on-year and representing 64% of total revenue in the third quarter. Perpetual license revenue came in at $4.1 million. Our maintenance and professional services revenue was $64.3 million. Of that, $51.5 million came from recurring maintenance.
The consistent maintenance revenue is because of our strong renewal rates and the uplift in prices we are capturing for our mission, critical software, professional services and professional services revenue was $12.8 million in the third quarter. Recurring revenue reached $174.4 million and is now 91% of total revenue compared to 84% in the third quarter last year, demonstrating the subscription engine we have built. Recurring revenue growth accelerated to 36% year-on-year.
Geographically, the business continues to be well diversified. The Americas revenue reached $112.4 million, growing 20% year-on-year. APJ grew by 21% to $18.7 million and EMEA grew by 38% year-on-year to $60.1 million in revenue. One thing to note is that every 1 of our major territories had a subscription mix of over 94%. All line items of the P&L will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release.
Our third quarter gross profit was $158.2 million or 83% gross margin, consistent with the third quarter last year. Our operating income of $16.9 million far exceeded the top end of our guidance. We are pleased that our commitment to the profitability and leverage is now paying off. Sequentially, our operating expenses declined from the second quarter of 2023, primarily because of our Impact Customer Conference. As a reminder, in 2022 we hosted our Impact customer event in the third quarter and it fell in the second quarter of this year. That's affecting the year-on-year comparison in addition to the sequential.
Net income came in at $19.6 million or $0.42 per diluted share, also significantly outperforming our guidance. For the first 9 months of 2023, free cash flow was $5.1 million or 1% free cash flow margin. We ended September with approximately 3,000 employees worldwide, including 1,320 in sales and marketing.
Turning to our guidance. For the fourth quarter and the full year 2023, our guidance reflects our strong execution and durable demand, while still balanced against the continued uncertainty in the broader environment. For the fourth quarter of 2023, we expect total revenue of $206.5 million to $211.5 million, which represents 24% year-on-year growth at the midpoint. We expect the subscription mix to be about 95%, and we expect non-GAAP operating income in the range of $19 million to $23 million for the fourth quarter, and we expect our non-GAAP EPS to range from $0.41 to $0.50 per diluted share. Our guidance also assumes 47.1 million weighted average diluted shares and about $11.6 million in taxes.
For the full year of 2023, we are raising our guidance for total revenue to be in the range of $735 million to $740 million that's representing 25% and growth year-on-year at the midpoint of the range and an acceleration from the 18% in 2022. We are significantly raising our profitability outlook and now expect our full year operating income to be in the range of $17.7 million to $21.7 million. We expect our EPS range to be $0.72 to $0.80 per diluted share, and we expect about 46.5 million weighted average diluted shares and about $32 million in taxes for the full year of 2023.
Now that we are in the fourth quarter, we wanted to frame up the cash flow guide rails, which translates to a range of $33 million to $38 million for the full year 2023. We are also significantly raising our guidance for the annual recurring revenue by about $15 million to now be between $758 million and $768 million in this December 31, 2023, or about 34% year-on-year growth at the midpoint of the range.
Overall, we were thrilled with another quarter of strong execution and see a step-up in momentum and demand for our solutions and platform. Recurring revenue is now the lion's share of our business and its acceleration this quarter demonstrates that demand for our platform is building. At the same time, we are driving leverage in our model, resulting in our significantly improved profitability and cash flow.
Now I want to take a moment and echo math sentiment and that we are fully supporting everyone affected by the horrific attacks on Israel. We are grateful for those bravely serving Israel, and our thoughts and prayers are with them.
Before moving on to the QA, I also wanted to address some of the questions we have been getting about our operations in Israel and the employees who are being called to military duty. Organizationally, about 1,000 employees or 30% of our total team is based in Israel with the biggest group being in R&D and product management and then HR, finance, IT and legal teams. At this time, just under 3% of our global employees have been called up into the reserves. As a global company, business continuity has always been foundational to our strategy, and we are moving the business forward even in these unprecedented times.
We remain confident in our ability to hit our short- and long-term goals. Our team has been incredible and I'm proud of what they are accomplishing together as we navigate this challenging time. We all stand united in support of our Israeli employees around the world, and we will emerge stronger as an organization and a community.
I will now turn the call over to the operator for Q&A. Operator?
[Operator Instructions] Your first question comes from the line of Saket Kalia of Barclays.
Okay. Great. Great to see the momentum and also wanted to echo those thoughts there, Josh, to all your employees in Israel as well.
Thank you, Saket. Thank you.
Thank you.
For sure. Matt, maybe just to start with you. A lot of great stuff to talk about. But maybe we can touch on maybe some of the recent events in the identity space broadly. Specifically, I'd love to touch on whether you think the MGM Caesars breach is driving maybe additional interest in PAM broadly? And what do you think some of the vulnerabilities for other identity players are maybe driving interest in CyberArk's broader identity platform. Does that make sense?
It does. And I think it's a key element, actually, of our continued performance and our continued results. Like when we think about kind of the threat landscape today, and we'll talk generally to begin with, we said it in the prepared remarks, all roads lead towards identity. When you start to digest or dissect some of these breaches themselves, you start to see that they all start kind of with a profiling and understanding a phishing attack that goes out after weakness in an employee, maybe it's MFA fatigue, maybe it's tricking a help desk. And ultimately, organizations see quite quickly that MFA, multifactor authentication is not enough. When you track the pathways that then are occurring in these breaches, ultimately, you see the lateral movement to a privileged account and then the privileged account being exploited, which allows the data infiltration and the ability to be able to recap it within an organization. And this is actually not new news. When you track any major breach of the last decade, it comes back to the need to be able to protect every identity within an organization, human or nonhuman and apply the right level of privilege controls and organizations that just stop at basic security controls are not really secure in this day and age.
And so I think when you look at our results, you see CISOs who have understood this not because of a recent breach, but understood it for years, getting more support from their C-suite from their Boards. As they understand the dire consequences of not implementing a broader identity security strategy. Now we see it obviously in customer breaches. We see it in breaches that have occurred throughout the industry, the identity industry, they all actually have the similar foundation, which is we need to make sure that the privilege controls are placed against all identities. And I think our customers understand that we're the only company out there that's able to bring a security-first identity security story that they can trust and trust to be able to consolidate their offerings on to the CyberArk platform.
Got it. That makes a lot of sense. Josh, maybe for my follow-up for you. It's great to see the maintenance error hold in with -- I mean you called out strong retention and price increases as well. The question is, how do you think about maintenance ARR going forward, just tactically, but also strategically, when do you think these customers maybe start to convert to subscription or SaaS in a bigger way?
Yes. Thanks, Saket. So when we think about Q4, I mean, we think about a decline in the mandate ARR, probably in the mid-single digits -- going -- and that would kind of give us about just over a $10 million type of a decline in the last -- for the 12-month period. And I think as we see it kind of playing out into 2024, I think that we'll probably see as -- right now, we're above the -- and already Q3, or 98%, we're looking at kind of just in the 95-plus range for the full year this year in terms of SaaS and subscription. So already next year, it will be above that. So really, the perpetual business is really evaporating for next year. So we should expect to see, I would call, a larger decline compared to the low double digits this year, but not a falloff just kind of continuing to increase the number. And I think the strategy is we're really focused on doing what's right for the customer and what's right and best for the customer.
And so clearly, as customers are part of the cloud journey for moving their PAM and their identity security to the cloud, we are absolutely part of that program. And then we also are -- as the customer wants to upgrade and update their current hosted environment, we're there, but we're not necessarily forcing a change to move it. But we do anticipate it growing because the perpetual business is evaporating. And over time, more and more customers will be moving to the SaaS environment, and we'll be there for that.
Your next question comes from the line of Rob Owens of Piper Sandler.
You we'd like to echo our thoughts relative to your employees and the people of Israel, tough situation. Wanted to drill down, Josh, a little bit and just 1 question from me into the free cash flow guide. I realize that there was puts and takes with previous guide around duration of maintenance contracts. But it looks like some of that previous guidance of that net income margin spread relative to free cash flow aren't necessarily going to hold. So can you unpack that for us and help us get to an understanding of a free cash flow for this year and where it's coming in? And then any thoughts relative to how that might accelerate next year in terms of that spread?
Yes. Thanks, Rob. So actually, I think when we looked at the -- at the third quarter, free cash flow was in line with our expectations. And we basically -- and Matt alluded to it in his prepared remarks, when we think about cash flow, it's kind of the last piece of the transition coming out going from perpetual SaaS and subscription. We really hit first on the revenue acceleration in the transition. And then it moved, as you started to see during this year into the operating income, and we'll see more of that expansion going into next year. And when we think about cash flow, is the third piece of the puzzle and it's really because when we're thinking about that transition, we're dropping down from a perpetual sale, which also comes with a maintenance, one or multiple year contract that's all paid upfront, now going to either a SaaS or a subscription contract, which is being typically paid in a 1-year contract upfront.
So we are starting to -- we started to see the beginning pieces of it this year, but we see the real inflection as we go through the full renewals, and we are able to enjoy the SaaS subscription play instead of without the perpetual, we'll start to see the compare really go strong in next year and '24 and '25 and confident about the numbers that we've set out in our long-term targets.
And then just just to emphasize, I think we set out guardrails that came in and basically, our guidance, which is cash flow in line with our net income margin is where we see it kind of playing out. So on the lower end of the guardrails, but within those guardrails for the rest of this year. And then I just want to reiterate what Josh said, which is we see an inflection point going into next year, and we're extremely confident in the cash flow targets that we put out there for the long-range model for 2025 and 2027. Nothing's changed there.
Your next question comes from the line of Roger Boyd of UBS.
Great. Congrats on the quarter and again, echo thoughts on your employees and everybody in Israel. I wonder if you could talk about new logos. I think -- I apologize if I missed. I don't think I heard a new logo of disclosure, but I think for the past few quarters, you've talked about the fact that it's a tougher environment for that, but that the the customers you are landing bigger with the platform. It clearly sounds like that was the case in 3Q, but I love any thoughts on how you're thinking about new logo contribution is maybe around the corner into next year?
Yes, sure. So I think we did mention it, but I'll mention again, which is we did about 230 new logos in the quarter. That is basically flat year-over-year. And as we've talked about, I think we're pretty actually excited by that number. We're continuing to be able to land new customers. It's remember, we're primarily serving either the enterprise or the upper end of the mid-market. And we've been able to successfully continue to land customers with PAM, increasingly with more than 1 product, 2 or more. We've landed customers this quarter with EPM and with access, and we see that business for us as really a great feeder system for our future growth, giving our land and expand motion.
I will also emphasize and I think you hinted at it in the call, we continue to see that the deal size of our new logos is increasing dramatically. And we actually are up well above our growth rate in terms of the overall size of the contribution of those new logos from a booking perspective. So we think this is a healthy new logo quarter in this environment. Certainly, it does have a little bit of a slower close rate because of the macros, but we're excited by the performance in the queue.
Your next question comes from the line of Hamza Fodderwala of Morgan Stanley.
And I also want to extend my support to all your family's friends in Israel. Josh, I'll hope to see you there next year.
Look forward to it.
Yes. Matt, maybe a question for you on a more high level. CISOs are dealing with a lot going into next year, you've got a rising threat environment. You've got these new SEC rules. Now they can be held personally liable for breaches. I'm curious, as customers think about their budgets for next year, what are you hearing for them? What is the priority level and what are the main concerns from CISOs right now, whether it be related to identity security or just more broadly?
Yes, Hamzah. I think you captured it well. the job of a CISO is not an easy job. I spend a lot of my time with them. And they're stressed, impressed beyond belief as they try to figure out how to counter all of the factors that you described, both from the threat environment and from the regulations. I think when we talk, and we're having, again, really genuine, transparent conversations, they're trying to understand, as always, what are the priorities that are going to have the most amount of impact on risk. And they could do 800 things. So they could do everything that you could imagine, but they have to boil it down to the programs and projects that are going to make sure that they can answer to their Board why they're more risk reduced this year than the year before and so on.
And when they look at that, they really do inherently understand this concept that all roads lead to identity. And so everything they're thinking about is about locking down their overall posture around identity, identity security. Now you can do EDR on the endpoint to make sure that you're able to detect and respond to things that are coming in from the outside, and that's still a priority for our CISOs and for our customers. But when they're thinking about what can have the biggest impact, what can reduce risk the most. It's really their identity projects, which is why we see ourselves be prioritized. And why, as CECLs look towards their next year's budgets and we have those budget conversations obviously already started, they're prioritizing our spend into their overall budget plan, and we're talking with them about their road map, not just for the quarter we're in, but for the year or 2 years ahead.
And it is a journey to lock down identities and cover all identities, human and nonhuman to cover both on-prem and in the cloud. And so we see a road map that materializes over an 18, 24-month period that allows us to continually work with these customers to help protect them and secure them. And so it is actually a great bidirectional conversation that we're having, and we feel like we're at the top of the list.
Your next question comes from the line of Ittai Kidron of Oppenheimer.
And [indiscernible] everyone's comments, our thoughts are with you. Matt, Josh had a couple of questions, Matt, to you. On the go-to-market side, where is your priority right now, expansion with existing customers given the massive growth in the portfolio and what you have to offer or going after new customers. Clearly, everyone would have had -- would want to have another 100 salespeople running around. But given what you have, how are you reorienting your sales force right now? What is the priority? And for you, Josh, on the financial side, I want to go back to Saket's comments. Clearly, you've done a very good job in keeping up maintenance and the price increases are clearly helping. But we're now getting into, right, the 3-year mark of the real big shift in subscription. And so I'm kind of wondering if there -- there's a cohort of large customers that were on 3 or perhaps even 5-year contracts with you that are now coming for renewal, is there a risk that they -- not a risk, but is there a possibility that they shifted the cloud in a way that creates significant step-downs in maintenance as they shift from 1 tool to another. Help me understand that transition. Why should we keep thinking that maintenance will just keep on slowly gliding down rather than have big step-downs? Sorry for the long question.
No, no, it's good questions. And again, thanks for the support. On the go-to-market side, I think the answer is both, and let me now dig into that a little bit. So we believe that the sales team incredibly well equipped to do the upsell and cross-sell motion. We have deep relationships with our customers. We have the conversations that I was describing in the prior answer. And so our sales team is really empowered to focus most of their feet on the street motion to the cross-sell and upsell motion. At the same time, we've invested heavily in our marketing organization in both the demand gen programs, the brand campaigns, the ability to be able to ramp up more SDRs, sales development reps who are doing some of the cold calling and outbound calling.
All of that allows us to use the marketing engine to actually go generate the new logos and actually set up the meetings, get them qualified before we hand them over to the sales force. Then we get a sales team involved and obviously, they can help participate in moving it through the pipe. So we've kind of set up this really strong engine where everybody knows their role, marketing is primarily focused on making sure we drive new logos, building the pipeline for the future, making sure 2024 and 2025 are going to be incredibly successful.
And the sales team is out there leveraging their relationships to drive upsell and cross-sell. And then there's a third dynamic here on the go-to-market perspective, which is our partner organization, which mirrors us in that respect. And so by driving up our relationships with advisory firms with the MSP providers, with our traditional reselling partners, they're out there in the market, helping to push not only PAM, which is what we would have said 2 years ago, but the entire identity security story. And by that, we get exponential feet on the street who can drive our go-to-market motion.
And so all of that together is really how we're focused. We continue to layer in capacity to make sure we have enough direct sales capacity. We continue to layer in investment in certification and ramping up partners, and we spend money in marketing. And together, that's what's driving our go-to-market engine itself.
And Ittai, as it relates again to the maintenance. So absolutely, we believe 2024 will be a larger number than what we've seen in reduction in 2023. But we think it's not going to be like a huge step down. And we're seeing that because conversion still today are only as we talked about earlier in the prepared remarks, there's still only a single-digit percentage of our ARR growth. We also have, obviously, a good view on our pipeline for where conversions are going and certainly in the next -- for the next 2 to 3 quarters. And we feel that, yes, we are going to have more conversions, and we have less perpetual. So that's why it's it's going to increase over 2023. But the good news about CyberArk, and you've been following us for a long time is that we actually are not a large deal dependent type company. We do a lot of -- we have a lot of large transactions, but we're very diversified across the world, across verticals, across deal sizes and so we don't see necessarily the floor dropping off on maintenance. And by the way, to the extent that it's as a result of moving to SaaS, it's actually still good for the business.
So SaaS dollars and SaaS deployments would be excellent for the business even as it moves more and more in that direction. So I think overall, we'll come back in February with maybe a tighter view on where we see 2024. But at this point, we're kind of seeing it along the lines of what we've seen in 2023 with a site with a continued increase on an annual basis for 2024.
And just 1 add for me on top of what Josh said, which was strong and accurate was is this idea of what are we actually going to do with this base of maintenance paying customers. And Josh mentioned it, which is when we convert them, great, we get this really nice uplift, 3x uplift and they're expanding their footprint and they're buying more stuff. So I don't really want to force them through forced migration if they're not ready because I don't want to really miss out on that uplift. But a second really important point is it those customers who are still sitting on perpetual assets for their PAM solution are buying our newer solutions in a SaaS motion. So it's not stopping those customers from expanding their footprint with CyberArk with SaaS solutions, probably if that wasn't the case, we pushed them a little bit harder. But since the cross-sell and upsell can still happen into that base with our greatest SaaS products, I'm happy to leave them there until they're ready to move.
Your next question comes from the line of Brian Essex of Morgan JPMorgan.
I'd also like to echo my support for your friends and colleagues in Israel. It's great to see the strong net new ARR growth as well as a large deal momentum. But maybe to follow up on the question that was just asked. Could you touch a bit on a mix of term in subscription ARR. And then strategically, as we track your progress towards your calendar '27 goals, are you seeing traction in opportunity down market as SaaS continues to gain traction on your platform? Or is SaaS going to be -- continue to be more of a, I guess, larger enterprise opportunity with the ability to drive easier and more cost-effective adoption?
Yes. Thanks, Brian, and thanks for the support. I think when we think about the SaaS term-based license or subscription mix, it continues to be about 2/3, 1/3, and that's kind of held up throughout the transition. So I don't think we see a major shift in that at the moment. Obviously, as more and more of the pure new product sell, the SaaS number will tick up, but it's 2/3, 1/3 is good for modeling purposes. In terms of our ability to go down market, it's very clear when we go down market, that is a SaaS sell. In fact, the SaaS mix there would be well over 80% on SaaS offering actually probably looking a little higher than that when we're selling down market.
So we lead with SaaS, customers only want SaaS when we're going down into what we call our corporate market, which is customers that are about $500 million to $1.5 billion in annual revenue. That's our down market and for that market, they're adopting SaaS solutions. And we love it because it's a quick adoption and then a quick ability to be able to expand them over time.
Your next question comes from the line of John DiFucci of Guggenheim.
I'm sorry. This is John Diffuse for Ray McDonagh. At and Josh, I don't normally try to repeat what everyone else is saying, but it's important to just express our thoughts and prayers with your employees and the people. Guys, you continue to put up impressive top line momentum in an environment would, frankly, most aren't even in the Security segment. And we really appreciate the bottom line discipline.
But I have a question sort of following up Ittai's question on go-to-market. And it's something you might not have much control over. Are there any general trends worth noting for the second half of this year? For instance, we're generally hearing about exhausted security budgets coming into the end of '23. It's very good reason because people have spent a lot on security throughout '23. Are you hearing this at all? And if so, are you seeing any deals that might be getting pushed out into '24 at the end of the year? Or is budget getting pulled into '23 from '24 to satisfy current security needs?
Thanks. And again, thanks for the support. We really do appreciate it. So listen, I think when we look at our go-to-market environment, we continue to see actually strengthening. And we've talked about a strong environment for us to be able to execute -- our ability to execute throughout the whole year. And you heard me mention that in Q3, we saw it become even better for us. I think we talk about it in 2 lights. One is better for us in terms of the customers are more willing to spend their budgets and better for us in terms of the team is executing even more efficiently, more effectively within -- with our customers.
I would actually say we see a little bit of the opposite of what you're describing. We see budgets kind of firming up. We have good line of sight to those budgets, which goes into how we look at the year and frankly, how we think about next year. We also see deal sizes increasing, not going down. We saw close rates going up, not even staying flat, but going up. So our overall productivity goes up. We saw again another quarter of amazing pipeline build. A lot of that pipeline will come to realization in 2024, might not be in Q4 here. But -- so I think when we look at the environment, we talk to stressed out CISO, so stressed is the right word. But we see the fact that what we're working with them around is not a budget optional decision. It's where you want to spend money if you have any money at all. And I think that is what's driving our success, and it drives our outlook going forward. and it drives our confidence in the overall market that we're playing in, in the identity security market itself.
Your next question comes from the line of Fatima Boolani of Citi.
Sending my well wishes to you and the entire CyberArk family. Either for Matt or Josh, feel free to jump all this one. I wanted to get a sense of sales cycle trends within the new logo and expansion activity that you're very strongly executing on. And really, the spirit of the question is you've got a much more expanded portfolio. So how are you managing the extension of sales cycles that typically come with the sale of a broader portfolio.
Yes. Thank you, and thanks for the support. I think we always have had enterprise grade is how I describe it, sales cycles. We've always had to sell over multiple quarters even when we were just selling PAM because it was a big program, and it was a significant sale. And so I think we're pretty used to longer sales cycles as we moved to a platform selling motion, broader portfolio. We haven't seen any real elongation in our overall sales cycle. On the flip side, we haven't seen it kind of really dramatically come down in its time lines, either even though we've moved to a SaaS sale, which traditionally might bring some of those sales cycles in.
So I think we're operating consistently with what we've always done, which is expansion sales cycles are shorter. New logo sales cycles take a little bit more time. In the early part of the year, especially in the Q1, as we talked about, sales cycles for new logos were a little bit longer. We've continued to see our ability to firm that up over time here. And so I think when we look at the Q3 performance as a whole, it's consistent with a firming up environment. And again, I know I say this a lot, but they're near and dear to my heart. Our go-to-market team continues to execute at just phenomenal rates to be able to make sure that they bring the deals in when they say they're going to bring the deals in.
Your next question comes from the line of Junaid Siddiqui of Truist Securities.
You highlighted secure cloud access that you just launched recently. I was just curious about some of the other new products that you launched that impact like Secure Browser. What's been a positive surprise to you in terms of how quickly they're being adopted by customers and contributing to growth?
Sure. So on Secure Browser, we have not released that for general availability yet that will come out towards the end of this year here. We continue to have really, really strong conversations with customers about it, both has a more secure way of browsing and also as a front-end user interface for the identity security platform that we offer out into the market. And by the way, we see -- and you see it in some of the recent breaches, that the notion of session hijacking is 1 of the most risky new attack methods that's accelerating in the market and our Secure Browser, which allows for cookie list browsing really protects against session hijacking. But I would say on the browser front, way too early to comment in terms of -- it's not even out in the main market yet.
As we talk about secure cloud access, I get kind of unbridled enthusiasm here. And why is that? Because it's bringing the best of PAM, the best of the idea of privilege controls, session management, session isolation recording. It's bringing that to a brand-new population. And what we need to understand about the cloud security market overall that everybody is talking about is most of what's being done in the cloud security market is around posture management, it's around discovery, it's around visibility. It's because over time, as these developers have gotten so many extra privileges, people want to understand what's going on. It's the Wild West and that's a good first step, and there's a lot of really, really strong companies that are focusing in that area. We're unique in the cloud space in that we're not all that concerned about visibility and about discovery. Other people can do that. What we want to be able to do is lock down control in the cloud. We want to take all of these thousands of developers who have unfettered access to the AWS or Microsoft, cloud services, the platform itself. And we want to make sure that those users can still innovate, they can still build. They can still troubleshoot, but they have privileged controls applied when they're doing it. And we do it uniquely with this idea of 0 standing privilege so that the actual account of the developer, their account, Federated account has no privileges, for example, in the AWS console. So when it's sitting there on the side, it's secure. When they go to log into the console, that's when the privileges are applied just in time.
They're able to execute their work and then it's removed immediately as soon as they log out, and it's controlled with workflows with time-bound access. Now I went a little deeper there on that because I love the question, but I also went a little deeper there for people to understand the opportunity that arises for us as everybody thinks about cloud security, for us to bring what we do best, which is privileged controls, locking down access to this entire population that needs to be secured. And so that's really an exciting motion for us. We had some great wins actually in the quarter. still very tiny business. It's only 1 or 2 quarters in, but you can hear the optimism for me around this piece of our business as I'm describing our unique approach.
Your next question comes from the line of Adam Borg of Stifel.
Awesome. And again, I'll come my thoughts about the entire Israeli team and the community of his [indiscernible] broadly. Real quickly on the government opportunity. So it was 8% mix of ARR in the quarter. Maybe just talk a little bit more about how federal played out in the quarter and how you think about government more broadly over the next 12 months?
Thanks, Adam, and thanks for the support. Listen, I think when we -- and we've been talking about this for a little while here, right? We're very happy with our position within federal government here in the U.S., the global government where we see a lot of momentum even in the state and local government that falls up into our SLED business. What we see across the board is whereas in the past, a lot of the budget purchases were at the point of kind of year-end budget flush, we've seen because of the criticality of identity security that the actual purchases are much more spread out throughout the year. And they're coming in conjunction with need and actual deployment plans to get them into place. That actually is a much more exciting place for us to be in. It allows us to be able to have a thriving and healthy global government business all year around. And it allows us to be able to invest in the ability to bring new solutions to that customer population, including our investment in getting our EPM and identity and [ bring ] cloud into the Fed ramp process over time here, it's our ability to be able to actually expand beyond our strong PAM footprint in a lot of these agencies and accounts.
And so when we look at government, in fact, we highlighted a government account in the script that actually is outside of the U.S. But when we look at government, we see the threat landscape actually expanding on them exponentially even more than some of the private sector. and their recognition of the need for proper identity security solutions continues on. So we think there's a long runway of growth within the government sector. And we're really happy with our results from that perspective.
Your next question comes from the line of Brian Colley of Stephens.
And certainly like to echo my support as well for the team in Israel and the people more [indiscernible]. I'm curious if you saw any divergence and demand trends this quarter between the enterprise and mid-market segments of your business. We've heard some other cybersecurity companies said they started seeing some softness in the third quarter in the mid-market. So I'm wondering if that's something you saw materialize in any way.
So we didn't see any change in that environment. I think we've talked about the idea that the mid-market is more affected by macros than the enterprise space. But we haven't seen any real change or diversion -- any change in that from that perspective. I think 1 of the things that we have to keep reminding everybody around and it's different than some of our other cybersecurity peers is that we're really not playing in the low end of the mid-market. And I know I said it a couple of minutes ago, but I'll say it again, our mid-market, what we call corporate customers are $500 million to $1.5 billion. CyberArk would be a mid-market account for CyberArk. And so I think those organizations, especially the ones in the upper end there kind of mirror in their behaviors, what we're seeing in the enterprise space, and that continues on in the third quarter.
Your next question comes from the line of Alex Henderson of Needham.
Great. I'm rarely hear somebody talk about an "amazing pipeline build". And I was hoping you could talk a little bit about the composite of that. How much of that is driven off of just simply the broader adoption of the platform existing customers and the like. Much of that is driven off of the the recent new product and technologies that were announced and the reaction from your trade show mid-summer. And the reason I ask the question is, obviously, with the 6-months plus sales cycle. I assume that, that mid-summer build might be helping visibility?
Sure, sure. So listen, I think when we think about our pipeline, it's a little bit of check, check, check, all of the above. We see our pipeline being affected by the ability to be able to sell a much broader portfolio. And in fact, while the PAM pipeline continues to grow in a really nice way, and you saw that in our results this quarter, we see the solutions outside of PAM, they're growing at a faster rate. we see our access business continue to grow. Our secrets business continue to grow. As I mentioned, we see some nice pipeline build around our Secure Cloud Access, EPM continues to be a bright spot for us.
So we definitely see the kind of mix of the portfolio coming to play to help build the year-over-year growth rate in pipeline. And whenever I'm talking about pipeline, I'm always talking about year-over-year growth, not just an absolute number. Now in addition to all of that, we also see the way the pipeline getting built to be in a much more healthy manner. Meaning, if you rewind rewound a couple of years ago, all pipeline came from sales. And now we start to see actually that our routes of pipeline build, what's marketing-generated pipe, what's channel-generated pipe -- we see those starting to kick into high gear and that broadens our ability to have a better go-to-market engine. And so when you combine a broader portfolio that seems to resonate with customers, with broader routes to market that actually can build pipeline, that's how you end up in the situation that we've been in for several quarters where we've talked about our pipeline kind of building at a really strong rate. The events that we put on are wonderful, and we didn't just do the by the way, the event in last spring. We've been doing a world tour at '15, '17, whatever it is countries around the [indiscernible] track because we've been traveling so much. And each 1 helps us to tell the story and help customers understand why identity security is so important and why CyberArk, who they should choose. And that all goes together to put us in a healthy position as a company where we had a a really great quarter that we could talk to.
We were able to guide forward with the guidance we put out there, and we look towards next year with optimism. And for sure, we look towards our 2025 and 2027 targets with a strong degree of confidence in our ability to be able to go ahead.
We've run out of time for questions. So I will now turn the call over to CEO, Matt Cohen for closing remarks.
Thanks, everybody, and thanks again for everybody's support to us personally. It means the world I want to finish by where I started by saying our #1 priority is our employees, their health, their well-being. They've done such a tremendous job of working under these challenging conditions. And I'm really proud proud to be part of this company and work with such amazing people. We continue together to make sure we focus all together on our customers and securing them against the cyber threats that are out there. Thanks, and talk soon.
This concludes today's conference call. You may now disconnect.