CyberArk Signs Definitive Agreement to Acquire Machine Identity Management Leader Venafi from Thoma Bravo

Rhea-AI Summary

CyberArk (NASDAQ: CYBR) has signed a definitive agreement to acquire Venafi, a leader in machine identity management, from Thoma Bravo for approximately $1.54 billion. This deal combines Venafi’s machine identity capabilities with CyberArk’s identity security platform, enhancing end-to-end machine identity security. The acquisition will expand CyberArk's total addressable market by nearly $10 billion, reaching approximately $60 billion. Venafi is expected to add $150 million in annual recurring revenue and immediately improve margins. The transaction is projected to close in the second half of 2024, pending regulatory approvals.

Positive

• Acquisition expands CyberArk's total addressable market from $50 billion to $60 billion.
• Venafi is expected to add $150 million in annual recurring revenue.
• Venafi's business model boasts 95% recurring revenue, enhancing financial stability.
• The deal is expected to be immediately accretive to non-GAAP margins.
• Combination of CyberArk and Venafi's solutions will establish a unified platform for machine identity security.
• Significant top-line growth synergies anticipated through cross-sell, up-sell, and geographic expansion.

Negative

• Acquisition cost of approximately $1.54 billion, including $1 billion in cash, could strain liquidity.
• The deal is subject to regulatory approvals and other customary closing conditions, which could delay or derail the transaction.
• Integration risks may arise, potentially impacting operational efficiency and financial performance.

Insights

Financial Analyst

CyberArk's acquisition of Venafi for an enterprise value of $1.54 billion is notable for several reasons. Firstly, Venafi's addition is expected to significantly enhance CyberArk's revenue with an additional $150 million in annual recurring revenue (ARR). This is significant because recurring revenue streams provide stability and predictability to financial results, which investors typically find attractive.

Additionally, the announcement highlights that Venafi operates with a strong business model comprising 95% recurring revenue, including SaaS and term-based licenses. This aligns well with CyberArk's existing business strategy and is expected to be immediately accretive to non-GAAP margins, suggesting an immediate improvement in profitability post-acquisition.

The acquisition also aims to expand CyberArk's total addressable market (TAM) by $10 billion, broadening the company's market opportunities. This expanded TAM, from $50 billion to $60 billion, provides a broader revenue base and more growth opportunities.

However, there are risks to consider. Acquisitions often come with integration challenges and unforeseen costs. The deal's success largely hinges on effective integration, realizing cross-sell and up-sell synergies and managing geographic expansion efficiently. Investors should monitor how well CyberArk manages these facets post-acquisition.

Short-term, the acquisition's cash component of $1 billion could affect CyberArk's liquidity and leverage ratios. Long-term, successful integration and realization of the projected synergies will be key to sustaining shareholder value.

Tech Expert

The combination of CyberArk's identity security capabilities with Venafi's machine identity management tools is a strategic move that addresses a growing cybersecurity concern. As organizations accelerate digital transformation and cloud migration, the number of machine identities, including IoT devices and containers, is exploding. Ensuring these identities are securely managed and automated is critical to preventing cyberattacks and system failures.

Venafi's technologies, including certificate lifecycle management, private PKI and cryptographic code signing, complement CyberArk's secrets management capabilities. Together, they provide a more robust platform to protect against misuse and compromise of machine identities. This will be increasingly important in a post-quantum world where cryptographic standards will evolve.

From a technical standpoint, the acquisition positions CyberArk to offer a comprehensive machine identity security solution that can be deployed as SaaS or hybrid, catering to varying organizational needs. This adaptability is essential as enterprises strive for faster risk mitigation in modern cloud environments.

While the integration of technologies brings promising synergies, potential technical challenges revolve around ensuring seamless interoperability and maintaining high security standards during the integration process. Monitoring how effectively CyberArk integrates Venafi's solutions will be important for investors.

Market Research Analyst

CyberArk's acquisition of Venafi expands its market presence significantly. By integrating Venafi's machine identity management solutions, CyberArk can cater to the evolving needs of enterprises facing growing complexities in managing machine identities.

The exponential growth in machine identities necessitates advanced security measures. Venafi's capabilities in IoT identity management and cryptographic code signing align well with market demands and enhance CyberArk's offerings. The acquisition positions CyberArk as a comprehensive security provider capable of addressing both human and machine identity management.

The projected expansion of CyberArk's total addressable market by $10 billion underscores the growth potential in the identity security market. This positions CyberArk strategically to capture a larger share of the market and drive revenue growth.

However, market competition is fierce, with other players also advancing their identity security solutions. CyberArk's ability to maintain a competitive edge and capitalize on the expanded TAM will depend on its execution strategy and ability to innovate continuously.

For investors, the acquisition presents a promising growth opportunity, but it's essential to keep an eye on how CyberArk navigates market competition and integrates Venafi's solutions to realize the projected synergies.

Sets New Standard for End-to-End Machine Identity Security

Provides Significant Top-Line Growth Synergies and Expected to be Immediately Accretive to Margins

Expands CyberArk’s Total Addressable Market with Complementary Machine Identity Solutions

NEWTON, Mass. & PETACH TIKVA, Israel--(BUSINESS WIRE)-- CyberArk (NASDAQ: CYBR), the identity security company, today announced it has signed a definitive agreement to acquire Venafi, a leader in machine identity management, from Thoma Bravo. This acquisition will combine Venafi’s best-in-class machine identity management capabilities with CyberArk’s leading identity security capabilities to establish a unified platform for end-to-end machine identity security at enterprise scale.

Digital transformation and ongoing cloud migration have led to an exponential increase in the number of machine identities, such as workloads, code, applications, IoT devices and containers. The number of machines is rapidly outpacing the growth in their human counterparts, with more than 40 machine identities for every human identity. Left unprotected, they serve as a lucrative hunting ground for cybercriminals. These machine identities need to be discovered, managed, secured and automated to keep their connections and communications safe. This is made more complex by shorter certificate lifecycles, from 398 to 90 days, and the need to be quantum ready.

According to Forrester¹, “Historically, enterprises have taken less interest in managing machine identities compared with human identities, in part because machine identities present different requirements and more complicated lifecycle challenges. However, the exponential growth of machine identities, both for devices and cloud workloads, has brought attention and urgency to improving machine identity management to reduce the risks stemming from this expanded threat surface. Machine identity growth will outpace human identities, necessitating advanced and automated approaches to effectively manage machine identities and associated risks.”

The combination of Venafi’s certificate lifecycle management, private Public Key Infrastructure (PKI), IoT identity management and cryptographic code signing, with CyberArk’s secrets management capabilities will enable organizations to protect against misuse and compromise of machine identities, vastly improve security, and stop costly outages. Having a breadth and depth of options for machine identity security all in one solution – that can be deployed as SaaS or hybrid – will enable faster risk mitigation for organizations of all sizes looking to secure modern cloud environments.

As an innovative leader in PKI and certificate management with a robust presence in modern cloud environments, Venafi offers complementary solutions that expand CyberArk’s total addressable market (TAM) by nearly $10 billion to approximately $60 billion.

“This acquisition marks a pivotal milestone for CyberArk, enabling us to further our vision to secure every identity – human and machine – with the right level of privilege controls,” said Matt Cohen, Chief Executive Officer, CyberArk. “By combining forces with Venafi, we are expanding our abilities to secure machine identities in a cloud-first, GenAI, post-quantum world. Our integrated technologies, capabilities and expertise will address the needs of global enterprises and empower Chief Information Security Officers to defend against increasingly sophisticated attacks that leverage human and machine identities as part of the attack chain. Venafi brings world-class talent who shares CyberArk’s customer-centric, people-first culture and a security-first mindset. We are thrilled to work with the Venafi team to capitalize on the tremendous growth opportunity in the identity security market.”

“It has been a pleasure to work with the Venafi team, leveraging our operational expertise to further cement Venafi as a leading force in machine identity management,” said Chip Virnig, a Partner at Thoma Bravo. “Over the course of our investment, Venafi has accelerated SaaS growth, expanded margins, and successfully created a best-in-class SaaS offering, setting the stage for continued innovation. We believe CyberArk is a great partner for Venafi and that the scaled end-to-end machine identity security platform created by this strategic combination will deliver significant value to shareholders.”

Details Regarding the Proposed Acquisition

CyberArk intends to acquire Venafi for an enterprise value of approximately $1.54 billion in a combination of cash and CyberArk shares (approximately $1 billion in cash and approximately $540 million in shares). The Boards of Directors of both CyberArk and Venafi have each approved the transaction.

The transaction is expected to close in the second half of 2024, subject to required regulatory approvals, clearances and other customary closing conditions. Other details include:

• Venafi is expected to add approximately $150 million annual recurring revenue (ARR).
• Venafi brings a strong business model with 95% in recurring revenue, including SaaS and Term Based License Revenue.
• The transaction is expected to be accretive to margins immediately², with significant revenue synergies through cross-sell, up-sell and geographic expansion.
• Venafi brings complementary capabilities to protect machine identities and expands the Total Addressable Market (TAM) from $50 billion to $60 billion.

¹ The Forrester Tech Tide™: Identity And Access Management (IAM), Q1 2023 by Andras Cser, Geoff Cairns with Merritt Maxim, Hailey DiCicco, Peggy Dostie, February 8, 2023

² Expected to be accretive to non-GAAP margins

Advisors

Morgan Stanley & Co. LLC is serving as exclusive financial advisor to CyberArk and Latham & Watkins LLP is serving as legal counsel to CyberArk. Piper Sandler is serving as exclusive financial advisor to Thoma Bravo and Kirkland & Ellis LLP is serving as legal counsel to Thoma Bravo.

Conference Call Information

In conjunction with this announcement, CyberArk will host a conference call on Monday, May 20, 2024 at 8:30 a.m. Eastern Time (ET) to discuss the proposed acquisition of Venafi. To access this call, dial +1 (646) 968-2525 (U.S.) or +1 (888) 596-4144 (international). The conference ID is 2727264. Additionally, a live webcast of the conference call will be available via the “Investor Relations” section of the company’s website at www.cyberark.com.

Following the conference call, a replay will be available for one week at +1 (800) 770-2030 (U.S.) or +(609) 800-9909 (international). The replay pass code is 2727264. An archived webcast of the conference call will also be available in the “Investor Relations” section of the company’s website at www.cyberark.com.

About CyberArk

CyberArk (Nasdaq: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, Twitter, Facebook or YouTube.

About Venafi

Venafi is a cybersecurity market leader and the category creator of machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

About Thoma Bravo

Thoma Bravo is one of the largest software-focused investors in the world, with over US$138 billion in assets under management as of December 31, 2023. Through its private equity, growth equity and credit strategies, the firm invests in growth-oriented, innovative companies operating in the software and technology sectors. Leveraging Thoma Bravo’s deep sector knowledge and strategic and operational expertise, the firm collaborates with its portfolio companies to implement operating best practices and drive growth initiatives. Over the past 20+ years, the firm has acquired or invested in more than 465 companies representing approximately US$260 billion in enterprise value (including control and non-control investments). The firm has offices in Chicago, London, Miami, New York and San Francisco. For more information, visit Thoma Bravo’s website at thomabravo.com.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: the ability of the parties to consummate the proposed transaction on a timely manner or at all; the satisfaction of the conditions precedent to consummation of the proposed transaction, including the ability to secure regulatory approvals on the terms expected, in a timely manner or at all; the potential impact of the announcement of the proposed transaction on the ability of CyberArk or Venafi to retain and hire key personnel and maintain relationships with customers, suppliers and others with whom CyberArk or Venafi do business, or on CyberArk’s or Venafi’s operating results and business generally; disruption of the current plans and operations of CyberArk and Venafi as a result of the proposed transaction or its announcement, including increased risks of cyberattacks; risks that Venafi’s business will not be integrated successfully into CyberArk’s operations; risks relating to CyberArk’s ability to realize anticipated benefits of the combined operations; changes to the drivers of the Company’s growth and its ability to adapt its solutions to IT security market demands; fluctuation in the Company’s quarterly results of operations due to sales cycles and multiple pricing and delivery models; the Company’s ability to sell into existing and new customers and industry verticals; an increase in competition within the Privileged Access Management and Identity Security markets; unanticipated product vulnerabilities or cybersecurity breaches of the Company’s, or the Company’s customers’ or partners’ systems; complications or risks in connection with the Company’s subscription model, including uncertainty regarding renewals from its existing customer base, and retaining sufficient subscription or maintenance and support service renewal rates; risks related to compliance with privacy and data protection laws and regulations; regulatory and geopolitical risks associated with global sales and operations, as well as impacts from the ongoing war between Israel and Hamas and other conflicts in the region, as our principal executive offices, most of our research and development activities and other significant operations are located in Israel; risks regarding potential negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market fluctuations, rising interest rates, bank failures, inflation, and the potential for regional or global recessions; the Company’s ability to hire, train, retain and motivate qualified personnel; reliance on third-party cloud providers for the Company’s operations and SaaS solutions; the Company’s history of incurring net losses and its ability to achieve profitability in the future; risks related to the Company’s ongoing transition to a new Chief Executive Officer; risks related to sales made to government entities; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of strategic acquisitions; the Company’s ability to expand its sales and marketing efforts and expand its channel partnerships across existing and new geographies; changes in regulatory requirements or fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; risks related to intellectual property claims or the Company’s ability to protect its proprietary technology and intellectual property rights; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240520321942/en/

For CyberArk

Investor Relations:

Srinivas Anantha, CFA

CyberArk

617-558-2132

ir@cyberark.com

Media:

Nick Bowman

CyberArk

+44 (0) 7841 673378

press@cyberark.com

For Thoma Bravo

Thoma Bravo Communications

Megan Frank

(212) 731-4778

mfrank@thomabravo.com

or

FGS Global

Liz Micci / Abigail Farr

(212) 687-8080

Liz.micci@fgsglobal.com / abigail.farr@fgsglobal.com

Source: CyberArk

FAQ

What is the acquisition price for Venafi by CyberArk?

CyberArk is acquiring Venafi for approximately $1.54 billion, including $1 billion in cash and $540 million in CyberArk shares.

What is the expected impact on CyberArk's total addressable market (TAM) after acquiring Venafi?

The acquisition will expand CyberArk's total addressable market from $50 billion to approximately $60 billion.

When is the CyberArk and Venafi acquisition expected to close?

The acquisition is expected to close in the second half of 2024, subject to regulatory approvals and other customary conditions.

How will Venafi's revenue model benefit CyberArk?

Venafi brings a strong business model with 95% recurring revenue, including SaaS and term-based licenses, adding approximately $150 million in annual recurring revenue.

What synergies are expected from CyberArk's acquisition of Venafi?

The acquisition is expected to provide significant top-line growth synergies through cross-sell, up-sell, and geographic expansion.