UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549  
 


FORM 6-K  
 

 
REPORT OF FOREIGN PRIVATE ISSUER
Pursuant to Rule 13a-16 or 15d-16 under the
Securities Exchange Act of 1934
 
For the month of May 2024
 
Commission File Number: 001-36625  
 

 
CyberArk Software Ltd.
(Translation of registrant’s name into English)  
 

 
CyberArk Software Ltd.
9 Hapsagot St.
Park Ofer 2, POB 3143
Petach-Tikva, 4951041 Israel
 (Address of principal executive offices)  


 
Indicate by check mark whether the registrant files or will file annual reports under cover Form 20-F or Form 40-F.
 
Form 20-F ☒            Form 40-F ☐
 

CONTENTS

Entry into Merger Agreement

On May 19, 2024, CyberArk Software Ltd. (the “Company”) entered into an Agreement and Plan of Merger (the “Merger Agreement”) with Venafi Holdings, Inc., a Delaware corporation (“Venafi”), Venafi Parent, LP, a Delaware partnership (“Seller”) and Triton Merger Sub, Inc., a Delaware corporation and indirect wholly-owned subsidiary of the Company (“Merger Sub”) pursuant to which Merger Sub will merge with and into Venafi (the “Merger”) with Venafi continuing after the Merger as a wholly-owned indirect subsidiary of the Company.  The Merger is structured as a statutory merger under the Delaware General Corporation Law.

The total enterprise value for the transaction is $1.54 billion in a combination of cash (approximately $1 billion) and Company stock (approximately $540,000,000). Subject to the terms and conditions of the Merger Agreement, all of the common stock of Venafi issued and outstanding as of the time of the Merger (the “Effective Time”) will be canceled and converted into the right to receive (i) an aggregate amount in cash of $856,000,000 and (ii) 2,285,076 ordinary shares of the Company. The ordinary shares of the Company will be issued to Seller without registration under the Securities Act of 1933 in reliance on the private offering exemption provided by Section 4(a)(2) thereof. The aggregate amount in cash of $856,000,000 is net of certain adjustments related to items such as Venafi debt, long-term obligations and cash balance.

The consummation of the Merger is subject to customary closing conditions, including, among others, the following conditions to the obligations of both the Company and Venafi: (i) the expiration or termination of any waiting period under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, as amended, and the rules and regulations thereunder, (ii) the approval of the Committee on Foreign Investment in the United States; (iii) the Merger having not been enjoined or otherwise prohibited by any applicable law or any writ, decree, decision, consent, stipulation, award, order, judgment, injunction, temporary restraining order or other order of any governmental authority; (iv) the truth and correctness of the other party’s representations and warranties in the Merger Agreement, subject in certain cases to a materiality or material adverse effect standard; and (v) performance, in all material respects, of the other party’s obligations in the Merger Agreement required to be performed at or prior to the consummation of the Merger.  In addition, the consummation of the Merger is subject to the following closing condition to the obligations of the Company: (i) the absence of a “Company Material Adverse Effect” (as defined in the Merger Agreement) with respect to Venafi and its Subsidiaries and (ii) receipt of the consent of Seller, as the sole stockholder of Venafi, approving the Merger.

The Company and Merger Sub have made customary representations, warranties and covenants in the Merger Agreement.

The Merger Agreement contains certain customary termination rights for the Company and Venafi, as well as the ability to terminate the Merger Agreement if the Merger is not consummated on or before February 19, 2025.

Registration Rights Agreement

At the Effective Time, the Company and Seller will enter into a customary Registration Rights Agreement (the “Registration Rights Agreement”), the form of which was agreed at the time of the signing of the Merger Agreement.  Subject to the terms and conditions of the Registration Rights Agreement, the Company will register with the Securities and Exchange Commission (the “SEC”) the ordinary shares of the Company issued to Seller in connection with the Merger (the “Seller Shares”).  The Registration Rights Agreement permits Seller to make a limited number of requests from the Company to perform underwritten shelf offerings, subject to certain volume restrictions. In addition, if the Company proposes to register any of its ordinary shares, Seller will have the right, pursuant to the Registration Rights Agreement, to be included in such registration, subject to customary cutbacks. Under the Registration Rights Agreement, the Company has agreed to pay the fees and expenses associated with registration of the Seller Shares. The Registration Rights Agreement contains customary provisions with respect to registration proceedings, underwritten offerings and indemnity and contribution rights.


This summary of the principal terms of the Merger Agreement and the form of Registration Rights Agreement is intended to provide information regarding certain key terms of the Merger Agreement and the form of Registration Rights Agreement, as applicable, and are not intended to modify or supplement any factual disclosures about the Company in its public reports filed with the SEC. In particular, this summary is not intended to be, and should not be relied upon as, disclosures regarding any facts and circumstances relating to the Company, Merger Sub or their respective affiliates.

The Company issued a press release on May 20, 2024 announcing the execution of the Merger Agreement. A copy of the press release is filed as Exhibit 99.1 hereto and incorporated herein by reference.

Cautionary Language Concerning Forward-Looking Statements

This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: the ability of the parties to consummate the proposed transaction on a timely manner or at all; the satisfaction of the conditions precedent to consummation of the proposed transaction, including the ability to secure regulatory approvals on the terms expected, in a timely manner or at all; the potential impact of the announcement of the proposed transaction on the ability of CyberArk or Venafi Holdings, Inc. (“Venafi”) to retain and hire key personnel and maintain relationships with customers, suppliers and others with whom CyberArk or Venafi do business, or on CyberArk’s or Venafi’s operating results and business generally; disruption of the current plans and operations of CyberArk and Venafi as a result of the proposed transaction or its announcement, including increased risks of cyberattacks; risks that Venafi’s business will not be integrated successfully into CyberArk’s operations; risks relating to CyberArk’s ability to realize anticipated benefits of the combined operations; changes to the drivers of the Company’s growth and its ability to adapt its solutions to IT security market demands; fluctuation in the Company’s quarterly results of operations due to sales cycles and multiple pricing and delivery models; the Company’s ability to sell into existing and new customers and industry verticals; an increase in competition within the Privileged Access Management and Identity Security markets; unanticipated product vulnerabilities or cybersecurity breaches of the Company’s, or the Company’s customers’ or partners’ systems; complications or risks in connection with the Company’s subscription model, including uncertainty regarding renewals from its existing customer base, and retaining sufficient subscription or maintenance and support service renewal rates; risks related to compliance with privacy and data protection laws and regulations; regulatory and geopolitical risks associated with global sales and operations, as well as impacts from the ongoing war between Israel and Hamas and other conflicts in the region, as  our principal executive offices, most of our research and development activities and other significant operations are located in Israel; risks regarding potential negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market fluctuations, rising interest rates, bank failures, inflation, and the potential for regional or global recessions; the Company’s ability to hire, train, retain and motivate qualified personnel; reliance on third-party cloud providers for the Company’s operations and SaaS solutions; the Company’s history of incurring net losses and its ability to achieve profitability in the future; risks related to the Company’s ongoing transition to a new Chief Executive Officer; risks related to sales made to government entities; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of strategic acquisitions; the Company’s ability to expand its sales and marketing efforts and expand its channel partnerships across existing and new geographies; changes in regulatory requirements or fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; risks related to intellectual property claims or the Company’s ability to protect its proprietary technology and intellectual property rights; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.


SIGNATURE
 
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
 
 
CYBERARK SOFTWARE LTD.
 
 
 
 
 
Date: May 19, 2024
By:
/s/ Joshua Siegel
 
 
 
Name: Joshua Siegel
 
 
 
Title:   Chief Financial Officer
 
 

EXHIBIT INDEX
 
Exhibit
 
Description
 
 

 


Exhibit 99.1

CyberArk Signs Definitive Agreement to Acquire Machine Identity
Management Leader Venafi from Thoma Bravo
 
Sets New Standard for End-to-End Machine Identity Security
Provides Significant Top-Line Growth Synergies and Expected to be Immediately Accretive to Margins
Expands CyberArk’s Total Addressable Market with Complementary Machine Identity Solutions

NEWTON, Mass. and PETACH TIKVA, Israel – May 20, 2024 – CyberArk (NASDAQ: CYBR), the identity security company, today announced it has signed a definitive agreement to acquire Venafi, a leader in machine identity management, from Thoma Bravo. This acquisition will combine Venafi’s best-in-class machine identity management capabilities with CyberArk’s leading identity security capabilities to establish a unified platform for end-to-end machine identity security at enterprise scale.
 
Digital transformation and ongoing cloud migration have led to an exponential increase in the number of machine identities, such as workloads, code, applications, IoT devices and containers. The number of machines is rapidly outpacing the growth in their human counterparts, with more than 40 machine identities for every human identity. Left unprotected, they serve as a lucrative hunting ground for cybercriminals. These machine identities need to be discovered, managed, secured and automated to keep their connections and communications safe. This is made more complex by shorter certificate lifecycles, from 398 to 90 days, and the need to be quantum ready.
 
According to Forrester¹, “Historically, enterprises have taken less interest in managing machine identities compared with human identities, in part because machine identities present different requirements and more complicated lifecycle challenges. However, the exponential growth of machine identities, both for devices and cloud workloads, has brought attention and urgency to improving machine identity management to reduce the risks stemming from this expanded threat surface. Machine identity growth will outpace human identities, necessitating advanced and automated approaches to effectively manage machine identities and associated risks.”
 
The combination of Venafi’s certificate lifecycle management, private Public Key Infrastructure (PKI), IoT identity management and cryptographic code signing, with CyberArk’s secrets management capabilities will enable organizations to protect against misuse and compromise of machine identities, vastly improve security, and stop costly outages. Having a breadth and depth of options for machine identity security all in one solution – that can be deployed as SaaS or hybrid – will enable faster risk mitigation for organizations of all sizes looking to secure modern cloud environments.
 
As an innovative leader in PKI and certificate management with a robust presence in modern cloud environments, Venafi offers complementary solutions that expand CyberArk’s total addressable market (TAM) by nearly $10 billion to approximately $60 billion.
 
“This acquisition marks a pivotal milestone for CyberArk, enabling us to further our vision to secure every identity – human and machine – with the right level of privilege controls,” said Matt Cohen, Chief Executive Officer, CyberArk. “By combining forces with Venafi, we are expanding our abilities to secure machine identities in a cloud-first, GenAI, post-quantum world. Our integrated technologies, capabilities and expertise will address the needs of global enterprises and empower Chief Information Security Officers to defend against increasingly sophisticated attacks that leverage human and machine identities as part of the attack chain. Venafi brings world-class talent who shares CyberArk’s customer-centric, people-first culture and a security-first mindset. We are thrilled to work with the Venafi team to capitalize on the tremendous growth opportunity in the identity security market.”
 

“It has been a pleasure to work with the Venafi team, leveraging our operational expertise to further cement Venafi as a leading force in machine identity management,” said Chip Virnig, a Partner at Thoma Bravo. “Over the course of our investment, Venafi has accelerated SaaS growth, expanded margins, and successfully created a best-in-class SaaS offering, setting the stage for continued innovation. We believe CyberArk is a great partner for Venafi and that the scaled end-to-end machine identity security platform created by this strategic combination will deliver significant value to shareholders.”
 
Details Regarding the Proposed Acquisition
 
CyberArk intends to acquire Venafi for an enterprise value of approximately $1.54 billion in a combination of cash and CyberArk shares (approximately $1 billion in cash and approximately $540 million in shares). The Boards of Directors of both CyberArk and Venafi have each approved the transaction.
 
The transaction is expected to close in the second half of 2024, subject to required regulatory approvals, clearances and other customary closing conditions. Other details include:
 
Venafi is expected to add approximately $150 million annual recurring revenue (ARR).
Venafi brings a strong business model with 95% in recurring revenue, including SaaS and Term Based License Revenue.
The transaction is expected to be accretive to margins immediately2, with significant revenue synergies through cross-sell, up-sell and geographic expansion.
Venafi brings complementary capabilities to protect machine identities and expands the Total Addressable Market (TAM) from $50 billion to $60 billion.

¹The Forrester Tech Tide™: Identity And Access Management (IAM), Q1 2023 by Andras Cser, Geoff Cairns with Merritt Maxim, Hailey DiCicco, Peggy Dostie, February 8, 2023
 
2 Expected to be accretive to non-GAAP margins
 
Advisors
 
Morgan Stanley & Co. LLC is serving as exclusive financial advisor to CyberArk and Latham & Watkins LLP is serving as legal counsel to CyberArk. Piper Sandler is serving as exclusive financial advisor to Thoma Bravo and Kirkland & Ellis LLP is serving as legal counsel to Thoma Bravo.
 
Conference Call Information
 
In conjunction with this announcement, CyberArk will host a conference call on Monday, May 20, 2024 at 8:30 a.m. Eastern Time (ET) to discuss the proposed acquisition of Venafi. To access this call, dial +1 (646) 968-2525 (U.S.) or +1 (888) 596-4144 (international). The conference ID is 2727264. Additionally, a live webcast of the conference call will be available via the “Investor Relations” section of the company’s website at www.cyberark.com.
 
Following the conference call, a replay will be available for one week at +1 (800) 770-2030 (U.S.) or +(609) 800-9909 (international). The replay pass code is 2727264. An archived webcast of the conference call will also be available in the “Investor Relations” section of the company’s website at www.cyberark.com.
 

About CyberArk
 
CyberArk (Nasdaq: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, Twitter, Facebook or YouTube.
 
About Venafi
 
Venafi is a cybersecurity market leader and the category creator of machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
 
About Thoma Bravo
 
Thoma Bravo is one of the largest software-focused investors in the world, with over US$138 billion in assets under management as of December 31, 2023. Through its private equity, growth equity and credit strategies, the firm invests in growth-oriented, innovative companies operating in the software and technology sectors. Leveraging Thoma Bravo’s deep sector knowledge and strategic and operational expertise, the firm collaborates with its portfolio companies to implement operating best practices and drive growth initiatives. Over the past 20+ years, the firm has acquired or invested in more than 465 companies representing approximately US$260 billion in enterprise value (including control and non-control investments). The firm has offices in Chicago, London, Miami, New York and San Francisco. For more information, visit Thoma Bravo’s website at thomabravo.com.
 
Cautionary Language Concerning Forward-Looking Statements
 
This release contains forward-looking statements, which express the current beliefs and expectations of CyberArk’s (the “Company”) management. In some cases, forward-looking statements may be identified by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential” or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: the ability of the parties to consummate the proposed transaction on a timely manner or at all; the satisfaction of the conditions precedent to consummation of the proposed transaction, including the ability to secure regulatory approvals on the terms expected, in a timely manner or at all; the potential impact of the announcement of the proposed transaction on the ability of CyberArk or Venafi to retain and hire key personnel and maintain relationships with customers, suppliers and others with whom CyberArk or Venafi do business, or on CyberArk’s or Venafi’s operating results and business generally; disruption of the current plans and operations of CyberArk and Venafi as a result of the proposed transaction or its announcement, including increased risks of cyberattacks; risks that Venafi’s business will not be integrated successfully into CyberArk’s operations; risks relating to CyberArk’s ability to realize anticipated benefits of the combined operations; changes to the drivers of the Company’s growth and its ability to adapt its solutions to IT security market demands; fluctuation in the Company’s quarterly results of operations due to sales cycles and multiple pricing and delivery models; the Company’s ability to sell into existing and new customers and industry verticals; an increase in competition within the Privileged Access Management and Identity Security markets; unanticipated product vulnerabilities or cybersecurity breaches of the Company’s, or the Company’s customers’ or partners’ systems; complications or risks in connection with the Company’s subscription model, including uncertainty regarding renewals from its existing customer base, and retaining sufficient subscription or maintenance and support service renewal rates; risks related to compliance with privacy and data protection laws and regulations; regulatory and geopolitical risks associated with global sales and operations, as well as impacts from the ongoing war between Israel and Hamas and other conflicts in the region, as  our principal executive offices, most of our research and development activities and other significant operations are located in Israel; risks regarding potential negative economic conditions in the global economy or certain regions, including conditions resulting from financial and credit market fluctuations, rising interest rates, bank failures, inflation, and the potential for regional or global recessions; the Company’s ability to hire, train, retain and motivate qualified personnel; reliance on third-party cloud providers for the Company’s operations and SaaS solutions; the Company’s history of incurring net losses and its ability to achieve profitability in the future; risks related to the Company’s ongoing transition to a new Chief Executive Officer; risks related to sales made to government entities; the Company’s ability to find, complete, fully integrate or achieve the expected benefits of strategic acquisitions; the Company’s ability to expand its sales and marketing efforts and expand its channel partnerships across existing and new geographies; changes in regulatory requirements or fluctuations in currency exchange rates; the ability of the Company’s products to help customers achieve and maintain compliance with government regulations or industry standards; risks related to intellectual property claims or the Company’s ability to protect its proprietary technology and intellectual property rights; and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.
 

For CyberArk
 
Investor Relations Contact:
Srinivas Anantha, CFA
CyberArk
617-558-2132
ir@cyberark.com
 
Media Contact:
Nick Bowman
CyberArk
+44 (0) 7841 673378
press@cyberark.com
 
For Thoma Bravo
 
Thoma Bravo Communications
Megan Frank
(212) 731-4778
mfrank@thomabravo.com
 
or
 
FGS Global
Liz Micci / Abigail Farr
(212) 687-8080
Liz.micci@fgsglobal.com / abigail.farr@fgsglobal.com
 


CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Oct 2024 to Nov 2024 Click Here for more CyberArk Software Charts.
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Nov 2023 to Nov 2024 Click Here for more CyberArk Software Charts.