Edgar Filing: CyberArk Software Ltd.

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 20-F

☐	REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934

☒	ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2016

☐	TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

☐	SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

Commission file number 001-36625

CYBERARK SOFTWARE LTD.

(Exact name of Registrant as specified in its charter)

ISRAEL

(Jurisdiction of incorporation or organization)

94 Em-Ha'moshavot Road
Park Ofer, P.O. Box 3143
Petach Tikva 4970602, Israel
(Address of principal executive offices)

Donna Rahav, Adv.
General Counsel & Corporate Secretary
Telephone: +972 (3) 918-0000
CyberArk Software Ltd.
94 Em-Ha'moshavot Road
Park Ofer, P.O. Box 3143
Petach Tikva 4970602, Israel
(Name, telephone, e-mail and/or facsimile number and address of company contact person)

Securities registered or to be registered pursuant to Section 12(b) of the Act:

Title of each class		Name of each exchange on which registered
Ordinary shares, par value NIS 0.01 per share		The NASDAQ Stock Market LLC

Securities registered or to be registered pursuant to Section 12(g) of the Act: None.

Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None.

Indicate the number of outstanding shares of each of the issuer's classes of capital or common stock as of the close of the period covered by the annual report: As of December 31, 2016, the registrant had outstanding 34,250,590 ordinary shares, par value NIS 0.01 per share.

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.

Yes x No ☐

If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.

Yes o No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes x No ☐

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§229.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).

Yes x No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated file, or a non-accelerated filer. See the definitions of "accelerated filer" and "large accelerated filer" in Rule 12b-2 of the Exchange Act (Check one):

Large accelerated filer ☒

Accelerated filer ☐

Non-accelerated filer ☐

Indicate by check mark which basis for accounting the registrant has used to prepare the financing statements included in this filing:


U.S. GAAP ☒	International Financial Reporting Standards as issued	Other ☐
	by the International Accounting Standards Board ☐

If "Other" has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.

☐ Item 17 ☐ Item 18

If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).

Yes ☐ No ☒

CYBERARK SOFTWARE LTD.

FORM 20-F
ANNUAL REPORT FOR THE FISCAL YEAR ENDED DECEMBER 31, 2016

TABLE OF CONTENTS


Introduction		1
Special Note Regarding Forward-Looking Statements		1
PART I

Item 1.	Identity of Directors, Senior Management and Advisers	2
Item 2.	Offer Statistics and Expected Timetable	2
Item 3.	Key Information	2
Item 4.	Information on the Company	26
Item 4A.	Unresolved Staff Comments	35
Item 5.	Operating and Financial Review and Prospects	35
Item 6.	Directors, Senior Management and Employees	59
Item 7.	Major Shareholders and Related Party Transactions	76
Item 8.	Financial Information	79
Item 9.	The Offer and Listing	79
Item 10.	Additional Information	80
Item 11.	Quantitative and Qualitative Disclosures About Market Risk	92
Item 12.	Description of Securities Other Than Equity Securities	93

PART II

Item 13.	Defaults, Dividend Arrearages and Delinquencies	94
Item 14.	Material Modifications to the Rights of Security Holders and Use of Proceeds	94
Item 15.	Controls and Procedures	94
Item 16.	[Reserved]	95
Item 16A.	Audit Committee Financial Expert	95
Item 16B.	Code of Ethics	95
Item 16C.	Principal Accountant Fees and Services	95
Item 16D.	Exemptions from the Listing Standards for Audit Committees	96
Item 16E.	Purchases of Equity Securities by the Issuer and Affiliated Purchasers	96
Item 16F.	Change in Registrant's Certifying Accountant	96
Item 16G.	Corporate Governance	96
Item 16H.	Mine Safety Disclosure	96

PART III

Item 17.	Financial Statements	97
Item 18.	Financial Statements	97
Item 19.	Exhibits	97

INTRODUCTION

In this annual report, the terms "CyberArk," "we," "us," "our" and "the company" refer to CyberArk Software Ltd. and its subsidiaries.

This annual report includes statistical, market and industry data and forecasts, which we obtained from publicly available information and independent industry publications and reports that we believe to be reliable sources. These publicly available industry publications and reports generally state that they obtain their information from sources that they believe to be reliable, but they do not guarantee the accuracy or completeness of the information. Although we believe that these sources are reliable, we have not independently verified the information contained in such publications. Certain estimates and forecasts involve uncertainties and risks and are subject to change based on various factors, including those discussed under the headings "Special Note Regarding Forward-Looking Statements" and "Item 3.D Risk Factors" in this annual report.

Throughout this annual report, we refer to various trademarks, service marks and trade names that we use in our business. The "CyberArk" design logo is the property of CyberArk Software Ltd. CyberArk® is our registered trademark in the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the "®" and "™" trademark designations in this annual report from each reference to our Privileged Account Security Solution, Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, Endpoint Privilege Manager, On-Demand Privileges Manager, secure Digital Vault, Web Management Interface, Master Policy Engine and Discovery Engine and DNA, all rights to such names and trademarks are nevertheless reserved. Other trademarks and service marks appearing in this annual report are the property of their respective holders.

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

In addition to historical facts, this annual report contains forward-looking statements within the meaning of Section 27A of the U.S. Securities Act of 1933, as amended, or the Securities Act, Section 21E of the U.S. Securities Exchange Act of 1934, as amended, or the Exchange Act, and the safe harbor provisions of the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to risks and uncertainties, and include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as "believe," "may," "estimate," "continue," "anticipate," "intend," "should," "plan," "expect," "predict," "potential," or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature:

our expectations regarding revenues generated by our hybrid sales model;

our expectations regarding our operating and net profit margins;

our expectations regarding significant drivers of our future growth;

our plans to continue to invest in research and development to develop on-premise and cloud-based products and services for both existing and new products;

our plans to invest in sales and marketing efforts and expand our channel partnerships across existing and new geographies;

our plans to hire additional new employees;

our plans to leverage our global footprint in existing and new industry verticals to further expand our market share;

our plans to pursue additional strategic acquisitions;

our plans to pursue incremental sales by further expanding our customer success team; and

our expectations regarding our tax classifications.

The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In particular, you should consider the risks provided under "Item 3.D Risk Factors" in this annual report.

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this annual report, to conform these statements to actual results or to changes in our expectations.

PART I

ITEM 1. IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS

Not applicable.

ITEM 2. OFFER STATISTICS AND EXPECTED TIMETABLE

Not applicable.

ITEM 3. KEY INFORMATION

A. Selected Financial Data

The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with "Item 5. Operating and Financial Review and Prospects" and our consolidated financial statements and related notes included elsewhere in this annual report. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. Generally Accepted Accounting Principles, or U.S. GAAP.

The selected consolidated statements of operations data for each of the years in the three-year period ended December 31, 2016 and the consolidated balance sheet data as of December 31, 2015 and 2016 are derived from our audited consolidated financial statements appearing elsewhere in this annual report. The consolidated statements of operations data for the years ended December 31, 2012 and 2013 and the consolidated balance sheet data as of December 31, 2012, 2013 and 2014 are derived from our audited consolidated financial statements that are not included in this annual report.

	Year ended December 31,
	2012		2013			2014			2015			2016
	(in thousands except share and per share data)
Consolidated Statements of Operations:
Revenues:
License	$	27,029	$	38,907		$	61,320		$	100,113		$	131,530
Maintenance and professional services		20,179		27,250			41,679			60,699			85,083
Total revenues		47,208		66,157			102,999			160,812			216,613
Cost of revenues:
License		1,002		1,216			2,654			5,088			4,726
Maintenance and professional services		5,922		7,860			12,053			17,572			25,425
Total cost of revenues(1)		6,924		9,076			14,707			22,660			30,151
Gross profit		40,284		57,081			88,292			138,152			186,462
Operating expenses:
Research and development(1)		7,273		10,404			14,400			21,734			34,614
Sales and marketing(1)		22,081		32,840			44,943			66,206			93,775
General and administrative(1)		3,297		4,758			8,495			16,990			22,117
Total operating expenses		32,651		48,002			67,838			104,930			150,506
Operating income		7,633		9,079			20,454			33,222			35,956
Financial income (expenses), net		4		(1,124	)		(5,988	)		(1,479	)		245
Income before taxes on income		7,637		7,955			14,466			31,743			36,201
Tax benefit (taxes on income)		225		(1,320	)		(4,512	)		(5,949	)		(8,077	)
Net income	$	7,862	$	6,635		$	9,954		$	25,794		$	28,124
Basic net income per ordinary share(2)	$	0.51	$	0.25		$	0.46		$	0.80		$	0.83
Diluted net income per ordinary share(2)	$	0.31	$	0.14		$	0.34		$	0.73		$	0.78
Weighted average number of ordinary shares used in computing basic net income per ordinary share(2)		6,592,997		6,900,433			13,335,059			32,124,772			33,741,359
Weighted average number of ordinary shares used in computing diluted net income per ordinary share(2)		25,245,790		10,765,914			29,704,730			35,322,716			35,838,863

	As of December 31,
	2012		2013		2014		2015		2016
	(in thousands)
Consolidated Balance Sheet Data:
Cash, cash equivalents, marketable securities and short-term bank deposits	$	45,995	$	65,368	$	177,181	$	238,252	$	295,475
Deferred revenue, current and long term		15,068		24,478		32,160		54,389		73,506
Working capital(3)		38,908		48,900		156,829		197,095		235,010
Total assets		64,379		89,632		210,552		334,424		403,031
Preferred share warrant liability		688		2,134		—		—		—
Total shareholders' equity		38,494		45,846		155,008		246,670		296,216

(1)	Includes share-based compensation expense as follows:

	Year ended December 31,
	2012		2013		2014		2015		2016
	(in thousands)
Cost of revenues	$	32	$	39	$	137	$	499	$	1,386
Research and development		58		73		172		1,507		4,660
Sales and marketing		81		126		347		2,214		5,765
General and administrative		113		165		917		2,829		5,724

Total share-based compensation expenses	$	284	$	403	$	1,573	$	7,049	$	17,535

(2)	Basic and diluted net income per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see note 13 to our consolidated financial statements included elsewhere in this annual report.

(3)

We define working capital as total current assets minus total current liabilities. In 2015, we adopted Accounting Standard Update No. 2015-17, Income Taxes (Topic 740): Balance Sheet Classification of Deferred Taxes (ASU 2015-17) retrospectively and reclassified all of our current deferred tax assets to noncurrent deferred tax assets on our consolidated balance sheets data for all periods presented. As a result of such reclassifications, certain noncurrent deferred tax liabilities as of December 31, 2012, 2013 and 2014 were netted with noncurrent deferred tax assets.

Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income and non-GAAP net income as operating income and net income, respectively, which each exclude (i) share-based compensation expense, (ii) expenses related to the March 2015 public offering of ordinary shares by certain of our shareholders and to the June 2015 public offering of ordinary shares by us and certain of our shareholders, (iii) expenses related to acquisitions and (iv) amortization of intangible assets related to acquisitions. Non-GAAP net income also excludes (i) financial expenses resulting from the revaluation of warrants to purchase preferred shares and (ii) tax effects related to the non-GAAP adjustments set forth above. The following tables reconcile operating income and net income, the most directly comparable U.S. GAAP measures, to non-GAAP operating income and non-GAAP net income for the periods presented:

	2012		2013		2014		2015		2016
Reconciliation of Operating Income to Non-GAAP Operating Income:
Operating income	$	7,633	$	9,079	$	20,454	$	33,222	$	35,956
Share-based compensation		284		403		1,573		7,049		17,535
Public offering related expenses		—		—		—		1,568		—
Acquisition related expenses		—		—		—		677		—
Amortization of intangible assets – Cost of revenues		—		—		—		359		1,420
Amortization of intangible assets – Research and development		—		—		—		749		1,913
Amortization of intangible assets – Sales and marketing		—		—		—		17		1,190

Non-GAAP operating income	$	7,917	$	9,482	$	22,027	$	43,641	$	58,014

	Year ended December 31,
	2012		2013		2014		2015			2016
	(in thousands)
Reconciliation of Net Income to Non-GAAP Net Income:
Net income	$	7,862	$	6,635	$	9,954	$	25,794		$	28,124
Share-based compensation		284		403		1,573		7,049			17,535
Warrant adjustment		176		1,446		4,309		—			—
Public offering related expenses		—		—		—		1,568			—
Acquisition related expenses		—		—		—		677			—
Amortization of intangible assets – Cost of revenues		—		—		—		359			1,420
Amortization of intangible assets – Research and development		—		—		—		749			1,913
Amortization of intangible assets – Sales and marketing		—		—		—		17			1,190
Taxes on income related to non-GAAP adjustments		—		—		—		(951	)		(4,937	)

Non-GAAP net income	$	8,322	$	8,484	$	15,836	$	35,262		$	45,245

For a description of how we use non-GAAP operating income and non-GAAP net income to evaluate our business, see "Item 5. Operating and Financial Review and Prospects—Key Financial Metrics." We believe that these non-GAAP financial measures are useful in evaluating our business because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company's non-cash expenses and because they exclude one-time cash expenditures that do not reflect the performance of our core business. We believe that providing non-GAAP operating income and non-GAAP net income that exclude, as appropriate, share-based compensation expenses, expenses relating to public offerings of our ordinary shares, financial expenses resulting from the valuation of warrants to purchase preferred shares, expenses related to acquisitions, amortization of intangible assets related to acquisitions and the tax effects related to these non-GAAP adjustments allows for more meaningful comparisons between our operating results from period to period. Share-based compensation expense has been, and will continue to be for the foreseeable future, a significant recurring expense in our business and an important part of the compensation we provide to employees. Additionally, excluding financial expenses with respect to revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were exercised in connection with our initial public offering, they are no longer revalued at each balance sheet date. We also believe that expenses related to the public offerings of our ordinary shares in March 2015 and June 2015, expenses related to our acquisitions and amortization of intangible assets related to acquisitions do not reflect the performance of our core business and would impact period-to-period comparability.

Other companies, including companies in our industry, may calculate non-GAAP operating income and non-GAAP net income differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP operating income and non-GAAP net income along with other financial performance measures, including operating income and net income, and our financial results presented in accordance with U.S. GAAP.

Capitalization and Indebtedness

Not applicable.

Reasons for the Offer and Use of Proceeds

Not applicable.

Risk Factors

Our business faces significant risks. You should carefully consider all of the information set forth in this annual report and in our other filings with the United States Securities and Exchange Commission, or the SEC, including the following risk factors which we face and which are faced by our industry. Our business, financial condition and results of operations could be materially and adversely affected by any of these risks. In that event, the trading price of our ordinary shares would likely decline and you might lose all or part of your investment. This report also contains forward-looking statements that involve risks and uncertainties. Our results could materially differ from those anticipated in these forward-looking statements, as a result of certain factors including the risks described below and elsewhere in this report and our other SEC filings. See "Special Note Regarding Forward-Looking Statements" on page 1.

Risks Related to Our Business and Our Industry

The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape and the use of hybrid on-premise and cloud-based infrastructure. If the industry does not continue to develop as we anticipate, our sales may not continue to grow at current rates or may decline, and our share price could decline.

We operate in a rapidly evolving industry focused on securing organizations' IT systems and sensitive data. Our solutions focus on safeguarding privileged accounts, which are those accounts within an organization that give the user high levels of access, or "privileged" access, to IT systems, on-premise and cloud-based infrastructure, industrial control systems, applications and data. While breaches of such privileged accounts have gained media attention in recent years, IT security spending within enterprises is often concentrated on endpoint and web security products designed to stop threats from penetrating corporate networks. Organizations that use these security products may allocate all or most of their IT security budgets to these products and may not adopt our solutions in addition to such products. Organizations are moving portions of their data to be managed by third parties, primarily infrastructure, platform and application service providers, and may rely on such providers' internal security measures. Further, security solutions such as ours, which are focused on disrupting cyber attacks by insiders and external perpetrators that have penetrated the organization's perimeter, is a relatively new technology that has been developed to respond to advanced threats and more rigorous compliance standards and audit requirements. However, advanced cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations' sensitive data. Changes in the nature of advanced cyber threats could result in a shift in IT budgets away from solutions such as ours and require us to invest in new technologies in order to address such advanced threats. In addition, any changes in compliance standards or audit requirements that deemphasize the types of controls, security, monitoring and analysis that our solutions provide would adversely impact demand for our offerings. It is therefore difficult to predict how large the market will be for our solutions. If solutions such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our solutions as a critical layer of an effective security strategy, then our revenues may not continue to grow at their current rate or may decline, and our share price could suffer.

As we invest in the growth of our business, we expect our operating and net profit margins and our revenue growth rate to decline in the near-term.

As we invest in the growth of our business, we expect our operating and net profit margins and our operating and net income to decline compared to prior periods. During the year ended December 31, 2016, we did not experience such declines due to an increase in revenue at a rate that exceeded the increase in expenses; however, in future periods, we expect our operating and net profit margins to decline, primarily as a result of the costs associated with expanding our direct and indirect sales forces and marketing activities, our increased rate of investment in research and development and our increased administrative costs associated with scaling our business. We expect that these invested costs will adversely impact our operating and net profit margins as we may not be able to increase our revenue at a rate sufficient to offset the expected increase in our costs. It takes time and resources to train and integrate new sales force members and to implement such infrastructure improvements across our global operations. In addition, costs associated with adding new personnel to our sales force are expensed before their positive impact on our sales is recognized, and even then a significant portion of any revenues that they generate from maintenance and professional services are deferred over the delivery period of those services. Further, from the year ended December 31, 2012 to the year ended December 31, 2016 our revenue grew from $47.2 million to $216.6 million, which represents a compounded annual growth rate of approximately 46%. We expect that our revenue growth rate will decline as we continue to grow. A failure to meet market expectations regarding our revenue growth rate or profitability could have an adverse effect on our share price.

Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the provision of our services, or due to the failure of our customers, channel partners, managed service providers, or subcontractors to correctly implement, manage and maintain our solutions, which may subject us to lawsuits and financial losses.

Security products and solutions are complex in design and deployment, and may contain errors that are not capable of being remediated or detected until after their deployment. Any errors, defects, or misconfigurations could cause our products or services to be vulnerable to security attacks, cause them to fail to secure networks, and negatively impact customer operations. Organizations are facing increasingly sophisticated, continuously changing, and targeted cyber threats, including the growing threat of cyber terrorism throughout the world. Many attack methods cannot be detected the first time they are deployed or exploited. Further, as our market position continues to grow specifically in the security industry, an increasing number of hackers may begin to focus on finding ways to defeat our products and services. If we fail to identify and respond to new and increasingly complex methods of attack on privileged accounts and update our products to detect or prevent such threats, which will require significant resources, our business and reputation will suffer. In particular, we may suffer significant adverse publicity and reputational harm if our solutions (or the services we provide in relation to our solutions) are associated, or are believed to be associated, with a significant breach or a breach at a high profile customer or managed service provider network, or in the event of a breach in third party systems utilized by us as part of our cloud-based security solution.

In addition, our Endpoint Privilege Manager product is made available to our customers both as on-premise software and as software-as-a service (SaaS). Providing the software as a service involves the storage and transmission of customers’ policies for management of their network and operational proprietary information related to their assets and users, security breaches or product defects in our SaaS solutions could result in loss or alteration of this data, unauthorized access to multiple customers’ data and ultimately lead to downtime or compromise of the customers’ systems on which our SaaS solution is installed. Further, the third party data hosting facilities used for the provision of our SaaS solutions are vulnerable to damages, interruptions or other unanticipated problems that could result in disruption in the provision of these solutions. Any disruptions or other performance problems with our SaaS solutions could harm our reputation and business, damage our customers’ businesses, subject us to potential liability and cause customers to terminate or not renew their subscriptions to our SaaS solutions.

False detection of threats (so-called "false positives"), while typical in our industry, may reduce perception of the reliability of our products and may therefore adversely impact market acceptance of our products. If our solutions restrict legitimate privileged access by authorized personnel to IT systems and applications by falsely identifying those users as an attack or otherwise unauthorized, our customers' businesses could be harmed. There can be no assurance that, despite testing by us, errors will not be found in existing and new versions of our products, resulting in loss of or delay in market acceptance. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem.

As our solutions not only reinforce but also rely on the common security concept of placing multiple layers of security controls throughout an IT system, the failure of our customers, channel partners, managed service providers or subcontractors to correctly implement and effectively manage and maintain our solutions, or to consistently implement and utilize generally accepted and comprehensive, multi-layered security measures and processes in the customer networks, may lessen the efficacy of our solutions. Additionally, our customers or our channel partners may independently develop plug-ins or change existing plug-ins or APIs that we provided to them for interfacing purposes in an incorrect or insecure manner. Such failure or these other customer and partner actions may lead to breaches of our customers' IT systems and loss or alteration of sensitive data or systems, and potentially to a perception that our solutions failed. Further, our failure to provide our customers and channel partners with adequate services related to the use, implementation and maintenance of our solutions, could lead to claims against us.

An actual or perceived security breach or theft of our customers' data, regardless of whether the breach or theft is attributable to the failure of our products (or the services we provided in relation to our products), could adversely affect the market's perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions. An actual or perceived failure of our products, or our failure to provide adequate services to our customers and channel partners, may also subject us to lawsuits, indemnity claims and financial losses, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. It could also cause us to suffer reputational harm, lose existing customers, or deter new and existing customers from purchasing our solutions, additional products or our services.

Our quarterly results of operations may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter.

A meaningful portion of our revenues is generated by significant sales, whether initial sales to new customers or additional sales to existing customers. Purchases of our products and services often occur at the end of each quarter, particularly in the last quarter of the year. In addition, our sales cycle can last several months from proof of concept to delivery of our solutions to our customers, and this sales cycle can be even longer, less predictable and more resource-intensive for larger sales. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solutions. As a result, the timing of individual sales can be difficult to predict. In some cases, sales have occurred in a quarter subsequent to those we anticipated, or have not occurred at all, which can significantly impact our quarterly results and make it more difficult to meet market expectations. Furthermore, even if we close a sale during a given quarter we may be unable to recognize the revenues derived from such sale during the same period due to our revenue recognition policy. See "Item 5.A. Operating and Financial Review and Prospects—Operating Results—Application of Critical Accounting Policies and Estimates—Revenue Recognition."

In addition to the sales cycle-related fluctuations noted above, our results of operations will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

☐



our ability to attract and retain new customers;

☐



our ability to sell additional products to current customers;

☐



the ability of our service operation to keep pace with license sales to new and existing customers;

☐



changes in customer or channel partner requirements or market needs;

☐



changes in the growth rate of the information security market;

☐



the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the information security market, including consolidation among our customers or competitors;

☐



a disruption in, or termination of, our relationship with channel partners;

☐



our ability to successfully expand our business globally;

☐



reductions in maintenance renewal rates;

☐



changes in our pricing policies or those of our competitors;

☐



general economic conditions in our markets;

☐



future accounting pronouncements or changes in our accounting policies or practices;

☐



the amount and timing of our operating costs;

☐



a change in our mix of products and services;

☐



increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates; and

☐



introduction of new accounting pronouncements or changes in our accounting policies.

Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the market price of our ordinary shares could fall substantially, and we could face costly lawsuits, including securities class action suits.

If we are unable to acquire new customers, our future revenues and operating results will be harmed.

Our success depends, in part, on our ability to acquire new customers. The number of customers that we add in a given period impacts both our short-term and long-term revenues. If we are unable to attract a sufficient number of new customers, we may be unable to generate revenue growth at desired rates. The IT security market is competitive and many of our competitors have substantial financial, personnel, and other resources that they utilize to develop products and attract customers. As a result, it may be difficult for us to add new customers to our customer base. Competition in the marketplace may also lead us to win fewer new customers or result in us providing discounts and other commercial incentives. Additional factors that impact our ability to acquire new customers include the perceived need for IT security, the size of our prospective customers' IT budgets, the utility and efficacy of our existing and new offerings, whether proven or perceived, and general economic conditions. These factors may have a meaningful negative impact on future revenues and operating results.

If we are unable to sell additional products and services to our existing customers, our future revenues and operating results will be harmed.

A significant portion of our revenues are generated from sales to existing customers. Our future success depends, in part, on our ability to continue to sell new licenses and incremental licenses to our existing customers. We devote significant efforts to developing, marketing and selling additional licenses and associated maintenance and support to existing customers and rely on these efforts for a portion of our revenues. These efforts require a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to provide product upgrades and launch new products. The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, the efficacy of our solutions and the utility of our new offerings, whether proven or perceived, our customers' IT budgets, general economic conditions, our customers' overall satisfaction with the maintenance and professional services we provide and the continued growth and economic health of our customer base. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.

We face intense competition from IT security vendors, some of which are larger and better known than we are, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The IT security market in which we operate is characterized by intense competition, constant innovation and evolving security threats. We compete with companies that offer a broad array of IT security products. Our current and potential future competitors include CA, Inc., Quest Software Inc., International Business Machines Corporation, Microsoft Corporation and Oracle Corporation in the access and identity management market. We also compete with smaller companies that offer solutions at lower price points often with a more limited range of functionality than our own offerings. Further, we may face competition in the future due to changes in the manner that organizations utilize IT assets and the security solutions applied to them, such as the provision of privileged account security functionalities as part of public cloud providers' infrastructure offerings, or cloud-based identity management solutions. Limited IT budgets may also result in competition with providers of other advanced threat protection solutions such as Hewlett-Packard Enterprise Company, EMC Corporation (which was acquired by Dell Inc.), International Business Machines Corporation, FireEye, Inc., Splunk Inc., Check Point Software Technologies Ltd. and Palo Alto Networks, Inc. Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring competitive solutions to the market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and services fees. They may also develop different products to compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements. Additionally, from time to time we may compete with smaller regional vendors that offer products with a more limited range of capabilities that purport to perform functions similar to our solutions. Such companies may enjoy stronger sales and service capabilities in their particular regions.

Our competitors may enjoy potential competitive advantages over us, such as:

☐



greater name recognition, a longer operating history and a larger customer base, notwithstanding the increased visibility of our brand following our initial public offering;

☐



larger sales and marketing budgets and resources;

☐



broader distribution and established relationships with channel and distribution partners and customers;

☐



increased effectiveness in protecting, detecting and responding to cyber attacks.

☐



greater customer support resources;

☐



greater speed at which a solution can be deployed;

☐



greater resources to make acquisitions;

☐



larger intellectual property portfolios; and

☐



greater financial, technical and other resources

Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may reduce the price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to increased pricing pressure on our products and could cause the average sales prices for our products to decline.

In addition, other IT security technologies exist or could be developed in the future by current or future competitors, and our business could be materially and adversely affected if such technologies are widely adopted.

We may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis, or at all. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our solutions even in light of new technologies, our business, results of operations and financial condition could be materially and adversely affected.

If our internal IT network system is compromised by cyber attackers or other data thieves, public perception of our products and services will be harmed.

We will not succeed unless the marketplace is confident that we provide effective IT security protection. We provide privileged account security products, and as such we may be an attractive target for attacks by cyber attackers or other data thieves since a breach of our system could provide data information regarding not only us, but potentially regarding the customers that our solutions protect. Further, we may be targeted by cyber terrorists because we are an Israeli company. From time to time, we encounter intrusion incidents and attempts, none of which to date has resulted in any material adverse impact to our business or operations. In addition, as our market position continues to grow specifically in the security industry, an increasing number of cyber attackers may begin to focus on finding ways to penetrate our network systems, which might eventually affect our products and services. If we experience a significant security breach, it could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer. Because we are in the computer security industry, an actual or perceived breach of our network or privileged account security in our systems also could adversely affect the market perception of our products and services.

Our business and operations will be negatively affected if we fail to effectively manage our growth.

We have experienced significant growth in a relatively short period of time and intend to continue to grow our business. Our revenues grew from $103.0 million in 2014 to $216.6 million in 2016. Our headcount has increased from 430 as of December 31, 2014 to 823 as of December 31, 2016. We plan to hire additional employees in 2017 across all areas of the organization. In addition, the number of customers that we serve has grown significantly over the same period. Our rapid growth has placed significant demands on our management, sales and operational and financial infrastructure, and our growth will continue to place significant demands on these resources. Further, in order to manage our current and future growth effectively, we must continue to improve and expand our IT and financial infrastructure, operating and administrative systems and controls and efficiently manage headcount, capital and processes. We may not be able to successfully scale or implement these improvements in a manner that keeps pace with our growth, is timely or efficient, and our failure to do so may materially impact our projected growth rate.

If we do not effectively expand, train and retain our sales and marketing personnel, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.

We depend significantly on our sales force to attract new customers and expand sales to existing customers. We generate approximately 35% of our revenues from direct sales. As a result, our ability to grow our revenues depends in part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in the United States. The number of our sales and marketing personnel increased from 294 as of December 31, 2015 to 377 as of December 31, 2016. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. Based on our past experience, it takes an average of approximately six to nine months before a new sales force member operates at target performance levels. However, we may be unable to achieve or maintain our target performance levels with large numbers of new sales personnel as quickly as we have done in the past. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

We rely on channel partners, including systems integrators, distributors and value-added resellers, to generate a significant portion of our revenue. If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.

In addition to our direct sales force, we rely on our channel partners to sell and support our solutions, particularly in Europe and the Asia Pacific and Japan regions. We expect that sales through our channel partners will continue to account for a significant percentage of our revenue. In the year ended December 31, 2016, we generated approximately 65% of our revenues from sales to channel partners and we expect that channel partners will represent a substantial portion of our revenues for the foreseeable future. Our agreements with channel partners are non-exclusive, meaning our partners may offer customers IT security products from other companies, including products that compete with our solutions. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell their own products and services or the products and services of our competitors, our ability to grow our business will be adversely affected. Our channel partners may cease or deemphasize the marketing of our solutions with limited or no notice and with little or no penalty. Further, new channel partners require training and may take several months or more to achieve productivity. The loss of a substantial number of our channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. Our reliance on channel partners could also subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our solutions to customers or violates laws or our corporate policies. Our ability to grow revenues in the future will depend in part on our success in maintaining successful relationships with our channel partners and training our channel partners to independently sell and install our solutions. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our indirect sales channel, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

If we do not successfully anticipate market needs and enhance our existing products or develop or acquire new products that meet those needs on a timely basis, we may not be able to compete effectively and our ability to generate revenues will suffer.

Our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT infrastructures and usage models that incorporate a variety of software applications, software as a service, public and private cloud environments, hybrid on-premise and cloud environments, operating systems and networking protocols and mobile devices. As our customers' technologies and business plans grow more complex, we expect them to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solutions effectively identify and respond to these advanced and evolving attacks without disrupting the performance of our customers' IT systems. As a result, we must continually modify and improve our products in response to changes in our customers' IT and industrial control infrastructures.

We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop or acquire product enhancements or new products to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.

Our product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:

☐



delays in releasing product enhancements or new products;

☐



failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;

☐



inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers;

☐



inability to protect against new types of attacks or techniques used by cyber attackers or other data thieves;

☐



defects in our products, errors or failures of our solutions to secure privileged accounts;

☐



negative publicity about the performance or effectiveness of our products;

☐



introduction or anticipated introduction of competing products by our competitors;

☐



installation, configuration or usage errors by our customers;

☐



easing or changing of regulatory requirements related to security; and

☐



reluctance of customers to purchase products incorporating open source software.

If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.

If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and results of operations could be materially and adversely affected.

We generate a substantial portion of our revenues from our products and services because they enable our customers to achieve and maintain compliance with certain government regulations and industry standards, and we expect that will continue for the foreseeable future. Examples of industry standards and government regulations include the Payment Card Industry Data Security Standard (PCI-DSS); the Federal Information Security Management Act (FISMA); the Sarbanes-Oxley Act; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC-CIP); and the Monetary Authority of Singapore's Technology Risk Management Notices (MAS TRM). These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition, governments may also adopt new laws or regulations, or make changes to existing laws or regulations, some of which may conflict with each other, that could impact whether our solutions enable our customers to maintain compliance with such laws or regulations. If we are unable to adapt our solutions to changing government regulations and industry standards in a timely manner, or if our solutions fail to expedite our customers' compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.

If we are unable to hire, retain and motivate qualified personnel, our business will suffer.

Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Our inability to attract or retain qualified personnel or delays in hiring required personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time. Competition for highly skilled personnel, specifically engineers for Research & Development positions, is frequently intense, especially in Israel, where we are headquartered. Further, certain of our employees are substantially vested in significant equity incentive plans, and their ability to exercise those options and sell their shares in the public market may result in a larger than normal turn-over rate. We may struggle to retain employees and due to our profile and market position competitors may actively seek to hire skilled personnel away from us. Furthermore, from time to time we have been subject to allegations that employees that have been hired from competitors may have been improperly solicited or divulged proprietary or other confidential information.

Failure by us or our channel partners to maintain sufficient levels of customer support could have a material adverse effect on our business, financial condition and results of operations.

Our customers depend in large part on customer support and professional services delivered through our channel partners or by us to resolve issues relating to the use of our solutions. However, even with our support and that of our channel partners, our customers are ultimately responsible for effectively using our solutions and ensuring that their IT staff is properly trained in the use of our products and complementary security products and processes. The failure of our channel partners to support and train our customers in the correct use of our solutions, or their failure to effectively assist customers in installing our solutions and providing effective ongoing support, may result in an increase in the vulnerability of our customers' IT systems and sensitive data. Additionally, if our channel partners do not effectively provide support and professional services to the satisfaction of our customers, we may be required to provide support to such customers, which would require us to invest in additional personnel, which requires significant time and resources. We may not be able to keep up with demand, particularly if the sales of our solutions exceed our internal forecasts. To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers' satisfaction with our products will be adversely affected. Accordingly, our failure to provide satisfactory maintenance and technical support services could have a material and adverse effect on our business and results of operations.

We may fail to fully integrate, or realize the benefits expected from acquisitions, which may require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.

As part of our business strategy and in order to remain competitive, we continue to evaluate acquiring or making investments in complementary companies, products or technologies. We may not be able to find suitable acquisition candidates or be able to complete such acquisitions on favorable terms. If we complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating our acquisitions or the technologies associated with such acquisitions or to fully attain the expected benefits of these acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. In addition, despite our review of acquired technology, we could become subject to infringement claims from third parties as a result of our use of such acquired technology. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

If our products do not effectively interoperate with our customers' existing or future IT infrastructures, installations could be delayed or cancelled, which could harm our business.

Our products must effectively interoperate with our customers' existing or future IT infrastructures, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the existing software or defects in the hardware used in our customers' infrastructure or problematic network configurations or settings, we may have to modify our software so that our products will interoperate with our customers' infrastructure and business processes. In addition, to stay competitive within certain markets, we may be required to make software modifications in future releases to comply with new statutory or regulatory requirements. These issues could result in longer sales cycles for our products and order cancellations, either of which could adversely affect our business, results of operations and financial condition.

Our research and development efforts may not produce successful products or enhancements to our solutions that result in significant revenue or other benefits in the near future, if at all.

We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position. For example, in 2016, we increased our dedicated research and development personnel by 16% compared to 2015. However, investing in research and development personnel, developing new products and enhancing existing products is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

Intellectual property claims may increase our costs or require us to cease selling certain products, which could adversely affect our financial condition and results of operations.

The IT security industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the IT security industry have extensive patent portfolios. From time to time, third-parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property rights pursuant to our agreements with our customers and channel partners. Such indemnification provisions are customary for our industry. Successful claims of infringement or misappropriation by a third-party against us or a third-party that we indemnify could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our customers and partners (and parties associated with them). Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to ensure that we are not violating the intellectual property rights of others, our financial position may be adversely affected.

Regulatory data privacy concerns, evolving regulations of cloud computing, cross-border data transfer restrictions and other domestic or foreign regulations may limit the use and adoption of, or require modification of, our products and services, which could limit our ability to attract new customers or support our current customers thus reducing our revenues, harming our operating results and adversely affecting our business.

Regulation related to the provision of services on the Internet is increasing, as federal, state and foreign governments continue to adopt new laws and regulations addressing data privacy and the collection, processing, storage and use of personal information. Such laws and regulations are subject to new and differing interpretations and may be inconsistent among jurisdictions. These and other regulatory requirements could restrict our ability to store and process data as part of our SaaS solutions, or, in some cases, impact our ability to offer our SaaS products in certain jurisdictions. Such laws may also impact our customers' ability to deploy certain of our solutions globally, to the extent they utilize our products for storing personal information that they store and process. In addition, in many cases these privacy laws apply not only to transfers of information to third parties, but also within an enterprise, including our company or our customers. The costs of compliance with, and other burdens imposed by, such laws, regulations and standards may require resources to create new products or modify existing products, lead to us being subject to significant fines, penalties or liabilities for noncompliance, and may slow the pace at which we close sales transactions, any of which could harm our business.

We are subject to a number of risks associated with global sales and operations.

Business practices in the global markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.

Additionally, our global sales and operations are subject to a number of risks, including the following:

☐



higher costs of doing business globally, including costs incurred in maintaining office space, securing adequate staffing and localizing our contracts;

☐



fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (See "—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations");

☐



greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

☐



management communication and integration problems resulting from cultural and geographic dispersion;

☐



risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries;

☐



greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties;

☐



compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act and the UK Anti-Bribery Act;

☐



heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

☐



reduced or uncertain protection of intellectual property rights in some countries;

☐



social, economic and political instability, terrorist attacks and security concerns in general; and

☐



potentially adverse tax consequences.

These and other factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and financial condition.

If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.

The success of our business depends on our ability to protect our proprietary technology, brands and other intellectual property and to enforce our rights in that intellectual property. We attempt to protect our intellectual property under patent, copyright, trademark and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.

As of December 31, 2016, we had 5 issued patents in the United States, 2 provisional U.S. patent applications and 15 pending U.S. patent applications. We also had 3 International PCT applications as well as 3 issued patents and 14 applications pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications. We expect to file additional patent applications in the future.

The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to develop such intellectual property), but we cannot be certain that we have adequately protected our rights in every such agreement or that we have executed an agreement with every such party. Finally, in order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly and time-consuming. As a result, we may not be able to obtain adequate protection or to effectively enforce our issued patents or other intellectual property rights.

In addition to patents, we rely on trade secret rights, copyrights and other rights to protect our unpatented proprietary intellectual property and technology. Despite our efforts to protect our proprietary technologies and our intellectual property rights, unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade secrets or other confidential information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel partners, subcontractors and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot be certain that the steps taken by us will prevent misappropriation of our intellectual property or technology or infringement of our intellectual property rights. In addition, the laws of some foreign countries where we sell our products do not protect intellectual property rights and technology to the same extent as the laws of the United States, and these countries may not enforce these laws as diligently as government agencies and private parties in the United States. Based on the 2016 report on intellectual property rights protection and enforcement published by the Office of the United States Trade Representative, such countries included Algeria, Argentina, Chile, China, India, Indonesia, Kuwait, Russia, Thailand, Ukraine and Venezuela (designated as priority watch list countries). If we are unable to protect our intellectual property, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our functional and reporting currency is the U.S. dollar and we generate a majority of our revenues in U.S. dollars. In 2016, the majority of our revenues were denominated in U.S. dollars and the remainder primarily in euros and British pounds sterling. In 2016, the substantial majority of our cost of revenues and operating expenses were denominated in U.S. dollars and New Israeli Shekels (NIS), and the remainder primarily in euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar would adversely impact our net income. In addition, since the portion of our revenues generated in euros and British pounds sterling is greater than our expenses incurred in euros and British pounds sterling, respectively, any depreciation of the euro or the British pounds sterling relative to the U.S. dollar would adversely impact our net income. We estimate that a 10% strengthening or weakening in the value of the NIS against the U.S. dollar would have decreased or increased, respectively, our net income by approximately $4.0 million in 2016. We estimate that a 10% strengthening or weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $1.1 million in 2016. We estimate that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $0.3 million in 2016. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take hedging measures to reduce the potential adverse impact from the appreciation or the depreciation of our non U.S. dollar-denominated operations, as appropriate. We expect that the majority of our revenues will continue to be generated in U.S. dollars with the balance in euros and British pounds sterling for the foreseeable future and that a significant portion of our expenses will continue to be denominated in NIS, U.S. dollars, British pounds sterling and in euros. We cannot provide any assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations. See "Item 11—Quantitative and Qualitative Disclosures About Market Risk—Foreign Currency Risk."

The economic effects of "Brexit" may affect relationships with existing and future customers and could have an adverse impact on our business and operating results.

On June 23, 2016, the United Kingdom (the "U.K.") held a referendum in which voters approved an exit from the European Union ("E.U."), commonly referred to as "Brexit." On February 8, 2017, the U.K.'s House of Commons approved a bill authorizing the government to start exit talks with the European Union. The impact on us from Brexit will depend, in part, on the outcome of tariff, trade, regulatory and other negotiations.

As a result of the referendum, the global markets and certain currencies were adversely impacted, including a sharp decline in the value of the British pound as compared to the U.S. dollar, which led to decrease in our revenues generated from sales in the U.K. A potential further devaluation of the British pound, as well as the euro, relative to the U.S. dollar may impair the purchasing power of buyers in the U.K. and E.U. and could cause those buyers to decrease their purchase of our products and services.

Volatility in the foregoing exchange rates resulting from Brexit may continue as the U.K. negotiates its exit from the E.U. We translate sales and other results denominated in foreign currency into U.S. dollars for our financial statements. During periods of a strengthening U.S. dollar, our reported international sales and earnings would be reduced because these currencies would translate into fewer U.S. dollars.

Brexit could lead to legal uncertainty and potentially divergent national laws and regulations as the U.K. determines which E.U. laws to replace or replicate, and those laws and regulations may be cumbersome, difficult or costly in terms of compliance. Any of these effects of Brexit, among other factors, could adversely affect our business, financial condition, operating results and cash flows.

Prolonged economic uncertainties or downturns in certain regions or industries could materially adversely affect our business.

Our business depends on our current and prospective customers' ability and willingness to invest money in IT security, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy or certain regions such as U.S. or Europe, including conditions resulting from financial and credit market fluctuations, could cause a decrease in corporate spending on information security software. In 2016, we generated 58.1% of our revenues from the United States, 31.4% of our revenues from Europe, the Middle East and Africa and 10.5% from the rest of the world, which includes countries from Asia Pacific and Japan region, Latin America region and Canada.

In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance. Negative economic conditions may cause customers generally and in that industry in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

We rely significantly on revenues from maintenance and support contracts, which we recognize ratably over the term of the associated contract and, to a lesser extent, from professional services contracts, which we recognize as services are performed, and downturns in sales of these contracts are not immediately reflected in full in our quarterly operating results.

Maintenance and support and professional services revenues accounted for 39% of our total revenues in 2016. Sales of maintenance and support and professional services may decline or fluctuate as a result of a number of factors, including the number of product licenses we sell, our customers' level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors or reductions in our customers' spending levels. If our sales of maintenance and support and professional services contracts decline, our revenues or revenue growth may decline and our business will suffer. We recognize revenues from maintenance and support contracts ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. As a result, a meaningful portion of the revenues we report each quarter results from the recognition of deferred revenues from maintenance and support and professional services contracts entered into during previous quarters. Consequently, a decline in the number or size of such contracts in any one quarter will not be fully reflected in revenues in that quarter, but will negatively affect our revenues in future quarters. Accordingly, the effect of significant downturns in maintenance and support and professional services contracts would not be reflected in full in our results of operations until future periods.

A portion of our revenues is generated by sales to government entities, which are subject to a number of challenges and risks, such as increased competitive pressures, administrative delays and additional approval requirements.

A portion of our revenues is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale. Government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, for purchases by the U.S. government, the government may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government. Finally, some government entities require our products to be certified by industry-approved security agencies as a pre-condition of purchasing our products. The grant of such certifications depends on the then-current requirements of the certifying agency. We cannot be certain that any certificate will be granted or renewed or that we will be able to satisfying the technological and other requirements to maintain certifications. The loss of any of our product certificates, or the failure to obtain new ones, could cause us to suffer reputational harm, lose existing customers, or deter new and existing customers from purchasing our solutions, additional products or our services.

We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.

We incorporate encryption capabilities into certain products and these products are subject to U.S. export control requirements. We are also subject to Israeli export controls on encryption technology since our product development initiatives are primarily conducted in Israel. If the applicable U.S. or Israeli requirements regarding the export of encryption technology were to change or if we change the encryption functionality in our products, we may need to satisfy additional requirements or obtain specific permissions (licenses) in the United States or Israel in order to continue to export our products to the same range of customers and countries as we presently do. There can be no assurance that we will be able to satisfy such additional requirements or obtain specific licenses under these circumstances in either the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers' ability to implement our products in those countries.

We are also subject to U.S., Israeli and other applicable export control and economic sanctions laws, which prohibit the export or sale of certain products or services to embargoed or sanctioned countries, governments and persons. Our products could be exported to these sanctioned targets by our channel partners despite our due diligence and the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products and services would likely adversely affect our business, financial condition and results of operations.

In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, but if they were used for purposes that are classified as defense-related or if they fall under "dual-use goods and technology" as referred to below, we could become subject to such regulation. In particular, under the Israeli Defense Export Control Law, 5767-2007, an Israeli company may not conduct "defense marketing activity" without a defense marketing license from the Israeli Ministry of Defense (MOD) and may be subject to a requirement to obtain a specific license from the MOD for any export of defense related products and/or knowhow. The definition of defense marketing activity is broad and includes any marketing of "defense equipment," "defense knowhow" or "defense services" outside of Israel, which includes "dual-use goods and technology," (material and equipment intended in principle for civilian use and that can also be used for defensive purposes, such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use only, or is specified under Israeli legislation. "Dual-use goods and technology" will be subject to control by the Ministry of Economy if intended for civilian use only. In December 2013, regulations under the Wassenaar Arrangement included for the first time a chapter on cyber-related matters, which chapter was last amended in December 2016. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations. Accordingly, there can be no assurance whether our solutions would be impacted by any potential new regulations pertaining to cybersecurity products and services similar to those provided by us, and what impact potential new regulations would have on our sales or our costs relating to compliance.

Our use of open source software, third-party software and other intellectual property may expose us to risks.

We use open source software and expect to continue to use open source software in the future. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software product to publicly disclose all or part of the source code of the users' developed software or to make available any derivative works of the open source code on unfavorable terms or at no cost. We may face ownership claims of third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code that was developed using such software. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs.

Further, some of our products and services include software or other intellectual property licensed from third parties, and we otherwise use software and other intellectual property licensed from third parties in our business. This exposes us to risks over which we may have little or no control. For example, a licensor may have difficulties keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. There can be no assurance that the licenses we use will be available on acceptable terms, if at all. In addition, a third party may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in releases of new products, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or developed.

Risks Related to Our Ordinary Shares

Our share price may be volatile, and you may lose all or part of your investment.

Our ordinary shares were first offered publicly in our initial public offering in September 2014, at a price of $16.00 per share. Certain of our shareholders sold our ordinary shares in a public offering in March 2015. Subsequently, we issued and sold our ordinary shares and certain of our shareholders sold additional ordinary shares in a public offering in June 2015. Since our initial public offering in September 2014, our ordinary shares have traded as high as $76.35 per share and as low as $22.12 per share through February 28, 2017. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, some of which are beyond our control, including, but not limited to:

actual or anticipated fluctuations in our results of operations and the results of other similar companies;

variance in our financial performance from the expectations of market analysts;

announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;

changes in the prices of our products and services;

our involvement in litigation;

our sale of ordinary shares or other securities in the future;

market conditions in our industry;

changes in key personnel;

speculation in the press or the investment community;

the trading volume of our ordinary shares;

changes in the estimation of the future size and growth rate of our markets;

any merger and acquisition activities; and

general economic and market conditions.

In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company's securities, securities class action litigation has often been instituted against that company. If we were involved in any similar litigation we could incur substantial costs and our management's attention and resources could be diverted.

If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our company, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.

As a foreign private issuer whose shares are listed on the NASDAQ Stock Market, or NASDAQ, we may follow certain home country corporate governance practices instead of otherwise applicable SEC and NASDAQ requirements, which may result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.

As a foreign private issuer whose shares are listed on the NASDAQ Global Select Market, we are permitted to follow certain home country corporate governance practices instead of certain rules of NASDAQ. We currently follow Israeli home country practices with regard to the quorum requirement for shareholder meetings and NASDAQ requirements relating to distribution of our annual report to shareholders. As permitted under the Israeli Companies Law, 5759-1999, or the Companies Law, our articles of association provide that the quorum for any meeting of shareholders shall be the presence of at least two shareholders present in person or by proxy who hold at least 25% of the voting power of our shares instead of 33 1/3% of our issued share capital (as prescribed by NASDAQ's rules). Further, as permitted by the Companies Law and in accordance with the generally accepted business practice in Israel, we do not distribute our annual report to shareholders but make it available through a public website. We may in the future elect to follow Israeli home country practices with regard to other matters such as the formation and composition of the nominating and corporate governance committee, separate executive sessions of independent directors and the requirement to obtain shareholder approval for certain dilutive events (such as for the establishment or amendment of certain equity-based compensation plans, issuances that will result in a change of control of the company, certain transactions other than a public offering involving issuances of a 20% or more interest in the company and certain acquisitions of the stock or assets of another company). Accordingly, our shareholders may not be afforded the same protection as provided under NASDAQ corporate governance rules. Following our home country governance practices as opposed to the requirements that would otherwise apply to a United States company listed on NASDAQ may provide less protection than is accorded to investors of domestic issuers. See "Item16.G. Corporate Governance."

As a foreign private issuer we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain Exchange Act reports.

As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the Exchange Act related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company's securities under circumstances in which it is reasonably foreseeable that the holder will trade in the company's securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor. For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, although pursuant to the Companies Law, we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis, including in this annual report.

Since a majority of our voting securities are either directly or indirectly owned of record by residents of the United States, we would lose our foreign private issuer status if any of the following were to occur: (i) the majority of our executive officers or directors were United States citizens or residents, (ii) more than 50 percent of our assets were located in the United States, or (iii) our business was administered principally in the United States. Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer may be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.

If we sell our ordinary shares in future financings, ordinary shareholders could experience immediate dilution and, as a result, the market price of our ordinary shares may decline.

We may from time to time issue additional ordinary shares at a discount from the current trading price of our ordinary shares. As a result, our ordinary shareholders would experience immediate dilution upon the purchase of any ordinary shares sold at such discount. In addition, as opportunities present themselves, we may enter into equity or debt financings or similar arrangements in the future, including the issuance of convertible debt securities, preferred shares or ordinary shares. If we issue ordinary shares or securities convertible into ordinary shares, holders of our ordinary shares could experience dilution.

Our U.S. shareholders may suffer adverse tax consequences if we are classified as a passive foreign investment company.

Generally, if for any taxable year 75% or more of our gross income is passive income, or at least 50% of the average quarterly value of our assets (which may be measured in part by the market value of our ordinary shares, which is subject to change) are held for the production of, or produce, passive income, we would be characterized as a passive foreign investment company, or PFIC, for U.S. federal income tax purposes. Based on our gross income and gross assets, and the nature of our business, we believe that we were not classified as a PFIC for the taxable year ended December 31, 2016. Because PFIC status is based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for our 2017 taxable year until after the close of the year. There can be no assurance that we will not be considered a PFIC for any taxable year. Our characterization as a PFIC could result in material adverse tax consequences for you if you are a U.S. investor, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than a capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders, and having interest charges apply to distributions by us and the proceeds of share sales. Certain elections exist that may alleviate some of the adverse consequences of PFIC status and would result in an alternative treatment (such as mark-to-market treatment) of our ordinary shares. Prospective U.S. investors should consult their own tax advisers regarding the potential application of the PFIC rules to them. Prospective U.S. investors should refer to "Item 10.E. Taxation—Certain United States Federal Income Tax Consequences" for discussion of additional U.S. income tax considerations applicable to them based on our treatment as a PFIC.

If we are unable to satisfy the requirements of Sections 404(a) and 404(b) of the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, or if our internal control over financial reporting is not effective, investors may lose confidence in the accuracy and the completeness of our financial reports and the trading price of our ordinary shares may be negatively affected.

Pursuant to Section 404(a) of the Sarbanes-Oxley Act, we are required to furnish a report by management on the effectiveness of our internal control over financial reporting. Additionally, pursuant to Section 404(b) of the Sarbanes-Oxley Act, we must include an auditor attestation on our internal control over financial reporting.

To maintain the effectiveness of our disclosure controls and procedures and our internal control over financial reporting, we expect that we will need to continue enhancing existing, and implement new, financial reporting and management systems, procedures and controls to manage our business effectively and support our growth in the future. The process of evaluating our internal control over financial reporting requires an investment of substantial time and resources, including by our Chief Financial Officer and other members of our senior management. As a result, this process may divert internal resources and take a significant amount of time and effort to complete. Additionally, as part of management assessments of the effectiveness of our internal control over financial reporting required by Section 404(a), our management may conclude that our internal control over financial reporting is not effective due to our failure to cure any identified material weakness or otherwise, which would require us to employ remedial actions to implement effective controls. If we identify material weaknesses in our internal control over financial reporting, if we are unable to comply with the requirements of Section 404(a) or 404(b) in a timely manner or to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion or issues an adverse opinion in its attestation as to the effectiveness of our internal control over financial reporting required by Section 404(b), investors may lose confidence in the accuracy and completeness of our financial reports and the trading price of our ordinary shares could be negatively affected. We could also become subject to investigations by the stock exchange on which our securities are listed, the SEC or other regulatory authorities, which could require additional financial and management resources.

Irrespective of compliance with Sections 404(a) and 404(b), any failure of our internal control could have a material adverse effect on our stated results of operations and harm our reputation. In order to implement changes to our internal control over financial reporting triggered by a failure of those controls, we could experience higher than anticipated operating expenses, as well as higher independent auditor fees during and after the implementation of these changes.

As a public company we may become subject to further compliance obligations, which may strain our resources and divert management's attention.

Changing laws, regulations and standards in the United States relating to corporate governance and public disclosure and other matters may be implemented in the future, which may increase our legal and financial compliance costs, make some activities more time consuming and divert management's time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to practice, regulatory authorities may initiate legal proceedings against us and our business may be harmed. Being a publicly traded company in the United States and being subject to U.S. rules and regulations may make it more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee, and qualified executive officers.

Risks Relating to Our Incorporation and Location in Israel

Our headquarters, research and development activities and other significant operations are located in Israel and, therefore, our results may be adversely affected by political, economic and military instability in Israel.

Our headquarters and principal research and development facilities are located in Israel. In addition, the majority of our key employees, officers and directors are residents of Israel. Accordingly, political, economic and military conditions in Israel may directly affect our business. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries. In recent years, these have included hostilities between Israel and Hezbollah in Lebanon and Hamas in the Gaza strip, both of which resulted in rockets being fired into Israel causing casualties and disruption of economic activities. In addition, Israel faces threats from more distant neighbors, including, in particular, Iran. Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained, or if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect our operations and results of operations.

Further, our operations could be disrupted by the obligations of personnel to perform military service. As of December 31, 2016, we had 324 employees based in Israel, certain of which may be called upon to perform up to 54 days in each three year period (and in the case of non-officer commanders or officers, up to 70 or 84 days, respectively, in each three year period) of military reserve duty until they reach the age of 40 (and in some cases, depending on their specific military profession up to 45 or even 49 years of age) and, in certain emergency circumstances, may be called to immediate and unlimited active duty. Our operations could be disrupted by the absence of a significant number of employees related to military service, which could materially adversely affect our business and results of operations.

Several countries, principally in the Middle East, restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on doing business with Israel and Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our products.

The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase our costs and taxes.

We were granted Approved Enterprise status under the Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law. We had elected the alternative benefits program, pursuant to which income derived from the Approved Enterprise program is tax-exempt for two years and enjoys a reduced tax rate of 10.0% to 25.0% for up to a total of eight years, subject to an adjustment based upon the foreign investors' ownership. We were also eligible for certain tax benefits provided to Benefited Enterprises under the Investment Law. In March 2013, we notified the Israel Tax Authority that we apply the new tax regime under the Investment Law instead of our Approved Enterprise and Benefited Enterprise. We are eligible for certain tax benefits provided to Preferred Enterprises under the Investment Law. If we do not meet the conditions stipulated in the Investment Law, any tax benefits will be canceled and we would be required to refund the amount of the benefits, in whole or in part, including interest and CPI linkage (or other monetary penalties). Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates. The standard corporate tax rate for Israeli companies in 2014 and 2015 was 26.5%, was reduced to 25% for 2016, and then reduced to 24.0% for 2017 and as of 2018 the corporate tax rate will be 23%. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs. See "Item 5. Operating and Financial Review and Prospects—Operating Results—Israeli Tax Considerations and Government Programs—Law for the Encouragement of Capital Investments, 5719-1959."

We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees.

We enter into assignment-of-invention agreements with our employees pursuant to which such individuals agree to assign to us all rights to any inventions created in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967, inventions conceived by an employee during the scope of his or her employment with a company are regarded as "service inventions" which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. Although our employees have agreed to assign to us service invention rights, as a result of uncertainty under Israeli law with respect to service invention rights and the efficacy of related waivers, including with respect to remuneration and its extent, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former employees, or be forced to litigate such claims, which could negatively affect our business.

Provisions of Israeli law and our articles of association may delay, prevent or otherwise impede a merger with or an acquisition of us, even when the terms of such a transaction are favorable to us and our shareholders.

Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to such types of transactions. For example, a tender offer for all of a company's issued and outstanding shares can only be completed if the acquirer receives positive responses from the holders of at least 95% of the issued share capital. Completion of the tender offer also requires approval of a majority of the offerees that do not have a personal interest in the tender offer, unless at least 98% of the company's outstanding shares are tendered. Furthermore, the shareholders, including those who indicated their acceptance of the tender offer (unless the acquirer stipulated in its tender offer that a shareholder that accepts the offer may not seek appraisal rights), may, at any time within six months following the completion of the tender offer, petition an Israeli court to alter the consideration for the acquisition. See "Item 10.B. Articles of Association—Acquisitions under Israeli Law" for additional information.

Our articles of association provide that our directors are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.

Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers involving an exchange of shares, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred. In order to benefit from the tax deferral, a pre-ruling from the Israel Tax Authority might be required.

It may be difficult to enforce a judgment of a U.S. court against us, our officers and directors or the Israeli auditors named in this annual report in Israel or the United States, to assert U.S. securities laws claims in Israel or to serve process on our officers and directors and these auditors.

We are incorporated in Israel. The majority of our directors and executive officers, and the Israeli auditors listed in this annual report reside outside of the United States, and most of our assets and most of the assets of these persons are located outside of the United States. Therefore, a judgment obtained against us, or any of these persons, including a judgment based on the civil liability provisions of the U.S. federal securities laws, may not be collectible in the United States and may not be enforced by an Israeli court. It also may be difficult for you to effect service of process on these persons in the United States or to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws reasoning that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact by expert witnesses, which can be a time consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel that addresses the matters described above. As a result of the difficulty associated with enforcing a judgment against us in Israel, you may not be able to collect any damages awarded by either a U.S. or foreign court.

Your rights and responsibilities as a shareholder are, and will continue to be, governed by Israeli law which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.

The rights and responsibilities of the holders of our ordinary shares are governed by our articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards the company and other shareholders, and to refrain from abusing its power in the company, including, among other things, in voting at a general meeting of shareholders on matters such as amendments to a company's articles of association, increases in a company's authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of this duty or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.

ITEM 4. INFORMATION ON THE COMPANY

History and Development of the Company

Our History

We were founded in 1999 with the vision of protecting high-value business data and pioneered our Digital Vault technology, which is the foundation of our platform. That same year, we began offering our first product, the Sensitive Information Management Solution (previously called the Sensitive Document Vault), which provides a secure platform through which our customers' employees can share sensitive files. We believe our early innovation in vaulting technology enabled us to evolve into a company that provides a comprehensive security solutions built for privileged accounts. In 2005, we introduced our Privileged Account Security Solution, which has become our leading offering and reflects our emphasis on protecting privileged accounts across an organization. In September 2014, we listed our ordinary shares on the NASDAQ Global Select Market. In 2015, we acquired Viewfinity, a provider of Windows least privilege management and application control software, as well as Cybertinel, a cyber security company specializing in cyber threat detection technology.

Our Privileged Account Security Solution consists of several products: Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, Endpoint Privilege Manager and On-Demand Privileges Manager.

We are a company limited by shares organized under the laws of the State of Israel. We are registered with the Israeli Registrar of Companies. Our registration number is 51-229164-2. Our principal executive offices are located at 94 Em-Ha'moshavot Road, Park Ofer, P.O. Box 3143, Petach Tikva 4970602, Israel, and our telephone number is +972 (3) 918-0000. Our website address is www.cyberark.com. Information contained on, or that can be accessed through, our website is not part of this annual report and is not incorporated by reference herein. We have included our website address in this annual report solely for informational purposes. Our agent for service of process in the United States is Cyber-Ark Software, Inc., located at 60 Wells Avenue, Suite 103, Newton, MA 02459, and our telephone number is (617) 965-1544.

Principal Capital Expenditures

Our capital expenditures for fiscal years 2014, 2015 and 2016 amounted to $1.4 million, $2.1 million and $2.8 million, respectively. Capital expenditures consist primarily of investments in leasehold improvements for our office space and the purchase of computers and related equipment. We anticipate our capital expenditures in fiscal year 2017 to be in a range of $7 million and $9 million, of which approximately $4 million related to the new office space in Israel that we leased, which we expect to move to during the second half of 2017. We anticipate our capital expenditures in 2017 will be financed with cash on hand and cash flow generated from operating activities.

Business Overview

We are a global leader and pioneer of a critical layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solutions are focused on protecting privileged accounts, which have become a critical target in the lifecycle of today's cyber attacks. Privileged accounts are pervasive and act as the "keys to the IT kingdom," providing complete access to, and control of, all parts of IT infrastructure (whether located on premise or in the cloud), industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization's IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solutions proactively protect privileged accounts, monitor privileged activity, detect malicious privileged behavior and enforce privilege security on the endpoint. Our customers use our innovative solutions to introduce this critical security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.

Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber attacks. The challenge this presents is intensified by the growing adoption of new technologies, such as cloud computing, virtualization, software-defined networking, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with significantly larger attack surfaces. Organizations have historically relied upon perimeter-based threat protection solutions such as network and web security tools as the predominant defense against cyber attacks, yet these traditional solutions have a limited ability to stop today's advanced threats. According to a 2015 special report issued by FireEye, Inc., 96% of the systems of more than 1,600 FireEye network and email sensors deployed in real-world networks had suffered a network security breach. Many organizations are still in the early stages of adapting their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their network perimeter has been or will be breached. They are therefore increasingly implementing new layers of security inside the network to disrupt attacks before they result in the theft of confidential information or other serious damage. Regulators are also continuing to mandate rigorous compliance standards and audit requirements in response to this evolving threat landscape.

We believe that the implementation of a privileged account security solution is one of the most critical layers of an effective security strategy. Privileged accounts represent one of the most vulnerable aspects of an organization's IT infrastructure. Privileged accounts are used by system administrators, third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system. Due to the broad access and control they provide, exploiting privileged accounts has become a critical stage of the cyber attack lifecycle. The typical cyber attack involves an attacker effecting an initial breach, escalating privileges to access target systems, moving laterally through the IT infrastructure to identify valuable targets, and exfiltrating, or stealing, the desired information. According to Mandiant, a FireEye company, credentials of authorized users were hijacked in 100% of the breaches that Mandiant investigated, and privileged accounts were targeted whenever possible.

We have architected our solutions to address the challenges of protecting privileged accounts and an organization's sensitive information. Our solutions provide proactive protection against cyber attacks from both external and internal sources and allow for real-time detection and neutralization of such threats. They can be deployed in traditional on-premise data centers, public, private or hybrid cloud environments, endpoints, and industrial control systems. Our innovative software solutions are the result of over 17 years of research and expertise, combined with valuable knowledge we have gained from working with our diverse population of customers and from our acquisitions of Viewfinity and Cybertinel.

Our comprehensive, purpose-built Privileged Account Security Solution enables our customers to secure, manage and monitor privileged account access and activities and enforce privilege security on the endpoint. Our Privileged Account Security Solution consists of our Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, Endpoint Privilege Manager and On-Demand Privileges Manager. These products leverage a common technology platform that includes our secure Digital Vault, Web Management Interface, Master Policy Engine and Discovery Engine, and integrates out of the box with over 100 types of IT assets in the datacenter or the cloud. Our solutions complement other vendors' IT, security and cloud solutions in 2 significant ways. First, by enhancing the security of these solutions by reducing the misuse potential of privileged accounts used by or incorporated within these solutions and second, through the sharing of valuable information between the solutions, for improved detection, protection and response in the event of a cyber attack. In April 2016, we announced the launch of the C³ Alliance, which promotes members' cooperation in addressing customers' cybersecurity challenges as they evolve by extending and leveraging the benefit of privileged account security across the customers' organizations and setting a product integration foundation with our C³ Alliance technology partners for the benefit of our mutual customers.

As of December 31, 2016, we had approximately 3,100 customers, including approximately 50% of the Fortune 100 companies and more than 25% of the Global 2000 companies. We define a customer to include a distinct entity, division or business unit of a company. Our customers include leading organizations in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies. We sell our solutions through a high touch, channel fulfilled hybrid sales model that combines the leverage of channel sales with the account control of direct sales, and therefore provides us with significant opportunities to grow our current customer base. This approach allows us to maintain close relationships with our customers and benefit from the global reach of our channel partners. Additionally, we continue to enhance our product offerings and go-to-market strategy by establishing technology alliances within the IT infrastructure and security vendor ecosystem.

Our business has rapidly grown in recent years. During 2014, 2015 and 2016, our revenues were $103.0 million, $160.8 million and $216.6 million, respectively, representing year-over-year growth of 56.1% and 34.7% in 2015 and 2016, respectively. Our net income for 2014, 2015 and 2016 was $10.0 million, $25.8 million and $28.1 million, respectively.

Industry Background

The recent increase in sophisticated, targeted security threats by both external attackers and malicious insiders, along with an increase in the attack surface due to the growing complexity and distributed nature of IT environments, have made it extremely challenging for enterprises and governments around the world to protect their sensitive information. These challenges are driving the need for a new layer of security that complements traditional threat protection technologies by securing access to privileged accounts and preventing the exploitation of organizations' critical systems and data.

Our Products

Our products secure organizations' high-value data and critical IT assets by providing proactive protection against external and internal cyber threats and enabling real-time detection and neutralization of attacks.

Privileged Account Security Solution

Our comprehensive, purpose-built Privileged Account Security Solution provides our customers a set of products that enable them to secure, manage and monitor privileged account access and activities. Our Privileged Account Security Solution consists of our Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, Endpoint Privilege Manager and On-Demand Privileges Manager. These products share a common technology platform that includes our secure Digital Vault, Web Management Interface, Master Policy Engine and Discovery Engine, and integrates out of the box with over 100 types of IT assets in the datacenter or the cloud.

Enterprise Password Vault. Our Enterprise Password Vault provides customers with a powerful tool to manage and protect all privileged accounts across an entire organization, including physical, virtual or cloud-based assets. Customers can control how often to require scheduled password changes for different privileged accounts or grant passwords solely for one-time use based on operational needs and regulatory requirements. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials thereby enhancing system security and facilitating observance of audit and compliance standards.

SSH Key Manager. Our SSH Key Manager product securely stores, rotates and controls access to SSH keys to prevent unauthorized access to privileged accounts. This includes the protection of keys at rest and in transit, granular access controls and integration with strong authentication solutions. Detailed audit logs and reporting capabilities provide visibility into key usage to meet audit and compliance requirements. SSH keys are used as an alternative to password credentials, commonly used for administrative access for users, devices and applications to UNIX and Linux systems. SSH Key Manager is a logical extension to our Privileged Account Security Solution, leveraging our shared technology platform infrastructure, enabling organizations to protect all privileged credentials with a single integrated platform that can be built out over time in accordance with business needs.

Privileged Session Manager. Our Privileged Session Manager protects IT assets including servers, applications, databases and hypervisors from malware and provides command-level monitoring and recording of all privileged activity. Privileged Session Manager prevents malware on an infected workstation from capturing a privileged credential and spreading to additional assets. It also provides a single point of control, forcing all privileged access to pass through our server, ensuring that all privileged activity is monitored and recorded. The single point of control also allows for real-time viewing of privileged activities, enabling customers to terminate privileged sessions in real-time as a threat is detected. In addition, Privileged Session Manager records complete privileged sessions and stores the recordings in the Digital Vault to prevent tampering. Auditors, forensics team and others are able to view and quickly search through an entire session recording for specific activities. Privileged Session Manager can operate entirely in the background, although customers can opt to deter privileged account users from prohibited conduct by alerting users that their sessions are being recorded. We offer customers the choice of licensing Privileged Session Manager based on the number of devices secured or the number of concurrent sessions it monitors. Our Privileged Session Manager and Enterprise Password Vault serve complementary functions and are part of a shared platform. As such, we frequently sell them together.

Privileged Threat Analytics. Our Privileged Threat Analytics product allows organizations to detect, alert, and respond to anomalous privileged activity while attacks are in progress. Privileged Threat Analytics uses proprietary algorithms to profile and analyze individual privileged user behavior and creates prioritized alerts when abnormal activity is detected. For example, our product can be used to detect privileged account access at unusual times or access to an abnormal quantity of privileged assets. Privileged Threat Analytics can automatically contain an attack by invalidating a stolen credential to block an attacker from further penetrating the network perimeter. Privileged Threat Analytics uses historical data collected by our Privileged Account Security Solution, Digital Vault and other network data sources to create and maintain a current profile of each privileged user's behavior. It allows incident response teams to investigate the details that triggered the alert in order to prioritize and respond to the threat. We specialize in analyzing behavior related to privileged user behavior, thus providing vital intelligence on the most critical attack vector. This intelligence can be integrated into an organization's existing systems and incident response processes enabling a faster response time.

Application Identity Manager. Our Application Identity Manager addresses the challenges of hard-coded, embedded credentials and cryptographic keys being hijacked and exploited by malicious insiders or external cyber attackers. This is enabled by our proprietary Digital Vault application provider technology, which eliminates the need to store such credentials in applications, scripts or configuration files. Instead, Application Identity Manager allows for secure, programmatic retrieval of needed credentials only at run-time and based on master policy control and monitoring.

Endpoint Privilege Manager. Formerly known as CyberArk Viewfinity, which we added to our product offerings following our acquisition of Viewfinity, Inc. in 2015, Endpoint Privilege Manager is intended to secure and manage the use of privileged accounts and credentials on the endpoint, and can be deployed on-premise or as a cloud-based solution. Removing local administrator rights for business users on endpoints can significantly reduce the attack surface, but it can also result in unintended productivity tradeoffs and high help desk costs, as users attempt to regain privileges necessary for day-to-day tasks. Endpoint Privilege Manager is designed to help organizations reduce the attack surface by removing local administrative privileges for business users, granularly controlling IT administrator privileges on Windows Servers based on role and elevating privileges when necessary and authorized. Endpoint Privilege Manager's application control features also enable organizations to closely control and monitor all applications within the environment, identify the original source and instances of malicious applications in the environment for incident response, or supporting forensic investigations. Malicious applications may be immediately blocked, unknown applications may be "grey" listed and restricted pending further analysis and trusted applications may seamlessly run without frustrating business or IT users. Endpoint Privilege Manager also provides a layer of credential protection and can detect and block attempts of malicious applications to hijack credentials and to alert the organization of such in-progress attack.

On-Demand Privileges Manager. Our On-Demand Privileges Manager allows customers to limit the breadth of access of Unix/Linux administrative accounts and granularly restrict them from performing certain commands and functions.

Shared Technology Platform. Our shared technology platform is the foundation of our Privileged Account Security Solution and includes our secure Digital Vault, Web Management Interface, Master Policy Engine and Discovery Engine. Our Digital Vault is an encrypted server that only responds to preset vault protocols to ensure security throughout an organization's network. Our Privileged Account Security Solution's products use our Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged account session data. Our Web Management Interface provides a single, user-friendly interface for customers to set, manage and monitor privileged account security policies across an entire organization in a matter of minutes while allowing for granular level exceptions to meet the organization's unique operational needs. Our Master Policy Engine and Discovery Engine enable organizations to understand the scope of privileged account risk and helps to ensure that all privileged account activity is accounted for by automatically discovering new privileged accounts or changes to existing accounts. Our platform integrates out of the box with over 100 types of IT assets in the datacenter or the cloud, including leading operating systems, databases, network devices, security appliances, hypervisors, applications, industrial control systems and application servers. Our platform further leverages our proprietary vault protocol technology to enable distributed deployments across global networks for central management and auditing while providing enterprise-wide global coverage.

Sensitive Information Management Solution

Our Sensitive Information Management Solution provides a secure platform through which our customers' employees can share sensitive files while enabling the customer to monitor who is sharing these files. This allows organizations to isolate, store, share and track sensitive files and documents, such as customer credit card information, human resource records, intellectual property documents and legal information in a secure, internal environment. It also allows organizations to exchange sensitive information securely and efficiently with their business partners, customers, suppliers and subcontractors. Our Sensitive Information Management Solution integrates with an organization's existing applications and can be deployed on-premise or as a cloud-based solution for faster audit readiness without the need for significant upfront cost.

Our Services

Maintenance and Support

Our customers typically purchase one year or, to a lesser extent, three years, of software maintenance and support in conjunction with their initial purchase of perpetual licenses for our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods. These two alternative maintenance and support periods are common in the software industry. Customers pay for each alternative in full at the beginning of their terms. The substantial majority of our contracts sold are for a one-year term. For example, for the years 2014 through 2016 more than 85% of the renewal contracts were for a one year term.

Our global customer support organization has expertise in our software and how it interacts with complex IT environments. When sales are made to customers directly, we typically also provide any necessary maintenance and support pursuant to a maintenance and support contract directly with the customer. When sales are made through channels, the channel partner (primarily in the EMEA and Asia Pacific and Japan regions) typically provides the first and second level support and we typically provide third level support if the issue cannot be resolved by the channel partner.

Our maintenance and support program provides customers the right to software bug repairs, the latest system enhancements and updates on an if-and-when available basis during the maintenance period, and access to our technical support services. Our technical support services are provided via our online support center, which enables customers to submit new support queries and monitor the status of open and past queries. Our online support system also provides customers with access to our CyberArk Knowledge Base, an online user-driven information repository that provides customers the ability to address their own queries. Additionally, we offer email and telephone support during business hours to customers that purchase a standard support package and 24/7 availability to customers that purchase our 24/7 support package.

Professional Services

Our products are designed for customers to be able to download, install and deploy our software on their own. They are highly configurable and many customers will select either one of our many trained channel partners or our professional services team to provide services. Our professional services team can be contracted to assist customers in planning, installing and configuring our solution to meet the needs of their security and IT environment. Our professional services team provides ongoing consulting services regarding best practices in privileged account security, and recommended ways to implement our solutions to meet specific customer requirements. Additionally, they share best practices associated with use of our software and educate customers and partners on alternative ways to deploy and use our product through CyberArk University, which offers in-person and WebEx courses globally.

Our Technology

Our comprehensive Privileged Account Security Solution relies on a set of proprietary technologies that provide a high level of security, scalability and reliability. The core technologies included in our solution are as follows:

Secure Digital Vault Technology. Our proprietary Digital Vault technology provides a highly secure, isolated environment, independent of other software, and is engineered with multiple layers of security. Our Digital Vault provides a data encryption mechanism that eliminates the need for encryption key management by the end user, while each object in our Digital Vault is encrypted with its own unique encryption key. To ensure security throughout the network, our Digital Vault communicates within an organization's network and over the internet through a proprietary and highly protected Vault Protocol, enabling an organization to implement the centrally managed Privileged Account Security Solution with products located in multiple datacenters and geographic locations. Our Digital Vault provides an additional level of protection by preventing the vault administrator from accessing or discovering protected data stored within it. In addition, our Digital Vault database is embedded, isolated and self-managed as part of our Digital Vault software, thereby blocking database administrator access to our Digital Vault database to further eliminate threats. Our Privileged Account Security Solution's additional products use the highly secured Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged account session data.

Sophisticated Threat Analytics Algorithms. Our team of cyber experts and development engineers has developed proprietary algorithms that are at the core of our Privileged Threat Analytics product. These algorithms were developed using our deep understanding of cybersecurity and cyber attack techniques, together with over a decade of rich experience in analyzing privileged account activities. Our Privileged Threat Analytics product uses these proprietary algorithms to construct a behavioral profile for privileged users within an organization and continuously updates the profile based on normal changes in behavior. Once a behavioral profile is established, the threat analytics algorithms provide the ability to look for deviations from that profile in order to identify anomalies in user behavior. It then scores each individual anomaly and determines the level of threat based on the correlation of such anomalous events. Alerts with full details of the incident, including the probability of malicious intent, can be raised immediately, allowing an organization's incident response team to review the potential threat and take action when necessary.

Strong Application Authentication and Credential Management. Our Application Identity Manager product's architecture allows an organization to eliminate hard-coded application credentials, such as passwords and encryption keys, from applications and scripts. Our secure, proprietary product permits authentication of an application during run-time, based on any combination of the application's signature, executable path, or IP address, and operating system user. Following application authentication, the authenticated application uses a secure application programming interface, or API, to request privileged account credentials during run-time and, based on the application permissions in our Privileged Account Security Solution, up-to-date credentials are provided to the application. To ensure business continuity, and high availability and performance even within complex and distributed network environments, our advanced product architecture provides a secure local credentials cache on the application server, eliminating the dependency on network availability and traffic during a run-time application credential request. Our proprietary architecture provides even higher value in application server environments, allowing an organization to eliminate application credentials without the need to perform any code changes and without impacting application availability.

Privileged Session Recording and Controls. Our innovative privileged session recording and control mechanisms provide the ability to isolate an organization's IT systems from end-user desktops, while monitoring and recording the privileged session activities. Our proprietary architecture provides a highly secure, proxy-based solution that does not require agent installation on the target systems and provides a single-access control point to the target systems. The architecture blocks direct communication between an end-user's desktop and a target system, thus preventing potential malware on the desktop from infiltrating the target system. This architecture further ensures that privileged credentials will remain protected and will not be exposed to the end-user or reach the desktop. Comprehensive recording capabilities provide the ability to record every keystroke and mouse click on the privileged session, and also provide DVR-like recordings with search, locate and alert capabilities.

Endpoint Privilege Manager Server and Endpoint Agents. Following the acquisition of Viewfinity, Inc. in 2015, we began offering endpoint agent technology, which provides policy-based privilege management, application control and credential theft protection capabilities. The agent is able to detect the privileged commands, and application installation or invocation on the endpoint and validate whether permissible by the organization's security policy, otherwise blocking the operation. Having users operate in a least privilege mode together with the Endpoint Privilege Manager agent technology effectively reduces the surface that attackers or malware can exploit. The Endpoint Privilege Manager server provides policy-based agent management and consolidated reporting, which allows organizations to manage privileges and handle application control. The Endpoint Privilege Manager server can also leverage third party threat and reputation information to enrich the policy and black-list definitions to further strengthen controls and block bad or malicious applications based on such security intelligence.

Our Customers

As of December 31, 2016, we had approximately 3,100 customers, including approximately 50% of the Fortune 100 companies and more than 25% of the Global 2000 companies. Our customers include leading organizations in a diverse set of industries, including energy and utilities, banking and financial services, healthcare, insurance, manufacturing, retail, technology and telecommunications and hosting providers, as well as government agencies.

Our business is not dependent on any particular customer. No customer in 2014, 2015 and 2016 and no channel partner in 2014 and 2015 accounted for more than 10% of our revenues. In 2016, our largest channel partner accounted for approximately 12.1% of our revenues. Our diverse global footprint is evidenced by the fact that in 2016, we generated 58.1% of our revenues from customers in the United States, 31.4% from the EMEA region and 10.5% from the rest of the world, including countries in North and South America other than the United States and countries in the Asia Pacific region.

Sales and Marketing

Sales

We believe that our hybrid sales model, which combines the leverage of high touch, channel sales with the account control of direct sales, has played an important role in the growth of our customer base to date. We maintain a highly trained sales force that is responsible for developing and closing new business, the management of relationships with our channel partners and the support and expansion of relationships with existing customers. Our sales organization is organized by geographic regions, consisting of the Americas, EMEA and Asia Pacific and Japan regions. As of December 31, 2016, our global network of channel partners consisted of approximately 300 resellers, distributors and managed service providers. Our channel partners generally complement our sales efforts by helping to identify potential sales targets, maintaining relationships with certain customers and introducing new products to existing customers and offering post-sale professional services and technical support. In 2016, we generated approximately 35% of our revenues from direct sales from our field offices located throughout the world. Approximately 50% of our sales in the United States are direct while the substantial majority of our sales in the EMEA region and the rest of the world are through channel partners. We work with many global systems integration partners and several leading regional security value added resellers, such as , Optiv Security Inc., Computacenter PLC, Orange S.A. Business Services (Orange Cyberdefense), Hewlett-Packard Enterprise Company, Carahsoft Technology Corp, Sayers Technology, LLC, Wipro Limited, and Conexsys Communications Ltd. These companies were each among our top 15 channel partners in 2015 and 2016 by revenues and we have derived a meaningful amount from sales to each of them during the last two years.

Our sales cycle varies by size of the customer, the number of products purchased and the complexity of the customer's IT infrastructure, ranging from several weeks for incremental sales to existing customers to many months for sales to new customers or large deployments. To support our broadly dispersed global channel and customer base, as of December 31, 2016, we had sales personnel in 32 countries. We plan to continue investing in our sales organization to support both the growth of our channel partners and our direct sales organization.

Marketing

Our marketing strategy is focused on building our brand strength, communicating the benefits of our solutions, developing leads and increasing sales to existing customers. We market our software as a solution to stop cyber threats before they have the chance to stop business. We execute our strategy by leveraging a combination of internal marketing professionals and a network of channel partners to communicate the value proposition and differentiation for our products, generating qualified leads for our sales force and channel partners. Our marketing efforts also include public relations in multiple regions and extensive content development available through our website. We are focused on an ongoing thought-leadership campaign to further establish ourselves as a leader in the cybersecurity market. Our marketing team is expanding its efforts by investing in analytics-driven lead development, stronger global coordination, quick response to current events and proactive and consistent communication with market analysts.

Research and Development

Continued investment in research and development is critical to our business. Our research and development efforts are focused primarily on improving and continuing to enhance existing products and services, as well as developing new products, features and functionality. We believe the timely development of new products is essential to maintaining our competitive position. We regularly release new versions of our software which incorporate new features and enhancements to existing ones. We also maintain a dedicated team that researches reported advanced cyber attacks, the attackers' techniques and methods that lead to new security development initiatives for our products and provide thought-leadership on targeted attack mitigation.

As of December 31, 2016, we had 205 employees focused on research and development. We conduct our research and development activities in Israel and we believe this provides us with access to world class engineering talent. Our research and development expenses were $14.4 million, $21.7 million and $34.6 million in 2014, 2015 and 2016, respectively.

Intellectual Property

We rely on a combination of patent, trademark, copyright and trade secret laws, confidentiality procedures and contractual provisions to protect our technology and the related intellectual property.

The claims for which we have sought patent protection relate to current and future elements of our products and technology, including the Digital Vault, Discovery & Audit tool, Privileged Threat Analytics, Privileged Session Manager, Endpoint Privilege Manager and Application Identity Manager.

We generally enter into confidentiality agreements with our employees, consultants, service providers, resellers and customers and generally limit internal and external access to, and distribution of, our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology.

Our industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the security industry have extensive patent portfolios. If we become more successful, we believe that competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that competitors or third parties will claim that our products infringe their proprietary rights. From time to time, third parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners, users or customers, whom our standard license and other agreements obligate us to indemnify against such claims under certain circumstances. Successful claims of infringement or misappropriation by a third party could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, or to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights; and to indemnify our customers and partners (and parties associated with them). Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.

Competition

The IT security market in which we operate is characterized by intense competition, constant change and innovation. We believe that none of our competitors offer a fully comprehensive and integrated privileged account security solution; however, we do compete with companies that offer a broad array of IT security products. Our current and potential future competitors include CA, Inc., Quest Software Inc. International Business Machines Corporation, Microsoft Corporation and Oracle Corporation, in the access and identity management market. Further, we compete with smaller companies that offer solutions at lower price points often with a more limited range of functionality than our own offerings. We may face competition in the future due to changes in the manner that organizations utilize IT assets and the security solutions applied to them, such as the provision of privileged account security functionalities as part of public cloud providers' infrastructure offerings, or cloud-based identity management solutions. Limited IT budgets may also result in competition with providers of other advanced threat protection solutions such as Hewlett-Packard Enterprise Company, EMC Corporation (which was acquired by Dell Inc.), International Business Machines Corporation, FireEye, Inc., Splunk Inc., Check Point Software Technologies Ltd. and Palo Alto Networks, Inc.

The principal competitive factors in our market include:

☐



the breadth and completeness of a security solution;

☐



reliability and effectiveness in protecting, detecting and responding to cyber attacks;

☐



analytics and accountability at an individual user level;

☐



ability of customers to achieve and maintain compliance with compliance standards and audit requirements;

☐



strength of sale and marketing efforts, including distribution and channel relationships;

☐



global reach and customer base;

☐



scalability and ease of integration with an organization's existing IT infrastructure and security investments;

☐



brand awareness and reputation;

☐



innovation and thought leadership;

☐



quality of customer support;

☐



speed at which a solution can be deployed; and

☐



price of a solution and cost of maintenance and professional services.

We believe we compete favorably with our competitors on the basis of these factors. However, some of our current and potential future competitors may enjoy potential competitive advantages, such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical and other resources.

Properties

Our corporate headquarters are located in Petach Tikva, Israel in an office consisting of approximately 64,000 square feet. In February 2015, we signed a new lease with our current landlord for different premises in Petach Tikva, which was expanded in April 2016, consisting of up to approximately 140,000 square feet. We expect to move to the new premises during the second half of 2017. The new lease expires in June 2022. Our U.S. headquarters are located in Newton, Massachusetts in an office consisting of approximately 22,000 square feet. The lease for this office expires in April 2022 with the option to extend for two successive five-year periods. We maintain additional sales offices in England, France, Germany, Singapore, Australia, Japan, Italy, Netherlands and Turkey. We believe that our facilities are sufficient to meet our current needs and that if we require additional space to accommodate our growth we will be able to obtain additional facilities on commercially reasonable terms.

Legal Proceedings

See "Item 8.A. Financial Information—Consolidated Financial Statements and Other Financial Information—Legal proceedings."

Organizational Structure

The legal name of our company is CyberArk Software Ltd. and we are organized under the laws of the State of Israel. We have five wholly-owned subsidiaries: CyberArk Software, Inc., Cyber-Ark Software (UK) Limited, CyberArk Software (Singapore) PTE. LTD., CyberArk Software (Japan) K.K. (established in 2017), and Viewfinity Ltd. (which became a wholly owned subsidiary following the acquisition conducted in 2015 and is expected to be liquidated in 2018). Our wholly-owned United Kingdom subsidiary, Cyber-Ark Software (UK) Limited, has four wholly-owned subsidiaries, which are incorporated in Germany, Italy, France and Netherlands, respectively: CyberArk Software (DACH) GmbH, CyberArk Software Italy S.r.l., CyberArk Software (France) SARL and CyberArk Software (Netherlands) B.V. Our wholly-owned subsidiary in Singapore, CyberArk Software (Singapore) PTE. LTD., has one wholly-owned subsidiary which is incorporated in Australia: CyberArk Software (Australia) Pty Ltd. Our wholly-owned subsidiary in the United States, CyberArk Software, Inc., has one wholly-owned subsidiary which is incorporated in Canada: CyberArk Software Canada Inc. (established in 2017).

Property, Plants and Equipment

See "Item 4.B.—Business Overview—Property" for a discussion of property, plants and equipment.

ITEM 4A. UNRESOLVED STAFF COMMENTS

Not applicable.

ITEM 5.

OPERATING AND FINANCIAL REVIEW AND PROSPECTS

Company Overview

We are a global leader and pioneer of a critical layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solutions are focused on protecting privileged accounts, which have become a critical target in the lifecycle of today's cyber attacks. Privileged accounts act as the "keys to the IT kingdom," providing complete access to, and control of, all parts of IT infrastructure (whether located on premise or in the cloud), industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization's IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solutions proactively protect privileged accounts, monitor privileged activity, detect malicious privileged behavior and enforce privilege security on the endpoint. Our customers use our innovative solutions to introduce this critical security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.

We have a history of innovation. We started operations in 1999 with the vision of protecting high-value business data and pioneered our Digital Vault technology, which is the foundation of our platform. That same year, we began offering our first product, the Sensitive Information Management Solution (previously called the Sensitive Document Vault), which provides a secure platform through which our customers' employees can share sensitive files. We believe our early innovation in vaulting technology enabled us to evolve into a company that provides comprehensive security solutions built for privileged accounts. In 2005, we introduced our Privileged Account Security Solution, which has become our leading offering and reflects our emphasis on protecting privileged accounts across an organization. Our Privileged Account Security Solution leverages a shared technology platform and consists of several products: Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, Endpoint Privilege Manager and On-Demand Privileges Manager.

We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent requested by customers. Our license revenues consist primarily of revenues from sales of our Privileged Account Security Solution. Our customers typically purchase one year and, to a lesser extent, three years, of maintenance and support in conjunction with their initial purchase of perpetual licenses for our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods.

We seek to foster long-term relationships with our customers. We have a significant opportunity to generate additional revenues from our existing customers by helping them identify and address gaps in their current privileged account security strategy. Our platform provides our customers flexibility to initially deploy one or more of our products for a single use case and then expand usage over time to address more use cases, to add incremental licenses for more users or systems or to license additional products from our comprehensive platform. We measure the perpetual license maintenance renewal rate for our customers over a 12-month period, based on a dollar renewal rate of contracts expiring during that time period. Our renewal rate for each of the years ended December 31, 2014, 2015 and 2016 was over 90%. Our key strategies to maintain our renewal rate include focusing on the quality and reliability of our product updates and our technical support services.

We sell our products directly and through a global network of channel partners, including distributors and resellers, who then sell to their end customers. In 2016, we generated approximately 65% of our revenues through sales made by our global network of channel partners, with the balance being generated through our direct sales force. When analyzing our business, we refer to end customers as our customers throughout this annual report. We believe that our hybrid sales model, which combines the leverage of channel sales with the account control of direct sales, will continue to play an important role in the growth of our customer base. Our hybrid sales model has aided our global growth by allowing us to partner with local distributors while being able to use our direct sales team in locations where that approach is advantageous to our business.

We market and sell our solutions to organizations in a variety of industries and geographies. As of December 31, 2016, we had approximately 3,100 customers, including approximately 50% of the Fortune 100 companies and more than 25% of the Global 2000 companies. We define a customer to include a distinct entity, division or business unit of a company. The growth of our business and our future success depend on our ability to expand our customer base and increase our sales to existing customers, which depend on many factors, including our ability to expand our sales force, introduce new products and grow our relationships with channel partners. While each of these areas presents significant opportunities for us, they also pose important challenges and risks that we must successfully address in order to sustain the growth of our business and improve our results of operations. Additionally, the IT security market in which we operate is characterized by intense competition, constant innovation and evolving security needs, each of which may impact our ability to grow our business.

We have experienced strong growth over the last several years, as evidenced by a compound annual growth rate in revenues of 45.0% from 2014 to 2016. We have also increased our number of employees and subcontractors from 430 as of December 31, 2014 to 823 as of December 31, 2016. We intend to continue to execute on our strategy of growing our business to meet the needs of our customers and to pursue opportunities in new and to pursue opportunities in new and existing verticals, geographies and products. We intend to continue to invest in the development of our sales and marketing teams, with a particular focus on expanding our channel partnerships, targeting new customers, creating technology partnerships and solidifying relationships with existing customers. We also plan to continue to invest in research and development in order to continue to develop technology for both existing and new on-premise and cloud-based products and services.

During the years ended December 31, 2014, 2015 and 2016, our revenues were $103.0 million, $160.8 million and $216.6 million, respectively, representing year-over-year growth of 56.1% and 34.7% in 2015 and 2016, respectively, and with maintenance and professional services comprising 37.7% and 39.3% of our revenues in 2015 and 2016, respectively. Our net income for the years ended December 31, 2014, 2015 and 2016 was $10.0 million, $25.8 million and $28.1 million, respectively.

Key Financial Metrics

We monitor several key financial metrics to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts and assess operational efficiencies. The key financial metrics that we monitor are as follows:


	Year ended December 31,
	2014		2015		2016
	(in thousands)
Revenues	$	102,999	$	160,812	$	216,613
Non-GAAP operating income(1)		22,027		43,641		58,014
Non-GAAP net income(1)		15,836		35,262		45,245
Net cash provided by operating activities		23,195		59,160		56,310
Total deferred revenues (as of period-end)		32,160		54,389		73,506

(1)	For a reconciliation of non-GAAP operating income to operating income and of non-GAAP net income to net income, the nearest comparable GAAP measures, see "Item 3.A. Selected Financial Data."

Revenues. We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent requested by customers. We review our revenues generally to assess the overall health of our business and our license revenues in particular to assess the adoption of our software and our growth in the markets we serve.

We consider our license revenues to be particularly important in assessing our results of operations because license fees impact both our short-term and long-term revenues. License purchases, whether by new customers or due to usage expansion by existing customers, impact our revenues favorably in the short-term because we recognize substantially all license fees immediately upon delivery. License purchases further contribute significantly to our revenues in the long term because the size of our maintenance and support contracts is directly related to our licenses revenues but revenues from maintenance and support contracts are recognized on a straight-line basis over the term of the related contract. This fact, coupled with the high renewal rate for our maintenance and support contracts, means that a meaningful portion of the revenues we report each period are recognized from deferred revenues generated by maintenance and support contracts entered into during previous quarters.

The amount that a customer pays for a license can vary from a few thousand dollars to many millions of dollars depending on its scope. We generally license our products on a price per user or price per server basis; however, our license agreements with a small number of our largest customers do not contain any limit on the number of users or servers in recognition of the size of the overall agreement. We also license certain of our products based on the number of concurrent sessions monitored or endpoints secured. As a result, we do not track, and are unable to track, the amount of license revenues we generate on a per user or per server basis. We do, however, maintain internal price guidelines for different size transactions and, since our cost of license revenues is negligible, we generate incremental profit from every license. Although we are focused on growing our customer base, we also do not focus on the exact number of customers that we add in a given period because our revenues are also a function of the size of initial sales to new customers and the size of upsells to existing customers. We seek to increase the number of large transactions that we enter into because they better leverage our operating expense base, and particularly our sales and marketing expenses, and also generate larger maintenance and support contracts to drive future revenues and margins.

Because the size of our maintenance and support contracts is directly related to our licenses revenues and because the rates that we charge for professional services fluctuate very little, the drivers of changes in these sources of revenues have to date been volume-based. Historically, there has been little fluctuation in price when we renew a contract for maintenance and support or for professional services. While the demand for professional services is expected to increase as our customers and license base grow, we expect that our channel partners will increase the amount of such services that they provide. Therefore, while we expect an increase in the dollar amount of our professional services revenue, we do not expect our professional services revenues to increase materially as a percentage of total revenues.

See "—Components of Statements of Operations—Revenues" for more information.

Non-GAAP Operating Income and Non-GAAP Net Income. Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income and non-GAAP net income as operating income and net income, respectively, which each exclude (i) share-based compensation expense, (ii) expenses related to the March 2015 public offering of ordinary shares by certain of our shareholders and to the June 2015 public offering of ordinary shares by us and certain of our shareholders, (iii) expenses related to acquisitions and (iv) amortization of intangible assets related to acquisitions. Non-GAAP net income also excludes (i) financial expenses resulting from the revaluation of warrants to purchase preferred shares and (ii) tax effects related to the non-GAAP adjustments set forth above.

Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company's non-cash expense, we believe that providing non-GAAP operating income and non-GAAP net income that exclude, as appropriate, share-based compensation expenses, expenses relating to public offerings of our ordinary shares, financial expenses resulting from the revaluation of warrants to purchase preferred shares, expenses related to acquisitions, amortization of intangible assets related to acquisitions and the tax effects related to these non-GAAP adjustments allows for more meaningful comparisons between our operating results from period to period. Share-based compensation expense has been, and will continue to be for the foreseeable future, a significant recurring expense in our business and an important part of the compensation we provide to employees. Additionally, excluding financial expenses with respect to revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were exercised in connection with our initial public offering, they are no longer revalued at each balance sheet date. We also believe that expenses related to the public offerings of our ordinary shares in March 2015 and June 2015, expenses related to our acquisitions and amortization of intangible assets related to acquisitions, do not reflect the performance of our core business and would impact period-to-period comparability. Each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our own operating results over different periods of time. In particular, these financial measures reflect our operating expenses, the largest of which is currently sales and marketing. Accordingly, we assess the effectiveness of our sales and marketing efforts in part by considering whether increases in such expenditures are reflected in increased revenues and increased non-GAAP operating income and non-GAAP net income. The material factors driving changes in these financial measures are discussed under the subheading "Revenues" within "—Comparison of Period to Period Results of Operations."

Net Cash Provided by Operating Activities. We monitor net cash provided by operating activities as a measure of our overall business performance. Our net cash provided by operating activities is driven in large part by net income and from up-front payments for maintenance and support contracts and professional services. Monitoring net cash provided by operating activities enables us to analyze our financial performance as it includes our deferred revenues and removes the non-cash effects of certain items such as depreciation, amortization and share-based compensation expense, thereby allowing us to better understand and manage the cash needs of our business. The material factors driving changes in our net cash provided by operating activities are discussed under "—Comparison of Period to Period Results of Operations."

Total Deferred Revenues. Our total deferred revenues consist of amounts that have been collected but that have not yet been recognized as revenues because they do not meet the applicable criteria. The substantial majority of our deferred revenues consists of the unrecognized portion of upfront payments associated with maintenance and support contracts. The remaining balance of our deferred revenues consists of payments for licenses, and, to a lesser extent, professional services that could not yet be recognized. We monitor our total deferred revenues because it represents a significant portion of revenues to be recognized in future periods. Substantially all of the increase in our total deferred revenues has been from growth in our maintenance and support contracts which, in turn, is driven by growth of our license revenues. The material factors driving changes in our license revenues are discussed under "—Comparison of Period to Period Results of Operations."

Operating Results

The following discussion and analysis should be read in conjunction with the section titled "Item 3.A. Selected Financial Data" of this annual report and our consolidated financial statements and the related notes contained elsewhere in this annual report. This discussion and analysis may contain forward-looking statements based upon current expectations that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth in "Item 3.D. Risk Factors" of this annual report. Our financial statements have been prepared in accordance with U.S. GAAP.

Components of Statements of Operations

Revenues

Our revenues consist of the following:

☐

License Revenues. License revenues are generated primarily from sales of licenses for our cybersecurity software: Privileged Account Security Solution and Sensitive Information Management Solution.

○

Privileged Account Security Solution – the substantial majority of our license revenues has been from sales of our Privileged Account Security Solution. Customers can purchase Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager, Endpoint Privilege Manager and On-Demand Privileges Manager. We license our Enterprise Password Vault to our customers based on the number of privileged account users. We offer customers the choice of licensing our Privileged Session Manager based on the number of devices secured or the number of concurrent sessions it monitors. We license our SSH Key Manager, Application Identity Manager and On-Demand Privileges Manager to our customers based on the number of servers that each such product protects. We license our Privileged Threat Analytics to customers based on the number of protected endpoints, such as servers, desktops, databases or mobile devices. We license our Endpoint Privilege Manager to our customers based on the number of protected endpoints such as servers and desktops.

○

Sensitive Information Management Solution–we generate additional license revenues through sales of our Sensitive Information Management Solution, our first product to market. Customers license the Sensitive Information Management Solution based on the permitted number of users of the software.

☐

Maintenance and Professional Services Revenues. Maintenance revenues are generated from maintenance and support contracts purchased by our customers in order to gain access to the latest software enhancements and updates on an 'if and when available' basis and to telephone and email technical support. We also offer professional services focused on both deployment and training our customers to fully leverage the use of our products.

Geographic Breakdown of Revenues

The United States is our biggest market, with the balance of our revenues generated from the EMEA region and the rest of the world, including North and South America (excluding the United States) as well as countries in the Asia Pacific and Japan region. The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:


	Year ended December 31,
	2014				2015				2016
	(in thousands)
United States	$	60,761	59.0	%	$	92,034	57.2	%	$	125,749	58.1	%
EMEA		33,198	32.2	%		50,644	31.5	%		68,094	31.4	%
Rest of World		9,040	8.8	%		18,134	11.3	%		22,770	10.5	%

Total revenues	$	102,999	100.0	%	$	160,812	100.0	%	$	216,613	100.0	%

Cost of Revenues

Our total cost of revenues consists of the following:

☐

Cost of License Revenues. Cost of license revenues consists primarily of shipping costs associated with delivery of our software, amortization of intangible assets and license payments to third-party software vendors. We expect the absolute cost of license revenues to increase as our license revenues increase.

☐

Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues primarily consists of personnel costs for our global customer support and professional services organization. Such costs consist of salaries, benefits, bonuses, share-based compensation and subcontractors' fees. We expect the absolute cost of maintenance and professional services revenues to increase as our customer base grows and as we hire additional professional services and technical support personnel.

Gross Profit and Gross Margin

Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin has historically fluctuated slightly from period to period as a result of changes in the mix of license revenues and maintenance and professional services revenues and we expect this pattern to continue.

Operating Expenses

Our operating expenses are classified into three categories: research and development, sales and marketing and general and administrative. For each category, the largest component is personnel costs, which consists of salaries, employee benefits (including commissions and bonuses) and share-based compensation expense. Operating expenses also include allocated overhead costs for facilities and foreign currency hedging contracts gains and losses. Allocated costs for facilities primarily consist of rent and office maintenance and utilities. Operating expenses are generally recognized as incurred. We expect personnel and all allocated costs to continue to increase in absolute dollars as we hire new employees and add facilities to continue to grow our business. We expect operating margins to decline in the near term compared to prior periods as we further increase our headcount to support the future growth of our business.

Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel and consultants as well as allocated overhead costs and amortization of intangibles assets. We expense research and development expenses as incurred. We expect that our research and development expenses will continue to increase in absolute dollars as we continue to grow our research and development headcount to further strengthen our technology platform and invest in the development of both existing and new products.

Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as marketing and business development costs, product certifications, travel expenses, allocated overhead costs and amortization of intangibles assets. We expect that sales and marketing expenses will continue to increase in absolute dollars and, in the near term, as a percentage of our revenues as we plan to expand our sales and marketing efforts globally. We expect sales and marketing expenses will remain our largest category of operating expenses.

General and Administrative. General and administrative expenses consist primarily of personnel costs for our executive, finance, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting and other professional service fees. We expect that general and administrative expense will increase in absolute dollars as we grow and expand our operations and operate as a public company, including higher legal, corporate insurance, investor relations and accounting expenses, and the additional costs relating to our ongoing regulatory compliance efforts.

Financial Income (Expenses), Net

Financial income (expenses), net consists of interest income, foreign currency exchange gains or losses, foreign exchange forward transactions and warrant liability expenses. Interest income consists of interest earned on our cash, cash equivalents, short-term bank deposits and marketable securities. We expect interest income to vary depending on our average investment balances and market interest rates during each reporting period. Foreign currency exchange changes reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar. Warrant liability changes relate to our preferred share warrants. Our preferred share warrants were classified as a liability on our consolidated balance sheets and, as such, were remeasured to fair value each period with a corresponding expense from the adjustment recorded as financial income (expenses), net. Immediately prior to the completion of our initial public offering, all of our preferred share warrants were exercised and, accordingly, we no longer record any financial expenses in respect of them on our statement of operations. As of the most recent reporting period, we did not have any indebtedness for borrowed amounts.

Taxes on Income

The standard corporate tax rate in Israel is currently 24.0%, and was 25.0% for 2016 and 26.5% for 2015. As of 2018, the corporate tax rate will be 23%.

As discussed in greater detail below under "Israeli Tax Consideration and Government Programs", we have received various tax benefits under the Investment Law. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income under these benefits programs is 16.0%.

Under the Investment Law and other Israeli legislation, we are entitled to certain additional tax benefits, including accelerated depreciation and amortization rates for tax purposes on certain assets and deduction of public offering expenses in three equal annual installments.

Our non-Israeli subsidiaries are taxed according to the tax laws in their respective jurisdictions of organization. Due to our multi-jurisdictional operations, we apply significant judgment to determine our consolidated income tax position.

Comparison of Period to Period Results of Operations

The following table sets forth our results of operations in dollars and as a percentage of revenues for the periods indicated:

	Year ended December 31,
	2014						2015						2016
	Amount			% of Revenues			Amount			% of Revenues			Amount			% of Revenues
	(in thousands, except for %)
Revenues:
License	$	61,320			59.5	%	$	100,113			62.3	%	$	131,530			60.7	%
Maintenance and professional services		41,679			40.5			60,699			37.7			85,083			39.3

Total revenues		102,999			100.0			160,812			100.0			216,613			100.0

Cost of revenues:
License		2,654			2.6			5,088			3.2			4,726			2.2
Maintenance and professional services		12,053			11.7			17,572			10.9			25,425			11.7

Total cost of revenues		14,707			14.3			22,660			14.1			30,151			13.9

Gross profit		88,292			85.7			138,152			85.9			186,462			86.1

Operating expenses:
Research and development		14,400			14.0			21,734			13.5			34,614			16.0
Sales and marketing		44,943			43.6			66,206			41.2			93,775			43.3
General and administrative		8,495			8.2			16,990			10.6			22,117			10.2

Total operating expenses		67,838			65.8			104,930			65.3			150,506			69.5

Operating income		20,454			19.9			33,222			20.6			35,956			16.6
Financial income (expenses), net		(5,988	)		(5.8	)		(1,479	)		(0.9	)		245			0.1

Income before taxes on income		14,466			14.1			31,743			19.7			36,201			16.7
Taxes on income		(4,512	)		(4.4	)		(5,949	)		(3.7	)		(8,077	)		(3.7	)

Net income	$	9,954			9.7	%	$	25,794			16.0	%	$	28,124			13.0	%

Year Ended December 31, 2015 Compared to Year Ended December 31, 2016

Revenues

	Year ended December 31,
	2015					2016					Change
	Amount		% of Revenues			Amount		% of Revenues			Amount		%
	($ in thousands)
Revenues:
License	$	100,113		62.3	%	$	131,530		60.7	%	$	31,417		31.4	%
Maintenance and professional services		60,699		37.7			85,083		39.3			24,384		40.2

Total revenues	$	160,812		100.0	%	$	216,613		100.0	%	$	55,801		34.7	%

Revenues increased by $55.8 million, or 34.7%, from $160.8 million in 2015 to $216.6 million in 2016. This increase was due to increased sales of our solutions. This increase was also driven by growth in both our license revenues and our maintenance and professional services revenues. This growth was most pronounced in the United States, where revenues increased by $33.7 million compared to increases of $17.5 million in EMEA and $4.6 million in the rest of the world. The significant increase in revenues from the United States primarily resulted from a higher volume of deals including large transactions of greater than $1.0 million each that together accounted for $21.6 million. Multiple large transactions or even a single large transaction in a specific period could materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 2,500 as of December 31, 2015 to approximately 3,100 as of December 31, 2016.

License revenues increased by $31.4 million, or 31.4%, from $100.1 million in 2015 to $131.5 million in 2016. In 2016, approximately 60.0% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by increased demand for our Enterprise Password Vault and Privileged Session Manager.

Maintenance and professional services revenues increased by $24.4 million, or 40.2%, from $60.7 million in 2015 to $85.1 million in 2016. Maintenance revenues increased by $21.3 million from $48.1 million in 2015 to $69.4 million in 2016, with renewals accounting for approximately $11.9 million and initial maintenance contracts for approximately $9.4 million, respectively, of this increase. Professional services revenues increased by $3.1 million from $12.6 million in 2015 to $15.7 million in 2016 primarily due to the provision of more services to customers.

Cost of Revenues and Gross Profit

	Year ended December 31,
	2015					2016					Change
	Amount		% of Revenues			Amount		% of Revenues			Amount			%
	($ in thousands)
Cost of revenues:
License	$	5,088		3.2	%	$	4,726		2.2	%	$	(362	)		(7.1	)%
Maintenance and professional services		17,572		10.9			25,425		11.7			7,853			44.7

Total cost of revenues	$	22,660		14.1	%	$	30,151		13.9	%	$	7,491			33.1	%

Gross profit	$	138,152		85.9	%	$	186,462		86.1	%	$	48,310			35.0	%

Cost of license revenues decreased by $0.4 million, or 7.1%, from $5.1 million in 2015 to $4.7 million in 2016. The decrease in cost of license revenues was driven primarily by the contribution of our in-house Endpoint Privilege Manager product compared to the third-party product resold in 2015.

Cost of maintenance and professional services revenues increased by $7.8 million, or 44.7%, from $17.6 million in 2015 to $25.4 million in 2016. The increase in cost of maintenance and professional services revenues was driven primarily by a $6.2 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 118 at the end of 2015 to 166 at the end of 2016.

Gross profit increased by $48.3 million, or 35.0%, from $138.2 million in 2015 to $186.5 million in 2016. Gross margins increased from 85.9% in 2015 to 86.1% in 2016. This increase was driven by our revenue growth outpacing the growth of our cost of revenue as well as higher margin contribution of our in-house Endpoint Privilege Manager product compared to the third-party product resold in 2015.

Operating Expenses

	Year ended December 31,
	2015					2016					Change
	Amount		% of Revenues			Amount		% of Revenues			Amount		%
	($ in thousands)
Operating expenses:
Research and development	$	21,734		13.5	%	$	34,614		16.0	%	$	12,880		59.3	%
Sales and marketing		66,206		41.2			93,775		43.3			27,569		41.6
General and administrative		16,990		10.6			22,117		10.2			5,127		30.2

Total operating expenses	$	104,930		65.3	%	$	150,506		69.5	%	$	45,576		43.4	%

Research and Development. Research and development expenses increased by $12.9 million, or 59.3%, from $21.7 million in 2015 to $34.6 million in 2016. This increase was primarily attributable to a $10.3 million increase in personnel costs and related expenses as we increased our research and development team headcount from 176 at the end of 2015 (including approximately 30 employees who joined us following the acquisitions of Cybertinel and Viewfinity which occurred in the second half of 2015) to 205 at the end of 2016 to support continued investment in our future product and service offerings. The increase was also attributable to a $1.2 million increase related to amortization of intangible assets from our acquisitions.

Sales and Marketing. Sales and marketing expenses increased by $27.6 million, or 41.6%, from $66.2 million in 2015 to $93.8 million in 2016. This increase was primarily attributable to a $19.6 million increase in personnel costs and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $3.1 million increase in expenses related to our marketing programs and a $1.6 million increase in travel and related expenses. The increase was also attributable to a $1.2 million increase related to amortization of intangible assets from our acquisitions. Our sales and marketing headcount grew from 294 at the end of 2015 to 377 at the end of 2016.

General and Administrative. General and administrative expenses increased by $5.1 million, or 30.2%, from $17.0 million in 2015 to $22.1 million in 2016. This increase was primarily attributable to an increase of $4.3 million in personnel costs and related expenses due to increased headcount.

Financial Income (Expenses), Net. Financial income (expenses), net changed by $1.7 million from $1.5 million of expenses in 2015 to $0.2 million of income in 2016. This change resulted primarily from an increase of $1.4 million in interest income from investments in marketable securities and short and long term deposits.

Taxes on Income. Taxes on income increased from $5.9 million in 2015 to $8.1 million in 2016. This increase was attributable to the increase in pre-tax income coupled with certain tax benefits we were able to recognize in 2015 resulting from acquisitions.

Year Ended December 31, 2014 Compared to Year Ended December 31, 2015

Revenues

	Year ended December 31,
	2014					2015					Change
	Amount		% of Revenues			Amount		% of Revenues			Amount		%
	($ in thousands)
Revenues:
License	$	61,320		59.5	%	$	100,113		62.3	%	$	38,793		63.3	%
Maintenance and professional services		41,679		40.5			60,699		37.7			19,020		45.6

Total revenues	$	102,999		100.0	%	$	160,812		100.0	%	$	57,813		56.1	%

Revenues increased by $57.8 million, or 56.1%, from $103.0 million in 2014 to $160.8 million in 2015. This increase was due to increased sales of our solutions. This increase was also driven by growth in both our license revenues and our maintenance and professional services revenue. This growth was most pronounced in the United States where revenues increased by $31.3 million compared to increases of $17.4 million in EMEA and $9.1 million in the rest of the world. The significant increase in revenues from the United States primarily resulted from a higher volume of deals including large transactions of greater than $1.0 million each that together accounted for $11.7 million. Multiple large transactions or even a single large transaction in a specific period could materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 1,800 as of December 31, 2014 to approximately 2,500 as of December 31, 2015.

License revenues increased by $38.8 million, or 63.3%, from $61.3 million in 2014 to $100.1 million in 2015. In 2015, approximately 50% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by increased demand for our Enterprise Password Vault and Privileged Session Manager.

Maintenance and professional services revenues increased by $19.0 million, or 45.6%, from $41.7 million in 2014 to $60.7 million in 2015. Maintenance revenues increased by $15.0 million from $33.1 million in 2014 to $48.1 million in 2015, with renewals accounting for approximately $4.7 million and initial maintenance contracts for approximately $10.3 million, respectively, of this increase. Professional services revenues increased by $4.0 million from $8.6 million in 2014 to $12.6 million in 2015 due to the provision of more services to customers.

Cost of Revenues and Gross Profit


	Year ended December 31,
	2014					2015					Change
	Amount		% of Revenues			Amount		% of Revenues			Amount		%
	($ in thousands)
Cost of revenues:
License	$	2,654		2.6	%	$	5,088		3.2	%	$	2,434		91.7	%
Maintenance and professional services		12,053		11.7			17,572		10.9			5,519		45.8

Total cost of revenues	$	14,707		14.3	%	$	22,660		14.1	%	$	7,953		54.1	%

Gross profit	$	88,292		85.7	%	$	138,152		85.9	%	$	49,860		56.5	%

Cost of license revenues increased by $2.4 million, or 91.7%, from $2.7 million in 2014 to $5.1 million in 2015. The increase in cost of license revenues was driven primarily by an increase in license revenue and amortization of intangible assets from our recent acquisitions.

Cost of maintenance and professional services revenues increased by $5.5 million, or 45.8%, from $12.1 million in 2014 to $17.6 million in 2015. The increase in cost of maintenance and professional services revenues was driven primarily by a $3.5 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 76 at the end of 2014 to 118 at the end of 2015.

Gross profit increased by $49.9 million, or 56.5%, from $88.3 million in 2014 to $138.2 million in 2015. Gross margins increased from 85.7% in 2014 to 85.9% in 2015. This increase was driven by our revenue growth outpacing the growth of our cost of revenue.

Operating Expenses


	Year ended December 31,
	2014					2015					Change
	Amount		% of Revenues			Amount		% of Revenues			Amount		%
	($ in thousands)
Operating expenses:
Research and development	$	14,400		14.0	%	$	21,734		13.5	%	$	7,334		50.9	%
Sales and marketing		44,943		43.6			66,206		41.2			21,263		47.3
General and administrative		8,495		8.2			16,990		10.6			8,495		100.0

Total operating expenses	$	67,838		65.8	%	$	104,930		65.3	%	$	37,092		54.7	%

Research and Development. Research and development expenses increased by $7.3 million, or 50.9%, from $14.4 million in 2014 to $21.7 million in 2015. This increase was primarily attributable to a $5.7 million increase in personnel costs and related expenses as we increased our research and development team headcount from 119 at the end of 2014 to 176 at the end of 2015 to support continued investment in our future product and service offerings. The increase was also attributable to a $0.7 million increase related to amortization of intangible assets from our recent acquisitions.

Sales and Marketing. Sales and marketing expenses increased by $21.3 million, or 47.3%, from $44.9 million in 2014 to $66.2 million in 2015. This increase was primarily attributable to a $17.5 million increase in expenses for salaries and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $1.6 million increase in expenses related to our marketing programs and a $0.7 million increase in travel and related expenses. Our sales and marketing headcount grew from 202 at the end of 2014 to 294 at the end of 2015.

General and Administrative. General and administrative expenses increased by $8.5 million, or 100.0%, from $8.5 million in 2014 to $17.0 million in 2015. This increase was primarily attributable to an increase of $4.0 million in payroll expenses, including variable compensation to executive management, due to increased headcount coupled with a $3.5 million increase in legal and accounting fees of which $2.2 million was expenses related to acquisitions and expenses related to the public offerings of our ordinary shares in March 2015 and June 2015.

Financial Expenses, Net. Financial expenses decreased by $4.5 million from $6.0 million in 2014 to $1.5 million in 2015. This decrease resulted primarily from expenses associated with the revaluation of fair value of warrants to purchase series B3 preferred shares of $4.3 million in 2014.

Taxes on Income. Taxes on income increased from $4.5 million in 2014 to $5.9 million in 2015. This increase was attributable to the increase in pre-tax income partially offset by tax benefits we had from our recent acquisitions.

Application of Critical Accounting Policies and Estimates

Our accounting policies and their effect on our financial condition and results of operations are more fully described in our consolidated financial statements included elsewhere in this annual report. We have prepared our financial statements in conformity with U.S. GAAP, which requires management to make estimates and assumptions that in certain circumstances affect the reported amounts of assets and liabilities, revenues and expenses and disclosure of contingent assets and liabilities. These estimates are prepared using our best judgment, after considering past and current events and economic conditions. While management believes the factors evaluated provide a meaningful basis for establishing and applying sound accounting policies, management cannot guarantee that the estimates will always be consistent with actual results. In addition, certain information relied upon by us in preparing such estimates includes internally generated financial and operating information, external market information, when available, and when necessary, information obtained from consultations with third-parties. Actual results could differ from these estimates and could have a material adverse effect on our reported results. See "Item 3.D. Risk Factors" for a discussion of the possible risks which may affect these estimates.

We believe that the accounting policies discussed below are critical to our financial results and to the understanding of our past and future performance, as these policies relate to the more significant areas involving management's estimates and assumptions. We consider an accounting estimate to be critical if: (1) it requires us to make assumptions because information was not available at the time or it included matters that were highly uncertain at the time we were making our estimate; and (2) changes in the estimate could have a material impact on our financial condition or results of operations.

Revenue Recognition

We account for our software licensing sales in accordance with the Financial Accounting Standards Board, or FASB, Accounting Standards Codification, or ASC, 985-605, "Software Revenue Recognition." ASC 985-605 generally requires revenues earned on software arrangements involving multiple elements to be allocated to each element based on the relative fair value of the elements when Vendor Specific Objective Evidence, or VSOE, of fair value exists for all elements and to be allocated to the different elements in the arrangement under the "residual method" when VSOE of fair value exists for all undelivered elements and no VSOE exists for the delivered elements.

Maintenance and professional services are sold separately and therefore the selling price (VSOE) is based on stand-alone transactions.

Under the residual method, at the outset of the arrangement with the customer, we defer revenues for the fair value of our undelivered elements and recognize revenues for the remainder of the arrangement fee attributable to the elements initially delivered in the arrangement (software product) when all other criteria in ASC 985-605 have been met. Any discount in the arrangement is allocated to the delivered element.

We recognize software license revenues when persuasive evidence of an arrangement exists, the software license has been delivered, there are no uncertainties surrounding product acceptance, there are no significant future performance obligations, the license fees are fixed or determinable and collection of the license fee is considered probable. Fees for arrangements with payment terms extending beyond customary payment terms are considered not to be fixed or determinable, in which case revenues are deferred and recognized when payments become due from the customer provided that all other revenue recognition criteria have been met.

Revenues from maintenance and support contracts are recognized ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and revenues from professional services which consist mostly of time and material services are recognized as the services are performed. Our agreements with resellers are non-exchangeable, non-refundable, non-returnable and carry no rights of price protection. Accordingly, we consider resellers as customers.

We do not grant a right of return to our customers. In transactions where a customer's contractual terms include a substantive provision for customer acceptance, revenues are recognized when such acceptance has been obtained or when the acceptance provision has lapsed.

Deferred revenues include unearned amounts received under maintenance and support contracts, professional services and amounts received from customers for licenses that do not meet the revenue recognition criteria as of the balance sheet date.

Derivative instruments

ASC No. 815, "Derivative and Hedging", requires companies to recognize all of their derivative instruments as either assets or liabilities in the statement of financial position at fair value. For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument, based upon the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.

For derivative instruments that are designated and qualify as a cash flow hedge (i.e., hedging the exposure to variability in expected future cash flows that is attributable to a particular risk), the effective portion of the gain or loss on the derivative instrument is reported as a component of other comprehensive income and reclassified into earnings in the same period or periods during which the hedged transaction affects earnings. The remaining gain or loss on the derivative instrument in excess of the cumulative change in the present value of future cash flows of the hedged item, if any, is recognized in current earnings during the period of change.

To hedge against the risk of overall changes in cash flows resulting from foreign currency salary payments during the year, we have instituted a foreign currency cash flow hedging program. We hedge a portion of our forecasted expenses denominated in NIS. These forward and option contracts are designated as cash flow hedges, as defined by ASC 815, and are all effective, as their critical terms match underlying transactions being hedged.

In addition to the derivatives that are designated as hedges as discussed above, we also enter into certain foreign exchange forward transactions to economically hedge certain account receivables in Euro and GBP. Gains and losses related to such derivative instruments are recorded in financial income (expenses), net.

Share-Based Compensation

Option Valuations

Under U.S. GAAP, we account for share-based compensation for employees in accordance with the provisions of the FASB's ASC Topic 718 "Compensation—Stock Based Compensation," or ASC 718, which requires us to measure the cost of options based on the fair value of the award on the grant date.

We selected the Black-Scholes-Merton option pricing model as the most appropriate method for determining the estimated fair value of options. The resulting cost of an equity incentive award is recognized as an expense over the requisite service period of the award, which is usually the vesting period. We recognize compensation expense over the vesting period using the straight-line method and classify these amounts in the consolidated financial statements based on the department to which the related employee reports.

The determination of the grant date fair value of options using the Black-Scholes-Merton option pricing model is affected by estimates and assumptions regarding a number of complex and subjective variables. These variables include the expected volatility of our share price over the expected term of the options, share option exercise, cancellation behaviors, risk-free interest rates and expected dividends, which are estimated as follows:

☐



Fair Value of our Ordinary Shares. Because our shares were not publicly traded before September 24, 2014, we estimated the fair value of ordinary shares based on a number of objective and subjective factors consistent with the methodologies outlined in the American Institute of Certified Public Accountants Practice Aid, Valuation of Privately-Held-Companies Equity Securities Issued as Compensation, and based on independent third-party valuations that we obtained on a periodic basis. Following our initial public offering on September 24, 2014, our ordinary shares are publicly traded, and therefore we currently base the value of our ordinary shares on their market price.

☐



Expected Term. The expected term of options granted represents the period of time that options granted are expected to be outstanding, and is determined based on the simplified method in accordance with ASC No. 718-10-S99-1, (SAB No. 110), as adequate historical experience is not available to provide a reasonable estimate.

☐



Volatility. The expected share price volatility was based on the historical equity volatility of the ordinary shares of comparable companies that are publicly traded.

☐



Risk-free Rate. The risk-free interest rate is based on the yield from U.S. Treasury zero-coupon bonds with a term equivalent to the contractual life of the options.

☐



Dividend Yield. We have never declared or paid any cash dividends and do not presently plan to pay cash dividends in the foreseeable future. Consequently, we used an expected dividend yield of zero.

Warrants to Purchase Preferred Shares

Prior to our initial public offering, we accounted for freestanding warrants to purchase our preferred shares as a liability on our balance sheet at fair value. We recorded warrants to purchase preferred shares as a liability because the underlying preferred shares were contingently redeemable (upon a deemed liquidation event) and, therefore, could have required us to transfer assets. The warrants were subject to re-measurement to fair value at each balance sheet date and any change in fair value was recognized as a component of financial income (expense), net, on the consolidated statements of comprehensive income.

We recorded the warrants at their estimated fair value utilizing the option pricing model with changes in the fair value of the warrant liability reflected in financial income (expense), net. Upon the completion of our initial public offering, the warrants were exercised to Series B3 preferred shares and later converted to ordinary shares. We re-measured the warrants as of the conversion date using the intrinsic value based on the initial public offering price.

During the year ended December 31, 2014, we recognized financial expenses in the amount of $4.3 million from the re-measurement of the fair value of the warrants.

Goodwill and other Intangible Assets

Goodwill and certain other purchased intangible assets have been recorded in our financial statements as a result of acquisitions. Goodwill represents excess of the costs over the net tangible and intangible assets acquired of businesses acquired under ASC No. 350, "Intangible - Goodwill and other," ("ASC 350") according to which goodwill is not amortized. In addition, the costs of intangible assets that were purchased from others for use in research and development activities were recorded as assets to the extent that they have alternative future use.

ASC 350 requires goodwill to be tested for impairment at least annually or between annual tests in certain circumstances, and written down when impaired. We operate as one reporting unit. Therefore, goodwill is tested for impairment by comparing the fair value of the reporting unit with its carrying value. We elect to perform an annual impairment test of goodwill as of October 1 of each year, or more frequently if impairment indicators are present.

Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated useful lives of the respective assets which range from one to 13 years. Acquired customer relationship and backlog are amortized over their estimated useful lives in proportion to the economic benefits realized. Other intangible assets consist primarily of technology are amortized over their estimated useful lives on a straight-line basis.

For the years ended December 31, 2015 and 2016, no impairment losses were identified.

Income Taxes

As part of the process of preparing our consolidated financial statements we are required to estimate our taxes in each of the jurisdictions in which we operate. We account for income taxes in accordance with ASC Topic 740, "Income Taxes," or ASC Topic 740. ASC Topic 740 prescribes the use of an asset and liability method whereby deferred tax asset and liability account balances are determined based on the temporary difference between book value and tax bases of assets and liabilities and carryforward tax losses. Deferred taxes are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. We exercise judgment and provide a valuation allowance, if necessary, to reduce deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred tax asset will not be realized.

We established reserves for uncertain tax positions based on the evaluation of whether or not the Company's uncertain tax position is "more likely than not" to be sustained upon examination. The Company records interest and penalties pertaining to its uncertain tax positions in the financial statements as income tax expense.

Israeli Tax Considerations and Government Programs

The following is a brief summary of the material Israeli tax laws applicable to us, and certain Israeli Government programs that benefit us. To the extent that the discussion is based on new tax legislation that has not yet been subject to judicial or administrative interpretation, we cannot assure you that the appropriate tax authorities or the courts will accept the views expressed in this discussion. The discussion below is subject to change, including due to amendments under Israeli law or changes to the applicable judicial or administrative interpretations of Israeli law, which change could affect the tax consequences described below.

General Corporate Tax Structure in Israel

Israeli companies are generally subject to corporate tax on their taxable income. In 2017, the corporate tax rate is 24.0% (in 2015 and 2016, the corporate tax rate was 26.5% and 25.0%, respectively). In 2018, the corporate tax rate will be 23%. However, the effective tax rate payable by a company that derives income from an Approved Enterprise, a Benefited Enterprise or a Preferred Enterprise (as discussed below) may be considerably less. Capital gains derived by an Israeli company are generally subject to tax at the prevailing regular corporate tax rate.

Tax Benefits and Grants for Research and Development

Israeli tax law allows, under certain conditions, a tax deduction for research and development expenditures, including capital expenditures, for the year in which they are incurred if:

☐



the expenditures are approved by the relevant Israeli government ministry, determined by the field of research;

☐



the research and development is for the promotion or development of the company; and

☐



the research and development is carried out by or on behalf of the company seeking the deduction.

However, the amount of such deductible expenses shall be reduced by the sum of any funds received through government grants for the finance of such scientific research and development projects. Expenditures not so approved are deductible over a three-year period from the first year that the expenditures were made if the research or development is for the promotion or development of the company.

Law for the Encouragement of Industry (Taxes), 5729-1969

The Law for the Encouragement of Industry (Taxes), 5729-1969, generally referred to as the Industry Encouragement Law, provides several tax benefits for "Industrial Companies".

The Industry Encouragement Law defines an "Industrial Company" as an Israeli resident company which was incorporated in Israel, of which 90% or more of its income in any tax year, other than income from certain government loans, is derived from an "Industrial Enterprise" owned by it and located in Israel. An "Industrial Enterprise" is defined as an enterprise whose principal activity in a given tax year is industrial production.

The following tax benefits, among others, are available to Industrial Companies:

☐



deduction of the cost of purchased know-how, patents and rights to use a patent and know-how which are used for the development or promotion of the Industrial Enterprise, over an eight-year period commencing on the year in which such rights were first exercised;

☐



under limited conditions, an election to file consolidated tax returns together with Israeli Industrial Companies controlled by it; and

☐



expenses related to a public offering are deductible in equal amounts over three years commencing on the year of offering.

Eligibility for benefits under the Industry Encouragement Law is not contingent upon the approval of any governmental authority. We believe that we qualify as an Industrial Company within the meaning of the Industry Encouragement Law. The Israel Tax Authority may determine that we do not qualify as an Industrial Company, which could entail our loss of the benefits that relate to this status. There can be no assurance that we will continue to qualify as an Industrial Company or that the benefits described above will be available in the future.

Law for the Encouragement of Capital Investments, 5719-1959

The Law for the Encouragement of Capital Investments, 5719-1959, generally referred to as the Investment Law, provides certain incentives for capital investments in production facilities (or other eligible assets) by "Industrial Enterprises" (as defined under the Investment Law).

The Investment Law was significantly amended effective April 1, 2005, or the 2005 Amendment, further amended as of January 1, 2011, or the 2011 Amendment, and further amended as of January 1, 2017, or the 2017 Amendment. Pursuant to the 2005 Amendment, tax benefits granted in accordance with the provisions of the Investment Law prior to its revision by the 2005 Amendment remain in force but any benefits granted subsequently are subject to the provisions of the 2005 Amendment. Similarly, the 2011 Amendment introduced new benefits to replace those granted in accordance with the provisions of the Investment Law in effect prior to the 2011 Amendment. However, companies entitled to benefits under the Investment Law as in effect prior to January 1, 2011 were entitled to choose to continue to enjoy such benefits, provided that certain conditions are met, or elect instead, irrevocably, to forego such benefits and have the benefits of the 2011 Amendment apply. The 2017 Amendment introduces new benefits for Technological Enterprises, alongside the existing tax benefits.

Tax Benefits Prior to the 2005 Amendment

An investment program that is implemented in accordance with the provisions of the Investment Law prior to the 2005 Amendment, referred to as an "Approved Enterprise", is entitled to certain benefits. A company that wished to receive benefits as an Approved Enterprise must have received approval from the Israeli Authority for Investments and Development of the Industry and Economy, or the Investment Center. Each certificate of approval for an Approved Enterprise relates to a specific investment program, delineated both by the financial scope of the investment, including sources of funds, and by the physical characteristics of the facility or other assets.

In general, an Approved Enterprise is entitled to receive a cash grant from the Government of Israel or an alternative package of tax benefits, known as the alternative benefits track. The tax benefits available under any certificate of approval relate only to taxable income attributable to the specific program and are contingent upon meeting the criteria set out in such certificate. Income derived from activity that is not integral to the activity of the Approved Enterprise will not enjoy tax benefits.

The tax benefits under the alternative benefits track include an exemption from corporate tax on undistributed income which was generated from an Approved Enterprise for between two and ten years from the first year of taxable income, depending on the geographic location of the Approved Enterprise facility within Israel, and the taxation of income generated from an Approved Enterprise at a reduced corporate tax rate of between 10% to 25% for the remainder of the benefits period, depending on the level of foreign investment in the company in each year, as detailed below. The benefits commence on the date in which that taxable income is first earned. The benefits period under Approved Enterprise status is limited to 12 years from the year in which the production commenced (as determined by the Investment Center), or 14 years from the year of receipt of the approval as an Approved Enterprise, whichever ends earlier. If a company has more than one Approved Enterprise program or if only a portion of its capital investments are approved, its effective tax rates is the result of a weighted combination of the applicable tax rates. The entitlement to the above benefits is subject to fulfillment of certain conditions, according to the law and related regulations.

In addition, a company that has an Approved Enterprise program is eligible for further tax benefits if it qualifies as a Foreign Investors' Company, or an FIC, which is a company with a level of foreign investment, as defined in the Investment Law, of more than 25%. The level of foreign investment is measured as the percentage of rights in the company (in terms of shares, rights to profits, voting and appointment of directors), and of combined share and loan capital, that are owned, directly or indirectly, by persons who are not residents of Israel. The determination as to whether a company qualifies as an FIC is made on an annual basis. A company that qualifies as an FIC and has an Approved Enterprise program is eligible for an extension of the period during which it is to tax benefits under its Approved Enterprise status (so that the benefits period may be up to ten years) and for further tax benefits if the level of foreign investment is 49% or more. If a company that has an Approved Enterprise program is a wholly owned subsidiary of another company, then the percentage of foreign investments is determined based on the percentage of foreign investment in the parent company. As specified above, depending on the geographic location of the Approved Enterprise within Israel, income derived from the Approved Enterprise program may be exempt from tax on its undistributed income for a period of between two to ten years, and will be subject to a reduced corporate tax rate for the remainder of the benefits period. The tax rate for the remainder of the benefits period will be 25%, unless the level of foreign investment is at least 49% (20% if the foreign investment is 49% or more but less than 74%; 15% if 74% or more but less than 90%; and 10% if 90% or more).

If a company elects the alternative benefits track and subsequently distributes a dividend out of income derived by its Approved Enterprise during the tax exemption period it will be subject to corporate tax in respect of the amount of the distributed dividend (grossed-up to reflect the pre-tax income that it would have had to earn in order to distribute the dividend) at the corporate tax rate which would have been otherwise applicable if such income had not been tax-exempted under the alternative benefits track. This rate generally ranges from 10% to 25%, depending on the level of foreign investment in the company in each year, as explained above. In addition, dividends paid out of income attributed to an Approved Enterprise (or out of dividends received from a company whose income is attributed to an Approved Enterprise) are generally subject to withholding tax at source at the rate of 15% or such lower rate as may be provided in an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). The 15% tax rate is limited to dividends and distributions out of income derived during the benefits period and actually paid at any time up to 12 years thereafter. After this period, the withholding tax is applied at a rate of up to 30%, or at the lower rate under an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). In the case of an FIC, the 12-year limitation on reduced withholding tax on dividends does not apply.

The Investment Law also provides that an Approved Enterprise is entitled to accelerated depreciation on its property and equipment that are included in an Approved Enterprise program during the first five years in which the equipment is used. This benefit is an incentive granted by the Israeli government regardless of whether the alternative benefits program is elected.

The benefits available to an Approved Enterprise are subject to the continued fulfillment of conditions stipulated in the Investment Law and its regulations and the criteria in the specific certificate of approval, as described above. If a company does not meet these conditions, it would be required to refund the amount of tax benefits, adjusted to the Israeli consumer price index, and interest, or other monetary penalties.

Until 2013 tax year, we had Approved Enterprise programs under the Investment Law, which, we believe, entitled us to certain tax benefits.

Tax Benefits Subsequent to the 2005 Amendment

The 2005 Amendment applies to new investment programs commencing after 2004, but does not apply to investment programs approved prior to April 1, 2005. The 2005 Amendment provides that terms and benefits included in any certificate of approval that was granted before the 2005 Amendment became effective (April 1, 2005) will remain subject to the provisions of the Investment Law as in effect on the date of such approval. Pursuant to the 2005 Amendment, the Investment Center will continue to grant Approved Enterprise status to qualifying investments. The 2005 Amendment, however, limits the scope of enterprises that may be approved by the Investment Center by setting criteria for the approval of a facility as an Approved Enterprise.

An enterprise that qualifies under the new provisions is referred to as a "Benefited Enterprise", rather than "Approved Enterprise". The 2005 Amendment provides that a certificate of approval from the Investment Center will only be necessary for receiving cash grants. As a result, it was no longer necessary for a company to obtain the advance approval of the Investment Center in order to receive the tax benefits previously available under the alternative benefits track. Rather, a company may claim the tax benefits offered by the Investment Law directly in its tax returns, provided that its facilities meet the criteria for tax benefits set forth in the 2005 Amendment. A company that has a Benefited Enterprise may, at its discretion, approach the Israel Tax Authority for a pre-ruling confirming that it is in compliance with the provisions of the Investment Law.

Tax benefits are available under the 2005 Amendment to production facilities (or other eligible facilities) which are generally required to derive more than 25% of their business income from export to specific markets with a population of at least 14 million in 2012 (such export criteria will further be increased in the future by 1.4% per annum). In order to receive the tax benefits, the 2005 Amendment states that a company must make an investment which meets certain conditions set forth in the amendment for tax benefits, including exceeding a minimum investment amount specified in the Investment Law. Such investment entitles a company to receive a "Benefited Enterprise" status with respect to the investment, and may be made over a period of no more than three years from the end of the year in which the company chose to have the tax benefits apply to its Benefited Enterprise. Where a company requests to have the tax benefits apply to an expansion of existing facilities, only the expansion will be considered to be a Benefited Enterprise and the company's effective tax rate will be the weighted average of the applicable rates. In such case, the minimum investment required in order to qualify as a Benefited Enterprise must exceed a certain percentage of the value of the company's production assets before the expansion.

The extent of the tax benefits available under the 2005 Amendment to qualifying income of a Benefited Enterprise depends on, among other things, the geographic location in Israel of the Benefited Enterprise. The location will also determine the period for which tax benefits are available. Such tax benefits include an exemption from corporate tax on undistributed income generated by the Benefited Enterprise for a period of between two to ten years, depending on the geographic location of the Benefited Enterprise in Israel, and a reduced corporate tax rate of between 10% to 25% for the remainder of the benefits period, depending on the level of foreign investment in the company in each year, as explained above. The benefits period is limited to 12 or 14 years from the year the company first chose to have the tax benefits apply, depending on the location of the company.

A company qualifying for tax benefits under the 2005 Amendment which pays a dividend out of income derived by its Benefited Enterprise during the tax exemption period will be subject to corporate tax in respect of the amount of the dividend distributed (grossed-up to reflect the pre-tax income that it would have had to earn in order to distribute the dividend) at the corporate tax rate which would have otherwise been applicable. Dividends paid out of income attributed to a Benefited Enterprise (or out of dividends received from a company whose income is attributed to a Benefited Enterprise) are generally subject to withholding tax at source at the rate of 15% or at a lower rate as may be provided in an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). The reduced rate of 15% is limited to dividends and distributions out of income attributed to a Beneficiary Enterprise during the benefits period and actually paid at any time up to 12 years thereafter except with respect to an FIC, in which case the 12-year limit does not apply.

The benefits available to a Benefited Enterprise are subject to the continued fulfillment of conditions stipulated in the Investment Law and its regulations. If a company does not meet these conditions, it would be required to refund the amount of tax benefits, adjusted to the Israeli consumer price index, and interest, or other monetary penalties.

Until the 2013 tax year, we had Approved Enterprise programs under the Investment Law, which, we believe, entitled us to certain tax benefits.

Tax Benefits Under the 2011 Amendment

The 2011 Amendment canceled the availability of the benefits granted to companies in accordance with the provisions of the Investment Law prior to 2011 and, instead, introduced new benefits for income generated by a "Preferred Company" through its "Preferred Enterprise" (as such terms are defined in the Investment Law) as of January 1, 2011. The definition of a Preferred Company includes a company incorporated in Israel that is not wholly-owned by a governmental entity, and that has, among other things, Preferred Enterprise status and is controlled and managed from Israel. Pursuant to the 2011 Amendment, a Preferred Company is entitled to a reduced corporate tax rate of 15% with respect to its preferred income derived by its Preferred Enterprise in 2011 and 2012, unless the Preferred Enterprise is located in a specified development zone, in which case the rate will be 10%. Such corporate tax rate was reduced from 15% and 10%, respectively, to 12.5% and 7%, respectively in 2013, and then increased to 16% and 9%, respectively, in 2014 until 2016. Pursuant to the 2017 Amendment, in 2017 and thereafter, the corporate tax rate for Preferred Enterprise which is located in a specified development zone was decreased to 7.5%, while the reduced corporate tax rate for other development zones remains 16%.

Dividends paid out of preferred income attributed to a Preferred Enterprise are generally subject to withholding tax at the rate of 20% or such lower rate as may be provided in an applicable tax treaty (subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). However, if such dividends are paid to an Israeli company, no tax is required to be withheld (although, if such dividends are subsequently distributed to individuals or a non-Israeli company, withholding tax at a rate of 20% or such lower rate as may be provided in an applicable tax treaty will apply).

The 2011 Amendment also provided transitional provisions to address companies already enjoying existing tax benefits under the Investment Law. These transitional provisions provide, among other things, that unless an irrevocable request is made to apply the provisions of the Investment Law as amended in 2011 with respect to income to be derived as of January 1, 2011: (i) the terms and benefits included in any certificate of approval that was granted to an Approved Enterprise which chose to receive grants before the 2011 Amendment became effective will remain subject to the provisions of the Investment Law as in effect on the date of such approval, and subject to certain other conditions; (ii) the terms and benefits included in any certificate of approval that was granted to an Approved Enterprise which had participated in an alternative benefits track before the 2011 Amendment became effective will remain subject to the provisions of the Investment Law as in effect on the date of such approval, provided that certain conditions are met; and (iii) a Benefited Enterprise can elect to continue to benefit from the benefits provided to it before the 2011 Amendment became effective, provided that certain conditions are met.

From time to time, the Israeli Government has discussed reducing the benefits available to companies under the Investment Law. The termination or substantial reduction of any of the benefits available under the Investment Law could materially increase our tax liabilities.

We have examined the possible effect, if any, of the provisions of the 2011 Amendment on our financial statements and have decided to apply the new benefits under the 2011 Amendment instead of the benefits provided to our Approved Enterprise and Benefited Enterprise as of 2013 tax year.

New Tax Benefits under the 2017 Amendment.

The 2017 Amendment was enacted as part of the Economic Efficiency Law that was published on December 29, 2016, and is effective as of January 1, 2017, subject to the publication of regulations expected to be released before March 31, 2017. The 2017 Amendment provides new tax benefits for two types of "Technology Enterprises", as described below, and is in addition to the other existing tax beneficial programs under the Investment Law.

The 2017 Amendment provides that a technology company satisfying certain conditions will qualify as a "Preferred Technology Enterprise" and will thereby enjoy a reduced corporate tax rate of 12% on income that qualifies as "Preferred Technology Income", as defined in the Investment Law. The tax rate is further reduced to 7.5% for a Preferred Technology Enterprise located in development zone A. In addition, a Preferred Technology Enterprise will enjoy a reduced corporate tax rate of 12% on capital gain derived from the sale of certain "Benefitted Intangible Assets" (as defined in the Investment Law) to a related foreign company if the Benefitted Intangible Assets were acquired from a foreign company on or after January 1, 2017 for at least NIS 200 million, and the sale receives prior approval from the National Authority for Technological Innovation, or NATI.

The 2017 Amendment further provides that a technology company satisfying certain conditions will qualify as a "Special Preferred Technology Enterprise" and will thereby enjoy a reduced corporate tax rate of 6% on "Preferred Technology Income" regardless of the company's geographic location within Israel. In addition, a Special Preferred Technology Enterprise will enjoy a reduced corporate tax rate of 6% on capital gain derived from the sale of certain "Benefitted Intangible Assets" to a related foreign company if the Benefitted Intangible Assets were either developed by an Israeli company or acquired from a foreign company on or after January 1, 2017, and the sale received prior approval from NATI. A Special Preferred Technology Enterprise that acquires Benefitted Intangible Assets from a foreign company for more than NIS 500 million will be eligible for these benefits for at least ten years, subject to certain approvals as specified in the Investment Law.

Dividends distributed by a Preferred Technology Enterprise or a Special Preferred Technology Enterprise, paid out of Preferred Technology Income, are subject to withholding tax at source at the rate of 20%, and if distributed to a foreign company and other conditions are met, the withholding tax rate will be 4%.

We are examining the impact of the 2017 Amendment and the degree to which we will qualify as a Preferred Technology Enterprise and the amount of Preferred Technology Income that we may have, or other benefits that we may receive from the 2017 Amendment.

Recently Issued Accounting Pronouncements

In May 2014, the Financial Accounting Standards Board ("FASB") issued Accounting Standards Update ("ASU") 2014-09, Revenue Recognition – Revenue from Contracts with Customers (Topic 606), which will replace substantially all current revenue recognition guidance once it becomes effective. In August 2015, the FASB issued ASU No. 2015-14, Revenue from Contracts with Customers: Deferral of the Effective Date, which deferred the effective date of the new revenue standard for periods beginning after December 15, 2016 to December 15, 2017, with early adoption permitted but not earlier than the original effective date. The Company does not currently intend to adopt the provisions of the new standard early. The FASB issued subsequent amendments to the initial guidance in March 2016, April 2016, May 2016 and December 2016 within ASU 2016-08, 2016-10, 2016-12, 2016-20, respectively. The new standard provides accounting guidance for all revenue arising from contracts with customers and affects all entities that enter into contracts to provide goods or services to their customers unless the contracts are in the scope of other standards. The new standard is less prescriptive and may require software entities to use more judgment and estimates in the revenue recognition process than are required under existing revenue guidance. The new standard allows the option of modified retrospective adoption with certain reliefs according to which the new standard will be applied to existing contracts from the initial period of adoption and thereafter with no restatement of comparative data. Under this option, we will recognize the cumulative effect of the initial adoption of the new standard as an adjustment to the opening balance of retained earnings (or another component of equity, as applicable) as of the date of initial application. Alternatively, the new standard permits full retrospective adoption with certain reliefs. We expect to adopt the standard under the modified retrospective method. However, we are continuing to evaluate the impact of the standard, and its adoption method is subject to change. We are in the process of analyzing our contracts to quantify the impact that the adoption of the standard will have on revenue. We are also continuing to evaluate the impact of the standard on our costs related to obtaining customer contracts (mainly sales commissions).

In February 2016, the FASB issued ASU 2016-02. ASU 2016-02 changes the current lease accounting standard by requiring the recognition of lease assets and lease liabilities for all leases, including those currently classified as operating leases. This new guidance is to be applied under a modified retrospective application to the earliest reporting period presented for reporting periods beginning after December 15, 2018. Early adoption is permitted. We are currently evaluating the potential impact of this new guidance on our financial statements.

In March 2016, the FASB issued ASU 2016-09 Compensation-Stock Compensation (Topic 718): Improvements to Employee Share-Based Payment Accounting. This standard simplifies various aspects related to how share-based payments are accounted for and presented in the financial statements, including income taxes, forfeitures and statutory tax withholding requirements. The guidance is effective for the Company beginning in the first quarter of 2017. We will adopt the updated standard in the first quarter of fiscal year 2017. As a result, our deferred taxes and retained earnings increased by approximately $12.2 million.

In June 2016, the FASB Issued ASU 2016-13, Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. The new standard requires financial assets measured at amortized cost be presented at the net amount expected to be collected, through an allowance for credit losses that is deducted from the amortized cost basis. The standard will be effective beginning January 1, 2020, with early application permitted. We are evaluating the impact of adopting this new accounting guidance on our consolidated financial statements.

In August 2016, the FASB issued ASU 2016-15, Statement of Cash Flows (Topic 230): Classification of Certain Cash Receipts and Cash Payments. The new standard will address eight specific cash flow issues with the objective of reducing the existing diversity in practice in how certain transactions are presented and classified in the statement of cash flows. The standard will be effective for the Company beginning January 1, 2018, with early application permitted. The standard will require adoption on a retrospective basis unless it is impracticable to apply, in which case the Company would be required to apply the amendments prospectively as of the earliest date practicable. We are evaluating the impact of adopting this new accounting guidance on our consolidated financial statements.

In October 2016, the FASB issued ASU 2016-16, Income Taxes (Topic 740); Intra-Entity Transfers of Assets Other than Inventory. This guidance was issued to improve the accounting for income tax consequences of intra-entity transfers of assets other than inventory. Under the amendment an entity should recognize the income tax consequences of an intra-entity transfer of an asset other than inventory when the transfer occurs. The update is effective for annual periods beginning after December 15, 2017, and interim periods thereafter. Early adoption is permitted. We are currently evaluating the effect of the ASU on our consolidated financial statements.

In January 2017, FASB issued ASU 2017-01, Business Combinations (Topic 805) Clarifying the Definition of Business. ASU No. 2017-01 clarifies the definition of a business with the objective of adding guidance to assist entities with evaluating whether transactions should be accounted for as acquisitions (or disposals) of assets or businesses. The update to the standard is effective for interim and annual periods beginning after December 15, 2017, and applied prospectively. We are currently evaluating the impact of the adoption of ASU 2017-01 on our consolidated financial statements.

In January 2017, the FASB issued ASU 2017-04, simplifying the Test for Goodwill Impairment (Topic 350). This standard eliminates Step 2 from the goodwill impairment test, instead requiring an entity to recognize a goodwill impairment charge for the amount by which the goodwill carrying amount exceeds the reporting unit's fair value. This guidance is effective for interim and annual goodwill impairment tests in fiscal years beginning after December 15, 2019 with early adoption permitted. This guidance must be applied on a prospective basis. We are currently evaluating the potential effect of the guidance on our consolidated financial statements.

B. Liquidity and Capital Resources

We fund our operations with cash generated from operating activities. We have also raised capital through the sale of equity securities in public offerings and to a lesser extent, through exercised options. Our primary current uses of our cash are ongoing operating expenses and capital expenditures.

As of December 31, 2016, we had $295.5 million of cash, cash equivalents, short-term bank deposits and marketable securities. This compared with cash, cash equivalents and short-term bank deposits of $238.3 million and $177.2 million as of December 31, 2015 and 2014, respectively. We believe that our existing cash, cash equivalents and short-term bank deposits will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new software products and enhancements to existing software products and the continuing market acceptance of our software offerings.

The following table presents the major components of net cash flows for the periods presented:


	Year Ended December 31,
	2014			2015			2016
	(in thousands)
Net cash provided by operating activities	$	23,195		$	59,160		$	56,310
Net cash used in investing activities		(51,445	)		(7,012	)		(121,861	)
Net cash provided by financing activities		90,055			58,207			3,969

A substantial source of our net cash provided by operating activities is our deferred revenues, which is included on our consolidated balance sheet as a liability. The majority of our deferred revenues consist of the unrecognized portion of upfront payments associated with maintenance and professional services, with the remainder consisting of payments for licenses that could not yet be recognized. We assess our liquidity, in part, through an analysis of our short and long term deferred revenues that have not yet been recognized as revenues together with our other sources of liquidity. Deferred revenues for licenses are recognized when all applicable revenue criteria are met. Revenues from maintenance and support contracts are recognized ratably on a straight line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. Thus, since we frequently recognize revenues in subsequent periods to when certain payments may be received, an increase in deferred revenues adds to the liquidity of our operations.

Net Cash Provided by Operating Activities

Our cash flows historically have reflected our net income coupled with changes in our non-cash working capital. During the year ended December 31, 2016, operating activities provided $56.3 million in cash as a result of $28.1 million net income , adjusted by $17.5 million of non-cash charges related to share-based compensation expenses and $6.5 million related to depreciation and amortization expenses coupled with $6.1 million increase in long term deferred revenues and $0.5 million net increase from other long-term assets and liabilities and offset by both an increase of $1.1 million in deferred tax assets and by an increase of $1.3 million in our non-cash working capital.

The increase of $1.3 million in our non-cash working capital was due to a $13.0 million increase in short-term deferred revenues, a $2.4 million decrease in accrued expenses and other current liabilities, an increase of $2.6 million in employees and payroll accruals and an increase of $14.5 million in other current assets. Our days' sales outstanding, or DSO, was 56 days for the year ended December 31, 2016.

During the year ended December 31, 2015, operating activities provided $59.2 million in cash as a result of $25.8 million net income combined with a decrease of $21.2 million in our non-cash working capital, adjusted by $9.3 million of non-cash charges related to share-based compensation expenses of $7.0 million and depreciation and amortization of $2.3 million coupled with an approximately $7.0 million increase in other long-term assets and liabilities and long-term deferred revenues from three-year maintenance contracts for which we collected payment up front which were partially offset by an increase of $4.1 million in deferred tax assets. The decrease of $21.2 million in our non-cash working capital was due to a $14.5 million increase in short-term deferred revenues, a $2.5 million increase in accrued expenses and other current liabilities, and an increase of $5.0 million in employees and payroll accruals which were partially offset by an increase of $0.8 million in other current assets. Our days' sales outstanding, or DSO, was 46 days for the year ended December 31, 2015.

During the year ended December 31, 2014, operating activities provided $23.2 million in cash as a result of $10.0 million net income combined with a decrease of $3.1 million in our non-cash working capital, adjusted by $6.6 million of non-cash charges related to a $4.3 million change in the fair value of warrants to purchase preferred shares, share-based compensation expenses of $1.6 million and depreciation of $0.7 million coupled with a $3.3 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front and a $0.2 million increase in long-term liabilities. The decrease of $3.1 million in our non-cash working capital was due to a $4.4 million increase in short-term deferred revenues and a $5.5 million increase in employees and payroll accruals and other current liabilities, which were partially offset by a $6.5 million increase in trade receivables and an increase of $0.3 million in trade payables and prepaid expenses and other current assets. Our DSO was 68 days for the year ended December 31, 2014.

Net Cash Used in Investing Activities

Net cash used in investing activities was $51.4 million, $7.0 million and $121.9 million for the years ended December 31, 2014, 2015 and 2016 respectively. Investing activities have consisted primarily of investment in and proceeds from short-term and long-term deposits, investment in marketable securities, acquisitions and purchase of property and equipment.

Net Cash Provided by Financing Activities

Our financing activities have primarily consisted of proceeds from the issuance and sale of our securities, excess tax benefit from stock-based compensation and proceeds from the exercise of share options. Net cash provided by financing activities was $90.1 million, $58.2 million and $4.0 million for the years ended December 31, 2014, 2015 and 2016, respectively.

C. Research and Development, Patents and Licenses, etc.

We conduct our research and development activities in Israel. As of December 31, 2016, our research and development department included 205 employees and contractors. In 2016, research and development costs accounted for 16.0% of our total revenues

We employ a strategy of seeking patent protection for some of our technologies. As of December 31, 2016, we have obtained 8 issued patents for certain of our technologies in various jurisdictions, including the United States and have 34 pending patent applications that were filed in various jurisdictions, including the United States. No patent application is material to the overall conduct of our business.

For a description of our research and development policies, see "Item 4.B. Business Overview—Research and development."

D. Trend Information

Other than as disclosed elsewhere in this annual report, we are not aware of any trends, uncertainties, demands, commitments or events for the period from January 1, 2016 to December 31, 2016 that are reasonably likely to have a material adverse effect on our net revenue, income, profitability, liquidity or capital resources, or that caused the disclosed financial information to be not necessarily indicative of future operating results or financial condition.

E. Off-Balance Sheet Arrangements

We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities, which includes special purposes entities and other structured finance entities.

F. Contractual Obligations

The following summarizes our contractual obligations as of December 31, 2016:


	Payments Due by Period
	Total		2017		2018		2019		2020		2021		2022 and thereafter
	(in thousands)
Operating lease obligations(1)	$	23,207	$	4,208	$	4,113	$	4,147	$	4,050	$	4,057	$	2,632
Uncertain tax obligations(2)		474		—		—		—		—		—		—
Severance pay(3)		5,035		—		—		—		—		—		—

Total	$	28,716	$	4,208	$	4,113	$	4,147	$	4,050	$	4,057	$	2,632

(1)	Operating lease obligations consist of our contractual rental expenses under operating leases of facilities and certain motor vehicles.

(2)

Consists of accruals for certain income tax positions under ASC 740 that are paid upon settlement, and for which we are unable to reasonably estimate the ultimate amount and timing of settlement. See Note 11(j) to our consolidated financial statements included elsewhere in this annual report for further information regarding our liability under ASC 740. Payment of these obligations would result from settlements with tax authorities. Due to the difficulty in determining the timing of resolution of audits, these obligations are only presented in their total amount.

(3)

Severance pay relates to accrued severance obligations to our Israeli employees as required under Israeli labor laws. These obligations are payable only upon the termination, retirement or death of the respective employee and may be reduced if the employee's termination is voluntary. These obligations are partially funded through accounts maintained with financial institutions and recognized as an asset on our balance sheet. Of this amount, $1.7 million is unfunded. See Note 2(l) to our consolidated financial statement included elsewhere in this report for further information.

ITEM 6.

DIRECTORS, SENIOR MANAGEMENT AND EMPLOYEES

A. Directors and Senior Management

The following table sets forth the name, age and position of each of our executive officers and directors as of March 15, 2017:


Name	Age	Position
Executive Officers
Ehud (Udi) Mokady	48	Chairman of the Board and Chief Executive Officer and Founder
Chen Bitan	47	General Manager, EMEA, Asia Pacific and Japan
Joshua Siegel	53	Chief Financial Officer
Ronen (Ron) Zoran	42	Vice President, Americas Sales
Nick Baglin	42	Vice President, EMEA Sales
Vincent Goh	45	Vice President, Asia Pacific and Japan Sales
Roy Adar	45	Senior Vice President, Product Management
Directors
Gadi Tirosh(1)(3)(4)	50	Lead Independent Director
Ron Gutler(1)(2)(3)(4)	59	Director
Raphael (Raffi) Kesten(4)	63	Director
Kim Perdikou(1)(2)(3)(4)	59	Director
David Schaeffer(4)	60	Director
Amnon Shoshani(2)(4)	53	Director

(1) Member of our compensation committee.

(2) Member of our audit committee.

(3) Member of our nominating and governance committee.

(4) Independent director under the rules of the NASDAQ Stock Market.

John Worrall served as our Chief Marketing Officer until March 15, 2017, following his notification to us earlier in the year that he would be leaving the Company.

Executive Officers

Ehud (Udi) Mokady is one of our founders and serves as our Chief Executive Officer since 2005 and as chairman of the board since June 2016. He previously served as our President from 2005 to 2016 and as our Chief Operating Officer from 1999 to 2005. Mr. Mokady has also served as a member of our board since November 2004. From 1997 to 1999, Mr. Mokady served as general counsel at Tadiran Spectralink Ltd., a producer of secure wireless communication systems. From 1986 to 1989, Mr. Mokady served in a military intelligence unit in the Israel Defense Forces. Mr. Mokady was honored by a panel of independent judges with the New England EY Entrepreneur Of The Year™ 2014 Award in the Technology Security category. Mr. Mokady holds a Bachelor of Laws (LL.B.) from Hebrew University in Jerusalem, Israel and a Master of Science Management (MSM) from Boston University in Massachusetts.

Chen Bitan has served as our General Manager of EMEA, Asia Pacific and Japan since 2005 and as Head of Research & Development since 1999. From March 1998 to April 1999, Mr. Bitan worked as Project Manager for Amdocs Software Ltd., leading the development of billing and customer care systems for telecommunications providers. From 1995 to 1998, he worked for Magic Software Enterprises Ltd. as Research and Development Group Manager leading the development of their 4GL products for the Asia Pacific market. From 1988 to 1995, Mr. Bitan served in a software engineering unit in the Israel Defense Forces (IDF) in various research and development roles, finally leading the programming education department as Department Manager at the Computer Studies Academy (Mamram). Mr. Bitan holds a Bachelor of Science in computer science and political science from Bar-Ilan University in Ramat-Gan, Israel.

Joshua Siegel has served as our Chief Financial Officer since May 2011. Prior to joining CyberArk, Mr. Siegel served as Chief Financial Officer for Voltaire Ltd., a provider of InfiniBand and Ethernet connectivity solutions, from December 2005 to February 2011, and as Director of Finance and then Vice President of Finance from April 2002 to December 2005. Voltaire completed an initial public offering and listing on NASDAQ in 2007 and was acquired by Mellanox Technologies, Ltd. in 2011. From 2000 to 2002, he was Vice President of Finance at KereniX Networks Ltd., a terabit routing and transport system company. From 1995 to 2000, Mr. Siegel served in various positions at Lucent Technologies Networks Ltd. (formerly Lannet Ltd.). From 1990 to 1995, he served in various positions at SLM Corporation (Sallie Mae—Student Loan Marketing Association). Mr. Siegel holds a Bachelor of Arts in economics and an MBA with a concentration in finance from the University of Michigan in Ann Arbor.

Ronen (Ron) Zoran has served as our Vice President of Americas Sales since January 2015 and has worked at CyberArk since our founding in 1999. Mr. Zoran has held several sales leadership positions at the Company, including Vice President of North America Sales from July 2013 to December 2014, Regional Director and Senior Director of Channels from January 2005 to June 2013, as well as research and development positions, such as R&D Group Manager and Director of Technical Services. From 1993 to 1999, Mr. Zoran served as an Officer and R&D Group Manager at the Technological Computer Center of the Israeli Defense Forces. He holds an MBA from Northeastern University and a Bachelor of Arts in computer science from Bar-Ilan University, Israel.

Nick Baglin has served as our Vice President of EMEA Sales since May 2012. Prior to joining CyberArk, Mr. Baglin worked for HP Enterprise Security Services, as EMEA General Manager and Global Sales Director from May 2011 to May 2012 and as Global Sales Director from December 2010 to May 2011. From January 2001 to December 2010, he worked for Vistorm Ltd., a provider of information assurance and managed security services, in various positions, including Director of Sales. Mr. Baglin holds a Bachelor of Science from the Manchester Metropolitan University in the United Kingdom.

Vincent Goh has served as our Vice President of Asia Pacific and Japan Sales since January 2016. Prior to joining CyberArk, Mr. Goh worked for RSA, The Security Division of EMC, as Vice President, Asia Pacific and Japan from July 2010 to October 2015 and Managing Director, South East Asia from February 2008 to June 2010. From May 2001 to January 2008, Mr. Goh worked for EMC Corporation in various positions. Mr. Goh holds a Bachelor of Science in information technology from the National University of Ireland in Dublin and an executive certificate in Management and Leadership from the M.I.T. Sloan School of Management in Cambridge, Massachusetts.

Roy Adar has served as our Senior Vice President of Product Management since 2015 and previously served as our Vice President of Product Management from 2006 to 2015. Prior to joining CyberArk, Mr. Adar held the position of Product Manager at NICE Systems Ltd., an Israeli software company, from 2002 through 2005. From 1997 to 2001, he worked at Integrity Systems, Inc., an Israeli IT integrator, in several roles, including development group manager, technical consultant and product manager. Mr. Adar holds an MBA from the Kellogg School of Management at Northwestern University in Illinois and a Bachelor of Arts in computer science from Open University in Tel Aviv, Israel.

Directors

Gadi Tirosh has served as a member of our board of directors since June 2011, as chairman of the board between July 2013 and June 2016 and as lead independent director since July 2016. Since 2005, Mr. Tirosh has served as Managing Partner at Jerusalem Venture Partners, an Israeli venture capital firm that focuses, among other things, on cyber-security companies and operates the JVP Cyber Labs incubator. From 1999 to 2005, he served as Corporate Vice President of Product Marketing and as a member of the executive committee for NDS Group Ltd. ((NASDAQ:NNDS) later acquired by Cisco Systems, Inc. a provider of end-to-end software solutions to the pay-television industry, including content protection and video security. Mr. Tirosh holds a Bachelor of Science in computer science and mathematics and an Executive MBA from the Hebrew University in Jerusalem, Israel.

Ron Gutler has served as a member of our board of directors since July 2014 and served as an external director under the Companies Law between July 2014 and May 2016. From May 2002 through February 2013, Mr. Gutler served as the Chairman of NICE Systems Ltd., a public company specializing in voice recording, data security, and surveillance. Between 2000 and 2011, Mr. Gutler served as the Chairman of G.J.E. 121 Promoting Investment Ltd., a real estate company. Between 2000 and 2002, Mr. Gutler managed the Blue Border Horizon Fund, a global macro fund. Mr. Gutler is a former Managing Director and a Partner of Bankers Trust Company, which is currently part of Deutsche Bank. He also established and headed the Israeli office of Bankers Trust. Mr. Gutler is currently a director of Wix.com Ltd. (NASDAQ: WIX), Psagot Investment House, Psagot Securities and Hapoalim Securities USA (HSU), and serves as chairman of the board of the College of Management Academic Studies in Israel. Mr. Gutler holds a Bachelor of Arts in economics and international relations and an MBA, both from the Hebrew University in Jerusalem, Israel.

Raphael (Raffi) Kesten has served as a member of our board of directors since April 2014. Since February 2015, Mr. Kesten has served as Managing Partner at Jerusalem Venture Partners as well as executive adviser to the Chairman and CEO of Cisco Systems, Inc. and to the Service Provider Video Security, Software & Solutions Group at Cisco Systems, Inc. He served as the Vice President of Service Provider Video Security, Software & Solutions Group at Cisco Systems, Inc. from 2012 to 2014. From 2000 to February 2015, Mr. Kesten served as a Venture Partner for Jerusalem Venture Partners. He served as Senior Vice President and Chief Operating Officer at NDS Group Holdings Ltd. (later acquired by Cisco Systems, Inc.) from 2006 to 2012. From 1996 to 2006, Mr. Kesten worked as Vice President and General Manager of NDS Technologies Israel Limited. From 1991 to 1995, he served as Vice President of Operations and Production of Imaging Products at Indigo N.V. (later acquired by Hewlett-Packard Company). Between 1982 and 1991, Mr. Kesten held several engineering and managerial positions with Intel, Inc. Mr. Kesten holds a Bachelor of Science in chemical engineering from Ben-Gurion University of the Negev in Beer-Sheva, Israel and he completed the certificate program in Senior Business Management at the Hebrew University in Jerusalem, Israel.

Kim Perdikou has served as a member of our board of directors since July 2014 and served as an external director under the Companies Law between July 2014 and May 2016 Ms. Perdikou serves as Chairman of REBBL Inc., which she joined in June 2014, a private beverage company delivering taste, function and nutrition. Ms. Perdikou served as the Juniper Networks, Inc. board observer on two of Juniper's portfolio companies from January 2013 to July 2014. From 2010 to August 2013, Ms. Perdikou served as the Executive Vice President for the Office of the Chief Executive Officer at Juniper Networks, Inc. Before that she served as the Executive Vice President and General Manager of Infrastructure Products Group and as Chief Information Officer at Juniper Networks, Inc. from 2006 to 2010 and from August 2000 to January 2006, respectively. Ms. Perdikou served on the board of directors and audit committee of Lam Research Corporation, a major provider of wafer fabrication equipment and services, from May 2011 to November 2012. Ms. Perdikou served in leadership positions at Women.com, Readers Digest, Knight Ridder, and Dun & Bradstreet. Ms. Perdikou holds a Bachelor of Science degree in computing science with operational research from Paisley University in Paisley, Scotland, a Post-Graduate degree in education from Jordanhill College in Glasgow, Scotland and a Master's of Science in information systems from Pace University in New York, the United States.

David Schaeffer has served as a member of our board of directors since May 2014. Mr. Schaeffer has served as the Chairman, Chief Executive Officer and President of Cogent Communications, Inc. (NASDAQ: CCOI), an internet service provider based in the United States that is listed on NASDAQ, since he founded the company in August 1999. Mr. Schaeffer was the founder of Pathnet, Inc., a broadband telecommunications provider, where he served as Chief Executive Officer from 1995 until 1997 and as Chairman from 1997 until 1999. Mr. Schaeffer holds a Bachelor of Science in physics from the University of Maryland, the United States.

Amnon Shoshani has served as a member of our board of directors since November 2009. Since February 1995, Mr. Shoshani has served as the Founder and Managing Partner of Cabaret Holdings Ltd. and, since March 1999, he has also served as Managing Partner of Cabaret Security Ltd., Cabaret Holdings Ltd. and ArbaOne Inc. ventures activities where he had a lead role in managing the group's portfolio companies. Within that role, since June 2005 Mr. Shoshani has served as the CEO and Chairman of TIP-The Industry Pivot Ltd., a company that provides game changing technologies to the industrial world. From 1994 to April 2005, Mr. Shoshani owned a Tel-Aviv boutique law firm engaged in entrepreneurship, traditional industries and high tech, which he founded. Mr. Shoshani holds an LL.B. from Tel Aviv University, Israel.

B. Compensation

Compensation of Directors and Executive Officers

The aggregate compensation expensed, including share-based compensation and other compensation expensed by us and our subsidiaries, to our directors and executive officers with respect to the year ended December 31, 2016 was $11.5 million. This amount includes approximately $0.6 million set aside or accrued to provide pension, severance, retirement, or similar benefits.

The table below sets forth the compensation paid to our five most highly compensated office holders (as defined in the Companies Law and described under "Board Practices—- Disclosure of Compensation of Executive Officers" below) during or with respect to the year ended December 31, 2016, in the disclosure format of Regulation 21 of the Israeli Securities Regulations (Periodic and Immediate Reports), 1970. We refer to the five individuals for whom disclosure is provided herein as our "Covered Executives."

For purposes of the table and the summary below, and in accordance with the above mentioned securities regulations, "compensation" includes base salary, bonuses, equity-based compensation, retirement or termination payments, benefits and perquisites such as car, phone and social benefits and any undertaking to provide such compensation.

Summary Compensation Table


	Information Regarding the Covered Executive(1)
Name and Principal Position(2)	Base Salary		Benefits and Perquisites (3)		Variable Compensation (4)		Equity-Based Compensation (5)		Total
Ehud (Udi) Mokady, Chairman of the Board & CEO	$	375,000	$	130,963	$	475,082	$	2,602,917	$	3,583,962
Joshua Siegel, Chief Financial Officer		273,707		117,263		245,143		1,104,198		1,740,311
Ronen (Ron) Zoran, Vice President Sales, Americas		250,000		46,403		275,485		608,037		1,179,925
Chen Bitan, General Manager, EMEA, Asia Pacific and Japan		226,370		145,012		142,522		456,583		970,487
John Worrall, Chief Marketing Officer		250,000		41,493		137,916		413,395		842,804

(1)	All amounts reported in the table are in terms of cost to our company, as recorded in our financial statements.

(2)	All current executive officers listed in the table are full-time employees. Cash compensation amounts denominated in currencies other than the U.S. dollar were converted into U.S. dollars at the average conversion rate for the year ended December 31, 2016.

(3)

Amounts reported in this column include benefits and perquisites, including those mandated by applicable law. Such benefits and perquisites may include, to the extent applicable to each executive, payments, contributions and/or allocations for savings funds, pension, severance, vacation, car or car allowance, medical insurances and benefits, risk insurances (such as life, disability and accident insurances), convalescence pay, payments for social security, tax gross-up payments and other benefits and perquisites consistent with our guidelines.

(4)	Amounts reported in this column refer to Variable Compensation such as commission, incentive and bonus payments as recorded in our financial statements for the year ended December 31, 2016.

(5)

Amounts reported in this column represent the expense recorded in our financial statements for the year ended December 31, 2016 with respect to equity-based compensation. Assumptions and key variables used in the calculation of such amounts are described in paragraph c of Note 10 to our audited consolidated financial statements, which are included in this annual report.

Employment Agreements with Executive Officers

We have entered into written employment agreements with all of our executive officers. Most of these agreements contain provisions regarding non-competition and all of these agreements contain provisions regarding confidentiality of information and ownership of inventions. The non-competition provision applies for a period that is generally 12 months following termination of employment. The enforceability of covenants not to compete in Israel, the United States and the United Kingdom is subject to limitations. In addition, we are required to provide one to six months' notice prior to terminating the employment of our executive officers, other than in the case of a termination for cause.

Directors' Service Contracts

Other than with respect to Ehud (Udi) Mokady, the Chairman of our Board who is also an executive officer, there are no arrangements or understandings between us, on the one hand, and any of our directors, on the other hand, providing for benefits upon termination of their service as directors of our company, except that directors are permitted to exercise vested options for one year following the termination of their service.

Equity Incentive Plans

2014 Share Incentive Plan

The 2014 Share Incentive Plan, or the 2014 SIP, was adopted by our board of directors and became effective on June 10, 2014. The 2014 SIP was approved by our shareholders on July 10, 2014. The 2014 SIP provides for the grant of options, restricted shares, restricted share units and other share-based awards to our employees, directors, officers, consultants, advisors and any other person providing services to us or our affiliates, under varying tax regimes. The maximum aggregate number of shares that may be issued pursuant to awards under this 2014 SIP is the sum of (a) 422,000 shares plus (b) an increase of 1,220,054 shares as of January 1, 2015 plus (c) on January 1 of each calendar year commencing in 2016, a number of shares equal to the lesser of: (i) an amount determined by our board of directors, if so determined prior to the January 1 of the calendar year in which the increase will occur, (ii) 4% of the total number of shares outstanding on December 31 of the immediately preceding calendar year, and (iii) 4,000,000 shares. Additionally, any share underlying an award that is cancelled or terminated or forfeited for any reason without having been exercised will automatically be available for grant under the 2014 SIP. As of December 31, 2016, 2,129,436 ordinary shares underlying share-based awards were outstanding under the 2014 SIP and 725,620 ordinary shares were reserved for future grant under the 2014 SIP. On January 1, 2017, the aggregate number of ordinary shares reserved for issuance under the 2014 SIP was increased by 1,370,024 shares.

Either our board or a committee established by our board administers the 2014 SIP. Such administrator may determine, among other things and subject to applicable law, the grants of awards and the terms and provisions of such awards, as well as policies, guidelines, rules and regulations relating to and for carrying out the 2014 SIP, and any amendment, supplement or rescission thereof, as it may deem appropriate. The board may, at any time, suspend, terminate, modify, or amend the 2014 SIP, whether retroactively or prospectively.

The board or the committee may grant awards intended to qualify as an incentive stock option, non-qualified stock option, Section 102 award, Section 3(9) award, or other designations under other regimes. Other than with respect to incentive stock options which are governed by the specific exercise price provisions of the 2014 SIP, the exercise price of any award will be determined by the committee or the board (as applicable). Unless otherwise stated in the applicable award agreement, awards under the 2014 SIP vest and become exercisable as follows: 25% of the shares covered by the awards vest on the first anniversary of the vesting commencement date, and 6.25% of the shares covered by the award vest at the end of each subsequent three-month period over the course of the following three years; provided that the grantee remains continuously as our or our affiliates service provider throughout such vesting dates. The exercise period of an award will be ten years from the date of grant of the award unless otherwise determined by the committee, subject to the vesting and the early termination provisions. In the event of termination of the employment or service of a grantee, any unvested awards will be forfeited on the date of such termination. In the event of termination by reason of death, disability or retirement, all of the grantee's vested awards may be exercised at any time within one year after such death or disability or within three months following retirement. In the event of termination for cause (as defined in the 2014 SIP), all awards granted to such grantee (whether vested or not) will be forfeited on the date of termination. In the event of termination for any other reason all vested and exercisable awards at the time of termination may, unless earlier terminated in accordance with their terms, be exercised within up to three months after the date of termination (or such different period as the committee will prescribe).

The committee and the board may grant restricted shares under the 2014 SIP. The award agreement for any restricted shares granted will set forth the vesting schedule and purchase price, if any, for the restricted shares. If a grantee's employment or services to the company or any affiliate thereof terminates for any reason prior to the vesting of such grantee's restricted shares, any shares that remain subject to vesting will be forfeited by such grantee. The committee and the board may grant restricted share units, or RSUs, under the 2014 SIP, which is an award covering a number of shares that is settled, if vested, by issuance of those shares. No payment of exercise price (subject to applicable law and the terms of the relevant award agreement) will be required as consideration for RSUs. The committee and the board may grant other awards under the 2014 SIP, including shares (which may, but need not, be restricted shares), cash, a combination of cash and shares, awards denominated in share units, share appreciation rights, and/or the opportunity to purchase our shares in connection with any public offerings of our securities.

Awards granted to Israeli employees under the 2014 SIP may be granted pursuant to the provisions of Section 102 of the Israeli Income Tax Ordinance, or the Ordinance. In order to comply with the provisions of Section 102, all awards must be registered in the name of a trustee selected by the board and held in trust for the benefit of the relevant grantee for the requisite period prescribed by the Ordinance or such longer period as set by the committee or the board.

In the event of a "Change in Control" event (as defined in the 2014 SIP), any award then outstanding will be assumed or will be substituted by us or by the successor corporation in such Change in Control or by any affiliate thereof, as determined by the committee in its discretion, under terms as determined by the committee or the terms of the 2014 SIP applied by the successor corporation to such assumed or substituted award, unless otherwise determined by the sole and absolute discretion of the Committee. Regardless of whether or not awards are assumed or substituted the committee may (but will not be obligated to), in its sole discretion: (1) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of award in respect of all or part of the shares covered by the awards which would not otherwise be exercisable or vested, under such terms and conditions as the committee will determine, including the cancellation of all unexercised awards (whether vested or unvested) upon or immediately prior to the closing of the Change in Control; and/or (2) provide for the cancellation of each outstanding and unexercised award at or immediately prior to the closing of the Change in Control, and payment to the grantees of an amount in cash, our shares, the acquirer or of a corporation or other business entity which is a party to the Change in Control or other property, as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee. Notwithstanding the foregoing, in the event of a Change in Control, the committee may determine, in its sole discretion, that upon completion of such Change in Control, the terms of any award be otherwise amended, modified or terminated, as the committee deems in good faith to be appropriate.

Awards under the 2014 SIP are not transferable other than by will or by the laws of descent and distribution or to a grantee's designated beneficiary, unless, in the case of awards other than incentive stock options, otherwise determined by our committee or under the 2014 SIP. Awards may be granted from time to time pursuant to the 2014 SIP, within a period of ten years from the effective date of the 2014 SIP, which period may be extended from time to time by our board.

2011 Share Incentive Plan

The 2011 Share Incentive Plan, or the 2011 SIP, was adopted by our board of directors and became effective on July 14, 2011. The 2011 SIP was approved by our shareholders on December 20, 2011. The 2011 SIP provides for the grant of options, restricted shares and other share-based awards to our employees, directors, officers, consultants, advisors and any other person whose services are considered valuable to us or our affiliates, under varying tax regimes. The 2011 SIP provides that the number of shares reserved for the grant of awards under the 2011 SIP will be such number as may be reserved for such purposes by the board from time to time. Any share underlying an award that is cancelled or terminated or forfeited for any reason without having been exercised will automatically be available for grant under the 2014 SIP. As of December 31, 2016, 1,286,406 options to purchase ordinary shares remained outstanding under the 2011 SIP. No new awards may be granted under the 2011 SIP.

Either our board or a committee established by our board administers the 2011 SIP.

Option awards to purchase our ordinary shares that were granted under the 2011 SIP are designated in the applicable award agreement as an incentive stock option, non-qualified stock option, Section 102 award (with such designation to include the relevant tax track), Section 3(i) award, or other designations under other regimes. Unless otherwise stated in the applicable award agreement, options under the 2011 SIP vest and become exercisable as follows: 25% of the shares covered by an option vest on the first anniversary of the date on which such option was granted, and 6.25% of the shares covered by the option vest at the end of each subsequent quarter over the course of the following three years, subject to continued employment by or service to us or any subsidiary or affiliate of ours. The exercise period of an option is ten years from the date of grant of the option unless otherwise determined by the committee. In the event of termination of employment or service of a grantee, any unvested options are forfeited on the date of termination. In the event of termination by reason of death, disability or retirement, all of the grantee's vested options may be exercised at any time within one year after such death or disability or within three months following retirement. In the event of termination for cause (as defined in the 2011 SIP), all options granted to such grantee (whether vested or not) are forfeited on the date of termination. In the event of termination for any other reason all vested and exercisable options at the time of termination may, unless earlier terminated in accordance with their terms, be exercised within up to 90 days after the date of termination

Awards granted to Israeli employees under the 2011 SIP may be granted pursuant to the provisions of Section 102 of the Ordinance. In order to comply with the provisions of Section 102, all awards must be registered in the name of a trustee selected by the board and held in trust for the benefit of the relevant grantee for the requisite period prescribed by the Ordinance or such longer period as set by the committee or the board.

In the event of certain merger or sale events (as specified in the 2011 SIP), any award then outstanding will be assumed or an equivalent award will be substituted by such successor corporation under substantially the same terms as such award. If such awards are not assumed or substituted by an equivalent award, then the committee may (i) provide for grantees to have the right to exercise their awards or otherwise for the acceleration of vesting of such awards, under such terms and conditions as the committee will determine; and/or (ii) provide for the cancellation of each outstanding award at the closing of such transaction, and payment to the grantees of an amount in cash as determined by the committee to be fair in the circumstances, and subject to such terms and conditions as determined by the committee.

Awards under the 2011 SIP are not transferable other than by will or by the laws of descent and distribution, unless otherwise determined by the board or under the 2011 SIP, and generally expire ten years following the grant date. The 2011 SIP will terminate on the tenth anniversary of the effective date, other than with respect to those awards outstanding under the 2011 SIP at the time of such termination.

2001 Stock Option Plan and 2001 Section 102 Stock Option Plan

The 2001 Stock Option Plan, or the 2001 SOP, and the 2001 Section 102 Stock Option Plan, as amended March 5, 2003, or the 2001 Section 102 SOP were adopted by our board of directors and became effective on March 27, 2001. The 2001 SOP and the 2001 Section 102 SOP were approved by our shareholders on March 22, 2002. The 2001 SOP and the 2001 Section 102 SOP provides for the grant of options to our employees, officers, directors, consultants and advisors of us or our affiliates. If an option granted under the 2001 SOP expires or terminates for any reason without having been exercised in full, the unpurchased shares subject to such option will be available for subsequent grants under the 2014 SIP. In the event an employee's rights in any options under the 2001 Section 102 SOP do not vest, such options may be reissued under the 2014 SIP. As of December 31, 2016, a total of 352,220 options to purchase ordinary shares remained outstanding under the 2001 SOP and the 2001 Section 102 SOP. No new awards may be granted under the 2001 SOP or the 2001 Section 102 SOP.

The 2001 SOP and the 2001 Section 102 SOP are administered by a committee appointed by the board.

With the consent of the affected grantee, the board or the committee may amend outstanding option agreements in a manner not inconsistent with the 2001 SOP. The 2001 SOP provides for grants of incentive stock options and non-qualified stock options. The 2001 Section 102 SOP provides for grants of options only to employees, officers and directors. Each option award agreement sets forth the tax track elected by the company. Pursuant to the May 30, 2013 board resolution, the respective term of the options that were granted by us to certain employees of the company and of our UK subsidiary was extended from 10 years to 15 years.

The terms of the options granted under the 2001 SOP and the 2001 Section 102 SOP are generally set forth in the applicable award agreement, however an incentive stock option may be exercised for at least three months following termination of a grantee's employment (or for one year following a termination due to the grantee's death or disability). In the event of certain acquisition and similar events (as specified in the 2001 SOP and the 2001 Section 102 SOP), the board will take any one or more of the following actions with respect of the then outstanding options: (i) provide that such options shall be assumed, or equivalent options will be substituted, by the acquiring or succeeding corporation (or an affiliate thereof), (ii) upon written notice to the grantees, provide that all the then-unexercised options will become exercisable in full as of a specified time prior to the acquisition event and will terminate immediately prior to the consummation of such acquisition event, (iii) in the event of a merger under the terms of which holders of our outstanding ordinary shares will receive upon consummation thereof a cash payment for each share surrendered in the merger, make or provide for a cash payment to the grantees equal to the difference between (A) the merger price times the number of ordinary shares subject to such outstanding options and (B) the aggregate exercise price of all such outstanding options in exchange for the termination of such options, or (iv) upon written notice to the grantees, provide that all the then vested and unvested outstanding options will terminate immediately prior to the consummation of such acquisition event, and to the extent the vested options will have not been exercised prior to the acquisition event, all such options will become null and void at the consummation of such acquisition event.

Awards under the 2001 SOP and 2001 Section 102 SOP are generally not transferable other than by will or by the laws of descent and distribution, unless otherwise determined by the board. Only the grantee may exercise options granted under the 2001 Section 102 SOP during his or her lifetime. The 2001 SOP and the 2001 Section 102 SOP terminated on March 27, 2011, other than with respect to those awards outstanding under the 2001 SOP and the 2001 Section 102 SOP at the time of such termination.

C. Board Practices

Board of Directors

Under the Companies Law, the management of our business is vested in our board of directors. Our board of directors may exercise all powers and may take all actions that are not specifically granted to our shareholders or to management. Our executive officers are responsible for our day-to-day management and have individual responsibilities established by our board of directors. Our Chief Executive Officer is appointed by, and serves at the discretion of, our board of directors, subject to the employment agreement that we have entered into with him. All other executive officers are also appointed by our board of directors, and are subject to the terms of any applicable employment agreements that we may enter into with them.

We comply with the rule of the NASDAQ Stock Market that a majority of our directors be independent. Our board of directors has determined that all of our directors, other than our Chief Executive Officer, are independent under such rules. Directors serve for a period of three years pursuant to the staggered board provisions of our articles of association. Under our articles of association, our board of directors must consist of at least four and not more than 11 directors. Our board of directors currently consists of seven directors. Previously, two of our directors presided as "external directors", as such term is defined in the Companies Law. See "Item 6.C. Board Practices—External Directors" for a description of the exemption from the requirements under the Companies Law to appoint such directors.

Our directors are divided into three classes with staggered three-year terms. Each class of directors consists, as nearly as possible, of one-third of the total number of directors constituting the entire board of directors. At each annual general meeting of our shareholders, the election or re-election of directors following the expiration of the term of office of the directors of that class of directors is for a term of office that expires on the third annual general meeting following such election or re-election, such that at each annual general meeting, the term of office of only one class of directors will expire. Each director will hold office until the annual general meeting of our shareholders in which his or her term expires, unless he or she is removed by a vote of 65% of the total voting power of our shareholders at a general meeting of our shareholders or upon the occurrence of certain events, in accordance with the Companies Law and our articles of association.

Our directors are divided among the three classes as follows:

(i) the Class I directors are Ehud (Udi) Mokady and David Schaeffer, and their term expires at the annual general meeting of shareholders to be held in 2018 and when their successors are elected and qualified;

(ii) the Class II directors, are Raphael (Raffi) Kesten and Amnon Shoshani, and their term expires at the annual general meeting of shareholders to be held in 2019 and when their successors are elected and qualified; and

(iii) the Class III directors are Gadi Tirosh, Ron Gutler and Kim Perdikou, and their term expires at the annual general meeting of shareholders to be held in 2017 and when their successors are elected and qualified.

In addition, our articles of association allow our board of directors to appoint directors, create new directorships or fill vacancies on our board of directors up to the maximum number of directors permitted under our articles of association. In case of an appointment by our board of directors to fill a vacancy on our board of directors due to a director no longer serving, the term of office shall be equal to the remaining period of the term of office of the director(s) whose office(s) have been vacated, and in case of a new appointment where the number of directors serving is less than the maximum number stated in our articles of association, our board of directors shall determine at the time of appointment the class to which the new director shall be assigned.

Under the Companies Law and our articles of association, nominations for directors may be made by any shareholder(s) holding together at least 1% of our outstanding voting power. However, any such shareholder may make such a nomination only if a written notice of such shareholder's intent to make such nomination has been timely and duly given to our Secretary (or, if we have no Secretary, our Chief Executive Officer), as set forth in our articles of association. Any such notice must include certain information regarding the proposing shareholder and the proposed director nominee, the consent of the proposed director nominee(s) to serve as our director(s) if elected and a declaration signed by the proposed director nominee(s) as required by under the Companies Law and that all of the information that is required to be provided to us in connection with such election under the Companies Law and under our articles of association has been provided.

Under the Companies Law, our board of directors must determine the minimum number of directors who are required to have accounting and financial expertise. A director with accounting and financial expertise is a director who, due to his or her education, experience and skills, possesses an expertise in, and an understanding of, financial and accounting matters and financial statements, such that he or she is able to understand the financial statements of the company and initiate a discussion about the presentation of financial data.

In determining the number of directors required to have such expertise, a board of directors must consider, among other things, the type and size of the company and the scope and complexity of its operations. Our board of directors has determined that the minimum number of directors of our company who are required to have accounting and financial expertise is one.

Our board of directors has determined that each of Ron Gutler and Kim Perdikou possesses accounting and financial expertise as defined under the Companies Law.

External Directors

Pursuant to recently enacted regulations under the Companies Law, the board of directors of a company whose shares are listed on certain non-Israeli stock exchanges (including NASDAQ), which company does not have a controlling shareholder (as such term is defined in the Companies Law) may elect not to comply with the requirements of the Companies Law relating to the election of external directors and to the composition of the audit committee and compensation committee, provided that the company complies with the requirements as to director independence and audit committee and compensation committee composition applicable to companies that are incorporated in the jurisdiction in which its stock exchange is located.

As our company does not have a controlling shareholder, and as we comply with the NASDAQ listing rules applicable to domestic U.S. companies with respect to a majority of our directors being independent and with respect to the composition of our audit committee and compensation committee, our board of directors determined in May 2016 to opt out of the requirement to appoint external directors. If in the future we were to have a controlling shareholder, we would again be required to comply with the requirements relating to external directors and composition of the audit committee and compensation committee.

Our two former external directors, Ron Gutler and Kim Perdikou, remained on our board of directors as independent directors.

The term controlling shareholder, as used in the Companies Law for purposes of all matters related to external directors and for certain other purposes, means a shareholder with the ability to direct the activities of the company, other than by virtue of being an office holder. A shareholder is presumed to be a controlling shareholder if the shareholder holds 50% or more of the voting rights in a company or has the right to appoint the majority of the directors of the company or its general manager (chief executive officer).

Lead Independent Director

As approved by our shareholders at the June 2016 meeting, for so long as the positions of the Chief Executive Officer and Chairman of the Board are combined, the non-executive board members will select a Lead Independent Director from among the independent directors of the Board, who has served a minimum of one year as a director. If at any meeting of the Board the Lead Independent Director is not present, a majority of the independent members of the Board present will select an independent member of the Board to act as Lead Independent Director for the purpose and duration of such meeting. The authorities and responsibilities of the Lead Independent Director include, but are not limited to, the following:

☐



providing leadership to the Board if circumstances arise in which the role of the Chairman may be, or may be perceived to be, in conflict, and responding to any reported conflicts of interest, or potential conflicts of interest, arising for any director;

☐



presiding as chairman of the meeting at all meetings of the Board at which the Chairman of the Board is not present, including executive sessions of the independent members of the Board;

☐



serving as liaison between the Chairman of the Board and the independent members of the Board;

☐



approving meeting agendas for the Board;

☐



approving information sent to the Board;

☐



approving meeting schedules to assure that there is sufficient time for discussion of all agenda items;

☐



having the authority to call meetings of the independent members of the Board of Directors;

☐



if requested by a major shareholder, ensuring that he or she is available for consultation and direct communication; and

☐



performing such other duties as the Board may from time to time delegate to assist the Board in the fulfillment of its duties.

Audit Committee

Our audit committee consists of three independent directors, Ron Gutler (Chairperson), Kim Perdikou, and Amnon Shoshani.

Audit Committee Composition

Following recently enacted regulations described above, we may comply with the requirements of the Companies Law by appointing an audit committee whose composition complies with NASDAQ corporate governance rules.

Under NASDAQ corporate governance rules, we are required to maintain an audit committee consisting of at least three independent directors, each of whom is financially literate and one of whom has accounting or related financial management expertise.

All members of our audit committee meet the requirements for financial literacy under the applicable rules and regulations of the SEC and NASDAQ corporate governance rules. Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by SEC rules and have the requisite financial experience as defined by NASDAQ corporate governance rules.

Each of the members of the audit committee is "independent" as such term is defined in Rule 10A-3(b)(1) under the Exchange Act, which is different from the general test for independence of board members and members of other committees.

Audit Committee Role

Our board of directors has an audit committee charter that sets forth the responsibilities of the audit committee consistent with the rules of the SEC and the listing requirements of the NASDAQ Stock Market, as well as the requirements for such committee under the Companies Law. The responsibilities of the audit committee include the following:

☐



oversight of our independent registered public accounting firm and recommending the engagement, compensation or termination of engagement of our independent registered public accounting firm to the board of directors in accordance with Israeli law;

☐



recommending the terms of audit and non-audit services provided by the independent registered public accounting firm for pre-approval by our board of directors;

☐



establishing systems of internal controls over the financial reporting of the company including communication and implementation thereof and the assessment of the internal controls in accordance with the Sarbanes-Oxley Act;

☐



discussing and reviewing the financial reporting related matters of the company;

☐



recommending the engagement or termination of the person filling the office of our internal auditor;

☐



determining whether there are deficiencies in the business management practices of our company, including in consultation with our internal auditor or the independent auditor, and making recommendations to the board of directors to improve such practices;

☐



determining whether to approve certain related party transactions (including transactions in which an office holder has a personal interest and whether such transaction is material or extraordinary under the Companies Law) (see "Item 6.C. Board Practices —Approval of Related Party Transactions under Israeli Law");

☐



where the board of directors approves the working plan of the internal auditor, to examine such working plan before its submission to the board of directors and proposing amendments thereto;

☐



examining our internal controls and internal auditor's performance, including whether the internal auditor has sufficient resources and tools to dispose of its responsibilities; and

☐



establishing procedures for the handling of employees' complaints as to the deficiencies in the management of our business and the protection to be provided to such employees.

Compensation Committee

Our compensation committee consists of Kim Perdikou (Chairperson), Gadi Tirosh and Ron Gutler.

Compensation Committee Composition

Following recently enacted regulations described above, we may comply with the requirements of the Companies Law by appointing a compensation committee, whose composition complies with the NASDAQ corporate governance rules. Under NASDAQ corporate governance rules, we are required to maintain a compensation committee consisting of at least two independent directors. Each current member of the compensation committee (which currently includes Kim Perdikou (Chairperson), Gadi Tirosh and Ron Gutler) is required to be independent under NASDAQ rules relating to compensation committee members, which are different from the general test for independence of board and committee members. Each of the members of our compensation committee satisfies those requirements.

Compensation Policy pursuant to the Israeli Companies Law

The duties of the compensation committee include the recommendation to the company's board of directors of a policy regarding the terms of engagement of office holders, to which we refer as a compensation policy. That policy must be adopted by the company's board of directors, after considering the recommendations of the compensation committee, and must be brought for approval by the company's shareholders, which approval requires a Special Approval for Compensation (as defined below under "—Approval of Related Party Transactions under Israeli Law— Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions").

The compensation policy must serve as the basis for decisions concerning the financial terms of employment or engagement of office holders, including exculpation, insurance, indemnification or any monetary payment, obligation of payment or other benefit in respect of employment or engagement. The compensation policy must relate to certain factors, including advancement of the company's objectives, the company's business plan and its long-term strategy, and creation of appropriate incentives for office holders. It must also consider, among other things, the company's risk management, size and the nature of its operations. The compensation policy must include certain principles, such as: a link between variable compensation and long-term performance, which variable compensation shall, other than with respect to office holders who report to the CEO, be primarily based on measurable criteria; the relationship between variable and fixed compensation; and the minimum holding or vesting period for variable, equity-based compensation. The compensation committee is responsible for (a) recommending the compensation policy to a company's board of directors for its approval (and subsequent approval by our shareholders) and (b) duties related to the compensation policy and to the compensation of a company's office holders (as described below). Accordingly, following the recommendation of our compensation committee, on November 12, 2014 and December 18, 2014, our board of directors and shareholders, respectively, approved our compensation policy.

Compensation Committee Role

Our board of directors has a compensation committee charter that sets forth the responsibilities of the committee. The responsibilities of the committee set forth in its charter and the Companies Law include:

☐



recommending whether a compensation policy should continue in effect, if the then-current policy has a term of greater than five years (approval of either a new compensation policy or the continuation of an existing compensation policy must in any case occur within five years of the date of a company's initial public offering, and every three years thereafter);

☐



assessing implementation of the compensation policy and recommending periodic updates to the compensation policy;

☐



reviewing, evaluating and making recommendations regarding the terms of office, compensation and benefits for our office holders, including the non-employee directors, taking into account the compensation policy.

☐



exempting certain compensation arrangements from the requirement to obtain shareholder approval under the Companies Law (including with respect to the Chief Executive Officer); and

☐



reviewing and approving the granting of options and other incentive awards to the extent such authority is delegated by our board of directors.

Nominating and Governance Committee

Our nominating and governance committee consists of Gadi Tirosh (Chairperson), Kim Perdikou and Ron Gutler.

Nominating and Governance Committee Role

Our board of directors has a nominating and governance committee charter that sets forth the responsibilities of the nominating and governance committee, which include:

☐



overseeing and assisting our board of directors in reviewing and recommending nominees for election as directors and as members of the committees of the board of directors;

☐



establishing procedures for, and administering the performance of the members of our board and its committees;

☐



evaluating and making recommendations to our board of directors regarding the termination of membership of directors;

☐



reviewing, evaluating and making recommendations regarding management succession and development;

☐



reviewing and making recommendations to our board of directors regarding board member qualifications, composition and structure and the nature and duties of the committees and qualifications of committee members; and

☐



establishing and maintaining effective corporate governance policies and practices, including, but not limited to, developing and recommending to our board of directors a set of corporate governance guidelines applicable to our company.

Disclosure of Compensation of Executive Officers

For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, including the requirement applicable to certain domestic issuers that do not qualify as emerging growth companies to disclose on an individual, rather than an aggregate, basis, the compensation of our named executive officers as defined in Item 402 of Regulation S-K. Nevertheless, the Companies Law requires that we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis. Under the Companies Law regulations, this disclosure is required to be included in the annual proxy statement for our annual meeting of shareholders each year, which we will furnish to the SEC under cover of a Report of Foreign Private Issuer on Form 6-K. Because of that disclosure requirement under Israeli law, we are also including such information in this annual report, pursuant to the disclosure requirements of Form 20-F.

Compensation of Directors

Under the Companies Law, compensation of directors requires the approval described below under "Approval of Related Party Transactions Under Israeli Law - Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions."

The directors are also entitled to be paid reasonable travel, hotel and other expenses expended by them in attending board meetings and performing their functions as directors of the company, all of which is to be determined by the board of directors.

For additional information, see "Item 6B. Compensation—Compensation of Directors and Executive Officers."

Internal Auditor

Under the Companies Law, the board of directors of an Israeli public company must appoint an internal auditor recommended by the audit committee. An internal auditor may not be:

☐



a person (or a relative of a person) who holds more than 5% of the company's outstanding shares or voting rights;

☐



a person (or a relative of a person) who has the power to appoint a director or the general manager of the company;

☐



an office holder (including a director) of the company (or a relative thereof); or

☐



a member of the company's independent accounting firm, or anyone on his or her behalf.

The role of the internal auditor is to examine, among other things, our compliance with applicable law and orderly business procedures. The audit committee is required to oversee the activities and to assess the performance of the internal auditor as well as to review the internal auditor's work plan. Chaikin, Cohen, Rubin & Co. serves as our internal auditor.

Approval of Related Party Transactions under Israeli Law

Fiduciary Duties of Directors and Executive Officers

The Companies Law codifies the fiduciary duties that office holders owe to a company. The term "office holder" is defined under the Companies Law as a general manager, chief business manager, deputy general manager, vice general manager, any other person assuming the responsibilities of any of these positions (regardless of that person's title), a director and any other manager directly subordinate to the general manager.

An office holder's fiduciary duties consist of a duty of care and a duty of loyalty. The duty of care requires an office holder to act with the level of care with which a reasonable office holder in the same position would have acted under the same circumstances. The duty of loyalty requires that an office holder act in good faith and in the best interests of the company.

The duty of care includes a duty to use reasonable means to obtain:

☐



information on the advisability of a given action brought for his or her approval or performed by virtue of his or her position; and

☐



all other important information pertaining to any such action.

The duty of loyalty includes a duty to:

☐



refrain from any conflict of interest between the performance of his or her duties to the company and his or her duties or personal affairs;

☐



refrain from any action which competes with the company's business;

☐



refrain from exploiting any business opportunity of the company in order to receive a personal gain for himself or herself or others; and

☐



disclose to the company any information or documents relating to the company's affairs which the office holder received as a result of his or her position as an office holder.

Disclosure of Personal Interests of an Office Holder and Approval of Certain Transactions

The Companies Law requires that an office holder promptly disclose to the board of directors any personal interest that he or she may be aware of and all related material information or documents concerning any existing or proposed transaction with the company. An interested office holder's disclosure must be made promptly and in any event no later than the first meeting of the board of directors at which the transaction is considered. A personal interest includes an interest of any person in an act or transaction of a company, including a personal interest of such person's relative or of a corporate body in which such person or a relative of such person is a 5% or greater shareholder, director or general manager or in which he or she has the right to appoint at least one director or the general manager, but excluding a personal interest stemming from one's ownership of shares in the company. A personal interest furthermore includes the personal interest of a person for whom the office holder holds a voting proxy or the personal interest of the office holder with respect to his or her vote on behalf of a person for whom he or she holds a proxy even if such shareholder has no personal interest in the matter. An office holder is not, however, obliged to disclose a personal interest if it derives solely from the personal interest of his or her relative in a transaction that is not considered an extraordinary transaction. Under the Companies Law, an extraordinary transaction is defined as any of the following:

☐



a transaction other than in the ordinary course of business;

☐



a transaction that is not on market terms; or

☐



a transaction that may have a material impact on a company's profitability, assets or liabilities.

If it is determined that an office holder has a personal interest in a transaction, approval by the board of directors (and, in certain circumstances, of its applicable committee) is required for the transaction, unless the company's articles of association provide for a different method of approval. Further, so long as an office holder has disclosed his or her personal interest in a transaction and acted in good faith and the transaction or action does not harm the company's best interests, the board of directors may approve an action by the office holder that would otherwise be deemed a breach of duty of loyalty.

The compensation of, or an undertaking to indemnify or insure, an office holder who is not a director requires approval first by the company's compensation committee, then by the company's board of directors, and, if such compensation arrangement or an undertaking to indemnify or insure is inconsistent with the company's stated compensation policy then such arrangement is subject to the approval of a majority vote of the shares present and voting at a shareholders meeting, provided that either: (a) such majority includes at least a majority of the shares held by all shareholders who do not have a personal interest in such compensation arrangement; or (b) the total number of shares of shareholders who do not have a personal interest in the compensation arrangement and who vote against the arrangement does not exceed 2% of the company's aggregate voting rights. We refer to this as the Special Approval for Compensation.

Arrangements regarding the compensation, indemnification or insurance of a director require the approval of the compensation committee, board of directors and shareholders by ordinary majority, in that order, and if such compensation, indemnification or insurance is inconsistent with the company's stated compensation policy, a Special Approval for Compensation.

Generally, a person who has a personal interest in a matter which is considered at a meeting of the board of directors or the audit committee may not be present at such a meeting or vote on that matter unless the chairman of the relevant committee or board of directors (as applicable) determines that he or she should be present in order to present the transaction that is subject to approval, in which case such person may do so but may not vote on the matter. If a majority of the members of the audit committee or the board of directors (as applicable) has a personal interest in the approval of a transaction, then all directors may participate in discussions of the audit committee or the board of directors (as applicable) on such transaction and the voting on approval thereof. However, in the event that a majority of the members of the Board has a personal interest in a transaction, shareholder approval is also required for such transaction.

Disclosure of Personal Interests of Controlling Shareholders and Approval of Certain Transactions

We currently do not have a controlling shareholder. If in the future we would have a controlling shareholder, disclosure requirements regarding personal interests will apply and shareholder approval (meeting a special majority requirement) will be required with respect to transactions specified in the Companies Law involving the controlling shareholder, parties having certain relationships with the controlling shareholder and certain other specific transactions. In such cases, the votes of a controlling shareholder and certain parties associated with it would be excluded for purposes of special majority voting requirements. Additionally, the Companies Law provides a different, broader definition of a controlling shareholder with respect to the provisions pertaining to the approval of related party transactions.

Shareholder Duties

Pursuant to the Companies Law, a shareholder has a duty to act in good faith and in a customary manner toward the company and other shareholders and to refrain from abusing his or her power in the company, including, among other things, in voting at a general meeting and at shareholder class meetings with respect to the following matters:

☐



an amendment to the company's articles of association;

☐



an increase of the company's authorized share capital;

☐



a merger; or

☐



the approval of related party transactions and acts of office holders that require shareholder approval.

In addition, a shareholder also has a general duty to refrain from discriminating against other shareholders.

In addition, certain shareholders have a duty of fairness toward the company. These shareholders include any controlling shareholder, any shareholder who knows that he or she has the power to determine the outcome of a shareholder vote and any shareholder who has the power to appoint or to prevent the appointment of an office holder of the company or other power towards the company. The Companies Law does not define the substance of the duty of fairness, except to state that the remedies generally available upon a breach of contract will also apply in the event of a breach of the duty to act with fairness.

Exculpation, Insurance and Indemnification of Directors and Officers

Under the Companies Law, a company may not exculpate an office holder from liability for a breach of the duty of loyalty. An Israeli company may exculpate an office holder in advance from liability to the company, in whole or in part, for damages caused to the company as a result of a breach of duty of care but only if a provision authorizing such exculpation is included in its articles of association. Our articles of association include such a provision. The company may not exculpate in advance a director from liability arising out of a prohibited dividend or distribution to shareholders.

Under the Companies Law, a company may indemnify an office holder in respect of the following liabilities and expenses incurred for acts performed by him or her as an office holder, either pursuant to an undertaking made in advance of an event or following an event, provided its articles of association include a provision authorizing such indemnification:

☐



financial liability imposed on him or her in favor of another person pursuant to a judgment, including a settlement or arbitrator's award approved by a court. However, if an undertaking to indemnify an office holder with respect to such liability is provided in advance, then such an undertaking must be limited to events which, in the opinion of the board of directors, can be foreseen based on the company's activities when the undertaking to indemnify is given, and to an amount or according to criteria determined by the board of directors as reasonable under the circumstances, and such undertaking shall detail the abovementioned foreseen events and amount or criteria;

☐



reasonable litigation expenses, including attorneys' fees, incurred by the office holder (1) as a result of an investigation or proceeding instituted against him or her by an authority authorized to conduct such investigation or proceeding, provided that (i) no indictment was filed against such office holder as a result of such investigation or proceeding; and (ii) no financial liability was imposed upon him or her as a substitute for the criminal proceeding as a result of such investigation or proceeding or, if such financial liability was imposed, it was imposed with respect to an offense that does not require proof of criminal intent; and (2) in connection with a monetary sanction; and

☐



reasonable litigation expenses, including attorneys' fees, incurred by the office holder or imposed by a court in proceedings instituted against him or her by the company, on its behalf, or by a third party, or in connection with criminal proceedings in which the office holder was acquitted, or as a result of a conviction for an offense that does not require proof of criminal intent.

Under the Companies Law, a company may insure an office holder against the following liabilities incurred for acts performed by him or her as an office holder if and to the extent provided in the company's articles of association:

☐



a breach of the duty of loyalty to the company, provided that the office holder acted in good faith and had a reasonable basis to believe that the act would not harm the company;

☐



a breach of duty of care to the company or to a third party, to the extent such a breach arises out of the negligent conduct of the office holder; and

☐



a financial liability imposed on the office holder in favor of a third party.

Under the Companies Law, a company may not indemnify, exculpate or insure an office holder against any of the following:

☐



a breach of the duty of loyalty, except for indemnification and insurance for a breach of the duty of loyalty to the company to the extent that the office holder acted in good faith and had a reasonable basis to believe that the act would not prejudice the company;

☐



a breach of duty of care committed intentionally or recklessly, excluding a breach arising out of the negligent conduct of the office holder;

☐



an act or omission committed with intent to derive illegal personal benefit; or

☐



a civil or criminal fine or forfeit levied against the office holder.

Under the Companies Law, exculpation, indemnification and insurance of office holders in a public company must be approved by the compensation committee and the board of directors and, with respect to certain office holders or under certain circumstances, also by the shareholders. See "Item 6.C. Board Practices—Approval of Related Party Transactions under Israeli Law."

We have entered into indemnification agreements with our office holders to exculpate, indemnify and insure our office holders to the fullest extent permitted or to be permitted by our articles of association and applicable law (including without limitation), the Companies Law, the Israeli Securities Law, 5728-1968 and the Israeli Restrictive Trade Practices Law, 5758-1988.

We have obtained director and officer liability insurance for the benefit of our office holders and intend to continue to maintain such coverage and pay all premiums thereunder to the fullest extent permitted by the Companies Law.

D. Employees

As of December 31, 2016, we had 823 employees and subcontractors with 324 located in Israel, 286 in the United States, 61 in the United Kingdom and 152 across 29 other countries. The following table shows the breakdown of our global workforce of employees and subcontractors by category of activity as of the dates indicated:


	As of December 31,
Department	2014		2015		2016
Sales and marketing		202		294		377
Research and development		119		176		205
Services and support		76		118		166
General and administrative		33		56		75

Total		430		644		823

With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all employees, which cover potential severance pay obligations.

None of our employees work under any collective bargaining agreements, except for our employees in Italy who work under the national collective bargaining agreement for trade and commerce sector (CCNL Commercio) which affects matters such as length of working, annual holidays entitlement, sick leave, travel expenses and pension rights, and our employees in France who work under the collective bargaining agreement for offices of technical studies, offices of consulting engineers and consulting firms (SYNTEC CBA).

Extension orders issued by the Israeli Ministry of Economy and Industry (formerly the Israeli Ministry of Industry, Trade and Labor) apply to our employees is Israel and affect matters such as cost of living adjustments to salaries, length of working hours and week, recuperation pay, travel expenses, and pension rights. We have never experienced labor-related work stoppages or strikes and believe that our relations with our employees are satisfactory.

E. Share Ownership

For information regarding the share ownership of our directors and executive officers, please refer to "Item 6.B. Compensation" and "Item 7.A. Major Shareholders."

ITEM 7. MAJOR SHAREHOLDERS AND RELATED PARTY TRANSACTIONS

A. Major Shareholders

The following table sets forth information with respect to the beneficial ownership of our shares as of February 28, 2017 by:

each person or entity known by us to own beneficially 5% or more of our outstanding shares;

each of our directors and executive officers individually; and

all of our executive officers and directors as a group.

The beneficial ownership of ordinary shares is determined in accordance with the rules of the SEC and generally includes any ordinary shares over which a person exercises sole or shared voting or investment power, or the right to receive the economic benefit of ownership. For purposes of the table below, we deem shares subject to options that are currently exercisable or exercisable within 60 days of February 28, 2017, to be outstanding and to be beneficially owned by the person holding the options for the purposes of computing the percentage ownership of that person but we do not treat them as outstanding for the purpose of computing the percentage ownership of any other person. The percentage of shares beneficially owned is based on 34,423,221 ordinary shares outstanding as of February 28, 2017.

As of February 28, 2017, we had 10 holders of record of our ordinary shares in the United States, including Cede & Co., the nominee of The Depository Trust Company. These shareholders held in the aggregate 34,068,842 of our outstanding ordinary shares, or 98.9% of our outstanding ordinary shares as of February 28, 2017. The number of record holders in the United States is not representative of the number of beneficial holders nor is it representative of where such beneficial holders are resident since many of these ordinary shares were held by brokers or other nominees.

All of our shareholders, including the shareholders listed below, have the same voting rights attached to their ordinary shares. See "Item 10.B. Memorandum and Articles of Association." None of our principal shareholders or our directors and executive officers have different or special voting rights with respect to their ordinary shares. Unless otherwise noted below, each shareholder's address is CyberArk Software Ltd. 94 Em-Ha'moshavot Road, Park Ofer, P.O. Box 3143, Petach Tikva 4970602, Israel.

A description of any material relationship that our principal shareholders have had with us or any of our predecessors or affiliates within the past three years is included under "Item 7B. Related Party Transactions."


	Shares Beneficially Owned
Name of Beneficial Owner	Number		%
Principal Shareholders (1)

Entities affiliated with T. Rowe Price Associates, Inc. (2)		3,503,886		10.18	%
FMR LLC(3)		2,590,195		7.52	%
Executive Officers and Directors
Ehud (Udi) Mokady(4)		799,263		2.32	%
Chen Bitan		*		*
Joshua Siegel		*		*
Ronen (Ron) Zoran		*		*
Nick Baglin		*		*
Vincent Goh		*		*
Roy Adar		*		*
Gadi Tirosh		*		*
Ron Gutler		*		*
Raphael (Raffi) Kesten		*		*
Kim Perdikou		*		*
David Schaeffer		*		*
Amnon Shoshani(5)		374,962		1.09	%
All executive officers and directors as a group (13 persons)		1,755,719		5.10	%

* Less than 1%.

(1)

Certain shareholders that reported greater than 5% beneficial ownership on a Schedule 13G filed with respect to their share ownership as of December 31, 2016 have not been included in the table as their percentage ownership is less than 5% based on the number of shares outstanding as of February 28, 2016.

(2)

Based on a Schedule 13G filed by T. Rowe Price Associates, Inc. ("TRP"), as of December 31, 2016, shares beneficially owned consist of 3,503,886 shares beneficially owned by TRP, certain of its affiliates and subsidiaries. TRP has sole voting power over 594,326 shares and sole dispositive power over 3,503,886 shares. T. Rowe Price New Horizons Fund, Inc. has sole voting power over 1,649,300 shares. The address of TRP is 100 E. Pratt Street, Baltimore, MD 21202

(3)

Based on a Schedule 13G filed by FMR LLC ("FMR"), as of December 31, 2016, shares beneficially owned consist of 2,590,195 shares beneficially owned by FMR LLC, certain of its affiliates and subsidiaries. FMR LLC has sole voting power over 597,847 shares and sole dispositive power over 2,590,195 shares. Members of the Johnson family, including Abigail P. Johnson, are the predominant owners, directly or through trusts, of Series B voting common shares of FMR LLC, representing 49% of the voting power of FMR LLC. The Johnson family group and all other Series B shareholders have entered into a shareholders' voting agreement under which all Series B voting common shares will be voted in accordance with the majority vote of Series B voting common shares. Accordingly, through their ownership of voting common shares and the execution of the shareholders' voting agreement, members of the Johnson family may be deemed, under the Investment Company Act of 1940, to form a controlling group with respect to FMR LLC. Neither FMR LLC nor Abigail P. Johnson has the sole power to vote or direct the voting of the shares owned directly by the various investment companies registered under the Investment Company Act ("Fidelity Funds") advised by Fidelity Management & Research Company ("FMR Co"), a wholly owned subsidiary of FMR LLC, which power resides with the Fidelity Funds' Boards of Trustees. Fidelity Management & Research Company carries out the voting of the shares under written guidelines established by the Fidelity Funds' Boards of Trustees. The address of FMR LLC is 245 Summer Street, Boston, MA 02210.

(4)

Mr. Mokady's shares include 15,000 shares held in trust for family members over which Mr. Mokady is the beneficial owner.

(5)

Shares beneficially owned consist of 354,379 shares beneficially owned by Cabaret Security Ltd. over which Mr. Shoshani holds voting and investment power, as well as vested options to purchase 20,583 ordinary shares that are held directly by Mr. Shoshani. The address of Cabaret Security Ltd. is 7 Chalamish Street, PO Box 3557, Caesarea 30889, Israel.

Significant Changes

At the time of our September 2014 initial public offering, Jerusalem Venture Partners and its affiliates owned 11,182,562 ordinary shares. Based on a Schedule 13 G/A filed with the SEC on January 31, 2017, as of December 31, 2016, Jerusalem Venture Partners and its affiliates do not hold any ordinary shares of the company.

B. Related Party Transactions

Our policy is to enter into transactions with related parties on terms that, on the whole, are no more favorable, or no less favorable, than those available from unaffiliated third parties. Based on our experience in the business sectors in which we operate and the terms of our transactions with unaffiliated third parties, we believe that all of the transactions described below met this policy standard at the time they occurred.

The following is a description of material transactions, or series of related material transactions, since January 1, 2016, to which we were or will be a party and in which the other parties included or will include our directors, executive officers, holders of more than 10% of our voting securities or any member of the immediate family of any of the foregoing persons.

Registration Rights

Our investor rights agreement entitles our shareholders to certain registration rights. The only shareholder that is currently entitled to registration rights is Cabaret Security Ltd., including Form F-3 demand rights and piggyback registration rights.

Agreements with Directors and Officers

Employment and Related Agreements. We have entered into written employment agreements with each of our executive officers. These agreements provide for notice periods of varying duration for termination of the agreement by us or by the relevant executive officer, during which time the executive officer will continue to receive base salary and benefits. These agreements also contain customary provisions regarding confidentiality of information and ownership of inventions.

Equity Awards. Since our inception we have granted options to purchase, and restricted share units underlying, our ordinary shares to our officers and certain of our directors. Such award agreements contain acceleration provisions upon certain merger, acquisition, or change of control transactions. We describe our option plans under "Item 6.B. Compensation—Equity Incentive Plans" and the equity-based compensation received by certain of our executive officers in "Item 6.B. Compensation—Compensation of Directors and Executive Officers." If the relationship between us and an executive officer, or a director, is terminated, except for cause (as defined in the various option plan agreements), all options that are vested will remain exercisable for ninety days after such termination in the case of our executive officers, or one year in the case of our directors.

Exculpation, Indemnification and Insurance. Our articles of association permit us to exculpate, indemnify and insure certain of our office holders to the fullest extent permitted by Israeli law. We have entered into agreements with certain of our office holders, including our directors, exculpating them from a breach of their duty of care to us to the fullest extent permitted by law and undertaking to indemnify them to the fullest extent permitted by law, subject to certain exceptions, including with respect to liabilities resulting from our initial public offering to the extent that these liabilities are not covered by insurance. See "Item 6.C. Board Practices—Exculpation, Insurance and Indemnification of Directors and Officers."

C. Interests of Experts and Counsel

Not applicable.

ITEM 8. FINANCIAL INFORMATION

A. Consolidated Statements and Other Financial Information

Consolidated Financial Statements

We have appended as part of this annual report our consolidated financial statements starting at page F-1.

Legal Proceedings

From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not currently a party to any material litigation. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.

Dividend Policy

We have never declared or paid any cash dividends on our ordinary shares. We do not anticipate paying any cash dividends in the foreseeable future. We currently intend to retain future earnings, if any, to finance operations and expand our business. Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency and amount will depend upon our future operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions and other factors that our directors may deem relevant. The distribution of dividends may also be limited by Israeli law, which permits the distribution of dividends only out of retained earnings or otherwise upon the permission of an Israeli court.

B. Significant Changes

No significant changes have occurred since December 31, 2016, except as otherwise disclosed in this annual report.

ITEM 9. THE OFFER AND LISTING

A. Offer and Listing Details

Our ordinary shares have been quoted on NASDAQ under the symbol "CYBR" since September 24, 2014. Prior to that date, there was no public trading market for our ordinary shares. Our IPO was priced at $16.00 per share on September 24, 2014. The following table sets forth for the periods indicated the high and low sales prices per ordinary share as reported on NASDAQ:


	Low		High
Annual:
2016	$	31.5	$	59.28
2015		33.00		76.35
2014 (beginning September 24, 2014)		22.12		47.01
Quarterly:
First Quarter 2017 (through February 28, 2017)	$	45.61	$	55.65
Fourth Quarter 2016		44.57		56.25
Third Quarter 2016		47.82		59.28
Second Quarter 2016		37.00		51.06
First Quarter 2016		31.50		49.56
Fourth Quarter 2015		37.51		54.74
Third Quarter 2015		40.63		65.50
Second Quarter 2015		51.16		76.35
First Quarter 2015		33.00		70.48

Most Recent Six Months:
February 2017		49.91		55.65
January 2017		45.61		53.20
December 2016		44.77		51.65
November 2016		44.69		56.25
October 2016		44.57		51.56
September 2016		48.77		59.28

B. Plan of Distribution

Not applicable.

C. Markets

See "—Listing Details" above.

D. Selling Shareholders

Not applicable.

E. Dilution

Not applicable.

F. Expenses of the Issue

Not applicable.

ITEM 10. ADDITIONAL INFORMATION

A. Share Capital

Not applicable.

B. Memorandum and Articles of Association

Certain information related to our articles of association and memorandum of association is disclosed in our Registration Statement on Form F-1, as amended (Registration No. 333-204516), and is incorporated by reference.

Registration Number and Purposes of the Company. Our registration number with the Israeli Registrar of Companies is 51-229164-2. Our purpose, as set forth in article 3 of our articles of association, is to engage in any lawful activity.

Voting Rights and Conversion. All ordinary shares have identical voting and other rights in all respects.

Transfer of Shares. Our fully paid ordinary shares are issued in registered form and may be freely transferred under our articles of association, unless the transfer is restricted or prohibited by another instrument, applicable law or the rules of a stock exchange on which the shares are listed for trade. The ownership or voting of our ordinary shares by non-residents of Israel is not restricted in any way by our articles of association or the laws of the State of Israel, except for ownership by nationals of some countries that are, or have been, in a state of war with Israel.

Election of Directors. Our ordinary shares do not have cumulative voting rights for the election of directors. As a result, the holders of a majority of the voting power represented at a shareholders meeting have the power to elect all of our directors.

Under our articles of association, our board of directors must consist of not less than four but no more than 11 directors. Pursuant to our articles of association, the vote required to appoint a director is a simple majority vote of holders of our voting shares, participating and voting at the relevant meeting. In addition, our directors are divided into three classes that are each elected at the third annual general meeting of our shareholders, in a staggered fashion (such that one class is elected each annual general meeting), and serve on our board of directors unless they are removed by a vote of 65% of the total voting power of our shareholders at a general meeting of our shareholders or upon the occurrence of certain events, in accordance with the Companies Law and our articles of association. In addition, our articles of association allow our board of directors to fill vacancies on the board of directors or to appoint new directors up to the maximum number of directors permitted under our articles of association. Such directors serve for a term of office equal to the remaining period of the term of office of the directors(s) whose office(s) have been vacated or in the case of new directors, for a term of office according to the class to which such director was assigned upon appointment. See "Item 6.C. Board Practices—External Directors" for a description of the exemption from the requirements under the Companies Law to appoint external directors.

Dividend and Liquidation Rights. We may declare a dividend to be paid to the holders of our ordinary shares in proportion to their respective shareholdings. Under the Companies Law, dividend distributions are determined by the board of directors and do not require the approval of the shareholders of a company unless the company's articles of association provide otherwise. Our articles of association do not require shareholder approval of a dividend distribution and provide that dividend distributions may be determined by our board of directors.

Pursuant to the Companies Law, the distribution amount is limited to the greater of retained earnings or earnings generated over the previous two years, according to our then last reviewed or audited financial statements, provided that the date of the financial statements is not more than six months prior to the date of the distribution, or we may distribute dividends that do not meet such criteria only with court approval. In each case, we are only permitted to distribute a dividend if our board of directors and the court, if applicable, determines that there is no reasonable concern that payment of the dividend will prevent us from satisfying our existing and foreseeable obligations as they become due.

In the event of our liquidation, after satisfaction of liabilities to creditors, our assets will be distributed to the holders of our ordinary shares in proportion to their shareholdings. This right, as well as the right to receive dividends, may be affected by the grant of preferential dividend or distribution rights to the holders of a class of shares with preferential rights that may be authorized in the future.

Exchange Controls. There are currently no Israeli currency control restrictions on remittances of dividends on our ordinary shares, proceeds from the sale of the shares or interest or other payments to non-residents of Israel, except for shareholders who are subjects of countries that are, or have been, in a state of war with Israel.

Shareholder Meetings. Under Israeli law, we are required to hold an annual general meeting of our shareholders once every calendar year that must be held no later than 15 months after the date of the previous annual general meeting. All meetings other than the annual general meeting of shareholders are referred to in our articles of association as special general meetings. Our board of directors may call special general meetings whenever it sees fit, at such time and place, within or outside of Israel, as it may determine. In addition, the Companies Law provides that our board of directors is required to convene a special general meeting upon the written request of (i) any two of our directors or one-quarter of the members of our board of directors or (ii) one or more shareholders holding, in the aggregate, either (a) 5% or more of our outstanding issued shares and 1% of our outstanding voting power or (b) 5% or more of our outstanding voting power.

Subject to the provisions of the Companies Law and the regulations promulgated thereunder, shareholders entitled to participate and vote at general meetings are the shareholders of record on a date to be decided by the board of directors, which may be between four and 40 days prior to the date of the meeting. Furthermore, the Companies Law requires that resolutions regarding the following matters must be passed at a general meeting of our shareholders:

amendments to our articles of association;

appointment or termination of our auditors;

approval of certain related party transactions;

increases or reductions of our authorized share capital;

certain merger transactions; and

the exercise of our board of director's powers by a general meeting, if our board of directors is unable to exercise its powers and the exercise of any of its powers is required for our proper management.

The Companies Law requires that notice of any annual general meeting or special general meeting be provided to shareholders at least 21 days prior to the meeting and if the agenda of the meeting includes the appointment or removal of directors, the approval of transactions with office holders or interested or related parties, or an approval of a merger, notice must be provided at least 35 days prior to the meeting.

Under the Companies Law, shareholders are not permitted to take action via written consent in lieu of a meeting.

Voting Rights

Quorum requirements. Pursuant to our articles of association, holders of our ordinary shares have one vote for each ordinary share held on all matters submitted to a vote before the shareholders at a general meeting. As a foreign private issuer, the quorum required for our general meetings of shareholders consists of at least two shareholders present in person or by proxy who hold or represent between them at least 25% of the total outstanding voting rights. A meeting adjourned for lack of a quorum is generally adjourned to the same day in the following week at the same time and place, to such time and date if so specified in the notice of the meeting, or to such time and date as the chairman of the general meeting shall determine (which may be earlier or later than the forgoing dates). At the reconvened meeting, any one shareholder present in person or by proxy shall constitute a lawful quorum, generally, regardless of the number of shares held by such shareholder.

Vote Requirements. Our articles of association provide that all resolutions of our shareholders require a simple majority vote, unless otherwise required by the Companies Law or by our articles of association. Under our articles of association, the alteration of the rights, privileges, preferences or obligations of any class of our shares requires the ordinary majority vote of all classes of shares voting together as a single class at a shareholder meeting. Our articles of association also require that the removal of any director from office (other than external directors) or the amendment of the provisions of our articles of association relating to our staggered board requires the vote of 65% of the total voting power of our shareholders. Another exception to the simple majority vote requirement is a resolution for the voluntary winding up, or an approval of a scheme of arrangement or reorganization, of the company pursuant to Section 350 of the Companies Law, which requires the approval of holders of 75% of the voting rights represented at the meeting, in person, by proxy or by voting deed and voting on the resolution.

Access to Corporate Records. Under the Companies Law, shareholders are provided access to: minutes of our general meetings; our shareholders register and principal shareholders register, articles of association and annual financial statements; and any document that we are required by law to file publicly with the Israeli Companies Registrar or the Israel Securities Authority. In addition, shareholders may request to be provided with any document related to an action or transaction requiring shareholder approval under the related party transaction provisions of the Companies Law. We may deny this request if we believe it has not been made in good faith or if such denial is necessary to protect our interest or protect a trade secret or patent.

Acquisitions under Israeli Law

Full Tender Offer. A person wishing to acquire shares of an Israeli public company and who would as a result hold over 90% of the target company's issued and outstanding share capital is required by the Companies Law to make a tender offer to all of the company's shareholders for the purchase of all of the issued and outstanding shares of the company. A person wishing to acquire shares of a public Israeli company and who would as a result hold over 90% of the issued and outstanding share capital of a certain class of shares is required to make a tender offer to all of the shareholders who hold shares of the relevant class for the purchase of all of the issued and outstanding shares of that class. If the shareholders who do not accept the offer hold less than 5% of the issued and outstanding share capital of the company or of the applicable class, and more than half of the shareholders who do not have a personal interest in the offer accept the offer, all of the shares that the acquirer offered to purchase will be transferred to the acquirer by operation of law. However, a tender offer will also be accepted if the shareholders who do not accept the offer hold less than 2% of the issued and outstanding share capital of the company or of the applicable class of shares.

Upon a successful completion of such a full tender offer, any shareholder that was an offeree in such tender offer, whether such shareholder accepted the tender offer or not, may, within six months from the date of acceptance of the tender offer, petition an Israeli court to determine whether the tender offer was for less than fair value and that the fair value should be paid as determined by the court. However, under certain conditions, the offeror may include in the terms of the tender offer that an offeree who accepted the offer will not be entitled to petition the Israeli court as described above.

If (a) the shareholders who did not respond or accept the tender offer hold at least 5% of the issued and outstanding share capital of the company or of the applicable class or the shareholders who accept the offer constitute less than a majority of the offerees that do not have a personal interest in the acceptance of the tender offer, or (b) the shareholders who did not accept the tender offer hold 2% or more of the issued and outstanding share capital of the company (or of the applicable class), the acquirer may not acquire shares of the company that will increase its holdings to more than 90% of the company's issued and outstanding share capital or of the applicable class from shareholders who accepted the tender offer.

Special Tender Offer. The Companies Law provides that an acquisition of shares of an Israeli public company must be made by means of a special tender offer if as a result of the acquisition the purchaser would become a holder of 25% or more of the voting rights in the company. This requirement does not apply if there is already another holder of at least 25% of the voting rights in the company. Similarly, the Companies Law provides that an acquisition of shares in a public company must be made by means of a special tender offer if as a result of the acquisition the purchaser would become a holder of more than 45% of the voting rights in the company, if there is no other shareholder of the company who holds more than 45% of the voting rights in the company, subject to certain exceptions.

A special tender offer must be extended to all shareholders of a company but the offeror is not required to purchase shares representing more than 5% of the voting power attached to the company's outstanding shares, regardless of how many shares are tendered by shareholders. A special tender offer may be consummated only if (i) at least 5% of the voting power attached to the company's outstanding shares will be acquired by the offeror and (ii) the number of shares tendered in the offer exceeds the number of shares whose holders objected to the offer (excluding the purchaser, controlling shareholders, holders of 25% or more of the voting rights in the company or any person having a personal interest in the acceptance of the tender offer). If a special tender offer is accepted, then the purchaser or any person or entity controlling it or under common control with the purchaser or such controlling person or entity may not make a subsequent tender offer for the purchase of shares of the target company and may not enter into a merger with the target company for a period of one year from the date of the offer, unless the purchaser or such person or entity undertook to effect such an offer or merger in the initial special tender offer.

Merger. The Companies Law permits merger transactions if approved by each party's board of directors and, unless certain requirements described under the Companies Law are met, by a majority vote of each party's shares, and, in the case of the target company, a majority vote of each class of its shares, voted on the proposed merger at a shareholders meeting.

For purposes of the shareholder vote, unless a court rules otherwise, the merger will not be deemed approved if a majority of the votes of shares represented at the shareholders meeting that are held by parties other than the other party to the merger, or by any person (or group of persons acting in concert) who holds (or hold, as the case may be) 25% or more of the voting rights or the right to appoint 25% or more of the directors of the other party, vote against the merger. If, however, the merger involves a merger with a company's own controlling shareholder or if the controlling shareholder has a personal interest in the merger, then the merger is instead subject to the same special majority approval that governs all extraordinary transactions with controlling shareholders (as described under "Management—Approval of related party transactions under Israeli law—Disclosure of personal interests of controlling shareholders and approval of certain transactions").

If the transaction would have been approved by the shareholders of a merging company but for the separate approval of each class or the exclusion of the votes of certain shareholders as provided above, a court may still approve the merger upon the request of holders of at least 25% of the voting rights of a company, if the court holds that the merger is fair and reasonable, taking into account the value of the parties to the merger and the consideration offered to the shareholders of the company.

Upon the request of a creditor of either party to the proposed merger, the court may delay or prevent the merger if it concludes that there exists a reasonable concern that, as a result of the merger, the surviving company will be unable to satisfy the obligations of the merging entities, and may further give instructions to secure the rights of creditors.

In addition, a merger may not be consummated unless at least 50 days have passed from the date on which a proposal for approval of the merger was filed by each party with the Israeli Registrar of Companies and at least 30 days have passed from the date on which the merger was approved by the shareholders of each party.

Anti-takeover Measures under Israeli Law

The Companies Law allows us to create and issue shares having rights different from those attached to our ordinary shares, including shares providing certain preferred rights with respect to voting, distributions or other matters and shares having preemptive rights. No preferred shares are authorized under our articles of association. In the future, if we do authorize, create and issue a specific class of preferred shares, such class of shares, depending on the specific rights that may be attached to it, may have the ability to frustrate or prevent a takeover or otherwise prevent our shareholders from realizing a potential premium over the market value of their ordinary shares. The authorization and designation of a class of preferred shares will require an amendment to our articles of association, which requires the prior approval of the holders of a majority of the voting power attaching to our issued and outstanding shares at a general meeting. The convening of the meeting, the shareholders entitled to participate and the majority vote required to be obtained at such a meeting will be subject to the requirements set forth in the Companies Law as described above in "—Voting Rights."

Transfer Agent and Registrar

The transfer agent and registrar for our ordinary shares is American Stock Transfer & Trust Company, LLC. Its address is 6201 15th Avenue, Brooklyn, New York 11219, and its telephone number is (800) 937-5449.

Listing

Our ordinary shares are listed on the NASDAQ Global Select Market under the symbol "CYBR."

C. Material Contracts

For a description of the registration rights that we granted under our Fourth Amended Investor Rights Agreement, please refer to "Item 7.B. Related Party Transaction—Registration Rights."

We entered into an underwriting agreement between us, Goldman, Sachs & Co. and Deutsche Bank Securities Inc., as representatives of the underwriters, with respect to the ordinary shares sold by certain of our shareholders in a public offering of ordinary shares, on March 11, 2015. We also entered into an underwriting agreement between us, Goldman, Sachs & Co., Deutsche Bank Securities Inc. and Barclays Capital Inc., as representatives of the underwriters, with respect to the ordinary shares sold by us and certain of our shareholders in a public offering of ordinary shares, on June 10, 2015.

Under each of the underwriting agreements described above, we have agreed to indemnify the underwriters covered by the corresponding agreement against certain liabilities, including liabilities under the Securities Act, and to contribute to payments such underwriters may be required to make in respect of such liabilities.

For a description of our leases, see Item 4.B.—Business Overview—Properties.

D. Exchange Controls

In 1998, Israeli currency control regulations were liberalized significantly, so that Israeli residents generally may freely deal in foreign currency and foreign assets, and non-residents may freely deal in Israeli currency and Israeli assets. There are currently no Israeli currency control restrictions on remittances of dividends on the ordinary shares or the proceeds from the sale of the shares provided that all taxes were paid or withheld; however, legislation remains in effect pursuant to which currency controls can be imposed by administrative action at any time.

Non-residents of Israel may freely hold and trade our securities. Neither our articles of association nor the laws of the State of Israel restrict in any way the ownership or voting of ordinary shares by non-residents, except that such restrictions may exist with respect to citizens of countries which are in a state of war with Israel. Israeli residents are allowed to purchase our ordinary shares.

E. Taxation

The following description is not intended to constitute a complete analysis of all tax consequences relating to the acquisition, ownership and disposition of our ordinary shares. You should consult your own tax advisor concerning the tax consequences of your particular situation, as well as any tax consequences that may arise under the laws of any state, local, foreign or other taxing jurisdiction. This summary does not discuss all of the aspects of Israeli tax law that may be relevant to a particular investor in light of his or her personal investment circumstances or to some types of investors subject to special treatment under Israeli law. Examples of such investors include residents of Israel or traders in securities who are subject to special tax regimes not covered in this discussion.

Certain Israeli Tax Consequences

Capital Gains Taxes Applicable to Non-Israeli Resident Shareholders

A non-Israeli resident who derives capital gains from the sale of shares in an Israeli resident company that were purchased after the company was listed for trading on a stock exchange outside of Israel should be exempt from Israeli tax so long as the shares were not held through a permanent establishment that the non-resident maintains in Israel and that such shareholders are not subject to the Israeli Income Tax Law (Inflationary Adjustments) 5745-1985. However, non-Israeli corporations will not be entitled to the foregoing exemption if Israeli residents: (i) have a controlling interest of more than 25% in such non-Israeli corporation or (ii) are the beneficiaries of, or are entitled to, 25% or more of the revenues or profits of such non-Israeli corporation, whether directly or indirectly. Such exemption is not applicable to a person whose gains from selling or otherwise disposing of the shares are deemed to be a business income.

Additionally, a sale of shares by a non-Israeli resident may be exempt from Israeli capital gains tax under the provisions of an applicable tax treaty. For example, under the United States-Israel Tax Treaty, the disposition of shares by a shareholder who (i) is a U.S. resident (for purposes of the treaty), (ii) holds the shares as a capital asset, and (iii) is entitled to claim the benefits afforded to such person by the treaty, is generally exempt from Israeli capital gains tax. Such exemption will not apply if: (i) the capital gain arising from the disposition can be attributed to a permanent establishment of the shareholder which is maintained in Israel; (ii) the shareholder holds, directly or indirectly, shares representing 10% or more of the voting capital during any part of the 12-month period preceding such sale, exchange or disposition, subject to certain conditions; or (iii) such U.S. resident is an individual and was present in Israel for a period or periods aggregating to 183 days or more during the relevant taxable year. In such case, the sale, exchange or disposition of our ordinary shares would be subject to Israeli tax, to the extent applicable; however, under the United States-Israel Tax Treaty, a U.S. resident would be permitted to claim a credit for such taxes against the U.S. federal income tax imposed with respect to such sale, exchange or disposition, subject to the limitations under U.S. law applicable to foreign tax credits. The United States-Israel Tax Treaty does not relate to U.S. state or local taxes.

In some instances where our shareholders may be liable for Israeli tax on the sale of their ordinary shares, the payment of the consideration may be subject to the withholding of Israeli tax at source. Shareholders may be required to demonstrate that they are exempt from tax on their capital gains in order to avoid withholding at source at the time of sale. Specifically, in transactions involving a sale of all of the shares of an Israeli resident company, in the form of a merger or otherwise, the Israel Tax Authority may require from shareholders who are not liable for Israeli tax to sign declarations in forms specified by this authority or obtain a specific exemption from the Israel Tax Authority to confirm their status as non-Israeli resident, and, in the absence of such declarations or exemptions, may require the purchaser of the shares to withhold taxes at source.

Taxation of Non-Israeli Shareholders on Receipt of Dividends

Non-Israeli residents are generally subject to Israeli income tax on the receipt of dividends paid on our ordinary shares at the rate of 25%, unless relief is provided in a treaty between Israel and the shareholder's country of residence. With respect to a person who is a "substantial shareholder" at the time of receiving the dividend or on any time during the preceding twelve months, the applicable tax rate is 30%. A "substantial shareholder" is generally a person who alone or together with such person's relative or another person who collaborates with such person on a permanent basis, holds, directly or indirectly, at least 10% of any of the "means of control" of the corporation. "Means of control" generally include the right to vote, receive profits, nominate a director or an executive officer, receive assets upon liquidation, or order someone who holds any of the aforesaid rights how to act, regardless of the source of such right. Dividends paid on publicly traded shares, which are registered with and held by a nominee company, to non-Israeli residents are generally subject to Israeli withholding tax at a rate of 25% (whether the recipient is a substantial shareholder or not), unless a reduced tax rate is provided under an applicable tax treaty, provided that a certificate from the Israel Tax Authority allowing for a reduced withholding tax rate is obtained in advance. However, a distribution of dividends to non-Israeli residents is subject to withholding tax at source at a rate of 15% if the dividend is distributed from income attributed to an Approved Enterprise or a Benefited Enterprise or 20% if the dividend is distributed from income attributed to a Preferred Enterprise, unless a reduced tax rate is provided under an applicable tax treaty(subject to the receipt in advance of a valid certificate from the Israel Tax Authority allowing for a reduced tax rate). Under the United States-Israel Tax Treaty, the maximum rate of tax withheld at source in Israel on dividends paid to a holder of our ordinary shares who is a U.S. resident (for purposes of the United States-Israel Tax Treaty) is 25%. However, the maximum rate of withholding tax on dividends, not generated from an Approved Enterprise or Benefited Enterprise, that are paid to a United States corporation holding 10% or more of the outstanding voting capital throughout the tax year in which the dividend is distributed as well as during the previous tax year, is 12.5%, provided that no more than 25% of the gross income for such preceding year consists of certain types of dividends and interest. Notwithstanding the foregoing, a distribution of dividends to non-Israeli residents is subject to withholding tax at source at a rate of 15% if the dividend is distributed from income attributed to an Approved Enterprise or a Benefited Enterprise for such U.S. corporation shareholder, provided that the condition related to our gross income for the previous year (as set forth in the previous sentence) is met. We cannot assure you that in the event we declare a dividend we will designate the income out of which the dividend is paid in a manner that will reduce shareholders' tax liability.

If the dividend is attributable partly to income derived from an Approved Enterprise, Benefited Enterprise or Preferred Enterprise, and partly to other sources of income, the withholding rate will be a blended rate reflecting the relative portions of the two types of income. U.S. residents who are subject to Israeli withholding tax on a dividend may be entitled to a credit or deduction for United States federal income tax purposes in the amount of the taxes withheld, subject to detailed rules contained in U.S. tax legislation.

Excess Tax

Individuals who are subject to tax in Israel (whether any such individual is an Israeli resident or non-Israeli resident) are also subject to an additional tax at the rate of 2% on annual taxable income exceeding NIS 803,520 in 2016 (and as of 2017, the additional tax will be at a rate of 3% on annual income exceeding NIS 640,000) which amount is linked to the annual change in the Israeli consumer price index, including, but not limited to, dividends, interest and capital gain.

Estate and Gift Tax

Israeli law presently does not impose estate or gift taxes.

Certain United States Federal Income Tax Consequences

The following is a description of certain United States federal income tax consequences relating to the acquisition, ownership and disposition of our ordinary shares by a U.S. Holder (as defined below). This description addresses only the United States federal income tax consequences to U.S. Holders that hold such ordinary shares as capital assets. This description does not address tax considerations applicable to U.S. Holders that may be subject to special tax rules, including, without limitation:

banks, financial institutions or insurance companies;

real estate investment trusts, regulated investment companies or grantor trusts;

brokers, dealers or traders in securities, commodities or currencies;

tax-exempt entities or organizations, including an "individual retirement account" or "Roth IRA" as defined in Section 408 or 408A of the Code, respectively;

certain former citizens or long-term residents of the United States;

persons that receive our shares as compensation for the performance of services;

persons that hold our shares as part of a "hedging," "integrated" or "conversion" transaction or as a position in a "straddle" for United States federal income tax purposes;

partnerships (including entities classified as partnerships for United States federal income tax purposes) or other pass-through entities, or indirect holders that hold our shares through such an entity;

S corporations;

holders that acquire ordinary shares as a result of holding or owning our preferred shares;

holders whose "functional currency" is not the U.S. Dollar; or

holders that own directly, indirectly or through attribution 10.0% or more of the voting power or value of our shares.

Moreover, this description does not address the United States federal estate, gift or alternative minimum tax consequences, or any state, local or foreign tax consequences, of the acquisition, ownership and disposition of our ordinary shares.

This description is based on the Code, existing, proposed and temporary United States Treasury Regulations and judicial and administrative interpretations thereof, in each case as in effect and available on the date hereof. All of the foregoing is subject to change, which change could apply retroactively and could affect the tax consequences described below. There can be no assurances that the U.S. Internal Revenue Service, or IRS, will not take a different position concerning the tax consequences of the ownership and disposition of our ordinary shares or that such a position would not be sustained. Holders should consult their own tax advisors concerning the U.S. federal, state, local and foreign tax consequences of acquiring, owning and disposing of our ordinary shares in their particular circumstances.

For purposes of this description, a "U.S. Holder" is a beneficial owner of our ordinary shares that, for United States federal income tax purposes, is:

a citizen or individual resident of the United States;

a corporation (or other entity treated as a corporation for United States federal income tax purposes) created or organized in or under the laws of the United States or any state thereof, including the District of Columbia;

an estate the income of which is subject to United States federal income taxation regardless of its source; or

a trust if such trust has validly elected to be treated as a United States person for United States federal income tax purposes or if (1) a court within the United States is able to exercise primary supervision over its administration and (2) one or more United States persons have the authority to control all of the substantial decisions of such trust.

If a partnership (or any other entity treated as a partnership for United States federal income tax purposes) holds our ordinary shares, the tax treatment of a partner in such partnership will generally depend on the status of the partner and the activities of the partnership. Such a partner or partnership should consult its tax advisor as to the particular United States federal income tax consequences of acquiring, owning and disposing of our ordinary shares in its particular circumstance.

You should consult your tax advisor with respect to the United States federal, state, local and foreign tax consequences of acquiring, owning and disposing of our ordinary shares.

Distributions

Subject to the discussion below under "Passive Foreign Investment Company Considerations," if you are a U.S. Holder, the gross amount of any distribution made to you with respect to our ordinary shares before reduction for any Israeli taxes withheld therefrom, other than certain distributions, if any, of our ordinary shares distributed pro rata to all our shareholders, generally will be includible in your income as dividend income to the extent such distribution is paid out of our current or accumulated earnings and profits as determined under United States federal income tax principles. We do not expect to maintain calculations of our earnings and profits under United States federal income tax principles. Therefore, if you are a U.S. Holder you should expect that the entire amount of any distribution generally will be reported as dividend income to you. Subject to applicable limitations, dividends paid to certain non-corporate U.S. Holders may qualify for the preferential rates of taxation with respect to dividends on ordinary shares if certain requirements, including stock holding period requirements, are satisfied by the recipient and we are eligible for the benefits of the United States-Israel Tax Treaty.

However, such dividends will not be eligible for the dividends received deduction generally allowed to corporate U.S. Holders. To the extent that the amount of any distribution by us exceeds our current and accumulated earnings and profits as determined under United States federal income tax principles, it will be treated first as a return of your adjusted tax basis in our ordinary shares and thereafter as either long-term or short-term capital gain depending upon whether the U.S. Holder has held our ordinary shares for more than one year as of the time such distribution is received.

Subject to certain conditions and limitations, Israeli tax withheld on dividends may be deducted from your taxable income or credited against your United States federal income tax liability. If you are a U.S. Holder, dividends paid to you with respect to our ordinary shares will generally be treated as foreign source income, which may be relevant in calculating your foreign tax credit limitation. However, for periods in which we are a "United Stated-owned foreign corporation," a portion of dividends paid by us may be treated as U.S. source solely for purposes of the foreign tax credit. We would be treated as a United States-owned foreign corporation if 50% or more of the total value or total voting power of our stock is owned, directly, indirectly or by attribution, by United States persons. To the extent any portion of our dividends is treated as U.S. source income pursuant to this rule, the ability of a U.S. Holder to claim a foreign tax credit for any Israeli withholding taxes payable in respect of our dividends may be limited. A U.S. Holder entitled to benefits under the United States-Israel Tax Treaty may, however, elect to treat any dividends as foreign source income for foreign tax credit purposes if the dividend income is separated from other income items for purposes of calculating the U.S. Holder's foreign tax credit. U.S. Holders should consult their own tax advisors about the impact of, and any exception available to, the special sourcing rule described in this paragraph, and the desirability of making, and the method of making, such an election.

The limitation on foreign taxes eligible for credit is calculated separately with respect to specific classes of income. For this purpose, dividends that we distribute generally should constitute "passive category income," or, in the case of certain U.S. Holders, "general category income." A foreign tax credit for foreign taxes imposed on distributions may be denied if you do not satisfy certain minimum holding period requirements. The rules relating to the determination of the foreign tax credit are complex, and you should consult your tax advisor to determine whether and to what extent you will be entitled to this credit.

Sale, Exchange or Other Taxable Disposition of Ordinary Shares

Subject to the discussion below under "Passive Foreign Investment Company Considerations," if you are a U.S. Holder, you generally will recognize gain or loss on the sale, exchange or other taxable disposition of our ordinary shares equal to the difference between the amount realized on such sale, exchange or other taxable disposition and your adjusted tax basis in our ordinary shares, and such gain or loss will be capital gain or loss. The adjusted tax basis in an ordinary share generally will be equal to the cost of such ordinary share. If you are a non-corporate U.S. Holder, capital gain from the sale, exchange or other taxable disposition of ordinary shares is generally eligible for a preferential rate of taxation applicable to capital gains, if your holding period for such ordinary shares exceeds one year (i.e., such gain is long-term capital gain). The deductibility of capital losses for United States federal income tax purposes is subject to limitations under the Code. Any such gain or loss that a U.S. Holder recognizes generally will be treated as U.S. source income or loss for foreign tax credit limitation purposes.

Passive Foreign Investment Company Considerations

If we were to be classified as a "passive foreign investment company," or PFIC, in any taxable year, a U.S. Holder would be subject to special rules generally intended to reduce or eliminate any benefits from the deferral of U.S. federal income tax that a U.S. Holder could derive from investing in a non-U.S. company that does not distribute all of its earnings on a current basis.

A non-U.S. corporation will be classified as a PFIC for federal income tax purposes in any taxable year in which, after applying certain look-through rules with respect to the income and assets of subsidiaries, either:

at least 75% of its gross income is "passive income"; or

at least 50% of the average quarterly value of its total gross assets (which may be measured in part by the market value of our ordinary shares, which is subject to change) is attributable to assets that produce "passive income" or are held for the production of passive income.

Passive income for this purpose generally includes dividends, interest, royalties, rents, gains from commodities and securities transactions, the excess of gains over losses from the disposition of assets which produce passive income, and includes amounts derived by reason of the temporary investment of funds raised in offerings of our ordinary shares. If a non-U.S. corporation owns directly or indirectly at least 25% by value of the stock of another corporation, the non-U.S. corporation is treated for purposes of the PFIC tests as owning its proportionate share of the assets of the other corporation and as receiving directly its proportionate share of the other corporation's income. If we are classified as a PFIC in any year with respect to which a U.S. Holder owns our ordinary shares, we will continue to be treated as a PFIC with respect to such U.S. Holder in all succeeding years during which the U.S. Holder owns our ordinary shares, regardless of whether we continue to meet the tests described above.

Based on the composition of our gross income and the fair market value of our assets, and the nature of our business, we believe that we were not classified as a PFIC for the taxable year ended December 31, 2016. Because PFIC status is determined annually based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for the taxable year ending December 31, 2017, or for any subsequent year, until we finalize our financial statements for that year. Furthermore, because the value of our gross assets is likely to be determined in large part by reference to our market capitalization, a decline in the value of our ordinary shares may result in our becoming a PFIC. Accordingly, there can be no assurance that we will not be considered a PFIC for any taxable year.

Under certain attribution rules, as a PFIC, U.S. Holders may be deemed to own their proportionate share of our PFIC subsidiaries, such subsidiaries referred to as "lower-tier PFICs," and will be subject to U.S. federal income tax in the manner discussed below on (1) a distribution to us on the shares of a "lower-tier PFIC" and (2) a disposition by us of shares of a "lower-tier PFIC," both as if the holder directly held the shares of such "lower-tier PFIC."

If an entity is treated as a PFIC for any taxable year during which a U.S. Holder holds (or, as discussed in the previous paragraph, is deemed to hold) its ordinary shares, such holder will be subject to adverse U.S. federal income tax rules. In general, if a U.S. Holder disposes of shares of a PFIC (including an indirect disposition or a constructive disposition of shares of a "lower-tier PFIC"), gain recognized or deemed recognized by such holder would be allocated ratably over such holder's holding period for the shares. The amounts allocated to the taxable year of disposition and to years before the entity became a PFIC, if any, would be treated as ordinary income.

The amount allocated to each other taxable year would be subject to tax at the highest rate in effect for such taxable year for individuals or corporations, as appropriate, and an interest charge would be imposed on the tax attributable to such allocated amounts. Further, any distribution in respect of shares of a PFIC (or a distribution by a lower-tier PFIC to its shareholders that is deemed to be received by a U.S. Holder) in excess of 125% of the average of the annual distributions on such shares received or deemed to be received during the preceding three years or the U.S. Holder's holding period, whichever is shorter, would be subject to taxation in the manner described above. In addition, dividend distributions made to you will not qualify for the preferential rates of taxation applicable to long-term capital gains discussed above under "Distributions."

Where a company that is a PFIC meets certain reporting requirements, a U.S. Holder can avoid certain adverse PFIC consequences described above by making a "qualified electing fund", or QEF, election to be taxed currently on its proportionate share of the PFIC's ordinary income and net capital gains.

If we are a PFIC and our ordinary shares are "regularly traded" on a "qualified exchange," a U.S. Holder may make a mark-to-market election with respect to our ordinary shares (but not the shares of any lower-tier PFICs), which may help to mitigate the adverse tax consequences resulting from our PFIC status (but not that of any lower-tier PFICs). Our ordinary shares will be treated as "regularly traded" in any calendar year in which more than a de minimis quantity of the ordinary shares are traded on a qualified exchange on at least 15 days during each calendar quarter (subject to the rule that trades that have as one of their principal purposes the meeting of the trading requirement are disregarded). The NASDAQ Global Select Market is a qualified exchange for this purpose and, consequently, if the ordinary shares are regularly traded, the mark-to-market election will be available to a U.S. Holder; however, there can be no assurance that trading volumes will be sufficient to permit a mark-to-market election. In addition, because a mark-to-market election with respect to us does not apply to any equity interests in "lower-tier PFICs" that we own, a U.S. Holder generally will continue to be subject to the PFIC rules with respect to its indirect interest in any investments held by us that are treated as equity interests in a PFIC for U.S. federal income tax purposes.

If a U.S. Holder makes the mark-to-market election, for each year in which we are a PFIC, the holder will generally include as ordinary income the excess, if any, of the fair market value of ordinary shares at the end of the taxable year over their adjusted tax basis, and will be permitted an ordinary loss in respect of the excess, if any, of the adjusted tax basis of our ordinary shares over their fair market value at the end of the taxable year (but only to the extent of the net amount of previously included income as a result of the mark-to-market election). A U.S. Holder that makes a valid mark-to-market election will not include mark-to-market gain or loss in income for any taxable year that we are not classified as a PFIC (although cessation of our status as a PFIC will not terminate the mark-to-market election). Thus, if we are classified as a PFIC in a taxable year after a year in which we are not classified as a PFIC, the U.S. Holder's original election (unless revoked or terminated) continues to apply and the U.S. Holder must include any mark-to-market gain or loss in such year. If a U.S. Holder makes the election, the holder's tax basis in our ordinary shares will be adjusted to reflect any such income or loss amounts. Any gain recognized on a sale or other disposition of our ordinary shares will be treated as ordinary income. Any losses recognized on a sale or other disposition of our ordinary shares will be treated as ordinary loss to the extent of any net mark-to-market gains for prior years. U.S. Holders should consult their own tax advisors regarding the availability and consequences of making a mark-to-market election in their particular circumstances. In particular, U.S. Holders should consider carefully the impact of a mark-to-market election with respect to our ordinary shares if we have "lower-tier PFICs" for which such election is not available. Once made, the mark-to-market election cannot be revoked without the consent of the IRS unless our ordinary shares cease to be "regularly traded."

If a U.S. Holder owns ordinary shares during any year in which we are a PFIC, the U.S. Holder generally will be required to file an IRS Form 8621 (Information Return by a Shareholder of a Passive Foreign Investment Company or Qualified Electing Fund) with respect to the company (regardless of whether a QEF or mark-to-market election is made), generally with the U.S. Holder's federal income tax return for that year. If our company were a PFIC for a given taxable year, then you should consult your tax advisor concerning your annual filing requirements.

U.S. Holders should consult their tax advisors regarding whether we are a PFIC and the potential application of the PFIC rules.

Medicare Tax

Certain U.S. Holders that are individuals, estates or trusts are subject to a 3.8% tax on all or a portion of their "net investment income," which may include all or a portion of their dividend income and net gains from the disposition of ordinary shares. Each U.S. Holder that is an individual, estate or trust is urged to consult its tax advisors regarding the applicability of the Medicare tax to its income and gains in respect of its investment in our ordinary shares.

Backup Withholding Tax and Information Reporting Requirements

United States backup withholding tax and information reporting requirements may apply to certain payments to certain holders of stock. Information reporting generally will apply to payments of dividends on, and to proceeds from the sale or redemption of, our ordinary shares made within the United States, or by a United States payor or United States middleman, to a holder of our ordinary shares, other than an exempt recipient (including a payee that is not a United States person that provides an appropriate certification and certain other persons). A payor will be required to withhold backup withholding tax from any payments of dividends on, or the proceeds from the sale or redemption of, ordinary shares within the United States, or by a United States payor or United States middleman, to a holder, other than an exempt recipient, if such holder fails to furnish its correct taxpayer identification number or otherwise fails to comply with, or establish an exemption from, such backup withholding tax requirements. Any amounts withheld under the backup withholding rules will be allowed as a credit against the beneficial owner's United States federal income tax liability, if any, and any excess amounts withheld under the backup withholding rules may be refunded, provided that the required information is timely furnished to the IRS.

Foreign Asset Reporting

Certain U.S. Holders who are individuals are required to report information relating to an interest in our ordinary shares, subject to certain exceptions (including an exception for shares held in accounts maintained by U.S. financial institutions) by filing IRS Form 8938 (Statement of Specified Foreign Financial Assets) with their federal income tax return. U.S. Holders are urged to consult their tax advisors regarding their information reporting obligations, if any, with respect to their ownership and disposition of our ordinary shares.

The above description is not intended to constitute a complete analysis of all tax consequences relating to acquisition, ownership and disposition of our ordinary shares. You should consult your tax advisor concerning the tax consequences of your particular situation.

F. Dividends and Paying Agents

Not applicable.

G. Statement by Experts

Not applicable.

H. Documents on Display

We are subject to the informational requirements of the Exchange Act that are applicable to foreign private issuers, and under those requirements file reports with the SEC. Those other reports or other information may be inspected without charge at the locations described above. As a foreign private issuer, we are exempt from the rules under the Exchange Act related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders will be exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual, quarterly and current reports and financial statements with the SEC as frequently or as promptly as United States companies whose securities are registered under the Exchange Act. However, we will file with the SEC, within 120 days after the end of each subsequent fiscal year, or such applicable time as required by the SEC, an annual report on Form 20-F containing financial statements audited by an independent registered public accounting firm, and will submit to the SEC reports on Form 6-K containing unaudited quarterly financial information.

You may read and copy any document we file with the SEC without charge at the SEC's public reference room at 100 F Street, N.E., Room 1580, Washington, D.C. 20549. You may also obtain copies of the documents at prescribed rates by writing to the Public Reference Section of the SEC at 100 F Street, N.E., Room 1580, Washington, D.C. 20549. Please call the SEC at 1-800-SEC-0330 for further information on the public reference room. The SEC also maintains an internet website that contains reports and other information regarding issuers that file electronically with the SEC. Our filings with the SEC are also available to the public through the SEC's website at http://www.sec.gov.

I. Subsidiary Information

Not applicable.

ITEM 11. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

We are exposed to a variety of risks, including foreign currency exchange fluctuations, changes in interest rates and inflation. We regularly assess currency, interest rate and inflation risks to minimize any adverse effects on our business as a result of those factors.

Foreign Currency Risk

Our results of operations and cash flows are affected by fluctuations due to changes in foreign currency exchange rates. In 2016, the majority of our revenues were denominated in U.S. dollars and the remainder in other currencies, primarily euros and British pounds sterling. In 2016, the majority of our cost of revenues and operating expenses were denominated in U.S. dollars and NIS and the remainder in other currencies, primarily euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar would adversely impact our net income. In addition, since the portion of our revenues generated in euros and British pounds sterling is greater than our expenses incurred in euros and British pounds sterling, respectively, any depreciation of the euro or British pounds sterling relative to the U.S. dollar would adversely impact our net income.

The following table presents information about the changes in the exchange rates of the NIS against the U.S. dollar:


Period	Change in Average Exchange Rate of the NIS Against the U.S. dollar (%)
2016		(1.1	)
2015		8.6
2014		(0.9	)

The figures above represent the change in the average exchange rate in the given period compared to the average exchange rate in the immediately preceding period. Negative figures represent depreciation of the U.S. dollar compared to the NIS. A 10% strengthening or weakening in the value of the NIS against the U.S. dollar would have decreased or increased, respectively, our net income by approximately $4.0 million in 2016. We estimate that a 10% strengthening or weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $1.1 million in 2016. We estimate that a 10% strengthening or weakening in the value of the British pounds sterling against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $0.3 million in 2016. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change.

For purposes of our consolidated financial statements, local currency assets and liabilities are translated at the rate of exchange to the U.S. dollar on the balance sheet date and local currency revenues and expenses are translated at the exchange rate at the date of the transaction or the average exchange rate dollar during the reporting period to the United States.

To protect against the increase in value of forecasted foreign currency cash flow resulting from expenses paid in NIS during the year, we have instituted a foreign currency cash flow hedging program. We hedge portions of the anticipated payroll of our Israeli employees in NIS for a period of one to twelve months with forward contracts and other derivative instruments. In addition, from time to time we enter into foreign exchange forward transactions to economically hedge a portion of account receivables in Euros and British pounds sterling. We do not use derivative financial instruments for speculative or trading purposes.

Interest Rate Risk

The primary objectives of our investment activities are to preserve principal, support liquidity requirements, and maximize income without significantly increasing risk. Our investments are subject to market risk due to changes in interest rates, which may affect our interest income and fair market value of our investments.

To minimize this risk, we maintain our portfolio of cash, cash equivalents and short and long-term investments in a variety of securities, including commercial paper, money market funds, U.S. government and agency securities, and corporate debt securities. We do not believe that a 10% increase or decrease in interest rates would have a material impact on our operating results, cash flows or the fair value of our portfolio.

Other Market Risks

We do not believe that we have any material exposure to inflationary risks.

ITEM 12. DESCRIPTION OF SECURITIES OTHER THAN EQUITY SECURITIES

Not applicable.

PART II

ITEM 13. DEFAULTS, DIVIDEND ARREARAGES AND DELINQUENCIES

None.

ITEM 14.

MATERIAL MODIFICATIONS TO THE RIGHTS OF SECURITY HOLDERS AND USE OF PROCEEDS

Initial Public Offering

The effective date of the registration statement (File no. 333-196991) for our IPO of ordinary shares, par value NIS 0.01, was September 23, 2014. Our IPO commenced on September 10, 2014 and was closed on September 29, 2014. J.P. Morgan Securities LLC, Deutsche Bank Securities Inc. and Barclays Capital Inc. were joint book-running managers for the IPO, with J.P. Morgan Securities LLC and Deutsche Bank Securities Inc. acting as representatives of the underwriters. William Blair & Company, L.L.C., Nomura Securities International, Inc. and Oppenheimer & Co. Inc. were co-managers for the IPO.

As a result, we issued and sold a total of 6,164,000 ordinary shares at a price per share of $16.00 with aggregate gross proceeds of approximately $98.6 million (including the over-allotment option to purchase 804,000 additional shares, which was exercised in full), resulting in net proceeds to us of approximately $88.4 million.

From the effective date of the registration statement and until December 31, 2016, we used $54.1 million of the net proceeds of the IPO for the acquisitions of Cybertinel, Viewfinity and certain assets of Agata Ltd., which we completed in 2015.

None of the net proceeds of the IPO was paid directly or indirectly to any director or officer of ours or to their associates, persons owning 10% or more of any class of our equity securities, or to any of our affiliates.

ITEM 15. CONTROLS AND PROCEDURES

Disclosure controls and procedures

Our Chief Executive Officer and Chief Financial Officer, after evaluating the effectiveness of our disclosure controls and procedures (as defined in Rule 13a-15(e) and 15d-15(e) of the Exchange Act) as of December 31, 2016, have concluded that, based on such evaluation, as of such date, our disclosure controls and procedures were effective such that information required to be disclosed by us in reports that we file or submit under the Exchange Act is accumulated and communicated to our management, including our Chief Executive Officer and Chief Financial Officer, to allow timely decisions regarding required disclosure and is recorded, processed, summarized and reported within the time periods specified by the SEC's rules and forms.

Management annual report on internal control over financial reporting and attestation report of the registered public accounting firm

Our management, under the supervision of our Chief Executive Officer and Chief Financial Officer, is responsible for establishing and maintaining adequate internal control over financial reporting as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act. Our internal control over financial reporting is a process to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. Our internal control over financial reporting includes those policies and procedures that:

pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of our assets;

provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that our receipts and expenditures are being made only in accordance with authorizations of our management and directors; and

provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of our assets that could have a material effect on the financial statements.

Our management assessed the effectiveness of internal control over financial reporting as of December 31, 2016 based on the criteria established in "Internal Control-Integrated Framework (2013)" published by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment, management has concluded that our internal control over financial reporting was effective as of December 31, 2016.

Our independent registered public accounting firm, Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, has audited the consolidated financial statements included in this annual report on Form 20-F, and as part of its audit, has issued its audit report on the effectiveness of our internal control over financial reporting as of December 31, 2016. The report of Kost Forer Gabbay & Kasierer is included with our consolidated financial statements included elsewhere in this annual report and is incorporated herein by reference.

Changes in internal control over financial reporting

There were no changes in our internal control over financial reporting (as such term is defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) that occurred during the period covered by this annual report that have materially affected, or that are reasonably likely to materially affect, our internal control over financial reporting.

ITEM 16. [RESERVED]

ITEM 16A. AUDIT COMMITTEE FINANCIAL EXPERT

Our board of directors has determined that Ron Gutler and Kim Perdikou are audit committee financial experts as defined by the SEC rules, have the requisite financial experience as defined by NASDAQ corporate governance rules and are "independent" as such term is defined in Rule 10A-3(b)(1) under the Exchange Act.

ITEM 16B. CODE OF ETHICS

We have adopted a corporate code of business conduct applicable to our executive officers, directors and all other employees. A copy of the code is delivered to every employee of CyberArk Software Ltd. and all of its subsidiaries, and is available to investors and others on our website at http://investors.cyberark.com or by contacting our investor relations department. The corporate code of business conduct includes our code of ethics which is applicable to our chief executive officer, our chief financial officer and all other senior financial officers. Pursuant to Item 16B of Form 20-F, if a waiver or amendment of the code of conduct (including the code of ethics) applies to our chief executive officer, chief financial officer or other persons performing similar functions and relates to standards promoting any of the values described in Item 16B(b) of Form 20-F, we will disclose such waiver or amendment (i) on our website within five business days following the date of amendment or waiver in accordance with the requirements of Instruction 4 to such Item 16B or (ii) through the filing of a Form 6-K. We granted no waivers under our code in 2016.

ITEM 16C. PRINCIPAL ACCOUNTANT FEES AND SERVICES

Principal Accountant Fees and Services

We have recorded the following fees for professional services rendered by Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, an independent registered public accounting firm, for the years ended December 31, 2015 and 2016:


	2015		2016
	(in thousands)
Audit Fees	$	886	$	504
Audit-Related Fees		75		110
Tax Fees		171		133
All Other Fees		95		-

Total	$	1,227	$	747

"Audit fees" are the aggregate fees billed for the audit of our annual financial statements. This category also includes services that generally the independent accountant provides, such as consents and assistance with and review of documents filed with the SEC as well as fees related to audits in connection with our public offerings of our ordinary shares in March 2015 and June 2015.

"Audit-related fees" are the aggregate fees billed for assurance and related services that are reasonably related to the performance of the audit and are not reported under audit fees. These fees primarily include accounting consultations regarding the accounting treatment of matters that occur in the regular course of business, implications of new accounting pronouncements and other accounting issues that occur from time to time.

"Tax fees" include fees for professional services rendered by our independent registered public accounting firm for tax compliance and tax advice on actual or contemplated transactions.

"All other fees" include fees for services rendered by our independent registered public accounting firm with respect to government incentives and other matters.

Our audit committee has adopted a pre-approval policy for the engagement of our independent accountant to perform certain audit and non-audit services. Pursuant to this policy, which is designed to assure that such engagements do not impair the independence of our auditors, the audit committee pre-approves each type of audit, audit-related, tax and other permitted service. The audit committee has delegated the pre-approval authority with respect to audit, audit-related, tax and permitted non-audit services up to a maximum of $25,000 to its chairperson and may in the future delegate such authority to one or more additional members of the audit committee, provided that all decisions by that member to pre-approve any such services must be subsequently reported, for informational purposes only, to the full audit committee. All audit and non-audit services provided by our auditors in 2016 were approved in accordance with our policy.

ITEM 16D. EXEMPTIONS FROM THE LISTING STANDARDS FOR AUDIT COMMITTEES

Not applicable.

ITEM 16E. PURCHASES OF EQUITY SECURITIES BY THE ISSUER AND AFFILIATED PURCHASERS

Not applicable.

ITEM 16F. CHANGE IN REGISTRANT'S CERTIFYING ACCOUNTANT

Not applicable.

ITEM 16G. CORPORATE GOVERNANCE

As a foreign private issuer, we are permitted to comply with Israeli corporate governance practices instead of the NASDAQ Listing Rules, provided that we disclose those NASDAQ Listing Rules with which we do not comply and the equivalent Israeli requirements that we follow instead. We currently rely on this "foreign private issuer exemption" with respect to the quorum requirement for meetings of our shareholders and NASDAQ requirements relating to distribution of our annual report to shareholders. As permitted under the Companies Law, pursuant to our articles of association, the quorum required for an ordinary meeting of shareholders consists of at least two shareholders present in person or by proxy who hold or represent between them at least 25% of the voting power of our shares (and, with respect to an adjourned meeting, generally one or more shareholders who hold or represent any number of shares), instead of 33 1/3% of the issued share capital provided under the NASDAQ Listing Rules. Further, as opposed to NASDAQ Listing Rule 5250(d), which requires listed issuers to make annual reports available to shareholders in one of a number of specific manners, Israeli law does not require us to distribute such reports directly to shareholders, and the generally accepted business practice in Israel is not to distribute such reports to shareholders but to make such reports available through a public website. In addition, we will make our annual report containing audited financial statements available to our shareholders at our offices (in addition to a public website). Otherwise, we comply with the Nasdaq corporate governance rules requiring that listed companies have a majority of independent directors and maintain a compensation and nominating committee composed entirely of independent directors.

ITEM 16H. MINE SAFETY DISCLOSURE

Not applicable.

PART III

ITEM 17. FINANCIAL STATEMENTS

Not applicable.

ITEM 18. FINANCIAL STATEMENTS

See pages F-2 through F-41 of this annual report.

ITEM 19. EXHIBITS

See exhibit index incorporated herein by reference.

CYBERARK SOFTWARE LTD. AND ITS SUBSIDIARIES

CONSOLIDATED FINANCIAL STATEMENTS

AS OF DECEMBER 31, 2016

INDEX

	Page

Reports of Independent Registered Public Accounting Firm	F-2- F-3

Consolidated Balance Sheets	F-4 – F-5

Consolidated Statements of Comprehensive Income	F-6

Statements of Changes in Shareholders' Equity	F-7 - F- 8

Consolidated Statements of Cash Flows	F-9 - F- 10

Notes to Consolidated Financial Statements	F-11 – F-41

Kost Forer Gabbay & Kasierer

3 Aminadav St.

Tel-Aviv 6706703, Israel

Tel: +972-36232525

Fax: +972-35622555

ey.com

Report of Independent Registered Public Accounting Firm

To the Board of Directors and Shareholders of

CYBERARK SOFTWARE LTD.

We have audited the accompanying consolidated balance sheets of CyberArk Software Ltd. and its subsidiaries (the “Company”) as of December 31, 2015 and 2016, and the related consolidated statements of comprehensive income, changes in shareholders' equity and cash flows for each of the three years in the period ended December 31, 2016. These consolidated financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on these consolidated financial statements based on our audits.

We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the consolidated financial position of the Company as of December 31, 2015 and 2016, and the consolidated results of their operations and their cash flows for each of the three years in the period ended December 31, 2016, in conformity with U.S. generally accepted accounting principles.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the Company's internal control over financial reporting as of December 31, 2016, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated March 16, 2017 expressed an unqualified opinion thereon.

	/S/ Kost Forer Gabbay & Kasierer
Tel-Aviv, Israel	KOST FORER GABBAY & KASIERER
March 16, 2017	A Member of Ernst & Young Global

F - 2

Kost Forer Gabbay & Kasierer

3 Aminadav St.

Tel-Aviv 6706703, Israel

Tel: +972-36232525

Fax: +972-35622555

ey.com

Report of Independent Registered Public Accounting Firm

To the Board of Directors and Shareholders of

CYBERARK SOFTWARE LTD.

We have audited CyberArk Software Ltd. and its subsidiaries (the “Company”) internal control over financial reporting as of December 31, 2016, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying management's report on internal control over financial reporting. Our responsibility is to express an opinion on the Company's internal control over financial reporting based on our audit.

We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

In our opinion, the Company maintained in all material respects, effective internal control over financial reporting as of December 31, 2016, based on the COSO criteria.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of the Company as of December 31, 2015 and 2016, and the related consolidated statements of comprehensive income, changes in shareholders' equity and cash flows for each of the three years in the period ended December 31, 2016, and our report dated March 16, 2017, expressed an unqualified opinion thereon.

	/S/ Kost Forer Gabbay & Kasierer
Tel-Aviv, Israel	KOST FORER GABBAY & KASIERER
March 16, 2017	A Member of Ernst & Young Global

F - 3

CYBERARK SOFTWARE LTD.

CONSOLIDATED BALANCE SHEETS

U.S. dollars in thousands

	December 31,
	2015		2016

ASSETS

CURRENT ASSETS:
Cash and cash equivalents	$	234,539	$	172,957
Short-term bank deposits		3,713		86,829
Marketable securities		-		15,246
Trade receivables		20,410		33,330
Prepaid expenses and other current assets		3,293		4,804

Total current assets		261,955		313,166

LONG-TERM ASSETS:
Property and equipment, net		3,584		4,760
Intangible assets, net		18,558		14,035
Goodwill		35,145		35,145
Marketable securities		-		20,443
Severance pay fund		3,230		3,332
Prepaid expenses and other long-term assets		1,954		1,761
Deferred tax assets		9,998		10,389

Total long-term assets		72,469		89,865

TOTAL ASSETS	$	334,424	$	403,031

The accompanying notes are an integral part of the consolidated financial statements.

F - 4

CYBERARK SOFTWARE LTD.

CONSOLIDATED BALANCE SHEETS

U.S. dollars in thousands (except share and per share data)

	December 31,
	2015			2016

LIABILITIES AND SHAREHOLDERS' EQUITY

CURRENT LIABILITIES:
Trade payables	$	2,530		$	2,699
Employees and payroll accruals		15,860			18,470
Accrued expenses and other current liabilities		9,366			6,876
Deferred revenues		37,104			50,111

Total current liabilities		64,860			78,156

LONG-TERM LIABILITIES:
Deferred revenues		17,285			23,395
Other long-term liabilities		188			229
Accrued severance pay		4,667			5,035
Deferred tax liabilities		754			-

Total long-term liabilities		22,894			28,659

TOTAL LIABILITIES		87,754			106,815

COMMITMENTS AND CONTINGENCIES

SHAREHOLDERS' EQUITY:
Ordinary shares of NIS 0.01 par value – Authorized: 250,000,000 shares at December 31, 2015 and 2016; Issued and outstanding: 33,289,839 shares and 34,250,590 shares at December 31, 2015 and 2016, respectively		86			88
Additional paid-in capital		200,107			221,609
Accumulated other comprehensive loss		(93	)		(175	)
Retained earnings		46,570			74,694

Total shareholders' equity		246,670			296,216

TOTAL LIABILITIES AND SHAREHOLDERS' EQUITY	$	334,424		$	403,031

The accompanying notes are an integral part of the consolidated financial statements.

F - 5

CYBERARK SOFTWARE LTD.

CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME

U.S. dollars in thousands (except per share data)

	Year ended December 31,
	2014			2015			2016

Revenues:
License	$	61,320		$	100,113		$	131,530
Maintenance and professional services		41,679			60,699			85,083

		102,999			160,812			216,613

Cost of revenues:
License		2,654			5,088			4,726
Maintenance and professional services		12,053			17,572			25,425

		14,707			22,660			30,151

Gross profit		88,292			138,152			186,462

Operating expenses:

Research and development		14,400			21,734			34,614
Sales and marketing		44,943			66,206			93,775
General and administrative		8,495			16,990			22,117

Total operating expenses		67,838			104,930			150,506

Operating income		20,454			33,222			35,956
Financial income (expenses), net		(5,988	)		(1,479	)		245

Income before taxes on income		14,466			31,743			36,201
Taxes on income		(4,512	)		(5,949	)		(8,077	)

Net income	$	9,954		$	25,794		$	28,124

Basic net income per ordinary share	$	0.46		$	0.80		$	0.83
Diluted net income per ordinary share	$	0.34		$	0.73		$	0.78

Other comprehensive income (loss)

Change in unrealized losses on marketable securities:
Unrealized loss arising during the year		-			-			(141	)
		-			-			(141	)
Change in unrealized gain (loss) on cash flow hedges:
Unrealized gain (loss) arising during the period		(575	)		1			249
Loss (gain) reclassified into earnings		87			239			(190	)

Other comprehensive income (loss), net of taxes of $93, $(46) and $16 for the years 2014, 2015 and 2016, respectively		(488	)		240			(82	)

Total comprehensive income	$	9,466		$	26,034		$	28,042

The accompanying notes are an integral part of the consolidated financial statements.

F - 6

CYBERARK SOFTWARE LTD.

STATEMENTS OF CHANGES IN SHAREHOLDERS' EQUITY

U.S. dollars in thousands (except share data)

														Accumulated other comprehensive income (loss)
	Preferred shares						Ordinary shares				Additional paid-in						Retained		Total shareholders'
	Shares			Amount			Shares		Amount		capital						earnings		equity

Balance as of January 1, 2014		15,958,290		$	41			7,019,352	$	17	$	34,811		$	155		$	10,822	$	45,846

Exercise of options granted to employees		-			-			255,562		1		189			-			-		190
Other comprehensive loss, net of tax		-			-			-		-		-			(488	)		-		(488	)
Share-based compensation expense		-			-			-		-		1,573			-			-		1,573
Exercise of warrants for preferred shares		493,360			1			-		-		7,194			-			-		7,195
Conversion of preferred shares		(16,451,650	)		(42	)		17,062,438		44		(2	)		-			-		-
Issuance of ordinary shares upon initial public offering, net		-			-			6,164,000		17		88,451			-			-		88,468
Tax benefit related to share-based compensation and issuance expenses		-			-			-		-		2,270			-			-		2,270
Net income		-			-			-		-		-			-			9,954		9,954

Balance as of December 31, 2014		-		$	-			30,501,352	$	79	$	134,486		$	(333	)	$	20,776	$	155,008

The accompanying notes are an integral part of the consolidated financial statements.

F - 7

CYBERARK SOFTWARE LTD.

STATEMENTS OF CHANGES IN SHAREHOLDERS' EQUITY

U.S. dollars in thousands (except share data)

											Accumulated other comprehensive income (loss)
	Preferred shares				Ordinary shares				Additional paid-in					Retained		Total shareholders'
	Shares		Amount		Shares		Amount		capital					earnings		equity

Balance as of December 31, 2014		-	$	-		30,501,352	$	79	$	134,486	$	(333	)	$	20,776	$	155,008

Exercise of options and vested RSU's granted to employees		-		-		1,888,487		5		1,819		-			-		1,824
Other comprehensive income, net of tax		-		-		-		-		-		240			-		240
Share-based compensation expense		-		-		-		-		7,049		-			-		7,049
Issuance of ordinary shares upon public offering, net		-		-		900,000		2		52,573		-			-		52,575
Tax benefit related to share-based compensation and issuance expenses		-		-		-		-		4,180		-			-		4,180
Net income		-		-		-		-		-		-			25,794		25,794

Balance as of December 31, 2015		-	$	-		33,289,839	$	86	$	200,107	$	(93	)	$	46,570	$	246,670

Exercise of options and vested RSU's granted to employees	-		-	960,751		2		2,501		-			-		2,503
Other comprehensive loss, net of tax	-		-	-		-		-		(82	)		-		(82	)
Share-based compensation expense	-		-	-		-		17,535		-			-		17,535
Tax benefit related to share-based compensation	-		-	-		-		1,466		-			-		1,466
Net income	-		-	-		-		-		-			28,124		28,124

Balance as of December 31, 2016	-	$	-	34,250,590	$	88	$	221,609	$	(175	)	$	74,694	$	296,216

The accompanying notes are an integral part of the consolidated financial statements.

F - 8

CYBERARK SOFTWARE LTD.

CONSOLIDATED STATEMENTS OF CASH FLOWS

U.S. dollars in thousands

	Year ended December 31,
	2014			2015			2016

Cash flows from operating activities:
Net income	$	9,954		$	25,794		$	28,124
Adjustments to reconcile net income to net cash provided by operating activities:
Depreciation and amortization		746			2,254			6,488
Share-based compensation expense		1,573			7,049			17,535
Amortization of premium on marketable securities		-			-			275
Tax benefit related to share-based compensation		(645	)		(3,808	)		(1,466	)
Deferred income taxes, net		45			(4,093	)		(1,130	)
Increase in trade receivables		(6,535	)		(187	)		(12,920	)
Increase in prepaid expenses and other current and long-term assets		(159	)		(1,183	)		(1,485	)
Increase (decrease) in trade payables		(145	)		322			(177	)
Changes in fair value of warrants to purchase preferred shares		4,309			-			-
Increase in short-term and long-term deferred revenues		7,682			21,254			19,117
Increase in employees and payroll accruals		3,501			5,011			2,610
Increase (decrease) in accrued expenses and other current and long-term liabilities		2,827			6,353			(927	)
Increase in accrued severance pay, net		42			394			266

Net cash provided by operating activities		23,195			59,160			56,310

Cash flows from investing activities:
Proceeds from short and long-term deposits		2,533			49,329			-
Investment in short and long-term deposits		(52,570	)		(619	)		(82,940	)
Investment in marketable securities		-			-			(40,433	)
Proceeds from maturities of marketable securities		-			-			4,307
Purchase of property and equipment		(1,408	)		(2,066	)		(2,795	)
Payments for business acquisitions, net of cash acquired (Schedule A)		-			(53,656	)		-

Net cash used in investing activities		(51,445	)		(7,012	)		(121,861	)

Cash flows from financing activities:
Issuance of shares, net		88,468			52,575			-
Tax benefit related to share-based compensation		645			3,808			1,466
Proceeds from exercise of stock options and warrants		942			1,824			2,503

Net cash provided by financing activities		90,055			58,207			3,969

Increase (decrease) in cash and cash equivalents		61,805			110,355			(61,582	)
Cash and cash equivalents at the beginning of the year		62,379			124,184			234,539

Cash and cash equivalents at the end of the year	$	124,184		$	234,539		$	172,957

Non-cash activities:

Purchase of property and equipment on credit	$	304		$	338		$	683

Supplemental disclosure of cash flow activities:

Cash paid during the year for taxes	$	981		$	4,760		$	10,577

The accompanying notes are an integral part of the consolidated financial statements.

F - 9

CYBERARK SOFTWARE LTD.

CONSOLIDATED STATEMENTS OF CASH FLOWS

U.S. dollars in thousands

Schedule A - payments for business acquired (See note 1.e.)

Estimated fair value of assets acquired and liabilities assumed at the date of Viewfinity's acquisition was as follows:

	Year ended December 31,
	2015

Working capital, net (excluding cash and cash equivalents)	$	497
Property and equipment, net		124
Other long-term assets		62
Goodwill		20,765
Other intangible assets		9,990
Deferred revenues		(931	)

	$	30,507

Estimated fair value of assets acquired and liabilities assumed at the date of Cybertinel's acquisition was as follows:

	Year ended December 31,
	2015

Working capital, net (excluding cash and cash equivalents)	$	(245	)
Property and equipment, net		340
Other long-term assets		34
Goodwill		13,201
Other intangible assets		7,760
Deferred tax		(1,009	)
Deferred revenues		(44	)

	$	20,037

Estimated fair value of assets acquired and liabilities assumed at the date of Agata's acquisition was as follows:

	Year ended December 31,
	2015

Goodwill	$	1,179
Other intangible assets		1,933

	$	3,112

The accompanying notes are an integral part of the consolidated financial statements.

F - 10

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 1:

GENERAL

CyberArk Software Ltd. (together with its subsidiaries, the “Company”) is an Israeli company that develops, markets and sells software-based security solutions. The Company's solutions enable organizations to safeguard and monitor their privileged accounts, which are those accounts within an organization that have access to the organization's high value assets and are located across its IT infrastructure. The Company's software provides customers with the ability to protect, detect, monitor and control access to privileged accounts in order to break the lifecycle of a targeted cyber attack before it can cause damage to an organization.

In September 2014, the Company completed its initial public offering (“IPO”) in which the Company issued and sold 6,164,000 ordinary shares at a public offering price of $16.00 per share (including pursuant to the underwriters' option to purchase additional ordinary shares). The net proceeds received from the IPO were $88,468 after deducting underwriting discounts of $6,904 and other offering expenses of $3,846.

In March 2015, the Company completed a public offering in which certain shareholders sold 4,600,000 ordinary shares (including pursuant to the underwriters option to purchase additional ordinary shares) at a public offering price of $51.00 per share. The Company did not receive any proceeds from the sale of ordinary shares by the selling shareholders and the related offering expenses were recorded in the statement of comprehensive income.

In June 2015, the Company completed an additional public offering in which the Company issued and sold 900,000 ordinary shares at a public offering price of $61.00 per share. The total net proceeds received were $52,575 after deducting underwriting discounts of $2,196 and other offering expenses of $129. Another 4,000,000 shares were sold by certain selling shareholders. The Company did not receive any of the proceeds from the sales of shares by the selling shareholders and the related offering expenses were recorded in the statement of comprehensive income.

In August 2015, the Company acquired all of the share capital of Cybertinel Ltd. (“Cybertinel”) for total consideration of $20,515. Cybertinel, an Israeli company, specializes in cyber threat detection technology. In September 2015, the Company acquired certain assets of Agata Ltd (“Agata”) for total consideration of $3,112. The Company accounted for the acquisition of Agata as a purchase of a business. In October 2015, the Company acquired all of the share capital of Viewfinity, Inc. (“Viewfinity”) for total consideration of $30,500. Viewfinity is a provider of Windows least privilege management and application control. The Company expensed the related acquisitions costs of $677 in general and administrative expenses.

F - 11

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 1:

GENERAL (Cont.)

Unaudited pro forma results of operations:

The following table presents unaudited pro forma revenue, net income and basic and diluted net income (loss) for periods presented assuming the acquisitions of Cybertinel, Viewfinity and Agata occurred on January 1, 2014. The pro forma information is not necessarily indicative of the results of operations, which actually would have occurred had the acquisitions been consummated on those dates, nor does it purport to represent the results of operations for future periods:

	December 31,
	2014			2015

Pro forma revenue	$	108,517		$	165,924
Pro forma net income	$	76		$	18,725
Basic net income (loss) per ordinary share	$	(0.28	)	$	0.58
Diluted net income (loss) per ordinary share	$	(0.28	)	$	0.53

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES

The consolidated financial statements have been prepared in accordance with U.S. generally accepted accounting principles (“U.S. GAAP”).

Use of estimates:

The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates, judgments and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. The Company evaluates on an ongoing basis its assumptions, including those related to contingencies, income taxes, deferred taxes, share-based compensation, value of intangible assets and goodwill as well as in estimates used in applying the revenue recognition policy. The Company's management believes that the estimates, judgment and assumptions used are reasonable based upon information available at the time they are made. These estimates, judgments and assumptions can affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the dates of the consolidated financial statements, and the reported amounts of revenue and expenses during the reporting periods. Actual results could differ from those estimates.

Principles of consolidation:

The consolidated financial statements include the accounts of CyberArk Software Ltd. and its wholly-owned subsidiaries. Intercompany transactions and balances, have been eliminated upon consolidation.

F - 12

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

Financial statements in U.S. dollars:

A majority of the Company's revenues are generated in U.S. dollars. In addition, the equity investments were in U.S. dollars and a substantial portion of the Company's costs are incurred in U.S. dollars and New Israeli Shekels (“NIS”). The Company's management believes that the U.S. dollar is the currency of the primary economic environment in which the Company operates. Thus, the functional and reporting currency of the Company is the U.S. dollar.

Accordingly, monetary accounts maintained in currencies other than the U.S. dollar are re-measured into U.S. dollars in accordance with Statement of the Accounting Standard Codification ("ASC") No. 830 "Foreign Currency Matters" ("ASC No. 830"). All transaction gains and losses of the re-measured monetary balance sheet items are reflected in the statement of comprehensive income as financial income or expenses, as appropriate.

The functional currency of the Company's foreign subsidiaries is the U.S. dollar as these subsidiaries' revenues, intercompany transactions, budgets and financing are denominated in U.S. dollars.

Cash and cash equivalents:

Cash equivalents are short-term highly liquid deposits that are readily convertible to cash with original maturities of three months or less, at the date acquired.

e. Short-term bank deposits:

Short-term bank deposits are deposits with maturities of up to one year. As of December 31, 2015 and 2016, the Company's bank deposits are denominated in U.S. dollars, Euros and NIS and bear interest at weighted average deposits rates of 0.4% and 1.26%, respectively. Short-term bank deposits are presented at their cost, including accrued interest. A portion of these deposits is used as security for the rental of premises and as a security for the Company's hedging activities.

f. Investments in marketable securities:

The Company accounts for investments in marketable securities in accordance with ASC No. 320, “Investments - Debt and Equity Securities”. Management determines the appropriate classification of its investments in debt securities at the time of purchase and re-evaluates such determinations at each balance sheet date. The Company classifies all of its marketable securities as available-for-sale. Available-for-sale securities are carried at fair value, with the unrealized gains and losses, net of tax, reported in accumulated other comprehensive income (loss) in shareholders' equity. Realized gains and losses on sale of investments are included in financial income (expenses), net and are derived using the specific identification method for determining the cost of securities sold. The amortized cost of debt securities is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization together with interest on securities is included in financial income (expenses), net.

F - 13

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

The Company's securities are reviewed for impairment in accordance with ASC 320-10-35. If such assets are considered to be impaired, the impairment charge is recognized in earnings when a decline in the fair value of its investments below the cost basis is judged to be Other-Than-Temporary Impairment (OTTI). Factors considered in making such a determination include the duration and severity of the impairment, the reason for the decline in value, the potential recovery period and the Company's intent to sell, including whether it is more likely than not that the Company will be required to sell the investment before recovery of cost basis. Based on the above factors, the Company concluded that unrealized losses on its available-for-sale securities, for the year ended December 31, 2016 were not OTTI.

Property and equipment:

Property and equipment are stated at cost, net of accumulated depreciation. Depreciation is calculated using the straight-line method over the estimated useful lives of the assets at the following annual rates:

		%

Computers and related equipment		25 - 33
Office furniture and equipment		7 - 20
Leasehold improvements		Over the shorter of the related lease period or the life of the asset

Long-lived assets:

The long-lived assets of the Company are reviewed for impairment in accordance with ASC No. 360, “Property, Plant and Equipment” (“ASC No. 360”), whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. The recoverability of assets to be held and used is measured by a comparison of the carrying amount of an asset to the future undiscounted cash flows expected to be generated by the assets. If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which the carrying amount of the assets exceeds the fair value of the assets. During the years ended December 31, 2014, 2015 and 2016, no impairment losses have been identified.

Business Combination:

The Company accounts for its business acquisitions in accordance with Accounting Standards Codification ASC No. 805, “Business Combinations”. The Company uses its best estimates and assumptions as part of the purchase price allocation process to value assets acquired and liabilities assumed at the business combination date. The total purchase price allocated to the tangible assets acquired is assigned based on the fair values as of the date of the acquisition.

F - 14

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

Goodwill and other intangible assets:

Goodwill and certain other purchased intangible assets have been recorded in the Company's financial statements as a result of acquisitions. Goodwill represents excess of the costs over the net tangible and intangible assets acquired of businesses acquired under ASC No. 350, “Intangible—Goodwill and other” (“ASC 350”), according to which goodwill is not amortized. In addition, the costs of intangible assets that were purchased from others for use in research and development activities were recorded as assets to the extent that they have alternative future use.

ASC 350 requires goodwill to be tested for impairment at least annually and, in certain circumstances, between annual tests. The Company operates as one reporting unit. Therefore, goodwill is tested for impairment by comparing the fair value of the reporting unit with its carrying value. The Company elects to perform an annual impairment test of goodwill as of October 1 of each year, or more frequently if impairment indicators are present.

For the years ended December 31, 2015 and 2016, no impairment losses were identified.

Derivative instruments:

ASC No. 815, “Derivative and Hedging”, requires companies to recognize all of their derivative instruments as either assets or liabilities in the statement of financial position at fair value.

For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument, based upon the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.

F - 15

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

To hedge against the risk of changes in cash flows resulting from foreign currency salary payments during the year, the Company has instituted a foreign currency cash flow hedging program. The Company hedges portions of its forecasted expenses denominated in NIS. These forward and option contracts are designated as cash flow hedges, as defined by ASC 815, and are all effective, as their critical terms match underlying transactions being hedged.

As of December 31, 2015 and 2016, the amount recorded in accumulated other comprehensive loss from the Company's currency forward and option transactions was $93 (net of tax of $18) and $34 (net of tax of $6), respectively. At December 31, 2016, the notional amounts of foreign exchange forward contracts into which the Company entered were $17,800. The foreign exchange forward contracts will expire by December 2017. The fair value of derivative instruments assets balance as of December 31, 2015 and 2016, totaled $16 and $32, respectively. The fair value of derivative instruments liabilities balance as of December 31, 2015 and 2016, totaled $130 and $72, respectively.

In addition to the derivatives that are designated as hedges as discussed above, the Company enters into certain foreign exchange forward transactions to economically hedge certain account receivables in Euros and GBP. Gains and losses related to such derivative instruments are recorded in financial expenses, net. As of December 31, 2016, the notional amounts of foreign exchange forward contracts into which the Company entered were $6,698. The foreign exchange forward contracts will expire by December 2017. The fair value of derivative instruments assets balance as of December 31, 2015 and 2016, totaled $139 and $347, respectively. The fair value of derivative instruments liabilities balance as of December 31, 2015 and 2016 totaled $13 and $6, respectively.

For the years ended December 31, 2014, 2015 and 2016, the Company recorded financial income, net from hedging transactions of $35, $260 and $270, respectively.

F - 16

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

Severance pay:

The Israeli Severance Pay Law, 1963 (“Severance Pay Law”), specifies that employees are entitled to severance payment, following the termination of their employment. Under the Severance Pay Law, the severance payment is calculated as one month salary for each year of employment, or a portion thereof.

Part of the Company's liability for severance pay is covered by the provisions of Section 14 of the Severance Pay Law (“Section 14”). Under Section 14 employees are entitled to monthly deposits, at a rate of 8.33% of their monthly salary, made on behalf of the employee with insurance companies. Payments in accordance with Section 14 release the Company from any future severance payments in respect of those employees. As a result, the Company does not recognize any liability for severance pay due to these employees and the deposits under Section 14 are not recorded as an asset in the Company's balance sheet.

For the Company's employees in Israel who are not subject to Section 14, the Company calculated the liability for severance pay pursuant to the Severance Pay Law based on the most recent salary of these employees multiplied by the number of years of employment as of the balance sheet date. The Company's liability for these employees is fully provided for via monthly deposits with severance pay funds, insurance policies and an accrual. The value of these deposits is recorded as an asset on the Company's balance sheet. Severance expense for the years ended December 31, 2014, 2015 and 2016, amounted to $1,187, $1,794 and $2,503, respectively.

m. U.S. defined contribution plan:

The U.S. subsidiary has a 401(k) defined contribution plan covering certain full time employees in the U.S. All eligible employees may elect to contribute up to an annual maximum, of the lesser of 60% of their annual compensation to the plan through salary deferrals, subject to Internal Revenue Service limits, but not greater than $18 per year (for certain employees over 50 years of age the maximum contribution is $24 per year).

The U.S. subsidiary matches amount equal to 100% of the first 3% of the employees compensation that they contribute to the defined contribution plan and 50% of the next 2% of their compensation that they contribute to the defined contribution plan with a limit of $10.6 per year. For the years ended December 31, 2014, 2015 and 2016, the U.S. subsidiary recorded expenses for matching contributions of $544, $907 and $1,259 respectively.

F - 17

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

Revenue recognition:

The Company generates revenues from licensing the rights to use its software products, maintenance and professional services. The Company sells its products through its direct sales force and indirectly through resellers.

The Company accounts for its software licensing sales in accordance with ASC 985-605, “Software Revenue Recognition”. ASC 985-605 generally requires revenue earned on software arrangements involving multiple elements to be allocated to each element based on the relative fair value of the elements when Vendor Specific Objective Evidence (“VSOE”) of fair value exists for all elements and to be allocated to the different elements in the arrangement under the “residual method” when VSOE of fair value exists for all undelivered elements and no VSOE exists for the delivered elements.

Maintenance and professional services are sold separately and therefore the selling price (VSOE) is based on stand-alone transactions.

Under the residual method, at the outset of the arrangement with the customer, the Company defers revenue for the fair value of its undelivered elements and recognizes revenue for the remainder of the arrangement fee attributable to the elements initially delivered in the arrangement (software element) when all other criteria in ASC 985-605 have been met. Any discount in the arrangement is allocated to the delivered element.

Software license revenues are recognized when persuasive evidence of an arrangement exists, the software license has been delivered, there are no uncertainties surrounding product acceptance, there are no significant future performance obligations, the license fees are fixed or determinable and collection of the license fee is considered probable. Fees for arrangements with payment terms extending beyond customary payment terms are considered not to be fixed or determinable, in which case revenue is deferred and recognized when payments become due from the customer provided that all other revenue recognition criteria have been met.

Revenues from maintenance and support contracts are recognized ratably, on a straight-line basis over the term of the related contract and revenues from professional services consist mostly of time and material services which are recognized as the services are performed.

Professional services are not considered to be essential to the functionality of the software.

The Company does not grant a right of return to its customers.

The Company's software license, maintenance and professional services sold through resellers are non-exchangeable, non-refundable, non-returnable and without any rights of price protection. Accordingly, the Company considers resellers as customers.

F - 18

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

In transactions where a customer's contractual terms include a substantive provision for customer acceptance, revenues are recognized when such acceptance has been obtained or when the acceptance provision has lapsed.

Deferred revenue includes unearned amounts received under maintenance and support contracts, professional services and amounts received from customers for licenses that do not meet the revenue recognition criteria as of the balance sheet date.

Research and development costs:

Research and development costs are charged to the statements of comprehensive income as incurred. ASC 985-20, “Software - Costs of Software to Be Sold, Leased, or Marketed”, requires capitalization of certain software development costs subsequent to the establishment of technological feasibility.

Based on the Company's product development process, technological feasibility is established upon completion of a working model. Costs incurred by the Company between completion of the working model and the point at which the product is ready for general release, have been insignificant. Therefore, all research and development costs are expensed as incurred.

Marketing expenses:

Marketing expenses consist primarily of marketing campaigns and tradeshows. Marketing expenses are charged to the statement of comprehensive income, as incurred. Marketing expenses for the years ended December 31, 2014, 2015 and 2016, amounted to $5,896, $7,498 and $10,622, respectively.

Share-based compensation:

The Company accounts for share-based compensation in accordance with ASC 718, “Compensation - Stock Compensation” (“ASC No. 718”). ASC No. 718 requires companies to estimate the fair value of equity-based payment awards on the date of grant using an option-pricing model. The value of the portion of the award that is ultimately expected to vest is recognized as an expense over the requisite service periods in the Company's consolidated statements of comprehensive income.

The Company recognizes compensation expenses for the value of its awards granted based on the straight-line method over the requisite service period of each of the awards, net of estimated forfeitures. ASC No. 718 requires forfeitures to be estimated at the time of grant and revised, if necessary, in subsequent periods if actual forfeitures differ from those estimates.

F - 19

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

The Company has selected the Black-Scholes-Merton option-pricing model as the most appropriate fair value method for its option awards. The option-pricing model requires a number of assumptions, of which the most significant are the expected share price, volatility and the expected option term.

The fair value of ordinary share underlying the options has historically been determined by management and approved by the Company's board of directors. Prior to September 24, 2014, because there had been no public market for the Company's ordinary shares, management determined fair value of an ordinary share at the time of grant of the option by considering a number of objective and subjective factors including financing investment rounds, operating and financial performance, the lack of liquidity of share capital and general and industry specific economic outlook, amongst other factors. The Company's management determined the fair value of ordinary shares based on valuations performed using the Option Pricing Method (“OPM”) for the period from January 1, 2014 to September 24, 2014. Since September 24, 2014, the Company's ordinary shares are publicly traded.

Income taxes:

The Company accounts for income taxes in accordance with ASC No. 740-10, “Income Taxes” (“ASC No. 740-10”). ASC No. 740-10 prescribes the use of the asset and liability method whereby deferred tax asset and liability account balances are determined based on temporary differences between financial reporting and tax bases of assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance, if necessary, to reduce deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred tax asset will not be realized. Deferred taxes are presented as long-term assets.

The Company established reserves for uncertain tax positions based on the evaluation of whether or not the Company's uncertain tax position is “more likely than not” to be sustained upon examination. The Company records interest and penalties pertaining to its uncertain tax positions in the financial statements as income tax expense.

Basic and diluted net income per share:

The Company applies the two class method as required by ASC No. 260-10, “Earnings Per Share” (“ASC No. 260-10”). ASC 260-10 requires the income per share for each class of shares (ordinary and preferred shares) to be calculated assuming 100% of the Company's earnings are distributed as dividends to each class of shares based on their contractual rights. No dividends were declared or paid during the reported periods.

Basic and diluted net income per share is computed based on the weighted-average number of ordinary shares outstanding during each year. Diluted income per share is computed based on the weighted average number of ordinary shares outstanding during the period, plus dilutive potential shares considered outstanding during the period, in accordance with ASC 260-10. The total weighted average number of shares related to outstanding options, RSU's, warrants and preferred shares that have been excluded from the calculation of diluted net earnings per share was 437,176, 484,726 and 1,381,114 for the years ended December 31, 2014, 2015 and 2016, respectively.

F - 20

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

Comprehensive income (loss):

The Company accounts for comprehensive income (loss) in accordance with Accounting Standards Codification No. 220, “Comprehensive Income” (“ASC No. 220”). This statement establishes standards for the reporting and display of comprehensive income (loss) and its components in a full set of general purpose financial statements. Comprehensive income (loss) generally represents all changes in shareholders' equity during the period, except changes resulting from investments by, or distributions to, shareholders.

Concentration of credit risks:

Financial instruments that potentially subject the Company to concentrations of credit risk consist principally of cash and cash equivalents, short-term bank deposits, marketable securities, trade receivables and derivative instruments.

The majority of the Company's cash and cash equivalents and short-term bank deposits are invested with major banks in Israel and the United States. Such investments in the United States are primarily in excess of insured limits and are not insured in other jurisdictions. Generally, these investments may be redeemed upon demand and the Company believes that banks are financially sounds and, accordingly, bear minimal risk.

The Company's marketable securities consist of investments, which are highly rated by credit agencies, in government, corporate and government sponsored enterprises debentures. The Company's investment policy limits the amount that the Company may invest in any one type of investment or issuer, in order to reduce credit risk concentrations.

The trade receivables of the Company are mainly derived from sales to diverse set of customers located primarily in the United States, Europe and Asia. The Company performs ongoing credit evaluations of its customers and, to date, has not experienced any significant losses.

The Company has entered into forward contracts with major banks in Israel to protect against the risk of changes in exchange rates. The derivative instruments hedge a portion of the Company's non-dollar currency exposure.

F - 21

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

Fair value of financial instruments:

The estimated fair value of financial instruments has been determined by the Company using available market information and valuation methodologies. Considerable judgment is required in estimating fair values. Accordingly, the estimates may not be indicative of the amounts the Company could realize in a current market exchange.

The following methods and assumptions were used by the Company in estimating the fair value of their financial instruments:

The carrying values of cash and cash equivalents, short-term bank deposits, trade receivables, prepaid expenses and other current assets, trade payables, employees and payroll accruals and accrued expenses and other current liabilities approximate fair values due to the short-term maturities of these instruments.

The Company applies ASC No. 820, “Fair Value Measurements and Disclosures” (“ASC No. 820”), with respect to fair value measurements of all financial assets and liabilities.

The fair value of foreign currency contracts (used for hedging purposes) is estimated by obtaining current quotes from banks and third party valuations.

Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in pricing an asset or a liability. A three-tier fair value hierarchy is established as a basis for considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:

Level 1 -

Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.

Level 2 -

Inputs are quoted prices for similar assets and liabilities in active markets or inputs that are observable for the assets or liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments.

Level 3 -

Inputs are unobservable inputs based on the Company's own assumptions used to measure assets and liabilities at fair value. The inputs require significant management judgment or estimation.

The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value.

F - 22

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

In accordance with ASC 820, the Company measures its foreign currency derivative instruments, at fair value using the market approach valuation technique. Foreign currency derivative contracts as detailed in note 2.k are classified within Level 2 value hierarchy, as the valuation inputs are based on quoted prices and market observable data of similar instruments.

w. Warrants to purchase preferred shares:

The Company accounted for freestanding warrants to purchase its preferred shares as a liability on its consolidated balance sheet at fair value. The warrants to purchase preferred shares were recorded as a liability as the underlying preferred shares were contingently redeemable (upon a deemed liquidation event) and, therefore, could have obligated the Company to transfer assets in the future. The warrants were subject to re-measurement to fair value at each balance sheet date and any change in fair value was recognized as a component of financial expense, net, on the consolidated statements of comprehensive income. During the year ended December 31, 2014, the Company recorded financial expenses from change in the warrants' fair value of $4,309.

Upon the IPO, the warrants were exercised to Series B3 preferred shares which were later converted into ordinary shares. The Company re-measured the warrants as of the conversion date using the intrinsic value based on the IPO price.

Legal contingencies:

The Company is not currently a party, as plaintiff or defendant, to any legal proceedings that, individually or in the aggregate are expected by the Company to have a material effect on its consolidated financial statements. The Company reviews the status of each matter and assesses its potential financial exposure. If the potential loss from any claim or legal proceeding is considered probable and the amount can be reasonably estimated, the Company accrues a liability for the estimated loss. These accruals are reviewed at least quarterly and adjusted to reflect the impact of negotiations, settlements, rulings, advice of legal counsel and other information and events pertaining to a particular matter.

F - 23

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

The impact of recently issued accounting standards still not effective for the Company as of December 31, 2016 is as follows:

In May 2014, the Financial Accounting Standards Board (“FASB”) issued Accounting Standards Update (“ASU”) 2014-09, Revenue Recognition – Revenue from Contracts with Customers (Topic 606), which will replace substantially all current revenue recognition guidance once it becomes effective. In August 2015, the FASB issued ASU 2015-14, Revenue from Contracts with Customers: Deferral of the Effective Date, which deferred the effective date of the new revenue standard for periods beginning after December 15, 2016 to December 15, 2017, with early adoption permitted but not earlier than the original effective date. The Company does not currently intend to adopt the provisions of the new standard early. The FASB issued subsequent amendments to the initial guidance in March 2016, April 2016, May 2016 and December 2016 within ASU 2016-08, 2016-10, 2016-12, 2016-20, respectively. The new standard provides accounting guidance for all revenue arising from contracts with customers and affects all entities that enter into contracts to provide goods or services to their customers unless the contracts are in the scope of other standards. The new standard is less prescriptive and may require software entities to use more judgment and estimates in the revenue recognition process than are required under existing revenue guidance.

The new standard allows the option of modified retrospective adoption with certain reliefs according to which the new standard will be applied to existing contracts from the initial period of adoption and thereafter with no restatement of comparative data. Under this option, the Company will recognize the cumulative effect of the initial adoption of the new standard as an adjustment to the opening balance of retained earnings (or another component of equity, as applicable) as of the date of initial application. Alternatively, the new standard permits full retrospective adoption with certain reliefs. The Company expects to adopt the standard under the modified retrospective method. However, the Company is continuing to evaluate the impact of the standard, and its adoption method is subject to change. The Company is in the process of analyzing its contracts to quantify the impact that the adoption of the standard will have on revenue. The Company is also continuing to evaluate the impact of the standard on its costs related to obtaining customer contracts (mainly sales commissions).

In February 2016, the FASB issued ASU 2016-02. ASU 2016-02 changes the current lease accounting standard by requiring the recognition of lease assets and lease liabilities for all leases, including those currently classified as operating leases. This new guidance is to be applied under a modified retrospective application to the earliest reporting period presented for reporting periods beginning after December 15, 2018. Early adoption is permitted. The Company is currently evaluating the potential impact of this new guidance on its financial statements.

F - 24

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

In March 2016, the FASB issued ASU 2016-09 Compensation-Stock Compensation (Topic 718): Improvements to Employee Share-Based Payment Accounting. This standard simplifies various aspects related to how share-based payments are accounted for and presented in the financial statements, including income taxes, forfeitures and statutory tax withholding requirements. The guidance is effective for the Company beginning in the first quarter of 2017. The Company adopted the updated standard in the first quarter of fiscal year 2017. As a result, the Company's deferred taxes and retained earnings increased by approximately $12,200.

In June 2016, the FASB Issued ASU 2016-13, Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. The new standard requires financial assets measured at amortized cost be presented at the net amount expected to be collected, through an allowance for credit losses that is deducted from the amortized cost basis. The standard will be effective for the Company beginning January 1, 2020, with early application permitted. The Company is evaluating the impact of adopting this new accounting guidance on its consolidated financial statements.

In August 2016, the FASB issued ASU 2016-15, Statement of Cash Flows (Topic 230): Classification of Certain Cash Receipts and Cash Payments. The new standard will address eight specific cash flow issues with the objective of reducing the existing diversity in practice in how certain transactions are presented and classified in the statement of cash flows. The standard will be effective for the Company beginning January 1, 2018, with early application permitted. The standard will require adoption on a retrospective basis unless it is impracticable to apply, in which case the Company would be required to apply the amendments prospectively as of the earliest date practicable. The Company is evaluating the impact of adopting this new accounting guidance on its consolidated financial statements.

In October 2016, the FASB issued ASU 2016-16, Income Taxes (Topic 740); Intra-Entity Transfers of Assets Other than Inventory. This guidance was issued to improve the accounting for income tax consequences of intra-entity transfers of assets other than inventory. Under the amendment an entity should recognize the income tax consequences of an intra-entity transfer of an asset other than inventory when the transfer occurs. The update is effective for annual periods beginning after December 15, 2017, and interim periods thereafter. Early adoption is permitted. The Company is currently evaluating the impact of this ASU on its consolidated financial statements.

In January 2017, FASB issued ASU 2017-01, Business Combinations (Topic 805) Clarifying the Definition of Business. ASU 2017-01 clarifies the definition of a business with the objective of adding guidance to assist entities with evaluating whether transactions should be accounted for as acquisitions (or disposals) of assets or businesses. The update to the standard is effective for interim and annual periods beginning after December 15, 2017, and applied prospectively. The Company is currently evaluating the impact of the adoption of ASU 2017-01 on its consolidated financial statements.

F - 25

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 2: SIGNIFICANT ACCOUNTING POLICIES (Cont.)

In January 2017, the FASB issued ASU 2017-04, simplifying the Test for Goodwill Impairment (Topic 350). This standard eliminates Step 2 from the goodwill impairment test, instead requiring an entity to recognize a goodwill impairment charge for the amount by which the goodwill carrying amount exceeds the reporting unit's fair value. This guidance is effective for interim and annual goodwill impairment tests in fiscal years beginning after December 15, 2019 with early adoption permitted. This guidance must be applied on a prospective basis. The Company is currently evaluating the potential effect of the guidance on its consolidated financial statements.

NOTE 3:

MARKETABLE SECURITIES

The following table summarizes the amortized cost, unrealized gains and losses, and fair value of available-for-sale marketable securities as of December 31, 2016:

	December 31, 2016
	Amortized cost		Gross unrealized losses *)			Fair value

Corporate debentures	$	32,734	$	(154	)	$	32,580
U.S. Agencies debentures		2,457		(14	)		2,443
Government treasuries		666		-			666

Total	$	35,857	$	(168	)	$	35,689

*) Less than one year

The following table summarizes the amortized cost and fair value of available-for-sale marketable securities as of ended December 31, 2016, by contractual years-to maturity:

	December 31, 2016
	Amortized cost		Fair value

Due within one year	$	15,269	$	15,246
Due between one and four years		20,588		20,443

	$	35,857	$	35,689

F - 26

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 4: PREPAID EXPENSES AND OTHER CURRENT ASSETS

	December 31,
	2015		2016

Prepaid expenses	$	2,154	$	3,169
Hedging transaction assets		155		379
Government authorities		694		947
Other current assets		290		309

	$	3,293	$	4,804

NOTE 5: PROPERTY AND EQUIPMENT, NET

The composition of property and equipment is as follows:

	December 31,
	2015		2016

Cost:
Computers and related equipment	$	3,712	$	5,792
Leasehold improvements		1,092		1,621
Office furniture and equipment		1,095		1,353

		5,899		8,766

Less - accumulated depreciation		2,315		4,006

Depreciated cost	$	3,584	$	4,760

Depreciation expense amounted to $746, $1,129 and $1,965 for the years ended December 31, 2014, 2015 and 2016, respectively.

F - 27

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 6: INTANGIBLE ASSETS, NET

The composition of intangible assets is as follows:

	December 31,
	2015		2016

Original amount:

Technology	$	14,073	$	14,073
Customer relationships		5,120		5,120
Other		490		490

		19,683		19,683

Accumulated amortization:

Technology		1,053		4,211
Customer relationships		2		1,137
Other		70		300

		1,125		5,648

Intangible assets, net	$	18,558	$	14,035

Amortization expense amounted to $1,125 and $4,523 for the years ended December 31, 2015 and 2016, respectively.

The estimated future amortization expense of intangible assets as of December 31, 2016 is as follows:

2017	$	4,355
2018		4,064
2019		3,083
2020		1,408
2021		326
Thereafter		799

	$	14,035

F - 28

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 7: ACCRUED EXPENSES AND OTHER CURRENT LIABILITIES

	December 31,
	2015		2016

Government authorities	$	7,131	$	3,722
Accrued expenses		1,730		2,602
Unrecognized tax benefits		362		474
Hedging transaction liabilities		143		78

	$	9,366	$	6,876

NOTE 8:

COMMITMENTS AND CONTINGENT LIABILITIES

Lease commitments:

The Company leases its facilities under various operating lease agreements, which expire through 2022. In addition, the Company leases certain motor vehicles under certain car operating lease agreements which expire through 2019. The minimum lease payments under operating leases as of December 31, 2016 are as follows:

	Lease of premises		Lease of motor vehicles

2017	$	3,940	$	268
2018		3,920		193
2019		4,042		105
2020		4,050		-
2021		4,057
Thereafter		2,632		-

	$	22,641	$	566

Total lease expense for the years ended December 31, 2014, 2015 and 2016 was $2,309, $2,653 and $3,649, respectively.

Total motor vehicle lease expense for the years ended December 31, 2014, 2015 and 2016 was $369, $435 and $511, respectively.

Pledges and bank guarantees:

The Company pledged a bank deposit of $1,236 mainly in respect of an office lease agreement and hedging transactions. This balance is presented as part of short-term bank deposits and other long-term assets.

The Company obtained bank guarantees of $1,045, primarily in connection with an office lease agreement.

F - 29

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 9:

FAIR VALUE MEASUREMENTS

The following tables present the fair value of money market funds and marketable securities for the year ended December 31, 2016:

	December 31, 2016
	Level 1		Level 2		Total
Cash equivalents:
Money market funds	$	1,906	$	-	$	1,906

Marketable securities:
Corporate debentures		-		32,580		32,580
U.S. Agencies debentures		-		2,443		2,443
Government treasuries		-		666		666

Total assets measured at fair value	$	1,906	$	35,689	$	37,595

NOTE 10: SHAREHOLDERS' EQUITY

Composition of share capital of the Company:

December 31, 2015

December 31, 2016

Authorized

Issued and

outstanding

Authorized

Issued and

outstanding

Number of shares

Ordinary shares of NIS 0.01 par value each

250,000,000

33,289,839

250,000,000

34,250,590

Ordinary shares:

The ordinary shares of the Company confer upon the holders the right to receive notices of and to participate and vote in general meetings of the Company, rights to receive dividends and rights to participate in distribution of assets upon liquidation after all the preferred shares received their preference amount in full.

Share-based compensation:

Under the Company's 2001 equity incentive plan, as amended March 5, 2003, and its 2011 and 2014 equity incentive plans (collectively, the “Plans”), options and restricted share units (“RSUs”) may be granted to employees, officers, non-employee consultants and directors of the Company.

Under the Plans, as of December 31, 2016, an aggregate of 725,620 shares were still available for future grant. Each option granted under the Plans expires no later than ten years from the date of grant. The vesting period of the options is generally four years, unless the Board of Directors or the Board's Compensation Committee determines otherwise. Any option which is forfeited or cancelled before expiration becomes available for future grants.

F - 30

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 10:

SHAREHOLDERS' EQUITY (Cont.)

The total share-based compensation expense related to all of the Company's equity-based awards, recognized for the years ended December 31, 2014, 2015 and 2016 is comprised as follows:

	Year ended December 31,
	2014		2015		2016

Cost of revenues	$	137	$	499	$	1,386
Research and development		172		1,507		4,660
Sales and marketing		347		2,214		5,765
General and administrative		917		2,829		5,724

Total share-based compensation expense	$	1,573	$	7,049	$	17,535

The total unrecognized compensation cost amounted to $46,059 as of December 31, 2016, and is expected to be recognized over a weighted average period of 2.59 years.

In March 2015, 15,000 warrants to purchase ordinary shares with an exercise price of $2.21 which were donated to “Tmura”, a non-profit organization, were exercised.

Options granted to employees:

A summary of the activity in options granted to employees for the year ended December 31, 2016 is as follows:

	Amount of options			Weighted average exercise price		Weighted average remaining contractual term (in years)		Aggregate intrinsic value

Balance as of December 31, 2015		3,358,875		$	14.27		6.54	$	111,093

Granted		569,300		$	43.39
Exercised		(837,835	)	$	2.99
Forfeited		(51,983	)	$	28.91

Balance as of December 31, 2016		3,038,357		$	22.58		6.70	$	77,346

Exercisable as of December 31, 2016		1,924,816		$	11.00		5.52	$	69,420

Vested and expected to vest as of December 31, 2016		3,005,577		$	22.36		6.68	$	77,144

F - 31

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 10:

SHAREHOLDERS' EQUITY (Cont.)

The computation of expected volatility is based on actual historical share price volatility of comparable companies. The expected option term represents the period of time that options granted are expected to be outstanding. For stock-option awards which were at the money when granted (plain vanilla stock-options), it is determined based on the simplified method in accordance with SAB No. 110, as adequate historical experience is not available to provide a reasonable estimate. The simplified method will continue to apply until enough historical experience is available to provide a reasonable estimate of the expected term. The Company has historically not paid dividends and has no foreseeable plans to pay dividends and, therefore, uses an expected dividend yield of zero in the option pricing model. The risk-free interest rate is based on the yield of U.S. treasury bonds with equivalent terms.

The following table set forth the parameters used in computation of the options compensation to employees for the years ended December 31, 2014, 2015 and 2016:

	Year ended December 31,
	2014			2015			2016

Expected volatility		45	%		45	%		45	%
Expected dividends		0			0			0
Expected term (in years)		5.81-6.11			5.78-6.12			5.25-6.10
Risk free rate		1.55%-2.02	%		1.37%-1.68	%		1.30%- 1.70	%

A summary of options data for the years ended December 31, 2014, 2015 and 2016, is as follows:

	Year ended December 31,
	2014		2015		2016

Weighted-average grant date fair value of options granted	$	6.95	$	24.56	$	19.16
Total intrinsic value of the options exercised	$	9,943	$	110,191	$	37,618

The aggregate intrinsic value is calculated as the difference between the per-share exercise price and the deemed fair value of an ordinary share for each share subject to an option multiplied by the number of shares subject to options at the date of exercise. The fair value of the Company's ordinary shares was $45.50 per share as of December 31, 2016.

F - 32

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 10:

SHAREHOLDERS' EQUITY (Cont.)

The following tables summarize information about the Company's outstanding and exercisable options granted to employees as of December 31, 2016:

Exercise price	Options outstanding as of December 31, 2016		Weighted average remaining contractual term		Options exercisable as of December 31, 2016		Weighted average remaining contractual term
			(years)				(years)
$0.20 – 2.21		1,297,621		4.36		1,284,815		4.34
$6.47 – 14.00		495,676		7.24		343,650		7.24
$37.44 – 44.37		264,180		9.08		14,886		8.31
$45.58 – 51.86		517,244		9.23		90,832		9.01
$55.30 – 64.93		463,636		8.50		190,633		8.49

		3,038,357		6.70		1,924,816		5.52

A summary of RSU activity for the year ended December 31, 2016, is as follows:

	Amount of RSU's			Weighted average grant date fair value

Unvested as of December 31, 2015		396,910		$	53.44

Granted		487,600		$	44.96
Vested		(122,916	)	$	52.59
Forfeited		(31,889	)	$	48.43

Unvested as of December 31, 2016		729,705		$	48.14

The total fair value of RSU’s vested (based on fair value of the Company's ordinary shares at vesting date) during the years ended December 31, 2015 and 2016 was $998 and $5,981, respectively.

F - 33

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 11: INCOME TAXES

CyberArk Software Ltd.'s subsidiaries are separately taxed under the domestic tax laws of the jurisdiction of incorporation of each entity.

a. Corporate tax in Israel:

Taxable income of the Company is subject to a corporate tax rate as follows: 2014 and 2015– 26.5% and 2016 – 25%.

On January 5, 2016, the Israeli Parliament officially published the Law for the Amendment of the Israeli Tax Ordinance (Amendment 216), that reduced the corporate tax rate from 26.5% to 25%.

In December 2016, the Israeli Parliament approved the Economic Efficiency Law (Legislative Amendments for Applying the Economic Policy for the 2017 and 2018 Budget Years), which reduces the corporate income tax rate to 24% effective from January 1, 2017 and to 23% effective from January 1, 2018.

Income before taxes on income is comprised as follows:

	Year ended December 31,
	2014		2015		2016

Domestic	$	13,194	$	28,285	$	32,077
Foreign		1,272		3,458		4,124

	$	14,466	$	31,743	$	36,201

F - 34

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 11: INCOME TAXES (Cont.)

Deferred income taxes:

Deferred taxes reflect the net tax effect of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts recorded for tax purposes. Significant components of the Company's deferred tax assets and liabilities are as follows:

	December 31,
	2015		2016
Deferred tax assets:

Net operating loss carry-forwards	$	5,584	$	1,956
Capital losses carry-forwards		52		50
Research and development expenses		2,945		4,119
Deferred revenues		3,760		4,222
Issuance expenses		790		124
Share-based compensation		549		2,979
Accruals and other		1,590		1,612

Deferred tax assets before valuation allowance		15,270		15,062

Valuation allowance		52		50

Deferred tax asset	$	15,218	$	15,012

Deferred tax liabilities:

Intangible assets	$	5,761	$	3,961
Property and equipment depreciation and other		213		662

Deferred tax liabilities	$	5,974	$	4,623

Income taxes are comprised as follows:

	Year ended December 31,
	2014		2015			2016

Current	$	4,467	$	10,042		$	9,207
Deferred		45		(4,093	)		(1,130	)

	$	4,512	$	5,949		$	8,077

	Year ended December 31,
	2014		2015		2016

Domestic	$	2,485	$	5,208	$	4,906
Foreign		2,027		741		3,171

	$	4,512	$	5,949	$	8,077

F - 35

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 11: INCOME TAXES (Cont.)

A reconciliation of the Company's theoretical income tax expense to actual income tax expense is as follows:

	Year ended December 31,
	2014			2015			2016

Income before income taxes	$	14,466		$	31,743		$	36,201

Statutory tax rate		26.5	%		26.5	%		25.0	%

Theoretical income tax expense		3,833			8,412			9,050

Utilization of tax losses and deferred taxes for which valuation allowance was provided, net		(143	)		(771	)		(72	)
Deferred taxes on losses for which valuation allowance was provided, net		834			(1,713	)		-
Non-deductible expenses		1,165			2,295			2,569
Unrecognized tax expense		19			8			81
Foreign and preferred enterprise tax rates differential		(838	)		(2,303	)		(3,468	)
Other		(358	)		21			(83	)

Income tax expense	$	4,512		$	5,949		$	8,077

Net operating loss carry-forwards:

As of December 31, 2016, the Company had net operating and capital tax losses totaling approximately $36,227 and $219, respectively, out of which approximately $2,727 and $219 of losses, respectively, were attributed to Israel and can be carried forward indefinitely and $33,500 (including $30,041 of excess tax benefits related to share based compensation) and none, respectively, were attributed to the U.S. subsidiary and can be carried forward for up to 20 years. Utilization of some of U.S. net operating losses are subject to annual limitation due to the “change in ownership” provisions of the Internal Revenue Code of 1986 and similar state provisions. The annual limitation may result in the expiration of net operating losses before utilization.

Tax benefits under the Law for the Encouragement of Capital Investments, 1959:

The Company has been granted “Approved Enterprise” Status, under the above Law. The Company has elected the alternative benefits program, waiver of grants in return for tax exemptions. Pursuant thereto, the income of the Company derived from the “Approved Enterprise” program is tax-exempt for two years and will enjoy a reduced tax rate of 10%-25% for up to a total of eight years (subject to an adjustment based upon the foreign investors' ownership of the Company).

The period of tax benefits detailed above is subject to limits of 12 years from the year of commencement of production, or 14 years from granting of approval, whichever is earlier.

F - 36

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 11: INCOME TAXES (Cont.)

The tax-exempt income attributable to the “Approved Enterprise” can be distributed to shareholders, without subjecting the Company to taxes, only upon the complete liquidation of the Company. If these retained tax-exempt profits are distributed, they would be taxed at the corporate tax rate applicable to such profits as if the Company had not elected the alternative tax benefits program (currently between 10% to 25% for an “Approved Enterprise”).

Entitlement to the above benefits is conditional upon the Company fulfilling the conditions stipulated by the above law, regulations published thereunder and the letters of approval for the specific investments in “approved enterprises”. In the event of failure to comply with these conditions, the benefits may be canceled and the Company may be required to refund the amount of the benefits, in whole or in part, including interest and CPI linkage.

Income not eligible for “approved enterprise” benefits mentioned above is taxed at the regular rate.

On April 1, 2005, an amendment to the Investment Law came into effect (“the Amendment”) and significantly changed the provisions of the Investment Law.

However, the Investment Law provides that terms and benefits included in any letter of approval already granted will remain subject to the provisions of the law as they were on the date of such approval. Therefore, the Company's existing Approved Enterprise will generally not be subject to the provisions of the Amendment.

Such an enterprise is a “Beneficiary Enterprise”, rather than the previous terminology of Approved Enterprise. The period of tax benefits for a new Beneficiary Enterprise commences in the “Year of Commencement”. This year is the later of: (1) the year in which taxable income is first generated by the company, or (2) the Year of Election.

The Company has elected the status of a Beneficiary Enterprise for the years ended in 2006 and 2008.

As of December 31, 2016, approximately $13,077 was derived from tax exempt profits earned by the Company's “Approved Enterprises” and “Beneficiary Enterprise”. The Company and its Board of Directors have determined that such tax-exempt income will not be distributed as dividends and intends to reinvest the amount of its tax exempt income earned by the Company. Accordingly, no provision for deferred income taxes has been provided on income attributable to the Company's “Approved Enterprises” and “Beneficiary Enterprise” as such income is essentially permanently reinvested.

If the Company's retained tax-exempt income is distributed, the income would be taxed at the applicable corporate tax rate as if it had not elected the alternative tax benefits under the Investment Law and an income tax liability of up to $3,211 would be incurred as of December 31, 2016.

F - 37

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 11: INCOME TAXES (Cont.)

On December 29, 2010, the Knesset approved an additional amendment to the Law for the Encouragement of Capital Investments, 1959. According to the amendment, a reduced uniform corporate tax rate for exporting industrial enterprises (over 25%) was established. The reduced tax rate will not be program dependent and will apply to the "Preferred Enterprise's" (as such term is defined in the Investment Law) entire income. Pursuant to the amendment, a "Preferred Enterprise" is entitled to a reduced corporate tax rate of 15% in 2011 and 2012, unless the Preferred Enterprise is located in a specified development zone, in which case the rate will be 10%. Such corporate tax rate was reduced from 15% and 10%, respectively, to 12.5% and 7%, respectively in 2013, and then increased to 16% and 9%, respectively, in 2014 until 2016.

On March 2013, the Company notified the Israeli Tax Authorities that it had transferred from Beneficiary Enterprise status to Preferred Enterprise status.

Amendment to the Law for the Encouragement of Capital Investments, 1959 (Amendment 73):

In December 2016, the Economic Efficiency Law (Legislative Amendments for Applying the Economic Policy for the 2017 and 2018 Budget Years), 2016 which includes Amendment 73 to the Law for the Encouragement of Capital Investments (“the Amendment”) was published. According to the Amendment, a preferred enterprise located in development area A will be subject to a tax rate of 7.5% instead of 9% effective from January 1, 2017 and thereafter (the tax rate applicable to preferred enterprises located in other areas remains at 16%).

The Amendment also prescribes special tax tracks for technological enterprises, which are subject to rules that are to be issued by the Minister of Finance by March 31, 2017.

The new tax track under the Amendment is relevant to the Company as follows:

Technological preferred enterprise is defined as an enterprise for which total consolidated revenues of its parent company and all subsidiaries are less than NIS 10 billion. A technological preferred enterprise, as defined in the Amendment, which is located in the center of Israel will be subject to tax at a rate of 12% on profits deriving from intellectual property (in development area A - a tax rate of 7.5%).

Any dividends distributed to “foreign companies”, as defined in the Amendment, deriving from income from the technological enterprises will be subject to tax at a rate of 4%.

Since as of December 31, 2016 definitive criteria to determine the tax benefits had not yet been established, it cannot be concluded that the legislation in respect of technological enterprises had been enacted or substantively enacted as of that date. Accordingly, the above changes in the tax rates relating to technological enterprises were not taken into account in the computation of deferred taxes as of December 31, 2016.

F - 38

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 11: INCOME TAXES (Cont.)

h. Tax benefits under the Law for the Encouragement of Industry (Taxation), 1969:

Management believes that the Company currently qualifies as an “industrial company” under the above law and as such, is entitled to certain tax benefits including accelerated depreciation, deduction of public offering expenses in three equal annual installments and amortization of other intangible property rights for tax purposes.

Tax assessments:

CyberArk Software Ltd. tax years until December 31, 2012 are subject to statutes of limitation as of December 31, 2016. The U.K. subsidiary's tax years until December 31, 2012 are subject to statutes of limitation as of December 31, 2016. The U.S. subsidiary's tax years ended from December 31, 2002, 2004, 2005, 2006, 2008, 2011 and 2013 through 2016 are still open, as the statutes of limitation have not yet expired.

Uncertain tax benefits:

A reconciliation of the opening and closing amounts of total unrecognized tax benefits is as follows:

	Year ended December 31,
	2015		2016

Opening balance	$	322	$	362
Increase related to prior year tax positions		4		53
Increase related to current year tax positions		36		59

Closing balance	$	362	$	474

F - 39

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 12: FINANCIAL INCOME (EXPENSES), NET

	Year ended December 31,
	2014			2015			2016

Bank charges	$	(63	)	$	(86	)	$	(144	)
Changes in fair value of warrants to purchase preferred shares		(4,309	)		-			-
Exchange rate loss, net		(1,817	)		(1,723	)		(969	)

Total expenses		(6,189	)		(1,809	)		(1,113	)

Interest income		201			330			1,358

Financial income (expenses), net	$	(5,988	)	$	(1,479	)	$	245

NOTE 13: BASIC AND DILUTED NET INCOME PER SHARE

	Year ended December 31,
	2014			2015		2016

Numerator:
Net income	$	9,954		$	25,794	$	28,124
Dividends accumulated for the period		(3,815	)		-		-

Net income available to shareholders of ordinary shares	$	6,139		$	25,794	$	28,124

Denominator:
Shares used in computing net income per ordinary shares, basic		13,335,059			32,124,772		33,741,359

	Year ended December 31,
	2014		2015		2016

Numerator:

Net income available to shareholders of ordinary shares	$	9,954	$	25,794	$	28,124

Denominator:
Shares used in computing net income per ordinary shares, diluted		29,704,730		35,322,716		35,838,863

F - 40

CYBERARK SOFTWARE LTD.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

U.S. dollars in thousands (except share and per share data)

NOTE 14: SEGMENTS, CUSTOMERS AND GEOGRAPHIC INFORMATION

The Company applies ASC Topic 280, “Segment Reporting” (“ASC No. 280”). The Company operates in one reportable segment.

The following tables present total revenues for the years ended December 31, 2014, 2015 and 2016 and long-lived assets as of December 31, 2015 and 2016:

Revenues:

	Year ended December 31,
	2014		2015		2016

United States	$	60,761	$	92,034	$	125,749
Israel		4,234		5,203		6,818
United Kingdom		12,220		16,746		21,699
EMEA *)		16,744		28,695		39,577
Other		9,040		18,134		22,770

	$	102,999	$	160,812	$	216,613

For the years ended December 31, 2014 and 2015, no single customer contributed more than 10% to the Company's total revenues. For the year ended December 31, 2016, 12.1% of the Company's total revenues was derived from one channel partner.

Long-lived assets:

	December 31,
	2015		2016

United States	$	929	$	1,421
Israel		2,418		3,014
United Kingdom		155		90
EMEA *)		22		24
Other		60		211

	$	3,584	$	4,760

*) Europe, the Middle East and Africa, excluding United Kingdom and Israel

F - 41

SIGNATURES

The registrant hereby certifies that it meets all of the requirements for filing on Form 20-F and that it has duly caused and authorized the undersigned to sign this annual report on its behalf.


	CyberArk Software Ltd.

Date: March 16, 2017	By:	/s/ Ehud Mokady
		Ehud Mokady
		Chairman of the Board & Chief Executive Officer

INDEX OF EXHIBITS

Exhibit No.		Description

1.1		Articles of Association of the Registrant (incorporated by reference to Exhibit 3.4 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

2.1		Specimen share certificate (incorporated by reference to Exhibit 4.1 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

2.2		Fourth Amended Investor Rights Agreement, dated July 10, 2014, by and among the Registrant and the other parties thereto (incorporated by reference to Exhibit 10.1 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.1		Form of Indemnification Agreement (incorporated by reference to Exhibit 10.2 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.2		Summary of Office Lease Agreement, dated May 30, 2004, between the Registrant and Azorei Melal Industries Ltd., as amended ∞

4.3		Office Lease Agreement, dated October 28, 2013, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 10.4 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.4		First Amendment of Lease, dated October 23, 2014, between Cyber-Ark Software, Inc. and Wells 60 Realty LLC (incorporated by reference to Exhibit 10.6 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-202329))

4.5		Summary of Office Lease Agreement, dated February 26, 2015, between the Registrant and Azorei Melal Industries Ltd., as amended ∞

4.6		2001 Stock Option Plan (incorporated by reference to Exhibit 10.5 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.7		Section 102 2001 Stock Option Plan (incorporated by reference to Exhibit 10.6 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.8		First Amendment to Section 102 2001 Stock Option Plan (incorporated by reference to Exhibit 10.7 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.9		2011 Share Incentive Plan (incorporated by reference to Exhibit 10.8 to the Registrant's Registration Statement on Form F-1, as amended (Registration No. 333-196991))

4.10		CyberArk Software Ltd. 2014 Share Incentive Plan, as amended (incorporated by reference to Exhibit 4.10 to the Registrant's Annual Report on Form 20-F for the year ended December 31, 2015)

4.11		CyberArk Executive Compensation Policy (incorporated by reference to Appendix A of Exhibit 99.1 to the Registrant's Report of Foreign Private Issuer on Form 6-K filed with the SEC on November 20, 2014)

8.1		List of subsidiaries of the Registrant

12.1		Certification of Principal Executive Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications)

12.2		Certification of Principal Financial Officer required by Rule 13a-14(a) and Rule 15d-14(a) (Section 302 Certifications)

13.1		Certification of Principal Executive Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith

13.2		Certification of Principal Financial Officer required by Rule 13a-14(b) and Rule 15d-14(b) (Section 906 Certifications), furnished herewith

15.1		Consent of Kost Forer Gabbay & Kasierer (a member of Ernst & Young Global)

101.INS		XBRL Document

101.SCH		XBRL Taxonomy Extension Schema Document

101.CAL		XBRL Taxonomy Extension Calculation Linkbase Document

101.DEF		XBRL Taxonomy Definition Linkbase Document

101.LAB		XBRL Taxonomy Extension Label Linkbase Document

101.PRE		XBRL Taxonomy Extension Presentation Linkbase Document

∞	English summary of original Hebrew document

100