#1#2CAUTIONARY LANGUAGE CONCERNING FORWARD-LOOKING STATEMENTS This presentation contains forward-looking statements, which express the current beliefs and expectations of CyberArk's (the "Company") management. In some cases, forward-looking statements may be identified by terminology such as "believe," "may," "estimate," "continue," "anticipate," "intend," "should," "plan," "expect," "predict," "potential" or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company's future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: the duration and scope of the COVID-19 pandemic and the impact of the pandemic and actions taken in response, on global and regional economies and economic activity, which may have a material impact on the demand for the Company's solutions and on its expected revenue growth rates and costs; the Company's ability to adjust its operations in response to any impacts from the COVID-19 pandemic; difficulties predicting future financial results, including due to impacts from the COVID-19 pandemic; the drivers of the Company's growth may change; the Company's ability to sell into existing and new industry verticals; the Company's sales cycles and multiple licensing models may cause results to fluctuate; the Company's ability to sell into existing customers; potential changes in the Company's operating and net profit margins and the Company's revenue growth rate; the Company's ability to successfully find, complete, fully integrate and achieve the expected benefits of future acquisitions, including the Company's ability to integrate and achieve the expected benefits of Idaptive; real or perceived shortcomings, defects or vulnerabilities in the Company's solutions or internal network system; the Company's ability to hire qualified personnel; the Company's ability to expand its channel partnerships across existing and new geographies; the Company's ability to further diversify its product deployments and licensing options; and other factors discussed under the heading "Risk Factors" in the Company's most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise. CYBERARK 2#3#4STRONG BUSINESS MOMENTUM 2019 $434M 2014 CYBERARK 33% CAGR $103M $ REVENUE $123M $142 M 6x $22M OPERATING INCOME 6x $23M $ OPERATING CASH FLOW 5.3K 24% CAGR 1.8K CUSTOMERS 4#5STRONG BUSINESS MOMENTUM Manufacturing 21 20 Ma 00 OF THE TOP CYBERARK g Insurance OF THE TOP 25 25 6,000+ Global Customers Telecom 20。 OF THE TOP 25 000 Banks 23 OF THE TOP 25 More than 50% of Fortune 500 18. 21 ✓ Pharma RREEL OF THE TOP 25 B Energy OF THE TOP 25 More than 35% of Global 2000#6PRIVILEGED CREDENTIALS IN THE NEWS = Forbes ||| Bloomberg Subscribe Cybersecurity Uber Hack Shows Vulnerability of Software Code- Sharing Services Impact and prevalence of cyberattacks that use stolen hashed administrator credentials The New York Times Attack Gave Chinese Hackers Privileged Access to U.S. Systems CYBERARK Grasping The Problem With Privileged Accounts USA TODAY OCBS NEWS "WannaCry" ransomware attack losses could reach $4 billion Privileged Account: The Master Keys Hackers Know Best One big reason cyber intruders can easily roam far and wide, once they crack inside a company network, is that many organizations pay scant heed to privileged.. Information Week DARKReading CNBC The Capital One breach is unlike any other major hack, with allegations of a single engineer wreaking havoc E FINANCIAL TIMES New Credential-Theft Attack Weaponizes DNS The recently discovered campaign sends stolen data out of the network as part of a DNS query. A new credential-theft attack campaign is using DNS to exfiltrate data. The Watch the Watchers: 'Trusted' Employees Can Do Damage Retail sector England's NHS hit by large scale cyber attack 8/30/2019 BizTech NIST Creates New Guidelines for Managing Privileged Accounts CSO THE WALL STREET JOURNAL Privileged Comes with Peril in World of Cybersecurity Security experts have been Malware Targets Vulnerable Admin warning enterprises for Accounts some time that the greatest security... DARK Reading cyberscoop Russian government hackers used office technology to try to breach privileged accounts Privileged Account Details Are Often Shared and Can Be a Weak Entry Point for Attackers SECURITY WEEK CAN BUSINESS Every single Yahoo account was hacked - 3 billion in all SC Privileged Account Details Are Often Shared and Can Be a Weak Entry Point for Attackers MONTREAL GAZETTE Desjardins: Rogue employee caused data breach for 2.9 million members Privileged Account at Root of Most Data Breaches info security If enterprises ever were given wake-up call, it should be this; stealing and exploiting privileged accounts is a critical success factor for attackers in 100% of all.... verizon Annual Data Breach Investigations Report The use of stolen credentials still leads the way from a hacking variety standpoint...#7ALL IDENTITIES CAN BE PRIVILEGED UNDER CERTAIN CONDITIONS *nix Server Hybrid Cloud loT App ServerDatabase. Office IT Ops Tools Network Devices WFH Code PRIVILEGE IS EVERYWHERE Admin 666 COFFER WORKPLACES salesforce DevOps Temporary Location t SaaS Office 365 zoom Apps / Robots IDENTITIES G Suite Code 3rd Party Vendors Mac Cloud Native Apps Workforce PC ✪ Google Cloud laas / PaaS Windows Azure Containers WORKSPACES VM's & Storage Mobile C- 106 Serverless Code#8#9SECULAR TRENDS ARE DRIVING ENTERPRISES' NEED FOR SECURITY 111111 MANAGING RISK Data Breach Network Takeover Loss of Critical Information Reputational Damage Complex, Hybrid Architecture Multiple and Decentralized Data Sources and Environments CLOUD MIGRATION Notes: 1. Verizon, 2019 Data Breach Investigations Report ● UL DE UL 17 Organized criminal groups were behind 39% of breaches (¹) 23% of attackers identified as nation-states or state-affiliated (1) HACKER INNOVATION THE 1 COMPLIANCE ● GDPR Sarbanes Oxley HIPAA PCI Proliferation of IT Assets and Devices Rise of DevOps DIGITAL TRANSFORMATION 10010100101001#10#11#12#13#14#15#16#17#18#19#20#21#22#23#24#25#26#27