Investor Relations Presentation

Cautionary Language concerning Forward Looking Statements This presentation contains forward-looking statements, which express the current beliefs and expectations of CyberArk's (the "Company") management. In some cases, forward-looking statements may be identified by terminology such as "believe," "may," "estimate," "continue," "anticipate," "intend," "should," "plan," "expect," "predict," "potential" or the negative of these terms or other similar expressions. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company's future results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes to the drivers of the Company's growth and its ability to adapt its solutions to IT security market demands; the transition of the Company's business to a subscription model that began in 2021 and its ability to complete its transition goals in the time frame expected; the Company's sales cycles and multiple pricing and delivery models; unanticipated product vulnerabilities or cybersecurity breaches of the Company's, or the Company's customers' or partners' systems; an increase in competition within the Privileged Access Management and Identity Security markets; the Company's ability to hire, train, retain and motivate qualified personnel; the Company's ability to sell into existing and new customers and industry verticals; risks related to compliance with privacy and data protection laws and regulations; the Company's history of incurring net losses and our ability to achieve profitability in the future; the duration and scope of the COVID- 19 pandemic and its impact on global and regional economies and the resulting effect on the demand for the Company's solutions and on its expected revenue growth rates and costs; the Company's ability to find, complete, fully integrate or achieve the expected benefits of additional strategic acquisitions; reliance on third-party cloud providers for the Company's operations and SaaS solutions; the Company's ability to expand its sales and marketing efforts and expand its channel partnerships across existing and new geographies; risks related to sales made to government entities; regulatory and geopolitical risks associated with global sales and operations (including the current conflict between Russia and Ukraine) and changes in regulatory requirements or fluctuations in currency exchange rates; the ability of the Company's products to help customers achieve and maintain compliance with government regulations or industry standards; risks related to intellectual property claims or the Company's ability to protect its proprietary technology and intellectual property rights; and other factors discussed under the heading "Risk Factors" in the Company's most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this presentation are made pursuant to the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise. cyberark.com 2

View entire presentation