Why CyberArk sold at the peak: Inside the $25 billion deal with Palo Alto Networks

“I applaud Wiz, but I wouldn’t trade places with them. We founded CyberArk in 1998, and we went through quite a few challenges, such as the subprime crisis in 2008. Along the way, it wasn’t clear that we would necessarily become a large public company. We had many junctures where we had to decide whether to sell or carry on. What happened is that our customers not only supported us but actually asked us over the years: ‘Please stay, don’t sell.’ That’s a big compliment and carries a lot of responsibility. I’m very happy for Wiz, but I wouldn’t trade places with them. People can party, go to the beach, but what happens the next day? It passes. As a public company, you can create value over time. Nothing is stopping us from reaching a $100 billion market cap. In an excellent interview with Nir Zuk on Calcalist, he said Palo Alto went public at $2 billion and is now worth $100 billion. We’re happy to be at the beginning of that journey of building long‑term value.”

Udi Mokady (left) and Nir Zuk.

This quote belongs to Udi Mokady, the executive chairman and one of the two founders of CyberArk, which was sold on Wednesday to Nir Zuk’s Palo Alto Networks in a stock-and-cash deal that values the Israeli cybersecurity company at an impressive $25 billion. Ironically, Mokady made these remarks just four months ago at Calcalist’s Mind The Tech conference in New York, during an interview with the author of this article. And despite the apparent contradiction between his firm statement and the eventual decision to sell, it’s hard not to be impressed by the achievement, not just of CyberArk, but of the entire Israeli cyber industry.

Amid an ongoing war and a period of unprecedented damage to Israel’s international image, the second-largest deal in global cybersecurity, and in tech more broadly, after Google’s $32 billion acquisition of Wiz, is emerging from Israel. Remarkably, there are Israeli founders on both sides of the deal: Palo Alto Networks was founded in 2005 by Nir Zuk, who serves as its chief technology officer. On the other side is Mokady, who co-founded CyberArk in 1998 with Alon Cohen, who has since left the company. Both companies conduct most of their development activity in Israel, and each employs around 1,000 people in the country.

Apparently, there are offers that are difficult, or even impossible, to refuse, as happened with Wiz, which initially rejected Google’s $23 billion offer, only to “give in” a few months later. CyberArk’s decision to sell is also momentous and requires Palo Alto Networks to take a step it has never taken before: acquiring a public company rather than a startup, in a deal that includes a significant stock component.

Until now, Palo Alto, despite acquiring more than ten companies, has been careful not to pay more than $1 billion for any single transaction, and has consistently integrated its acquisitions quickly into its well-oiled sales network. Its Israeli acquisitions alone have totaled more than $3 billion. The CyberArk deal, however, will be fundamentally different.

The sale to Palo Alto reflects a 26% premium over CyberArk’s average trading price in recent months, an already historically high valuation. On the eve of the deal rumors, CyberArk’s stock jumped 13%, bringing its market value close to $22 billion. It dipped slightly at the opening of trading the following day. Palo Alto will pay about 10% of the consideration in cash, $45 per CyberArk share, with the rest in stock. The transaction is expected to close within a year, pending regulatory approval. Once completed, Palo Alto, already the world’s largest cybersecurity company by both revenue (over $9 billion annually) and market capitalization (around $130 billion), will grow even larger.

Despite the similar deal size, CyberArk’s exit story is very different from that of Wiz. Founded in 1998, CyberArk went public in 2014 at a valuation of just $500 million. Its growth was not meteoric but incremental, marked by several crises. Only in the past five years, after a strategic shift led by Udi Mokady to transition from a licensing model to SaaS (software as a service), did the company experience a significant surge. Its share price has since quadrupled, reaching a $20 billion valuation earlier this year.

In 2023, Mokady also led the acquisition of U.S.-based Venafi for $1.5 billion, one of the largest-ever Israeli outbound M&A deals. And in 2024, CyberArk crossed the $1 billion revenue threshold for the first time, a milestone that Wiz, by contrast, is expected to reach this year, just five years after its founding.

Because of CyberArk's age, older, in fact, than Palo Alto itself, it no longer has significant Israeli shareholders. Therefore, even though CyberArk is registered in Israel (unlike Wiz), the state is not expected to receive substantial tax revenue from the sale. The only anticipated proceeds will come from the exercise of stock options by roughly 1,000 of the company’s 4,000 employees based in Israel, and from Israeli pension funds that hold a small stake, primarily Clal, which owns shares worth about 600 million shekels.

Today, CyberArk's largest shareholders are major American institutional investors, led by BlackRock (with just over 7% of the shares), along with Fidelity, Wellington, and the Thoma Bravo investment fund, which previously sold Venafi to CyberArk.

Udi Mokady does not currently hold shares but has an options package worth $8.6 million, part of a total compensation package of about $10 million. Matt Cohen, CyberArk’s CEO since early 2023, also has a capital compensation package valued at $10.5 million.

Palo Alto Networks and CyberArk.

The person who could have benefited most from the sale is Erel Margalit, founder of the JVP venture capital fund and a former Labor Party Knesset member. Margalit was CyberArk’s first and largest investor. On the eve of the company’s IPO ten years ago, he held nearly half the shares, but he gradually sold his stake and no longer owns any part of the company.

What dampened yesterday’s celebration of the massive deal was the simultaneous decline in both companies’ stock prices. Typically, in deals that involve payment in shares, the buyer’s stock may fall due to dilution, while the acquired company’s shares surge. However, yesterday, Palo Alto's stock dropped sharply by 6%, while CyberArk’s remained unchanged, keeping its valuation at almost $22 billion.

This reaction was not due to concerns over regulatory hurdles, as the companies do not have overlapping operations, though they may share some customers. Rather, from the perspective of Palo Alto’s investors, the concern centers on both dilution and the high price paid for CyberArk, which is trading at a higher revenue multiple. While Palo Alto is growing at an annual rate of 15%, CyberArk is expanding at 30%. Palo Alto currently trades at a revenue multiple of about 12, while the deal reflects a multiple of 17 for CyberArk, considered relatively high.

Additionally, investors are uneasy because this is a highly uncharacteristic move for Palo Alto, and it may prove to be too large a bet. Until now, Palo Alto has mastered the art of acquiring startup companies with existing products but limited sales. In contrast, CyberArk is a fully mature company with 4,000 employees, proprietary systems, thousands of customers, and a distinct organizational culture, making integration according to Palo Alto’s usual model much more complex.

CyberArk is expected to end the year with $1.3 billion in revenue and approximately $300 million in operating cash flow. Still, for Palo Alto to maintain its leadership in the cybersecurity industry and boost its growth rate, a different kind of move was needed. CyberArk is expected to deliver on that need immediately after the deal’s completion, exposing the acquirer to a $29 billion identity security market, while accelerating growth and contributing to both cash flow and profitability.

Although Palo Alto has positioned itself in recent years as a “supermarket” of cybersecurity solutions, acquiring numerous startups, many of them Israeli, it has had no presence in CyberArk’s domain. CyberArk, by contrast, has built a comprehensive platform for identity and access management within organizations.

In that sense, CyberArk is the last missing piece in Palo Alto’s cybersecurity puzzle.

In the past, Zuk insisted that identity management was the only field that did not interest him. But Nikesh Arora, CEO of Palo Alto, said yesterday that he now sees the field at an “inflection point.” According to him, every time Palo Alto identified a category reaching this stage, the company made a major acquisition.

Arora explained that unlike other segments of cybersecurity, where innovation is typically driven by startups, identity management is dominated by established players. “Identity management systems within an organization are very ‘sticky,’ and we hear from customers that they’re afraid to replace existing solutions because these systems are connected to so many others throughout the organization,” he said in a call with investors. “That’s why this will be a journey for the incumbents, not necessarily an opportunity for new players.”

The field of Privileged Access Management (PAM) has long been viewed as niche and somewhat obscure, often not even considered a core part of cybersecurity. However, in recent years, most successful cyberattacks, and the vast majority of ransomware attacks, have exploited weaknesses in access controls within organizations. One of the most familiar attack vectors is phishing emails, which are statistically more likely to be opened by senior employees whose computers have elevated access to internal systems.

In fact, 88% of ransomware attacks result from gaps in identity and permission management, and 70% of organizations admit that identity-related issues are the root cause of most security breaches.

All of this predates the explosion of artificial intelligence, particularly the emergence of “AI agents,” which are still in their infancy but are expected to significantly complicate identity management.

For example, it used to be relatively easy to spot phishing attempts via email. Now, AI agents can craft messages using highly convincing language, making such threats harder to detect. As AI agents continue to evolve, organizations will need to distinguish between human users and machines, shifting the focus of security toward machine identity management.

It seems that Arora came to the sudden realization that Palo Alto lacked a meaningful offering in this high-growth segment, and was compelled to act. “The rise of AI agents creates an urgent need for action,” he said.

Palo Alto’s rationale for the acquisition is clear. The lingering question is why CyberArk agreed to sell at what appeared to be the height of its momentum. Beyond a booming identity security market and CyberArk’s rapid growth, its main competitor, Okta (OKTA), long seen as the stronger player, has weakened.

Okta itself suffered cyberattacks, which shook customer confidence and dragged its market value down to $17 billion. While Okta still generates significantly more revenue than CyberArk and is projected to end the year with $2.6 billion in sales, its growth rate is notably slower than that of the Israeli company.

The assumption is that the identity market will increasingly consolidate around existing players. The third-largest in the field, the U.S.-based SailPoint, is currently valued at $12 billion after being taken public again by the Thoma Bravo fund. The competition is likely to be fierce.

Perhaps CyberArk looked at Check Point’s stagnation and concluded that without joining one of the industry’s giants, it risked remaining a mid-tier player with limited room to grow. CyberArk was almost certainly Palo Alto’s first choice, but had it declined, SailPoint may have been next in line.

With its acquisition of CyberArk, Palo Alto reignites the wave of consolidation in the cybersecurity sector. Now, it’s likely the turn of companies like CrowdStrike to make their move. That expectation also explains why Check Point’s stock tumbled by more than 10% yesterday: the cybersecurity market is no longer a game of big players, it’s becoming a game of giants.