In a strong display of resilience amid economic uncertainty, identity security provider CyberArk delivered impressive first-quarter results for 2025, underscoring the growing importance of identity security in today’s heightened threat landscape. The company reported total Annual Recurring Revenue (ARR) of $1.215 billion, with subscription ARR reaching $1.028 billion and total revenue of $318 million for the quarter ended March 31, 2025.

“CyberArk delivered a strong start to 2025, highlighting the power of our unified platform and the durability of our business model,” said Matt Cohen, Chief Executive Officer of CyberArk, in the company’s earnings announcement. “In Q1, total ARR reached $1.215 billion, driven by robust net new ARR of $46 million. Our consistent execution and ongoing innovation fueled strong top-line growth, while we continue to scale profitably — achieving an 18% non-GAAP operating margin and generating $96 million in free cash flow.”

Speaking with CNBC’s “Closing Bell Overtime,” Cohen emphasized that organizations are fundamentally altering their cybersecurity strategies in response to escalating threats. “We see this heightened threat environment that’s forcing organizations to fundamentally alter their cybersecurity strategies and lean in to a particular part of cybersecurity that’s called identity security,” Cohen explained.

Identity Security as a Strategic Imperative

According to Cohen, identity security has become the focal point of large-scale cybersecurity programs. This sector focuses on ensuring both human and machine identities have appropriate controls to protect privileged information and systems. This strategic focus has helped CyberArk maintain strong demand and durable growth, with revenue and ARR growing by more than 30% year-over-year.

The company’s performance comes during a significant business model transition to subscription-based services, which now represents a substantial portion of their revenue stream. Despite this transition, which often creates temporary financial headwinds for software companies, CyberArk has maintained impressive profitability with free cash flow margins exceeding 20%.

Dynamic Privileged Controls for Evolving Threats

When asked about security threats across human and non-human identities, including emerging AI agents, Cohen highlighted the importance of dynamic privileged controls.

“What we see is the need to be able to offer dynamic privileged controls,” Cohen told CNBC. “That really means being able to elevate the level of controls that any entity has on it based upon risk, based upon context, and based upon the types of targets that it’s accessing.”

This approach allows for contextual security measures that adapt to different scenarios and threat levels. “You or I might look like a normal workforce user from day to day, but if we access certain systems with certain elevated entitlements or privileges, we need an extra layer of security,” Cohen elaborated, noting that similar principles apply to machine and non-human identities.

Vendor Consolidation Driving Value

A significant trend in enterprise cybersecurity is the consolidation of vendors and tools. During CyberArk’s recent earnings call, Cohen addressed questions about multi-product sales and the company’s platform approach.

“CISOs, the Chief Security Officers, [are] overwhelmed by the sheer number of cybersecurity tools,” Cohen explained to CNBC. “At a typical enterprise, they can have 50, 100, 150 individual cybersecurity tools that they’re trying to manage.”

This proliferation of tools is driving a move toward consolidation around key platforms. “This idea of consolidation or platformization is really about driving value across the various identities, but also the idea of lessening the burden on the CISOs and the security teams that are increasingly overwhelmed,” Cohen said.

Cohen believes that while there won’t be a single platform for all cybersecurity needs, consolidation is occurring around critical areas: endpoint security, cloud security, modern firewalls, and identity security. For CyberArk, this trend represents a significant opportunity as they continue to expand their comprehensive identity security platform.

At the company’s recent IMPACT 2025 event, as reported by Futurum Group, CyberArk outlined its strategy around three core pillars: addressing the proliferation of human privileges beyond traditional IT roles, managing the exponential growth of machine identities, and countering AI-accelerated attacks and identity sprawl. The company introduced several new offerings, including CyberArk Secure Workload Access for managing non-human identities and CyberArk Secure AI Agents for privileged access management of AI agents.