Varonis Systems Inc Q2 FY2021 Earnings Call

Greetings. Welcome to the Varonis Systems, Inc. Second Quarter 2021 Earnings Conference Call. At this time all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. Please note, this conference is being recorded. I will now turn the conference over to your host, Jamie Arestia, VP of Investor Relations. Thank you. You may begin.

Thank you, operator. Good afternoon. Thank you for joining us today to review Varonis’ second quarter 2021 financial results. With me on the call today are Yaki Faitelson, Chief Executive Officer, and Guy Melamed, Chief Financial Officer and Chief Operating Officer of Varonis. After preliminary remarks, we will open the call to a question-and-answer session. During this call we may make statements related to our business that would be considered forward-looking statements under federal securities laws, including projections of future operating results for our third quarter and full year ending December 31, 2021. Due to a number of factors, actual results may differ materially from those set forth in such statements. These factors are set forth in the earnings press release that we issued today under the section captioned Forward-Looking Statements, and these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. These statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. Varonis expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation for the most directly comparable GAAP financial measures is also available in our second quarter 2021 earnings press release, which can be found at www.varonis.com, in the Investor Relations section. Also, please note that all common stock and per share data have been retroactively adjusted for the impact of the three-for-one stock split effective March 15, 2021. Lastly, please note that an updated investor presentation, as well as a webcast of today’s call, are available on our website in the Investor Relations section. With that, I’d like to turn the call over to our Chief Executive Officer, Yaki Faitelson. Yaki?

Thanks, Jamie. Good afternoon, everyone. Thanks for joining us to discuss another strong quarter as we continue building on the momentum from Q1 and the end of 2020. With the backdrop of the current environment, I want to focus today on two topics: First, why data protection is such a hard problem for organizations to solve, that is only becoming harder with the digital transformation; and second, why our platform and technology offer a durable competitive advantage. I will then turn the call to Guy to discuss our Q2 results and guidance. Let’s start with the threat landscape. Simply put, companies of all sizes and industries are facing high-profile attacks on a daily basis. This is not surprising, as organizations put sensitive data in more places and access it in more ways, making it harder to lock down data and detect threats. Hackers are taking advantage of this new environment, and with the rise of cryptocurrency, the theft of data has never been easier to monetize. Companies also face growing risks from rogue insiders and ransomware, given that the average employee has access to 17 million files on their very first day of employment, most of which aren’t relevant for them. As we have been saying for many years, security of the perimeter and endpoint is critical but insufficient. Perimeters are hard to define and even harder to monitor. Endpoints are interchangeable. In reality, most data is moving to centralized, sanctioned repositories, and as cybersecurity risks surge, companies are thinking more strategically about data protection and are increasingly turning to Varonis to help protect data where it lives. Data protection is an immensely difficult problem to solve, and in conversations with our customers and prospects, we ask three simple questions: One, do you know where your important data is stored? Two, do you know that only the right people have access to it? And three, do you know that they are using it correctly? To keep data safe, you have to be able to answer yes to all of these questions, but most organizations that turn to us can’t answer yes to any of them. Let me drill into this a bit more. First, identifying important data takes sophistication, given the complexities of data storage. Second, to understand accessibility, most companies don’t realize just how many millions of folders, files, records, and groups need to be analyzed to discern permissions, and how many functional relationships there are between them. And lastly, in terms of data usage, every system is different; many lack fidelity or granularity, and all lack important context. Without the significant enrichment that we offer, companies can’t build a baseline of normal user behavior. Furthermore, when we show our customers that by integrating data importance, access, and usage, they can finally understand and safely reduce risk in a holistic way that can’t be achieved with only one of these dimensions, the uniqueness of our solution becomes clear. For data to be secure, you need to be able to answer yes to all three questions, all the time. This is why our platform and underlying technology provide such a durable competitive advantage, and why we believe we have a 15-year head start. Data has always been our primary focus, and we start by building context around it: where it’s stored, what it contains, who can access it, and from where. Automation and machine learning connect these dots to build visualizations of risk and profiles of normal usage. When we show companies how our platform provides best-in-class threat detection while automatically fixing the damage that a single compromised user or system can do, what we refer to as “reducing the blast radius,” we become a top priority. Our subscription offering, which aligns perfectly with customer demand for our platform, is why we say that “more is more” at Varonis. Customers buy a larger number of licenses upfront than under the perpetual model, realize greater automated value, and in turn, not only renew but expand their deployments. Let me provide a few examples of some key customer wins from this quarter. One of the country’s largest Fortune 500 insurance companies and financial services providers became a Varonis customer in Q2. We were initially brought in after an internal audit uncovered the risk of fines for regulatory non-compliance, but our risk assessment also found that 65% of their folders were open to all 40,000 employees, and 40% of their sensitive data was exposed. After proving that we could classify their sensitive data for multiple regulations and remediate open access issues in three weeks, they purchased 10 licenses, and we are already discussing additional DatAdvantage licenses as well as Edge to further strengthen their deployment. At the same time, we remain underpenetrated with our existing customer base, and the team had another strong quarter closing substantial expansion opportunities. A great example of this is a North American healthcare company that was concerned with the potential leakage of patient data as they migrated to the cloud. While they have been long-time Varonis customers with a focus on protecting their on-prem data, in Q2 they purchased the entire Office 365 suite, Edge, and Automation Engine, doubling the number of licenses from 8 to 16. Building trust doesn’t happen overnight, and expansion examples like this one reflect the confidence we have instilled in our customers after helping solve their most urgent data protection problems over the last 15 years. In summary, we founded Varonis because we recognized that enterprise capacity to create and share data far exceeded its capacity to protect it. This has never been truer than it is today. Because we have aimed to keep pace with the relentless growth and complexity of data, we believe that our platform is uniquely positioned to address the data protection challenges facing all companies, providing Varonis an enormous opportunity to capitalize on the market opportunity we see while deepening our competitive moat. With that, let me turn the call over to Guy. Guy?

Thanks, Yaki. Good afternoon, everyone. Thank you for joining us today. We are once again extremely pleased with our second-quarter results, as we continue to capitalize on both the short and longer-term opportunities we see. Financial highlights in Q2 include 33% total revenue growth year-over-year, driven by strong ARR growth of 39%, to $328.2 million. Demand for our platform continues to be driven by both new customer acquisitions, where the average new customer is now buying approximately 5 to 6 licenses, and continued expansion from our base of existing customers. As we discussed last quarter, these trends continue to dramatically increase customer lifetime value. As of June 30, 2021, 68% of our total customers with 500 or more employees purchased four or more licenses, up from 58% a year ago and 48% two years ago. At the same time, 35% of our total customers with 500 or more employees purchased six or more licenses, up from 24% a year ago and more than double the 16% we had two years ago. The strong growth of these KPIs validates the demand to consume more of our platform while also illustrating the continued opportunity we see to get every Varonis customer to a double-digit number of licenses, much like the customer examples Yaki just provided. The path to this number has never been clearer than it is today, as we know that customers who land with a higher number of licenses, which is exactly what our subscription model allows for, see more value upfront through automation, leading them to consume even more of the platform with additional purchases. All of this significantly increases our customer lifetime value compared to the perpetual model. Turning now to our second-quarter results in more detail. Total revenues grew 33% to $88.4 million. Subscription revenues grew 70% to $58.1 million. Maintenance and services revenues were $30 million, as our renewal rates remain strong at over 90%. Looking at the business geographically, we again saw strong revenue growth across North America and EMEA. In North America, revenues grew 34% to $61.6 million, or 70% of total revenues. In EMEA, revenues grew 31% to $24.5 million, or 28% of total revenues. Rest of World revenues were $2.3 million, or 3% of total revenues. Turning back to the income statement, I’ll be discussing non-GAAP results going forward. Gross profit for the second quarter was $76.9 million, representing a gross margin of 86.9%, compared to 86.5% in the second quarter of 2020. Operating expenses in the second quarter totaled $75.8 million. As a result, second-quarter operating income was $1.1 million, or an operating margin of 1.2%. This compares to an operating loss of $4 million or an operating margin of negative 6% in the same period last year, as we continue to drive operating margin leverage. During the quarter, we had financial expense of approximately $918,000, primarily due to interest expense on our convertible notes. The net loss for the second quarter of 2021 was $771,000, or a loss of $0.01 per basic and diluted share, compared to a net loss of $4.7 million or a loss of $0.05 per basic and diluted share for the second quarter of 2020. This is based on 106.4 million and 94.5 million basic and diluted shares outstanding for Q2 2021 and Q2 2020, respectively. We ended Q2 with $813.7 million in cash, cash equivalents, marketable securities, and short-term deposits. For the six months ended June 30, 2021, we generated $11.1 million of cash from operations, compared to negative $10.8 million in the same period last year. We ended the second quarter with 1,870 employees, an increase of 76 net new employees from the first quarter of this year. Consistent with the demand environment, our net hiring has been strong for the last four quarters, triggered by the digital transformation which we recognized mid-last year. We believe these continued investments in innovation and capacity will allow us to capture the opportunities we see in the market. Moving to our guidance. For the third quarter of 2021, we expect total revenues of $96 million to $98 million, representing growth of 25% to 28%. We expect non-GAAP operating income of $3.5 million to $4.5 million, and non-GAAP net income per diluted share in the range of $0.01 to $0.02. This assumes 118.9 million diluted shares outstanding. For the full year, we are raising our guidance and now expect total revenues of $375 million to $379 million, representing growth of 28% to 29%. We now expect non-GAAP operating income of $10 million to $13 million, and non-GAAP net income per diluted share in the range of $0.03 to $0.05. This assumes 116.8 million diluted shares outstanding. In summary, we are extremely pleased with our results this quarter. Looking at the pipeline, the demand environment, and the market increasingly coming to us, we are confident in our ability to capitalize on the opportunities we see as reflected in our guidance. Thanks for joining us today. And with that, we would be happy to take questions.

At this time, we will be conducting a question-and-answer session. Our first question is from Sterling Auty of JP Morgan.

Yes. Thanks. Hi, guys. So, this is the second straight quarter that ARR growth was just over 39%. And I think we talked about in the beginning of the year that ARR growth and revenue growth should normalize for the full year. But, I guess, what I’m asking is, looking at the back half of the year, it would indicate a pretty significant slowdown in ARR growth to get down to where you’re guiding revenue growth. So, what is it that you’re factoring into the guidance for that slowdown? Because it seems like there’s a lot of momentum with government deals, commercial deals, and even international.

So, first of all, we’re really pleased with our Q2 results. I think the contribution and the strong momentum we’re seeing in the last couple of quarters, combined with the pipeline we see and really the market coming to us, gave us the confidence to raise full-year guidance by approximately $10 million. But the guidance philosophy really hasn’t changed. We want to continue to guide in a responsible way. At the same time, we feel very good about the second part of the year. And we’re very excited for what we have ahead. So, I think we feel very confident about the second part.

Our next question is from Matt Hedberg of RBC Capital Markets.

Hey, guys. Thanks for taking my question. And congrats really on a very strong quarter here. Yaki, I’m wondering if you didn’t talk about it, I don’t think, in your prepared remarks, but I’m wondering if you could talk about the integration status on Polyrize. And remind us how you expect to monetize that as really you wire up additional cloud data stores.

Matt, it’s still early stages, but we’re really hitting all the internal milestones, and we are extremely happy with the initial interest. Without a doubt, the initial interest is by far exceeding all our expectations, regarding actually all the platforms that they support. We’ve grown the team significantly. We put massive investment in this part of the business. Our most senior executive in technology side, David Bass, our CTO and Head of Engineering, he is personally responsible and it was just an organic part of our roadmap. We just saw that it’s a very interesting dynamic to understand regarding the market, which you saw that the data keep exploring on-prem. But, a lot of these sanctioned repositories, what we call, a lot of applications going to the cloud, and in the cloud, what you see is a lot of the data protection that you see with file system. Obviously, we have had just huge success with Office 365. And you see the same with Box, with Google. You have obviously Okta, Zoom, Salesforce is huge, AWS, just big, big, big challenges. And this is a big blind spot for the system. If you think about it, this is where the critical data is. And these three use cases are big there. It’s very hard to make sure that the right people can access the right data, virtually impossible to understand what people are touching to do forensics, to get to root cause, and to understand what is critical, and also these applications are interconnected and you see a lot of lateral movement. So, this year, we don’t think that we will have a material revenue contribution, but we think that it will be big, both in prospects and customers. And it’s a SaaS solution. It’s in the cloud. But, we believe that it’s increasing drastically the total available market and our ability to sell licenses to customers. One thing we see in Varonis that more is more. You sell more licenses, you get more automated value, then customers are buying more, and we definitely see a clear path to get to higher double-digit licenses within our customer base. So, we are very excited about the opportunity. And definitely, it’s shortened the time to market in the organic part of our roadmap.

Our next question is from Brent Thill of Jefferies.

Hey, guys. You have Joe on for Brent. I really appreciate the question. Just kind of want to follow up with Sterling’s question and ask it a different way. But, how should we think about incremental ARR seasonality as we move throughout the year? Any reason it would be less pronounced versus last year? I know 2Q was relatively similar to 1Q in terms of incremental ARR at it.

So, there are two parts to that question, and I’ll try and address it from the two angles. In terms of seasonality of the business, not so much the ARR, I’ll touch on that in a second. The seasonality of the business is very much the same where Q1 is the lowest quarter, Q4 has historically been our largest quarter in dollar terms. I think, when you look at the ARR and the revenue, apart from the fact that ARR grew 39%, the revenue grew 33%, which we’re very happy with, when we talked about kind of those metrics converging, I think you need to look at that on the recurring revenue component, really on a 12-month trailing basis, and the revenue recurring component is the subscription and the maintenance. And when you kind of look at those two, they’re very much closer. And I think when we look at the second part of the year, we have very strong momentum. We have a very strong pipeline, and we feel very confident going into the second part of the year.

Our next question is from Saket Kalia of Barclays.

I was curious if you could discuss the growing number of licenses per customer. This seems to have been a recurring theme for several quarters. What do you think is driving this trend? Additionally, Guy, how do you perceive the increasing licenses per customer in relation to a metric like net revenue retention? I apologize for the numerous questions, but I hope that makes sense.

Yes, thank you for the question. It's fascinating to observe the changes in the number of licenses. The COVID pandemic has led to a significant increase in remote work, resulting in more laptops in use. However, defining a perimeter has become challenging since data remains on-premises while access continues to grow. This shift is crucial to recognize. The widespread adoption of Office 365 and various SaaS applications focused on collaboration presents substantial security challenges. Additionally, the data repositories being sanctioned are beginning to host less data on individual endpoints, moving more towards centralized storage similar to mobile devices. To safeguard digital assets effectively, the focus must shift first to protecting these assets, followed by securing the network, Active Directory, and finally the endpoints. This approach to data protection is gaining recognition among organizations over the past two years. A significant driver of this trend is the need for broader coverage, ensuring the protection of Office 365 and integration with Azure AD, as well as securing various virtual machines. Another key development is automation; automating data classification and remediation is vital. It's essential to have enrichment capabilities so that when alerts occur, the root causes can be identified promptly. We're excelling in these areas. We also notice tremendous growth in products like Office 365 and other SaaS applications, including Slack, Salesforce, GitHub, Box, Google, Okta, and Zoom. These platforms generate considerable data and collaboration, which introduces many risks, including data protection challenges, insider threats, advanced persistent threats, and configuration issues. A simple mistake can lead to vulnerabilities, especially when systems are overly accessible. This context is why our Data Advantage Cloud, stemming from the Polyrize acquisition, is poised for significant growth, potentially even outpacing our 365-related offerings. Ultimately, to safeguard your data effectively, a solution like Varonis is essential. Given our strong position in the market, it's nearly uncontested, and customers are increasingly turning to us. This trend is reflected in our successful deal closures and the growing standardization among our clients.

To add to that from a numbers perspective, the key performance indicators we have for customers with 500 employees or more show strong growth for those with four or more licenses, rising from 58% to 68%, and for those with six or more licenses, increasing from 24% to 35%. This is a great indication that we're successfully selling the platform. Additionally, new customers are purchasing between five to six licenses in their initial buy, which is about double the amount they would have acquired under the perpetual model. When we consider these factors together, we originally anticipated a three-year breakeven period based on our price list. However, given the behavior of new customers purchasing significantly more licenses, we are able to reduce the time to breakeven considerably. This is very encouraging. Furthermore, as they consume more licenses, they gain greater value, leading them to return and buy even more. Overall, this is all working out very well for us.

Our next question is from Rob Owens of Piper Sandler.

Hi, guys. Ben Schmitt on for Rob. Thanks for taking my question. Wondering if you can talk a bit about the contract value boost that we should expect from adoption of the new DatAdvantage Cloud licenses? And related to that, as we think about more data moving to the cloud, can you just talk about how much of your business do you think these cloud data stores could become?

It’s still early stages, and everything is very initial. However, we believe that we are starting to see traction, but it is very preliminary. We notice traction across all the repositories we are covering. Additionally, it’s interesting to see that the data is moving on-prem. In the cloud, more SaaS applications are being adopted, and there are many of them. However, several core applications are usually interconnected, and these are the key ones. You don’t need to cover everything that exists; instead, we believe this footprint will expand over time within our customer base, allowing us to acquire more customers. Nevertheless, we still need to understand how we sell it and how customers will buy. These are initial stages, but everything we observe now is very encouraging.

Our next question is from Mike Cikos of Needham & Company.

I did want to ask about, I guess, in the final comments for the prepared remarks, there was a comment around pipeline and your ability to execute and capitalize on this. And I did just want to frame it. So, my understanding here is that if you have a new customer coming on and taking more of the solutions upfront, we’re talking about five to six of these different licenses, so the offering itself is more consumable today. They realize value that much quicker and then they’re coming back and growing. And alongside that dynamic, you guys are also taking the time to make sure you’re investing both in your platform as well as in your sales and marketing and go-to-market motion. Are all these different factors playing into the strong pipeline that you guys are talking to? And maybe the other additional point, could you help us better understand the strength of that pipeline? How are customers going through their sales cycles quicker as a result of this as well? Anything there would be incremental. Thank you.

Thank you. What we primarily observe is the improved quality of our pipeline due to our offerings and the current market conditions. We have better overall coverage. Enterprise sales take time, but we are seeing a more predictable approach as we move into larger markets, targeting customers with 1,000 to 50,000 users and landing significant deals. Once we secure a customer with a sufficient number of licenses initially, we are usually able to sell them additional licenses over time, as there is a growing awareness of the need to protect data where it exists, since that is where it's most vulnerable. This is how we are implementing solutions with Varonis. Additionally, data protection, threat detection, response, compliance, and privacy all stem from the same issue and require the same platform, which we are witnessing. The quality of our pipeline has improved significantly. We see that Chief Information Security Officers, as well as more Boards and management teams, are increasingly focusing on digital assets and strategies for protecting them. Once we establish ourselves in this area, we can confidently execute our sales campaigns, knowing the likely outcomes. We also have good visibility into the overall customer lifetime value, and the quality of our metrics has drastically increased.

And just to add some color on that from a numbers perspective. When we look at kind of the comparison between the perpetual model and the subscription model, and we talked about kind of that three-year breakeven, probably easier, if I give some sort of a simple example just to kind of break down how we’re enjoying that higher customer lifetime value. If you take a customer that bought, let’s say, a $120,000 perpetual deal with a 20% maintenance on that deal, you would get $20k in year two and year three, which would kind of add up to $160,000 overall dollars from that customer over a three-year period. And we priced subscription at 45% of that first initial purchase. So, let’s say, $54,000, which gives you that three-year breakeven. But, because we’ve sold double the number of licenses to that new customer and the discounts have really stayed firm, you’re able to sell, let’s say, roughly around $100k in that year one. But now instead of getting $20,000, which is that maintenance of perpetual, we’re getting the same revenue stream. And we have the ability to expand because we’re providing more value to that customer. So, that’s really the beauty of the model and why this model is so powerful and allows us to have that breakeven period significantly less than three years.

Our next question is from Hamza Fodderwala of Morgan Stanley.

I would like to get more details about the pipeline related to federal business heading into Q3. Could you provide an update on how much of your sales are generated from that sector and how the pipeline has developed following recent product announcements and go-to-market strategies?

We are entering the quarter with a strong pipeline. Our team is doing well, and we are in a good position for success. This is an important quarter for federal business, and we are set to perform strongly. We will provide updates during the November call.

And the federal has been roughly mid-single digits out of total revenue. We have a great team, like Yaki said, and we believe that that percentage can be higher. But it’s still to date has been in that range. I know other companies had a much larger component of their business coming from federal, and we believe we can continue to expand there.

Our next question is from Chad Bennett of Craig-Hallum.

Thank you for taking my question and great job on the quarter. As we're entering our second year of scale and net expansion in the business, I wanted to ask if, due to the rapid expansion in licenses—whether it's through upfront sales or cross-selling and upselling—we are at a stage where we're seeing co-terming or early renewals. Could these potentially impact our billings for a quarter, either positively or negatively, or is this not a significant concern at this stage in our model transition?

So, we don’t really provide any color on the billing. And I wouldn’t say that we’ve experienced any changes that are related to billings being pulled into the quarter. I will say that every renewal is an opportunity to upsell, but we are seeing many customers that aren’t even waiting for that renewal period and are expanding and therefore, co-terming their deal and extending that, and that’s been very positive for us. But we see that continuing because the more licenses we sell, as we said before, the more value the customer is benefiting. And the more automation they’re getting with the product, the happier they are and therefore, they’re coming back and buying more.

Our next question is from Shaul Eyal of Cowen.

Thank you. Hi. Good afternoon, guys. Good job. Yaki, I wonder, you gave an example of a Fortune 500 company in your prepared remarks. And, is some of that acceleration has to do with you guys going higher within the enterprise? And even the enterprise could be categorized into, let’s say, a couple of buckets, employees, with 5,000, 10,000 and above. But, does it have something to do with that as well, the nice acceleration that we’re seeing? I know you’ve indicated that enterprise sales are a little longer. That’s understood. We all get that. But, could it be that this acceleration is also hinged on that?

Definitely going upmarket, we always sold to large accounts, but now they understand very well what we do, they use the product. So, we definitely go there and can reliably go there and know that many times in a predictable way, we are winning the business. But also, customers with 2,000, 3,000, 5,000 users just buying more and more. So, the most important trend that we see is once you have licenses, you’re just buying more, and you get this automated value. So, just the overall customer lifetime value is increasing, and we just see an expansion of the platform of the use cases. So, it’s just a bit of everything.

Our next question is from Dan Ives of Wedbush Securities.

Can you just geographically just talk about U.S. versus Europe in terms of penetration, different trends that you’re seeing there, especially when it comes to expansion of license deals?

Obviously, the U.S. is a much bigger business for us. But, the overall trend we see, the overall trend is the same. If you have critical data, someone wants to steal it. And as a data-driven enterprise, your capacity to create and share information really far exceeded your capacity to protect it. And this is something that everyone understands. So, just in terms of the opportunity, we definitely see that we can get to double-digit licenses within the customer base, and all the platforms that we cover is where they run the business and it’s very important that if you want to protect your data, you need Varonis. And this is just a gradual process that is happening in the last few years and works very well for us, but it’s just happening worldwide.

Our next question is from Mark Schappel of Benchmark Company.

Nice job in the quarter. Yaki, I realize that data protection cuts across all industries, but are you seeing certain verticals accelerate adoption of data protection more so than others over, say, the last couple of quarters?

It remains relatively unchanged. We are noticing that other sectors, which may find it challenging to finalize large deals, are beginning to engage more actively. Recently, we observed a digital transformation that offers numerous advantages but can also lead to diminishing returns if data protection is not prioritized. Everything is unfolding gradually, prompting organizations to reconsider how they safeguard their data. A solid trust foundation is essential for managing critical data, intellectual property, customer information, business partner data, and employee data, and Varonis facilitates this for organizations. We see this trend across all sectors, where gradually, data protection is becoming a key priority.

Our next question is from Jonathan Ruykhaver of Baird.

So ransomware has been a rising threat vector for several years, and we know it’s a clear use case for Varonis. So, I’m wondering if you can just talk about that use case in light of the increasing number of vendors that have capabilities to protect against ransomware, including EDR vendors, XDR and SIM vendors. Just what are the competing technologies do you see the most? And how does Varonis perform relative to those different approaches?

Thank you for the question. Ransomware is a type of malware that encrypts your data. Initially, it may target data on local disks, but over time, more data is stored in shared repositories like file shares, file servers, NAS devices, and collaboration platforms such as Office 365, SharePoint, and OneDrive. It can bypass the endpoint easily, especially if we’re dealing with unpatched machines or devices exposed to the internet. Once it bypasses the perimeter, the issue becomes the extent of the damage. Many organizations without Varonis find that a significant percentage of files accessible to employees are irrelevant to them, allowing ransomware to encrypt a vast amount of data without any special actions needed from the attackers. When the perimeter is breached, Varonis is often the only effective solution available. We monitor data repositories for any abnormal behavior and can detect and halt encryption attempts. We can then identify which critical data needs to be restored, and with our Edge product, we assist in preventing the unauthorized transfer of data, which is often a threat as attackers may plan to leak it in stages. Organizations must protect numerous endpoints and data, and even a minor oversight can lead to an attack. We're focused on safeguarding the data that ransomware targets for encryption and theft. Organizations recognize this need, making our solution a top priority in ransomware discussions. It's important to understand the market dynamics; initial responses to an attack might lead to increased spending on security solutions, but as organizations reflect on long-term protection strategies, they often turn to us for our reliable return on investment. Over the past four years, each incident has shown that while our benefits can be delayed compared to some competitors in the immediate term, we see greater long-term advantages. Regulatory frameworks like GDPR and HIPAA also bolster our position. The initial alarm following an attack may prompt immediate reactions, but ongoing considerations highlight the necessity of our solutions. Ultimately, organizations recognize that to effectively protect their data, they must prioritize Varonis. As organizations increasingly utilize multiple data repositories, they require comprehensive protection for all their data. We believe recent ransomware incidents are accelerating the realization of Varonis's value, especially in relation to ransomware protection, which our customers greatly appreciate.

Our next question is from Shebly Seyrafi of FBN Securities.

So, I want to drill down on the gross margin line. It keeps increasing on a year-to-year basis. How much of that is because more and more customers are buying more and more licenses? And what are some of the other factors impacting the increase in gross margin? And also, related to this, last year, you finished with the gross margin at 89%. Do you expect a similar kind of pattern this year as well?

The margin expansion is benefiting from strong renewals and the lower costs associated with selling to existing customers. We remain committed to year-over-year margin expansion, which is evident from previous years leading up to this transition. We are pleased with the current margin expansion of about 450 basis points. However, we want to maintain our focus on the opportunities ahead, which is why we're making necessary investments while still ensuring some of it contributes to our bottom line. We believe we have effectively balanced growth and profitability, and we anticipate further margin improvements in the latter half of the year and in the future.

Our next question is from Erik Suppiger of JMP Securities.

Yes. Thanks for taking the question and congrats on a good quarter. First off, just on the point of ransomware, can you give us a sense for how much of a topic of discussion that is for your new accounts? Is that literally every account coming at it? Are they looking at Varonis as a tool for protecting against that, or how critical of a selling point is that? And then, I’ve got a follow-up question.

Ransomware serves as a clear demonstration of Varonis's purpose. It infiltrates systems without detection, bypassing endpoints and revealing excessive access controls. This often leads to the unauthorized encryption and theft of millions of files from organizations. Customers recognize that they can breach perimeter defenses, exposing a significant “blast radius” of unmonitored access and vulnerabilities that can be exploited to compromise data. While I wouldn’t classify this solely as ransomware, the threats it poses highlight the need for robust data protection. Organizations require the ability to alert on unusual activities, thoroughly investigate incidents, identify root causes, and conduct effective forensic analysis quickly. Automation is crucial—ensuring that only authorized individuals have access to the correct data across all platforms, and being able to trace incidents back to their origins is essential. We excel at this. Ransomware is merely one form of advanced persistent threat, and it’s important to note that it represents just one type of malware, with many others operating covertly. Organizations are increasingly aware that these risks are real and growing. The sophistication of threats is rising, influenced in part by cryptocurrency, which facilitates cybercrime. State-sponsored actors are also increasingly engaging in cybercrime, targeting organizations with valuable data. Additionally, cyber insurance is becoming more accessible, leading to easier payouts compared to previous years. There’s a strong understanding among organizations that if they hold critical data, they are targets. Multiple pathways exist for cyber intrusions, reinforcing the necessity for solutions like Varonis. This awareness is part of a broader trend as organizations recognize the importance of data protection. We believe that adopting platforms like Varonis will become essential for businesses committed to safeguarding their data.

Our next question is from Roger Boyd of UBS.

Terrific. Thanks for taking my question. Congrats on a nice quarter. I guess, I’m curious, you spent the last couple of years starting to focus more on the larger enterprise. And I’m wondering with the introduction of Polyrize, and that being a SaaS-delivered solution, does that change the opportunity you see with maybe the mid-market or SMB, or is the focus still on the high end of the enterprise for the time being?

When we discuss the high end, we refer to the market above 1,000. We are not specifically targeting 20,000 and above but rather the 1,000-plus segment, which represents a substantial market. We believe we can sell Varonis to anyone who files emails and manages critical business data that requires collaboration and sharing. However, we want to ensure we can scale efficiently. We are making significant progress, supported by our strong inside sales teams, which are crucial to our success. While we are primarily focused on larger enterprises—representing the majority of our revenue—we can sell to anyone. We are expanding our inside sales team, which is doing an excellent job and adding significant value to smaller organizations.

Our final question is from Andrew Smith of Berenberg Capital Markets. Please state your question.

Hi, guys. Just understanding that it’s very, very recent, was there any benefit at all to ARR from DatAdvantage Cloud this quarter? Thanks.

No, this is still in the early stages. We believe that this year there will not be a significant contribution. Typically, before we launch a product, we gauge interest, assess its performance after installing it in Varonis, and analyze the effectiveness of our marketing efforts. We also observe how it gains visibility with customers when implemented on platforms like Google, Box, Salesforce, and Slack. The exposure is substantial, and we recognize the risks associated with lateral movement. We firmly believe this represents a major blind spot for many systems today. There’s a lot of damage occurring with breaches that organizations may not even be aware of. Thus, we see significant opportunity ahead. What we have accomplished with 365 can also be achieved with these SaaS applications. Over time, we expect to handle increasingly critical data within SaaS applications, which will become interconnected. We are very enthusiastic about our potential in the SaaS space and believe our technological advantages, particularly the functional relationships between users, data, permissions, and content, are highly relevant. Additionally, on-prem data will remain important. We can serve as a trustworthy foundation for digital transformation, ensuring organizations can tap into productivity benefits while mitigating risks related to data breaches, data theft, insider threats, compliance issues, and more.

And just to add from an ARR perspective, like Yaki said, there was no contribution coming from DA Cloud, but the fact that ARR grew 39%, and when you look at kind of Q1 and Q2, both of them grew 39%, but we see Q2 ARR is a much stronger, 39%. That’s really due to the fact that Q1 ARR growth was against the weaker comp. And if you remember, we had kind of a shelter-in-place in the last two weeks of Q1 2020, and that had an impact on our results. So, this quarter, ARR as a whole is really a strong indication of the demand environment, and the execution we had this quarter.

We have reached the end of the question-and-answer session. I will now turn the call back over to Jamie Arestia for closing remarks.

So, thank you everyone for joining the call today and for your interest. And please don’t hesitate to reach out with questions, and we look forward to speaking with you this quarter. Have a good night.

This concludes today’s conference. You may disconnect your lines at this time. Thank you for your participation and have a great day.