Equibles

10-K

VARONIS SYSTEMS INC (VRNS)

10-K 2026-02-04 For: 2025-12-31
View Original
Added on April 04, 2026

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

_____________________

FORM 10-K

_____________________

(Mark One)

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

for the Fiscal Year Ended December 31, 2025

or

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

for the transition period from                      to

Commission file number: 001-36324

________________________

VARONIS SYSTEMS, INC.

(Exact name of registrant as specified in its charter)

_____________________________

Delaware 57-1222280
(State or other jurisdiction of incorporation or organization) (I.R.S. Employer Identification No.)

801 Brickell Avenue

Miami, FL 33131

(Address of principal executive offices) (zip code)

Registrant’s telephone number, including area code: (877) 292-8767

Securities registered pursuant to Section 12(b) of the Act:

Title of each class Trading Symbol(s) Name of each exchange on which registered
Common Stock, par value $0.001 per share VRNS The NASDAQ Stock Market LLC

Securities registered pursuant to Section 12(g) of the Act: None

_____________________________

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes  ☒    No  ☐

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes  ☐    No  ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes  ☒    No  ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).    Yes  ☒    No   ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large Accelerated Filer Accelerated Filer
Non-accelerated Filer Smaller reporting company
Emerging growth company

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements

of the registrant included in the filing reflect the correction of an error to previously issued financial statements.   ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b).   ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).   Yes  ☐   No   ☒

As of June 30, 2025, the aggregate market value of the registrant's voting and non-voting common equity held by non-affiliates was approximately $5.56 billion.

As of January 30, 2026, the registrant had 117,447,726 shares of common stock, par value $0.001 per share, outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the Registrant’s Proxy Statement relating to the 2026 Annual Meeting of Stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K.

Special Note Regarding Forward-Looking Statements and Summary Risk Factors

This report contains, and management may make, certain forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). All statements, other than statements of historical facts, may be forward-looking statements. Forward-looking statements are often identified by the use of words such as “anticipate,” “believe,” “can,” “continue,” “could,” “estimate,” “expect,” “intend,” “likely,” “may,” “plan,” “project,” “seek,” “should,” “strategy,” “target,” “will,” “would” and similar expressions or variations intended to identify forward-looking statements. These statements are based on the beliefs and assumptions of our management based on information currently available to management. Such forward-looking statements are subject to risks, uncertainties and other important factors, many of which are difficult to predict and generally beyond our control, that could cause actual results and the timing of certain events to differ materially from future results expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences include, but are not limited to, those identified in the “Summary Risk Factors” below and those discussed in “Item 1A-Risk Factors” and “Item 7-Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking statements to reflect events or circumstances after the date of such statements.

The risks that might cause actual results to differ from our expectations include, among other things, those that may be disclosed from time to time in subsequent reports filed with or furnished to the SEC, those described under “Risk Factors” set forth in Item 1A of this Annual Report, and the following, which also summarizes the principal risks of our business:

•the fact that the market for software that analyzes, secures, governs, manages and migrates enterprise data may not continue to grow or grow at the same pace;

•prolonged economic uncertainties or downturns;

•currency exchange rate fluctuations;

•increased competition;

•security breaches, cyberattacks or other cyber-risks and failure to comply with legal requirements, contractual obligations and industry standards regarding security, data protection and privacy;

•our expansion into cloud-delivered services;

•our ability to predict renewal rates and manage growth effectively;

•fluctuation in our quarterly results of operations due to variability in our revenues;

•our limited operating history at our current scale, which makes it difficult to evaluate and predict our future prospects;

•our history of losses;

•our ability to maintain strong relationships with our channel partners, including distributors and resellers, to whom we sell substantially all of our products and services;

•risks inherent in our international operations, including military conflicts that could impact operations, the effect of export and import controls and the risk of a violation or alleged violation of applicable anti-corruption or anti-bribery laws;

•collection and credit risks;

•stock price volatility;

•our ability to maintain or enhance our brand recognition or reputation;

•our ability to retain, attract and recruit highly qualified personnel;

•our dependency on the continued services and performance of our co-founder, Chief Executive Officer and President;

•our ability to continually enhance and improve our technology;

•the fact that, if we experience interruptions or performance problems with our products, or if our software is not perceived as being secure, customers may reduce the use of or stop using our products;

•our ability to protect our proprietary technology and intellectual property rights;

•the fact that our tax rate may vary significantly depending on our stock price;

•our ability to fully utilize our net operating loss carryforwards; and

•our indebtedness.

You should not place undue reliance on forward-looking statements. All forward-looking statements attributable to us or persons acting on our behalf are expressly qualified in their entirety by the foregoing cautionary statements. All such statements speak only as of the date of this Annual Report and, except as required by law, we undertake no obligation to update or revise publicly any forward-looking statements, whether as a result of new information, future events or otherwise.

i

VARONIS SYSTEMS, INC.

ANNUAL REPORT ON FORM 10-K

For The Fiscal Year Ended December 31, 2025

TABLE OF CONTENTS

Page
PART I
Item 1 Business 1
Item 1A Risk Factors 9
Item 1B Unresolved Staff Comments 32
Item 1C Cybersecurity 33
Item 2 Properties 34
Item 3 Legal Proceedings 34
Item 4 Mine Safety Disclosures 34
PART II
Item 5 Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities 35
Item 6 Reserved 37
Item 7 Management’s Discussion and Analysis of Financial Condition and Results of Operations 38
Item 7A Quantitative and Qualitative Disclosures About Market Risk 51
Item 8 Financial Statements and Supplementary Data 53
Item 9 Changes in and Disagreements with Accountants on Accounting and Financial Disclosure 95
Item 9A Controls and Procedures 95
Item 9B Other Information 96
Item 9C Disclosure Regarding Foreign Jurisdictions that Prevent Inspections 96
PART III
Item 10 Directors, Executive Officers and Corporate Governance 97
Item 11 Executive Compensation 97
Item 12 Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters 97
Item 13 Certain Relationships and Related Transactions, and Director Independence 97
Item 14 Principal Accounting Fees and Services 97
PART IV
Item 15 Exhibits and Financial Statement Schedules 98
Item 16 Form 10-K Summary 98

ii

Item  1. Business

We were incorporated under the laws of the State of Delaware on November 3, 2004 and commenced operations on January 1, 2005. Our principal offices are located at 801 Brickell Avenue, Miami, FL 33131. For convenience in this report, the terms “Company,” “Varonis,” “we” and “us” may be used to refer to Varonis Systems, Inc. and/or its subsidiaries, except where indicated otherwise. Our telephone number is (877) 292-8767.

Overview

Varonis is a data security company focused on protecting what matters most to organizations: their data. Modern enterprises run on data that is created, copied, shared and accessed across cloud services, SaaS applications and on-premises environments, often faster than security teams can see, understand or control. We started Varonis around a simple observation that we believe has only intensified over time: the ability to create and share data scales far faster than the ability to secure it. Our strategy is built around closing that gap, giving organizations the deep visibility and automated controls to deeply understand their enterprise data, reduce exposure and respond to threats quickly, wherever their data lives.

Data growth itself is not new. What has changed is the combination of scale, sprawl and speed. Cloud transformation and artificial intelligence ("AI") initiatives are pushing data into more systems, across more environments and making it accessible to more users, applications and AI agents. As adoption of software-a-service (“SaaS”) and infrastructure-as-a-service (“IaaS”) has accelerated collaboration and productivity, it has also expanded and fragmented the enterprise data footprint. In many organizations, data security controls have not kept pace, increasing the likelihood that misconfigurations or credential compromise can lead to significant data exposure, threats and regulatory penalties.

We believe the adoption of AI materially raises the stakes for security and risk. Copilots, agents and automated workflows are now embedded in widely used enterprise platforms such as Microsoft 365, Salesforce, Google Workspace and Box and they increasingly act on data at machine speed. These systems typically rely on existing access controls to determine what data can be surfaced, summarized or acted upon. When those controls are overly permissive, poorly understood and unmonitored, AI can unintentionally amplify risk by scaling access faster than organizations can manage manually. As companies customize AI agents and train their own small and large language models, we believe the security of data, identities, agents and underlying infrastructure will increasingly require automated solutions.

In this environment, access becomes the risk multiplier. When too many people, systems or automated agents can reach sensitive data ungoverned, small incidents can quickly become large ones. We refer to this risk as the “blast radius.” We believe organizations must continuously reduce their blast radius – limiting unnecessary ability to access, move or misuse data – to reap the tremendous benefits of AI. Achieving this consistently and at scale isn’t possible through manual processes, making automation essential.

At the same time, threat actors continue to refine their methods of monetizing sensitive data, and regulatory expectations around privacy, data protection, and AI governance continue to evolve. Many organizations are also operating under real constraints – the demand for skilled security professionals continues to exceed supply, and teams are expected to manage growing complexity with limited resources. We believe these pressures will continue to drive adoption of automated approaches that reduce data exposure by default and enable faster detection and response.

Enterprises today rely on many combinations of data stores, cloud services and SaaS applications, making it difficult to understand data exposure holistically or control breach risk without a unified approach. We believe comprehensive coverage and automation are required to keep pace with the scale and complexity of modern data environments. Our platform has expanded from an initial focus on Windows files shares to cover a broad range of mission-critical cloud and on-premises data stores, cloud infrastructure environments, identity repositories, and key SaaS and AI applications. In 2022, we introduced the Varonis Data Security Platform as a SaaS offering to simplify deployment, accelerate time-to-value, and enable continuous cloud-delivered automation for protecting data.

Varonis software helps organizations of all sizes and industries protect sensitive data stored in the cloud and on-premises, including: files, emails and databases, confidential personal data, financial records, source code, strategic and product plans, and other intellectual property. As the volume, velocity and variety of enterprise data continues to grow, we have built an integrated platform designed to simplify and streamline data security, threat detection and response, and privacy and compliance workflows.

Platform and Technology

Our platform is designed around a core belief: in modern data environments, security outcomes are determined less by perimeter controls and more by how much access exists when something goes wrong. As data spreads across cloud services, SaaS applications and on-premises systems – and as humans, services and AI agents interact with that data at increasing speed – manual approaches to security do not scale. We believe reducing unnecessary access to sensitive data and automatically responding to abnormal behavior are essential to limiting the impact of inevitable failures.

At the foundation of the Varonis Data Security Platform is our ability to understand data in context. Our proprietary technology, continuously collects and analyzes metadata – data about data – across an organizations' environments. We understand what types of data exists, where it lives, who can access it and how it’s being used. This contextual view allows us to map relationships among users, devices, applications, automated agents and data objects, creating a durable model of the organization’s data exposure even as environments change.

This metadata-driven approach enables our platform to operate at enterprise scale with minimal impact on production systems. Rather than relying on static rules or periodic scans, the platform continuously normalizes metadata from disparate sources, making it actionable across hybrid and multi-cloud environments. We believe this persistent, contextual understanding of data is critical to enabling productivity and AI adoption that is effective and safe.

Building on this foundation, the Varonis Data Security Platform is designed to automate outcomes across data protection, threat detection and response, and privacy and compliance. The platform continuously discovers and classifies well-defined sensitive data like credit card numbers, SSNs and patient IDs, and uses machine learning and AI to identify novel domain- and organization-specific data such as recipes, contracts, formulas and other intellectual property. Beyond understanding the data estate, Varonis identifies excessive or risky access and automatically remediates exposure by right-sizing permissions and removing outdated or unnecessary access. By reducing the amount of data that users, systems and automated agents can reach, the platform helps organizations move toward a least-agency model that limits the potential blast radius of an incident without disrupting everyday business operations.

The same model is used to detect and respond to threats. By analyzing data access patterns – user and entity behavior and system activity together – the platform can identify suspicious behavior that could be compromised credentials, insider misuse, malware or ransomware. When threats are detected, the platform can automatically take action to contain it such as restricting access or locking down affected accounts, limiting potential damage and reducing recovery time.

The Varonis platform is offered as a SaaS offering, which we believe is key to our ability to deliver these outcomes at scale. SaaS delivery allows customers to deploy quickly, reduce infrastructure and operational overhead, and benefit from continuous updates to threat models, automation workflows and security capabilities, including our Managed Data Detection and Response (“MDDR”) offering, which are only available through our SaaS platform.

We have further expanded the platform’s capabilities with the introduction of Athena AI, a generative AI layer designed to enhance security operations rather than replace human judgement. Athena AI combines small and large language models with the platform’s deep understanding of data, identities, and prior incidents to help security teams with investigation, response and reporting. By enabling natural-language interaction and generating tailored response guidance, Athena AI helps teams act more quickly and effectively without requiring specialized expertise.

Our platform architecture is designed to be extensible. We continue to expand coverage across additional data stores, cloud services, and SaaS applications. We enhance functionality both organically and through strategic acquisitions. Our recent acquisition of Cyral, Inc. ("Cyral") enhanced our data security offering with database activity monitoring capabilities. We also acquired SlashNext, Inc. ("SlashNext"), an AI-based email security technology that gives Varonis the ability to detect and block modern social-engineering attacks across multiple communication channels. We believe this approach allows customers to consolidate security capabilities onto a single platform while giving us a framework to address emerging risks, including those introduced by AI-driven systems, new data types, and evolving regulatory requirements.

SaaS Delivery Model

Our platform is designed to deliver security outcomes at scale without requiring proportional increases in customer effort or staffing. By automating discovery, classification, access reduction and response, customers can reduce risk across large and complex data environments without relying on manual processes that do not scale.

The SaaS delivery model supports this approach by enabling rapid deployment, continuous updates and lower operational overhead. Customers can begin assessing risk and reducing exposure quickly, while benefiting from ongoing improvements to detection models, automation workflows and new capabilities delivered through the platform.

As part of our strategic transition to SaaS, we have announced the end-of-life of our self-hosted products as of December 31, 2026.

Size of Our Market Opportunity

The International Data Corporation’s Global DataSphere Forecast, 2025-2029, predicts that over the next five years, data will grow at a compound annual growth rate of 25.4% to reach more than 527 zettabytes (or 527 trillion Gigabytes) by 2029. That data will include both structured and unstructured data, but unstructured data overwhelmingly dominates, accounting for approximately 90% of the data created each year. We expect this significant growth to continue creating a need for automation technologies to protect and manage data. We believe that the diverse coverage and functionality offered by our platform positions us well to capitalize on this powerful trend in the digital universe.

Growth Strategy

Our objective is to be the primary platform enterprises rely on to protect their most sensitive data. We believe the combination of accelerating data growth, expanding use of SaaS and cloud infrastructure, and the adoption of AI-driven systems creates a durable, long-term opportunity for automated data security. Our growth strategy is focused on scaling a unified platform that reduces data exposure, limits the impact of incidents and enables customers to operate securely as their environments become more complex.

Extend the Platform Through Innovation and Strategic Transactions. We intend to continue investing in product development to expand the capabilities of the Varonis Data Security Platform and address new use cases from changes in how data is created, accessed and used. Our platform architecture allows us to add coverage across additional data stores, cloud services and SaaS applications, as well as introduce new automation and response capabilities without requiring customers to deploy separate point solutions.

In addition to organic innovation, we selectively pursue strategic acquisitions that extend our platform or accelerate entry into adjacent markets where we believe automation and context provide a competitive advantage. We focus on technologies that can be integrated into our platform to enhance data visibility, reduce exposure and improve detection and response outcomes, including recent additions in database activity monitoring and email security. We believe this disciplined approach allows us to expand functionality while maintaining a unified operating model.

Grow Adoption Within Existing Customers. We believe our existing customer base represents a significant opportunity for continued growth. As customer environments evolve, data volumes increase and AI-driven workflows expand, organizations typically extend data security controls to additional systems and use cases. Our platform is designed to scale with customer needs, enabling broader adoption across data stores, applications and environments over time. Our renewal rate for the year ended December 31, 2025 continued to be over 90%,

We expect increased adoption to be driven by customers consolidating security capabilities onto a single platform. By delivering ongoing improvements through our platform and focusing on risk reduction outcomes, we aim to deepen customer relationships and maintain high renewal rates.

Acquire New Customers Through Platform-Led Expansion.. We continue to target new customers across industries and geographies that face growing data security, compliance and operational challenges. While our platform is built to support organizations of all sizes, we remain focused on larger enterprises that can benefit most from automation at scale.

Our go-to-market approach combines a global network of channel partners with a highly trained sales organization that engages customers through risk assessments and platform demonstrations. We believe this model creates efficiencies in customer acquisition while clearly articulating the value of reducing data exposure and limiting incident impact.

Scale SaaS, Automation, and Managed Services. The transition to a SaaS delivery model is central to our growth strategy. SaaS delivery enables faster deployment, continuous improvement and increased automation, while also supporting recurring revenue and operational leverage. It also provides the foundation for advanced capabilities including our MDDR offering, which delivers 24x7x365 monitoring and response backed by service-level commitments.

We believe demand for managed and automated security outcomes will continue to increase as organizations seek to operate securely with constrained internal resources. By combining platform automation with expert-led response, we aim to help customers reduce risk and simplify operations.

Expand Internationally and Establish Platform Leadership. We believe there is a significant opportunity to expand adoption of our platform internationally as data protection, privacy and security requirements become increasingly global. We continue to invest in international sales, marketing, and partner relationships to support this expansion.

We also work closely with leading cloud services providers, storage vendors and SaaS platforms to ensure compatibility and integration across the enterprise ecosystem. We believe these relationships, combined with our broad coverage and automation capabilities, position the Varonis Data Security Platform to become a standard foundation for enterprise data security.

Competition

The markets in which we operate are competitive and evolving. Enterprises address data security, privacy and threat detection through a combination of internal processes and software solutions, including point products designed to address specific use cases. While some vendors offer functionality that overlaps with individual components of our platform, we believe the competitive landscape is increasingly shaped by differences in approach, rather than by any single feature.

Many organizations have historically addressed data security through fragmented tools focused on visibility, classification or monitoring within isolated environments. We believe this approach is insufficient as data becomes more distributed across cloud services, SaaS applications, and on-premises systems, and as access is granted not only to users but also to services and automated agents. In this environment, the ability to understand data in context and reduce unnecessary access at scale becomes a critical differentiator.

We compete with a range of vendors that provide standalone or partially integrated solutions across areas such as data security posture management, data discovery and classification, data privacy, directory and identity security, and threat detection and response. We also face competition from broader security platforms that offer adjacent capabilities. In addition, large cloud providers and SaaS vendors continue to expand native security features within their platforms.

We believe our competitive position is strengthened by the breadth of environments we support and by our ability to deliver automated outcomes across data security, threat detection and response, and privacy and compliance within a single platform. Our approach is designed to reduce data exposure proactively, limit the potential impact of incidents and respond quickly when threats occur, rather than relying primarily on alerts and manual intervention.

As organizations increasingly adopt SaaS, cloud infrastructure, and AI-driven systems, we believe the limitations of manual, rules-based and alert-centric security models become more apparent. Solutions that depend heavily on customer configuration, tuning and ongoing human oversight may struggle to scale as environments grow in size and complexity. We believe automation will become an essential requirement for effective data security.

Competition in our markets is influenced by several factors including the effectiveness and reliability of solutions, the breadth of support environments, scalability, ease of deployment and the ability to deliver measurable risk reduction. We believe we compete favorably across these areas, however, some competitors may have greater resources, longer operating histories, broader brand recognition or deeper relationships with certain customers and partners, which could affect our ability to compete in specific situations.

As the market continues to evolve, we expect competition to increase as new vendors enter the space and existing providers expand their offerings. We believe our focus on platform consolidation, automation, and reducing data exposure positions us to compete effectively as customer requirements continue to change.

Products

Our products are delivered through our flagship Varonis Data Security Platform, a unified platform designed to protect enterprise data across cloud, SaaS and on-premises environments. With the introduction of our SaaS offering, we have simplified how customers use our capabilities by moving away from individually licensed modules and towards a platform-based model. This approach is intended to reduce complexity, accelerate adoption ,and enable customers to realize value from automation across multiple use cases.

Software-as-a-Service ("SaaS")

The Varonis Data Security Platform is offered as a SaaS solution and is sold as a platform license that includes a core set of integrated capabilities. We believe this delivery and licensing model reflects how customers increasingly prefer to consume security technology: as a continuously updated service that reduces operational overhead and supports automation at scale.

The Varonis Data Security Platform SaaS license includes capabilities designed to help customers understand their data exposure, reduce unnecessary access, and detect and respond to threats. These capabilities include:

•Varonis Data Security Platform. We know that customers who utilize a higher number of licenses see more value upfront through automation and synergy between modules. Therefore, we drastically simplified our subscription licensing under SaaS, combining five of our most popular licenses into a single Varonis Data Security Platform license. The Varonis Data Security Platform SaaS license includes new capabilities not available in our self-hosted product suite. Today, the Varonis Data Security Platform SaaS license includes:

◦Data security posture management ("DSPM"). Provides customers with real-time visibility of their data security posture across their multi-cloud and on-premises data, helps prioritize remediation efforts, and tracks progress over time.

◦Data access intelligence. Combines data sensitivity, permissions, and activity to show customers who has access to critical data (i.e., their data blast radius), how they got access, and whether access is necessary.

◦Data discovery & classification. Automatically and continuously scans the contents of files, folders, and other objects to determine sensitivity with a high degree of accuracy and precision.

◦Discovery policy library. A frequently updated library for identifying and classifying personal information specific to GDPR, CCPA, and US federal controlled unclassified information (CUI).

◦Least privilege automation. Automatically and continuously remediates excessive data access granted via shared links, direct permissions, and group memberships without manual effort and without impacting business continuity.

◦Data activity monitoring. Gives customers a real-time view into who is accessing data directly or through AI (such as copilots) via a normalized and enriched log of data-centric events such as create, open, read, move, modify, and delete. Varonis also tracks, among other things, permission changes, authentication events, password updates and shared link activity.

◦Data detection and response. Provides high-fidelity, data-centric alerts and automated response actions. Includes a web-based alerts dashboard and investigative interface, and seamlessly integrates with security information and event management systems (SIEM).

◦User & entity behavior analytics. Profiles users, agents and devices and their associated behaviors with respect to systems and data, detects and alerts on meaningful deviations that indicate compromise. New UEBA threat models are automatically delivered to customers to guard against evolving tactics used by cybercriminals, insiders and advanced persistent threats (APTs).

Customers select which environments to protect by purchasing “Protection Packages.” These packages allow customers to extend the platform across:

◦Microsoft 365. Includes support for SharePoint Online, OneDrive for Business, Microsoft Teams, and Entra ID (formerly known as Azure AD). Customers can purchase add-on support for Exchange Online, Microsoft 365 Copilot and ChatGPT Enterprise.

◦Windows & NAS. Includes support for Windows/CIFS-based file shares and NAS storage such as Nutanix, Nasuni, Panzura, Pure Storage, NetApp and Dell EMC. Customers can purchase add-on support for on-premises Active Directory, UNIX/Linux and Edge devices (VPN, DNS, proxy).

◦Hybrid. Combined support for the protected resources in the Microsoft 365 and Windows & NAS packages.

◦Cloud Environments. Protects data across SaaS applications and IaaS environments. The protected resources currently include Salesforce, AWS, Azure, Google Cloud, Google Workspace, Databricks, ServiceNow, Snowflake, Confluence, Slack, GitHub, Okta, Box, Jira, Zoom and databases.

We believe this packaging approach enables customers to scale coverage over time while maintaining a consistent operating model.

The SaaS platform also serves as the foundation for advanced capabilities that require persistent visibility and automation, including our MDDR offering. MDDR provides customers with continuous monitoring and response backed by defined service-level commitments and is available exclusively through our SaaS platform.

Database and Email Security Capabilities

In addition to our core platform functionality, we offer specialized capabilities that extend protection to additional high-risk areas.

•Varonis Database Activity Monitoring (“DAM”). Provides cloud-native monitoring and security for on-premises and cloud databases and is integrated with the broader platform to deliver consistent visibility, classification, and response.

•Varonis Interceptor. Provides best-of-breed phishing prevention and malicious link interception with multi-modal AI and URL sandboxing technologies, extending platform protection to email and collaboration channels. When combined with our MDDR solution, Varonis Interceptor detects and protects across data stores, applications, and communication channels.

On-Premises Subscription Products

Prior to the introduction of our SaaS offering, we sold our products primarily through self-hosted subscription licenses that allowed customers to deploy individual modules on-premises. These products used our core technology to provide visibility, classification, access governance and monitoring across enterprise data environments.

As part of our strategic transition to SaaS, we have announced the end-of-life of our on-premises subscriptions as of December 31, 2026. We expect customers to adopt our SaaS platform as the primary way to engage our capabilities going forward.

Customers

We serve a global customer base across more than 95 countries, supporting organizations that operate in different environments and face significant security, privacy and compliance requirements. Our customers span a wide range of industries, including financial services, public, healthcare, industrial, insurance, energy and utilities, technology, construction and engineering, education, and consumer and retail sectors.

Our platform is used by organizations ranging from small and mid-sized businesses to large multinational enterprises with hundreds of thousands of employees and petabytes of data. While our solutions are applicable across company sizes, a significant portion of our customer base consists of larger enterprises that benefit most from automation at scale and from a unified approach to data security.

We believe our customer relationships are durable and expand over time. As customer data volumes grow, environments become more distributed and AI-driven workflows are adopted, customers typically extend platform coverage to additional data stores, applications, and use cases. This expansion is supported by our platform-based model, continuous SaaS delivery and focus on reducing data exposure and operational burden.

Our customers include organizations that manage highly sensitive information, such as personal and financial data, intellectual property and regulated data. We believe our ability to deliver automated risk reduction, rapid detection and response, and measurable security outcomes, positions as a long-term partner rather than a point solution provider.

Services

Maintenance and Support of Subscription and Perpetual Licenses

Maintenance and support associated with a term license subscription is included in the Term license subscriptions revenue line of the statement of operations. Maintenance and support associated with past perpetual licenses is included in the Maintenance and services line of the statement of operations. These maintenance agreements provide customers the right to receive support and unspecified upgrades and enhancements when and if they become available during the maintenance period and access to our technical support services. Our renewal rate for 2025 continued to be over 90%. Due to the transition to a SaaS delivery model, we expect maintenance and support revenues related to term license subscriptions to decline, as we move closer to their end-of-life. Additionally, we do not expect perpetual license revenues in the future and, accordingly, we also expect the associated maintenance and support to decline.

We maintain a customer support organization that provides all levels of support to our customers. Our customers receive guaranteed response times, direct telephonic support and access to online support portals. Our customer support organization has global capabilities with expertise in both our software and complex IT environments and associated third-party infrastructure.

Sales and Marketing

Sales

We sell our products and services through a global network of resellers and distributors, which we refer to as our channel partners. These channel partners sell our products to end customers and play a key role in identifying opportunities, maintaining customer relationships and supporting deployment. Sales to channel partners are subject to our standard, non-exclusive channel partner agreements that are generally renewed annually and can be terminated by either party with notice.

Our channel model is complemented by a highly trained, professional sales organization that is responsible for market development, managing partner relationships and supporting customer engagements. Our sales teams work closely with channel partners to conduct platform demonstrations and risk assessments that help customers understand their data exposure and the value of reducing risk through automation. We believe this approach allows us to clearly articulate and show the value of our platform.

Marketing

Our marketing strategy is focused on building brand and product awareness of the Varonis Data Security Platform, educating the market on data risk and automation, and supporting customer adoption and expansion. We seek to communicate the business and security outcomes our platform delivers rather than emphasizing individual features or point solutions.

We execute our marketing programs through a combination of internal teams, external partners and channel collaboration. Our activities include brand and content marketing, demand generation, field marketing and partner marketing, customer education and public relations. We also engage with industry analysts, host customer and community events and provide educational resources such as webinars, training programs, and technical content.

We believe that sustained investment in thought leadership and education is important as data security requirements evolve, particularly in areas such as cloud adoption and AI-driven systems. Our marketing efforts are designed to support long-term platform adoption by helping customers and partners understand how to reduce data exposure and operate as environments grow more complex.

Research and Development

Our research and development efforts are focused on advancing the Varonis Data Security Platform by expanding coverage, increasing automation and improving our ability to reduce data exposure and respond to threats at scale. We invest in innovation that strengthens the platform’s core capabilities and allows it to adapt as enterprise data environments, threat models and regulatory requirements evolve.

We conduct the majority of our research and development activities in Israel, which we believe provides access to a highly skilled engineering workforce with deep expertise in security, data systems and large-scale software development. In

addition to organic development, we selectively pursue strategic acquisitions that bring specialized technologies and talent to the platform, accelerating innovation while maintaining a unified architecture.

We believe our sustained investment in research and development supports the long-term competitiveness of our platform and positions us to address emerging risks, including those introduced by new data types, cloud architecture and AI-driven systems.

Intellectual Property

We attempt to protect our technology and the related intellectual property under patent, trademark, copyright and trade secret laws, confidentiality procedures and contractual provisions. No single intellectual property right is solely responsible for protecting our products. The nature and extent of legal protection of our intellectual property rights depends on, among other things, its type and the jurisdiction in which it arises. As of December 31, 2025, we had 116 issued patents and 63 pending patent applications in the United States. Our issued U.S. patents expire between 2026 and 2043. We also had 95 patents issued and 79 applications pending for examination in non-U.S. jurisdictions, and 31 pending Patent Cooperation Treaty (“PCT”) patent applications, all of which are counterparts of our U.S. patent applications. The claims for which we have sought patent protection relate primarily to inventions we have developed for incorporation into our products.

In addition to patented technology, we rely on our unpatented proprietary technology and trade secrets. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors and customers and generally limit internal and external access to, and distribution of, our proprietary information and proprietary technology through certain procedural safeguards. We also rely on invention assignment agreements with our employees, consultants and others, to assign to the Company all inventions developed by such individuals in the course of their engagement with the Company.

Moreover, we have registered the “Varonis” name and logo and “DatAdvantage,” “DataPrivilege,” “DatAlert,” and other names in the United States and, as related to some of these names, certain other countries.

In addition to Company-owned intellectual property, we license software from third parties for integration into our solution, including open-source software and other software available on commercially reasonable terms. It may be necessary in the future to seek or renew licenses relating to various aspects of our products, processes and services. While we have generally been able to obtain such licenses on commercially reasonable terms in the past, such third parties may not continue to maintain such software or continue to make it available to us.

Seasonality

See Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Seasonality and Quarterly Trends.”

Employees and Human Capital Resources

As of December 31, 2025, we had 2,658 employees and independent contractors who developed, marketed, sold and supported our technology solutions, including 1,139 in the United States, 916 in Israel and 603 in other countries.

We understand that our innovation leadership is ultimately rooted in our people. Competition for qualified personnel in the technology space is intense, and our success depends in large part on our ability to recruit, develop and retain a productive and engaged workforce. Accordingly, investing in our employees and their well-being, offering competitive compensation and benefits, promoting diversity and inclusion, adopting effective human capital management practices and community outreach constitute core elements of our corporate strategy.

•Offer Competitive Compensation and Benefits. We strive to ensure that our employees receive competitive and fair compensation and innovative benefit offerings, tying incentive compensation to both business and individual performance, offering competitive maternal and paternal leave policies, providing meaningful retirement and health benefits and maintaining an employee stock purchase plan.

•Support Employee Well-being and Engagement. We support the overall well-being of our employees from a physical, emotional, financial and social perspective. Our global well-being programs include a long-standing practice of remote working arrangements, flexible paid time off, life planning benefits, wellness platforms and employee assistance. In addition, we ensure ongoing check-ins with employees by HR and managers to provide additional channels of support. We also regularly seek input from employees, including through broad employee satisfaction and pulse surveys on

specific issues, intended to assess our degree of success in promoting an environment where employees are engaged, satisfied, productive and possess a strong understanding of our business goals.

•Promote Sense of Belonging. We conduct code of conduct trainings with employees and managers to share our views on the importance of respecting all individuals and creating a culture where everyone feels they belong. We have Employee Resource Groups, led by our employees, designed to foster connection, understanding and support. Our customers are located in over 95 countries and our global workforce operates across cultures, functions, language barriers and time zones to provide them dedicated and ongoing support.

•Provide Programs for Employee Recognition. We offer rewards and recognition programs to our employees, including awards to recognize employees who best exemplify our values and spot awards to recognize employee contributions. We believe that these recognition programs help drive strong employee performance. We conduct semi-annual employee performance reviews, where each employee is evaluated by their personal manager and also conducts a self-assessment, a process which empowers our employees. Employee performance is assessed based on a variety of key performance metrics, including the achievement of objectives specific to the employee’s department or role. Employees have access to an internal platform to recognize their peers based on their professional and socially responsible contributions to the Company.

•Create Opportunities for Growth and Development. We focus on creating opportunities for employee growth, development, training and education, including opportunities to cultivate talent and identify candidates for new roles from within the company, as well as management and leadership development programs. Employee training and education includes online certification, in person certification and new hire training bootcamps. We also conduct manager training programs on an annual basis, which include in-depth managerial and coaching skills, as well as tailored feedback. We have established an internal mentoring program in which seasoned employees' mentor new managers based on defined goals.

•Promote Community Outreach and Support. We believe it is important to give back and promote community outreach and support through corporate giving and employee volunteerism in the communities in which we live and work. We partner with several organizations providing life skills trainings, coding and basic IT skills, financial literacy and more. All programs are led by our employees on a volunteering basis. We also provide corporate matching of employee charitable donations and flexible volunteering during work time, letting our employees know that we support the charitable efforts that matter to them.

Available Information

Our website is located at www.varonis.com, and our investor relations website is located at https://ir.varonis.com. The information posted on our website is not incorporated into this Annual Report on Form 10-K. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Exchange Act are available free of charge on our investor relations website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (the “SEC"). You may also access all of our public filings through the SEC’s website at www.sec.gov.

Investors and other interested parties should note that we use our media and investor relations website and our social media channels to publish important information about us, including information that may be deemed material to investors. We encourage investors and other interested parties to review the information we may publish through our media and investor relations website and the social media channels listed on our media and investor relations website, in addition to our SEC filings, press releases, conference calls and webcasts.

Item  1A. Risk Factors

Investing in our securities involves risk. You should carefully consider the following risks and all other information contained herein, including our consolidated financial statements and the related notes thereto. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks materialize, our business, financial condition and results of operations could be materially harmed.

Risks Related to the Industry in which we Operate

The market for software that analyzes, secures, governs, manages and migrates enterprise data may not continue to grow or grow at the same pace.

We believe our future success depends in large part on the continued growth of the market for software that enables enterprises to analyze, secure, govern, manage and migrate their data. In order for us to market and sell our products, we must successfully demonstrate to enterprise IT, security and business personnel the risk of their valuable data getting compromised or stolen and the effectiveness of our products to mitigate these risks. Despite a number of high-profile cyberattacks around the world, we must still persuade customers to devote a portion of their budgets to a unified platform that we offer to analyze, secure, govern, manage and extract value from this resource. Enterprises may not recognize the need for our products or, if they do, may not decide that they need a solution that offers the range of functionalities that we offer. The market for our solution may not continue to grow at its current rate or at all and the failure of the market to continue to develop would materially adversely impact our results of operations.

Prolonged economic uncertainties or downturns could materially adversely affect our business.

Our business depends on our current and prospective customers’ ability and willingness to invest in IT services, including cybersecurity projects, which in turn is dependent upon their overall economic health. Negative conditions in the general economy both in the United States and abroad, including inflationary pressure, currency fluctuations and a higher interest rate environment, changes in gross domestic product growth, instability in connection with political elections, potential future government shutdowns, the federal government’s failure to raise the debt ceiling, financial and credit market fluctuations, the imposition of trade barriers and restrictions such as tariffs, including tariffs implemented around the world by the United States or other countries, political deadlock, restrictions on travel, natural catastrophes, warfare and terrorist attacks, could cause a decrease in business investments, including corporate spending on enterprise software in general and negatively affect the rate of growth of our business. For example, our operations, and the operations of our customers and partners, were affected by geopolitical turmoil and sanctions caused by the war between Russia and Ukraine, and the COVID-19 pandemic and efforts to control its spread, including by mandatory business closures and capacity limitations imposed by the jurisdictions in which we operate. Similar events and restrictions in the future could negatively affect our business.

Uncertainty in the global economy makes it extremely difficult for our customers and us to forecast and plan future business activities accurately. This could cause our customers to reevaluate decisions to purchase our product or to delay their purchasing decisions, which could lengthen our sales cycles and negatively impact our results. In recent years, the European economy experienced economic turmoil that caused the devaluation of local European currencies (specifically, the Euro and the Pound Sterling), inflationary pressures and general economic uncertainty. As a result, there has been, and may in the future be, budgetary tightening and longer sales cycles in the region which may negatively impact our results of operations. In addition, the imposition of tariffs, such as those implemented by the United States or other countries in 2025, may materially impact business performance for companies operating around the world and may cause budgetary tightening and longer sales cycles for companies in those impacted countries. The United States could also experience a sustained period of elevated inflation, which may put pressure on discretionary spending by our customers, and a lengthening of our sales cycle in the region, which could negatively impact our results.

A downturn in any of our leading industries, or a reduction in any revenue-generating vertical, may cause enterprises to react to worsening conditions by reducing their spending on IT. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. In addition, consolidation in certain industries may result in reduced spending on our software. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our business, results of operations and financial condition could be adversely affected.

Overall economic uncertainty may in the future give rise to a number of risks, including, but not limited to, the following:

• reduced economic activity could lead to a prolonged recession, which could negatively impact spending by our customers or the ability of customers to pay for our services;

• not meeting expectations with respect to certain key performance metrics, such as renewal rates and annual recurring revenues;

• our ability to enter into new markets and to acquire new customers;

• an increase in bad debt reserves as customers face economic hardship and collectability becomes more uncertain, including the risk of bankruptcies;

• variability with forward-looking guidance and financial results, including management’s accounting estimates and assumptions; and

• our ability to raise capital.

The challenges posed by and the full impact of negative conditions in the general economy on our business and our future performance are difficult to predict and there is a risk that any guidance we provide to the market may turn out to be incorrect.

We may face increased competition in our market.

Data security is a rapidly growing and evolving market, driven by increasing regulatory demands, the proliferation of data across hybrid environments, the rising sophistication of cyber threats and increasing AI usage, which increases the need for data security. As a result, the market is attracting investment from both established players and emerging innovators, which is driving increased awareness for the need to secure data, increasing the size of the data security market and intensifying the competitive landscape. Over time, we have strategically made investments in our platform to better serve our customers and also address new use cases, which has grown our market opportunity and also brought us into more competitive discussions.

While there are some companies which offer certain features similar to those embedded in our solutions, and others with whom we compete in certain tactical use cases, we believe that no single competitor delivers the same automated outcomes on the number of platforms and applications that we support. However, we do face competition from a select group of software vendors that provide standalone solutions similar to those features embedded in our comprehensive platform, particularly in the markets we serve. We also face direct competition in specific use cases, specifically DSPM, data discovery and classification, privacy, data migration, data subject access requests and Active Directory security. As we continue to augment our functionality with AI security, insider threat detection and user behavior analytics and as we expand our classification capabilities to better serve compliance needs, such as General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA") and other data privacy laws, we may face increased perceived and real competition from other security and classification technologies. Our growing presence in the cloud data security market and our broader product coverage are also placing us in more direct competition with companies focused on discovery and classification. As customer requirements evolve and new technologies emerge, we face heightened competition from companies—both established and emerging—that develop solutions targeting the enterprise data market.

In particular, if a more established company were to target our market, we may face significant competition. They may have competitive advantages, such as greater name recognition, larger sales, marketing, research and acquisition resources, access to larger customer bases and channel partners, a longer operating history and lower labor and development costs, which may enable them to respond more quickly to new or emerging technologies and changes in customer requirements or devote greater resources to the development, promotion and sale of their products than we do. Increased competition could result in us failing to attract customers or maintain licenses at the same rate. It could also lead to price cuts, alternative pricing structures or the introduction of products available for free or a nominal price, reduced gross margins, longer sales cycles, lower renewal rates and loss of market share.

In addition, our current or prospective channel partners may establish cooperative relationships with future competitors. These relationships may allow future competitors to rapidly gain significant market share. These developments could also limit our ability to obtain revenues from existing and new customers.

Our ability to compete successfully in our market will also depend on a number of factors, including ease and speed of product deployment and use, the quality and reliability of our customer service and support, total cost of ownership, return on investment and brand recognition. Any failure by us to successfully address current or future competition in any one of these or other areas may reduce the demand for our products and adversely affect our business, results of operations and financial condition.

Lastly, at times, we engage in discussions and collaborations with other technology companies, including companies that offer security‑related products, regarding potential partnerships, integrations, or commercial relationships. While these discussions are intended to expand our ecosystem and market reach, they may involve the sharing of information about our products, strategy, and potential future development plans. Even where appropriate confidentiality measures are in place, these counterparties may use knowledge gained through such interactions to inform their own product development, roadmap decisions, or competitive strategies, including in ways that increase competition with us. As a result, our efforts to pursue partnerships could accelerate the development of competing offerings or otherwise adversely affect our competitive position.

We are subject to a number of legal requirements, contractual obligations and industry standards regarding security, data protection and privacy, and any failure to comply with these requirements, obligations or standards could have an adverse effect on our reputation, business, financial condition and operating results.

Privacy and data protection laws in the United States and internationally are rapidly evolving and remain subject to uncertainty. U.S. federal, state, and foreign authorities have enacted, and continue to consider, laws governing the collection, use,

disclosure, storage, and security of personal information. In the United States, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) impose significant obligations on businesses and grant consumers enhanced rights, such as the ability to opt out of certain sales of personal information. In 2025, additional comprehensive privacy laws took effect in Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, and Maryland, and further state privacy laws are scheduled to take effect in 2026, including in Indiana, Kentucky, and Rhode Island. Collectively, these frameworks generally require detailed disclosures, honoring consumer rights, and implementing robust data protection safeguards, and they expand the patchwork of compliance obligations across the United States.

Internationally, nearly every jurisdiction where we operate has established its own privacy and data security framework, often more restrictive than U.S. laws, governing the collection, use, storage, disclosure, and protection of data that identifies or could identify an individual (for example, names, email addresses, and, in some jurisdictions, IP addresses). The European Union’s General Data Protection Regulation (GDPR) imposes stringent obligations, and the United Kingdom has implemented similar legislation. In 2025, the United Kingdom enacted the Data (Use and Access) Act 2025, which amends the UK GDPR regime, including targeted changes related to automated decision‑making, cookies, recognized legitimate interests, regulator powers, and international transfers. In December 2025, the European Commission renewed its UK adequacy decisions (subject to review), supporting continued data flows between the UK and the EEA.

Cross‑border data transfers from the European Economic Area and the UK to the United States rely on mechanisms such as standard contractual clauses, the UK’s International Data Transfer Agreement (or Addendum), and the EU–U.S. Data Privacy Framework (including its UK extension). In September 2025, the European General Court upheld the validity of the EU–U.S. Data Privacy Framework, providing near‑term stability for organizations that self‑certify to the framework; however, challenges and appeals remain possible, and the transfer landscape continues to evolve. Compliance with GDPR, the UK regime as amended by the Data (Use and Access) Act 2025, and other international privacy laws may require significant operational changes and costs, while non‑compliance could result in substantial fines, litigation, and reputational harm, adversely affecting our business, financial condition, and results of operations.

Certain U.S. and international laws also require companies to notify individuals of security breaches involving personal information, whether caused by us or our service providers. Despite contractual protections, a breach could harm our reputation, erode customer trust, reduce sales, lead to customer loss, and expose us to liability or significant remediation costs. Beyond government regulation, privacy advocates and industry groups may introduce new self‑regulatory standards that could apply to us. We also anticipate continued legislative and regulatory developments in privacy, data protection, and information security, the impact of which remains uncertain. New laws, amendments, or reinterpretations of existing requirements—as well as evolving industry standards and contractual obligations—may increase compliance costs and restrict our operations. Because interpretation and enforcement of these requirements are uncertain, they may conflict with our current practices or product features. If so, we could face fines, litigation, or be required to make fundamental changes to our business or software, which may not be commercially feasible and could limit our ability to innovate. Failure to adequately address privacy concerns—whether valid or perceived—or to comply with applicable requirements could result in additional costs, liability, reputational harm, inhibited sales, and other adverse effects on our business.

Furthermore, compliance costs and other burdens imposed by privacy and data protection laws applicable to our customers may increase the cost of using our products, limit their adoption, and reduce overall demand. In addition, privacy and personal information security concerns—whether well‑founded or not—may discourage market acceptance of our products, particularly in certain industries and international markets.

Risks Related to Our Operations

Security breaches, cyberattacks or other cyber-risks of our IT and production systems could expose us to significant liability and cause our business and reputation to suffer and harm our competitive position.

Our corporate infrastructure stores and processes our sensitive, proprietary and other confidential information (including as related to financial, technology, employees, marketing, sales, etc.) which is used on a daily basis in our operations. In addition, our software involves transmission and processing of our customers’ confidential, proprietary and sensitive information. We have legal and contractual obligations to protect the confidentiality and appropriate use of customer data. As a leader in the cyber industry, we may be an attractive target for cyber attackers or other data thieves.

High-profile cyberattacks and security breaches have increased in recent years, with the potential for such acts heightened as a result of the number of employees working remotely due to many companies adopting a hybrid working model. Security industry experts and government officials have warned about the risks of hackers and cyberattacks targeting IT products and

enterprise infrastructure. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and often are not recognized until launched against a specific target, we may be unable to anticipate these techniques or to implement adequate preventative measures. As we continue to increase our client base and expand our brand, we may become more of a target for third parties seeking to compromise our security systems and we anticipate that hacking attempts and cyberattacks will increase in the future. We may not always be successful in preventing or repelling unauthorized access to our systems. We also may face delays in our ability to identify or otherwise respond to any cybersecurity incident or any other breach. Additionally, we use third-party service providers to provide some services to us that involve the cloud hosting, storage or transmission of data, such as SaaS, cloud computing, and internet infrastructure and bandwidth, and they face various cybersecurity threats and also may suffer cybersecurity incidents or other security breaches. Despite our security measures, our IT and infrastructure may be vulnerable to attacks. Threats to IT security can take a variety of forms. Individual and groups of hackers and sophisticated organizations, including state-sponsored organizations or nation-states, continuously undertake attacks that pose threats to our customers and our IT. These actors may use a wide variety of methods, which may include developing and deploying malicious software or exploiting vulnerabilities in hardware, software, or other infrastructure in order to attack our products and services or gain access to our networks, using social engineering techniques to induce our employees, users, partners, or customers to disclose passwords or other sensitive information or take other actions to gain access to our data or our users’ or customers’ data, or acting in a coordinated manner to launch distributed denial of service or other coordinated attacks. Inadequate account security practices may also result in unauthorized access to confidential and/or sensitive data or loss of SaaS platform availability.

Security risks, including, but not limited to, unauthorized use or disclosure of customer data, loss of availability of our SaaS platform offering, cyberattack on our cloud providers, theft of proprietary information, theft of intellectual property, theft of internal employee’s PII/PHI information, theft of financial data and financial reports, loss or corruption of customer data and computer hacking attacks or other cyberattacks, could require us to expend significant capital and other resources to alleviate the problem and to improve technologies, may impair our ability to provide services to our customers and protect the privacy of their data, may result in product development delays, may compromise confidential or technical business information, may harm our competitive position, may result in theft or misuse of our intellectual property or other assets and could expose us to substantial litigation expenses and damages, indemnity and other contractual obligations, government fines and penalties, mitigation expenses, costs for remediation and incentives offered to affected parties, including customers, other business partners and employees, in an effort to maintain business relationships after a breach or other incident, and other liabilities. We are continuously working to improve our IT systems, together with creating security boundaries around our critical and sensitive assets. We provide advanced security awareness training to our employees and contractors that focuses on various aspects of the cybersecurity world. All of these steps are taken in order to mitigate the risk of attack and to ensure our readiness to responsibly handle any security violation or attack. If an actual or perceived breach of our security occurs, the market perception of the effectiveness of our security measures and our products could be harmed, we could lose potential sales and existing customers, our ability to operate our business could be impaired, we may incur significant liabilities, we could suffer harm to our reputation and competitive position, and our operating results could be negatively impacted.

The expansion of cloud-delivered services introduces a number of risks and uncertainties, which could adversely affect our business, results of operations and financial condition.

The launch of our cloud offerings that allow customers to use hosted software required, and any future expansion of our cloud-delivered services may require, a considerable investment in resources, including technical, financial, legal, sales, information technology and operation systems. Additionally, market acceptance of such offerings is affected by a variety of factors, including but not limited to: security, reliability, scalability, customization, performance, current license terms, customer preference, customer concerns with entrusting a third-party to store and manage their data, public concerns regarding privacy and the enactment of restrictive laws or regulations. It is possible that demand for our cloud offerings may not continue to be as strong as it has been to date. Moreover, expansion of our cloud offerings may cause a decline in revenue of our existing products and services that is not offset by revenue from the new products or services. For example, customers may delay making purchases of products and services to permit them to make a more thorough evaluation of these new products and services or until industry and marketplace reviews become widely available. We may be unable to realize the benefits of our investments or the resources we have committed to expanding our cloud-delivered services.

An increasing number of jurisdictions are imposing data localization laws, which require personal information, or certain subcategories of personal information, to be stored in the jurisdiction of origin. These regulations may deter customers from using cloud-based services, and may inhibit our ability to expand into certain markets or prohibit us from continuing to offer services in those markets without significant additional costs.

Our hosted offerings rely upon third-party providers to supply data center space, equipment maintenance and other colocation services and rely upon the ability of those providers to maintain continuous service availability and protect customer data on

their services. Customers of our cloud-based offerings need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service level commitments with respect to uptime. Third-party cloud providers run their own platforms that we access, and we are, therefore, vulnerable to their service interruptions. Although we have entered into various agreements for the lease of data center space, equipment maintenance and other services, third parties could fail to live up to their contractual obligations. The failure of a third-party provider to prevent service disruptions, data losses or security breaches may require us to issue credits or refunds or indemnify or otherwise be liable to customers or third parties for damages that may occur, and contractual provisions with our third-party providers and public cloud partners may limit our recourse against the third-party provider or public cloud partner responsible for such failure. Additionally, if these third-party providers fail to deliver on their obligations, our reputation could be damaged, our customers could lose confidence in us, and our ability to maintain and expand our hosted offerings would be impaired. Lastly, our cloud product offering and pricing is new and hosting and other costs may be more expensive to us than anticipated.

We may not be able to predict renewal or conversion rates and their impact on our future revenues and operating results.

Although our solutions are designed to increase the number of customers that purchase our products and the number of products purchased by existing and new customers to create a recurring revenue stream that increases and is more predictable over time, our customers are not required to renew their subscriptions for our solutions and they may elect not to renew when, or as we expect, or they may elect to reduce the scope of their original purchases or delay their purchase. We cannot accurately predict renewal or conversion rates given our varied customer base of enterprise and small and medium size business customers and the number of multiyear contracts. Customer renewal or conversion rates may decline or fluctuate due to a number of factors, including offering pricing, competitive offerings, customer satisfaction and reductions in customer spending levels or customer activity due to economic downturns, the adverse impact of import tariffs, inflation or other market uncertainty. If our customers do not renew their contracts when or as we expect, or if they choose to renew for fewer products or renew for shorter contract lengths or if they renew on less favorable terms, our revenues and earnings may decline, and our business may suffer. Further, we plan to end-of-life our self-hosted business as of December 31, 2026, which we expect to increase the uncertainty with our remaining term license customers going forward. This may result in a decline in revenues and cause revenues to be more difficult to predict for a period of time. We may occasionally inform customers that products or services will be reaching their end-of-life and will no longer be supported or receive updates or security patches. Failure to effectively manage this process could lead to customer dissatisfaction and contractual liabilities, which could adversely affect our business and operating results.

Our quarterly results of operations have fluctuated and may fluctuate significantly due to variability in our revenues which could adversely impact our stock price.

Our revenues and other results of operations have fluctuated from quarter to quarter in the past and could continue to fluctuate in the future. Historically, the fluctuation was partially due to the front-loaded revenue recognition nature of our business. Additionally, the Company has converted the significant majority of its customers to a SaaS delivery model that recognizes revenue ratably and not up front. However, there are still a number of term license subscriptions remaining to be converted and, as a result, we may present reduced revenues as compared to prior periods, and comparing our revenues and results of operations on a period-to-period basis may not be meaningful and should not be relied on for any particular period. Our revenues depend in part on the conversion of enterprises that have undergone risk assessments into paying customers; however, these risk assessments may not be converted at the same historical rates or at all. At the same time, the majority of our sales are typically made during the last three weeks of every quarter. We may fail to meet market expectations for that quarter if we are unable to close the number of transactions that we expect during this short period and closings are deferred to a subsequent quarter or not closed at all. The closing of a large transaction in a particular quarter may raise our revenues in that quarter and thereby make it more difficult for us to meet market expectations in subsequent quarters and our failure to close a large transaction in a particular quarter or any renewals may adversely impact our revenues in that quarter. In addition, our sales cycle from initial contact to delivery of and payment for the software license generally becomes longer and less predictable with respect to large transactions and often involves multiple meetings or consultations at a substantial cost and time commitment to us. Further, we have been focusing on the conversion of our current OPS customers to our SaaS platform and the sales cycle of such conversions can and may continue to take longer than the acquisition of new customers. Moreover, we base our current and future expense levels on our revenue forecasts and operating plans, and our expenses are relatively fixed in the short-term. Accordingly, we would likely not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues and even a relatively small decrease in revenues could disproportionately and adversely affect our financial results for that quarter.

The variability and unpredictability of these and other factors, many of which are outside of our control, could result in our failing to meet or exceed financial expectations for a given period and may cause the price of our common stock to decline substantially.

If we do not successfully optimize and manage our predominantly SaaS‑based business model, or if the remaining transition away from self‑hosted products fails to progress as expected, our results of operations could be negatively impacted.

As our business is now substantially SaaS‑focused, our future performance depends heavily on our ability to effectively operate, scale, and continuously improve our SaaS offerings. Although customer adoption of our SaaS solutions has increased significantly, uncertainties remain regarding whether and when our remaining self‑hosted customers will convert and the degree to which our SaaS offerings will continue to meet evolving customer expectations for functionality, reliability, security, and value.

This SaaS strategy continues to pose a number of risks, including the following:

•our revenues and operating margins may fluctuate more than anticipated as our business model relies increasingly on subscription revenues, which may be more sensitive to renewal rates, customer usage patterns, and macroeconomic conditions;

•the remaining self‑hosted customer base may convert more slowly than projected, or certain customers may choose not to transition at all, which could reduce expected growth or require continuing investment in legacy offerings;

•customers may continue to express concerns related to long‑term pricing, data access, data residency, or vendor lock‑in, which could affect new subscription sales or renewal rates;

•we may be unsuccessful in maintaining or adjusting our pricing models, product tiers, or packaging strategies, or such changes may adversely affect customer adoption, demand, or earnings;

•if our customers do not renew their subscriptions, reduce usage, or delay renewal decisions, our revenues may decline and our business and operating results may suffer;

•our hosting, infrastructure, or third‑party cloud costs may exceed forecasts, or our SaaS platform may not scale or operate as efficiently as anticipated, negatively affecting gross margins;

•we may incur higher than expected sales compensation expenses if the pace of remaining conversions or new SaaS sales varies from forecasted levels; and

•our sales force and customer facing teams may face ongoing challenges with selling and supporting SaaS solutions, which may lead to productivity issues, increased turnover, or the need for additional training and investment.

If we fail to effectively manage or optimize our SaaS‑focused operating model, or if customer adoption, retention, or conversion does not continue at expected levels, our revenues, margins, and overall results of operations could suffer.

Our results of operations could be negatively affected by foreign currency exposures.

Our functional and reporting currency is the U.S. dollar. While the majority of our revenues and expenses are denominated in U.S. dollars, we also generate revenues and incur operating expenses in foreign currencies, primarily the Euro, British Pound, Canadian dollar, Australian dollar, Singapore dollar and New Israeli Shekel. As a result, our operating results are exposed to movements in foreign currency exchange rates.

Exchange rates between the U.S. dollar and foreign currencies have been volatile in recent years. In addition, based on our current geographic revenue mix, cost structure and expected growth profile, even if foreign exchange rates remain at or near current levels, we expect to experience foreign currency‑related headwinds in future periods, which could adversely affect our reported revenues, operating margins and results of operations.

A strengthening of the U.S. dollar relative to foreign currencies may increase the local‑currency cost of our software and renewals for customers outside the United States and may adversely affect demand, pricing, renewal rates and revenue growth. At the same time, a weakening of the U.S. dollar against currencies in which we incur expenses would increase the U.S. dollar equivalent of those costs, including employee compensation and other operating expenses at our non‑U.S. locations, which could negatively impact operating margins and increase compensation pressure in those regions.

We use foreign currency forward contracts to hedge a portion of our exposure to foreign‑currency‑denominated revenues and operating expenses. These hedging activities may not fully offset the impact of current or future exchange rate movements and involve costs and risks, including cash requirements, management time and resources, external implementation costs, potential accounting impacts and the risk of losses resulting from volatility in foreign currency markets or differences between the exchange rates of the currencies being hedged. As a result, our results of operations and financial condition may be adversely affected by foreign exchange rate movements even if exchange rates remain stable.

We have been growing and expect to continue to invest in our growth for the foreseeable future. If we fail to manage this growth effectively, our business and results of operations will be adversely affected.

We intend to continue to grow our business and plan to continue to hire new sales employees either for expansion or replacement of existing sales personnel. If we cannot adequately and timely hire new employees and if we fail to adequately train these new employees, including our sales force, engineers and customer support staff, our sales may not grow at the rates we project and/or our sales productivity might suffer, our customers might decide not to renew or reduce the scope of their original purchases, or our customers may lose confidence in the knowledge and capability of our employees or products. We must successfully manage our growth to achieve our objectives. Although our business has experienced significant growth in the past, we may not be able to continue to grow at the same rate, or at all.

Our ability to effectively manage any significant growth of our business will depend on a number of factors, including our ability to do the following:

• satisfy existing customers and attract new customers;

• adequately and timely recruit, train, motivate and integrate new employees, including our sales force and engineers, while retaining existing employees, maintaining the beneficial aspects of our corporate culture and effectively executing our business plan;

• successfully introduce new products and enhancements;

• effectively manage existing channel partnerships and expand to new ones;

• improve our key business applications and processes to support our business needs;

• enhance information and communication systems to ensure that our employees and offices around the world are well-coordinated and can effectively communicate with each other and our growing customer base;

• enhance our internal controls to ensure timely and accurate reporting of all of our operations and financial results;

• protect and further develop our strategic assets, including our intellectual property rights;

• continue to capitalize on the transition to a SaaS delivery model; and

• successfully manage and integrate any future acquisitions of businesses, including without limitation, the amount and timing of expenses and potential future charges for impairment of goodwill from acquired companies.

These activities will require significant investments and allocation of valuable management and employee resources, and our growth will continue to place significant demands on our management and our operational and financial infrastructure. We may not be able to grow our business in an efficient or timely manner, or at all. Moreover, if we do not effectively manage the growth of our business and operations, the quality of our software could suffer, which could negatively affect our brand, results of operations and overall business.

We have a limited operating history at our current scale, which makes it difficult to evaluate and predict our future prospects and may increase the risk that we will not be successful.

We have a relatively short history operating our business at its current scale. For example, we have increased the number of our employees and have expanded our operations and product offerings. This limits our ability to forecast our future operating results and subjects us to a number of uncertainties, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and uncertainties frequently experienced by growing companies in new markets that may not develop as expected. Because we depend in part on the market’s acceptance of our products, it is difficult to evaluate trends that may affect our business. If our assumptions regarding these trends and uncertainties, which we use to plan our business, are incorrect or change in reaction to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations and our business could suffer. Moreover, although we have experienced significant growth historically, we may not continue to grow as quickly, or at all, in the future.

Our future success will depend in large part on our ability to, among other things:

• convert our remaining self-hosted customers to our SaaS delivery model;

•manage our introduction of cloud-based solutions;

• maintain and expand our business, including our customer base and operations, to support our growth, both domestically and internationally;

• develop new products and services and bring products and services in beta to market;

• renew customer agreements and sell additional products to existing customers;

• maintain high customer satisfaction and ensure quality and timely releases of our products and product enhancements;

• increase market awareness of our products and enhance our brand;

• maintain compliance with applicable governmental regulations and other legal obligations, including those related to intellectual property, international sales and taxation;

• hire, integrate, train and retain skilled talent, including members of our sales force and engineers; and

• our ability to successfully manage and integrate any acquisitions of businesses.

If we fail to address the risks and difficulties that we face, including those associated with the challenges listed above as well as those described elsewhere in this “Risk Factors” section, our business will be adversely affected, and our results of operations will suffer.

If we are unable to attract new customers and expand sales to existing customers, both domestically and internationally, our growth could be slower than we expect, and our business may be harmed.

Our success will depend, in part, on our ability to support new and existing customer growth and maintain customer satisfaction. Our sales and marketing teams host in-person events and engage with customers online and through other communications channels, including virtual meetings. Our sales and marketing teams may not be as successful or effective in building relationships. If we cannot provide the tools and training to our teams to efficiently do their jobs and satisfy customer demands, we may not be able to achieve anticipated revenue growth as quickly as expected.

Our future growth depends upon expanding sales of our products to existing customers and their organizations and receiving renewals. If our customers do not purchase additional products or capabilities, our revenues may grow more slowly than expected, may not grow at all or may decline. Our efforts may not result in increased sales to existing customers (“upsells”) and additional revenues. If our efforts to upsell to our customers are not successful, our business would suffer.

Our future growth also depends in part upon increasing our customer base, particularly those customers with potentially high customer lifetime values. Our ability to achieve significant growth in revenues in the future will depend, in large part, upon the effectiveness of our sales and marketing efforts, both domestically and internationally, and our ability to attract new customers. Our ability to attract new customers may be adversely affected by newly enacted laws that may prohibit certain sales and marketing activities, such as legislation passed in the State of New York, pursuant to which unsolicited telemarketing sales calls are prohibited. If we fail to attract new customers and maintain and expand those customer relationships, our revenues may be adversely affected, and our business will be harmed.

We have a history of losses, and we may not be profitable in the future.

We have incurred net losses in each year since our inception, including a net loss of $129.3 million, $95.8 million and $100.9 million in each of the years ended December 31, 2025, 2024 and 2023, respectively. Because the market for our software is rapidly evolving and has still not yet reached widespread adoption, it is difficult for us to predict our future results of operations. We expect our operating expenses to increase over the next several years as we hire additional personnel, expand and improve the effectiveness of our distribution channels, and continue to develop features and applications for our software.

If we are unable to maintain successful relationships with our channel partners, our business could be adversely affected.

We rely on channel partners, such as distribution partners and resellers, to sell the Varonis Data Security Platform. In 2024 and 2025, our channel partners fulfilled substantially all of our sales, and we expect that sales to channel partners will continue to account for substantially all of our revenues for the foreseeable future. Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our channel partners.

Our agreements with our channel partners are generally non-exclusive, meaning our channel partners may offer customers the products of several different companies. If our channel partners do not effectively market and sell our software, choose to use greater efforts to market and sell their own products or those of others, or fail to meet the needs of our customers, our ability to grow our business, sell our software and maintain our reputation may be adversely affected. Our contracts with our channel partners generally allow them to terminate their agreements for any reason upon 30 days’ notice. A termination of the agreement has no effect on orders already placed. The loss of a substantial number of our channel partners, our possible inability to replace them, or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If we are unable to maintain our relationships with these channel partners, our business, results of operations, financial condition or cash flows could be adversely affected.

Finally, even if we are successful, our relationships with channel partners may not result in greater customer usage of our products or increased revenue.

Our long-term growth depends, in part, on being able to continue to expand internationally on a profitable basis, which subjects us to risks associated with conducting international operations.

Historically, we have generated the majority of our revenues from customers in the United States. For the years ended December 31, 2025 and 2024, approximately 71% and 73%, respectively, of our total revenues were derived from sales in the

United States. Nevertheless, we have operations across the globe, and we plan to continue to expand our international operations as part of our long-term growth strategy. The further expansion of our international operations will subject us to a variety of risks and challenges, including:

• sales and customer service challenges associated with operating in different countries;

• increased management travel, infrastructure and legal compliance costs associated with having multiple international operations;

• difficulties in receiving payments from different geographies, including difficulties associated with currency fluctuations, payment cycles, transfer of funds or collecting accounts receivable, especially in emerging markets;

• variations in economic or political conditions between each country or region;

• economic uncertainty around the world and adverse effects arising from economic interdependencies across countries and regions;

• uncertainty around a potential reverse or renegotiation of international trade agreements and partnerships;

• compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations;

• ability to hire, retain and train local employees and the ability to comply with foreign labor laws and local labor requirements, such as representations by an internal labor committee in France which is affiliated with an external trade union and the applicability of collective bargaining arrangements at the national level in certain European countries;

• compliance with laws and regulations for foreign operations, including the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.K. Bribery Act of 2010 (the “UK Bribery Act”), import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell our software in certain foreign markets, and the risks and costs of non-compliance;

• heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of financial statements and irregularities in financial statements;

• reduced protection for intellectual property rights in certain countries and practical difficulties and costs of enforcing rights abroad; and

• compliance with the laws of numerous foreign taxing jurisdictions and overlapping of different tax regimes and digital tax imposed on our operations in foreign taxing jurisdictions.

Any of these risks could adversely affect our international operations, reduce our revenues from outside the United States or increase our operating costs, adversely affecting our business, results of operations and financial condition and growth prospects. There can be no assurance that all of our employees, independent contractors and channel partners will comply with the formal policies we have and will implement, or applicable laws and regulations. Violations of laws or key control policies by our employees, independent contractors and channel partners could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our software and services and could have a material adverse effect on our business and results of operations.

We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.

We incorporate certain encryption technology into certain of our products and, as a result, are required to comply with U.S. export control laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”). We are also subject to Israeli export control laws on encryption technology. These export control laws and regulations prohibit, restrict, or regulate our ability to, directly or indirectly, export, re-export, or transfer certain products to certain countries and territories, entities, and individuals for certain end uses. If the applicable U.S. or Israeli legal requirements regarding the export of encryption technology were to change or if we change the encryption means in our products, we may (i) be unable to export our products, (ii) need to apply for new licenses or (iii) be unable to rely on certain license exceptions. Furthermore, various other countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.

We are also subject to U.S. and Israeli economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries, sanctioned governments and sanctioned persons. Like with export controls, we take precautions to prevent our products from being provided in violation of these laws, including requiring our business partners to commit to compliance through contractual undertakings. However, if our business partners were to provide our products to certain countries, governments, or sanctioned persons in violation of these laws, such provision could have negative consequences, including government investigations, penalties and reputational harm.

Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Moreover, any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons or technologies targeted by such regulations, could result in decreased use of our products. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities.

As we operate and sell internationally, we are subject to the FCPA, the UK Bribery Act and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental customers in countries known to experience corruption, particularly certain emerging countries in Eastern Europe, South and Central America, East Asia, Africa and the Middle East. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, channel partners or sales agents that could be in violation of various anti-corruption laws, even though these parties may not be under our control. While we have implemented safeguards to prevent these practices by our employees, consultants, channel partners and sales agents, our existing safeguards and any future improvements may prove to be less than effective, and our employees, consultants, channel partners or sales agents may engage in conduct for which we might be held responsible. Violations of the FCPA or other anti-corruption laws may result in severe criminal or civil sanctions, including suspension or debarment from government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition.

Acquisitions could disrupt our business and adversely affect our results of operations, financial condition and cash flows.

As we continue to pursue business opportunities, we may make acquisitions that could be material to our business, results of operations, financial condition and cash flows. Acquisitions involve many risks, including the following:

• an acquisition may negatively affect our results of operations, financial condition or cash flows because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, including potential write-downs of deferred revenues, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition;

• we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us;

• an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management;

• an acquisition may result in a delay or reduction of customer purchases for both us and the company we acquired due to customer uncertainty about continuity and effectiveness of service from either company;

• we may encounter difficulties in, or may be unable to, successfully sell any acquired products;

• an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;

• challenges inherent in effectively managing an increased number of employees in diverse locations;

• the potential strain on our financial and managerial controls and reporting systems and procedures;

• potential known and unknown liabilities or deficiencies associated with an acquired company that were not identified in advance;

• our use of cash to pay for acquisitions would limit other potential uses for our cash and affect our liquidity;

• if we incur debt to fund such acquisitions, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants;

• the risk of impairment charges related to potential write-downs of acquired assets or goodwill in future acquisitions;

• to the extent that we issue a significant amount of equity or convertible debt securities in connection with future acquisitions, existing stockholders may be diluted and earnings per share may decrease; and

• managing the varying intellectual property protection strategies and other activities of an acquired company.

We may not succeed in addressing these or other risks or any other problems encountered in connection with the integration of any acquired business. Our ability as an organization to successfully acquire and integrate technologies or businesses is limited. The inability to successfully integrate the business, technologies, products, personnel or operations of any acquired business, or any significant delay in achieving integration, could have a material adverse effect on our business, results of operations, financial condition and cash flows.

We are exposed to collection and credit risks, which could impact our operating results.

Our trade receivables are subject to collection and credit risks. These agreements may include purchase commitments for multiple years of SaaS and term license subscriptions, which may be invoiced over multiple reporting periods increasing these risks. For example, our operating results may be impacted by significant bankruptcies among customers and resellers, which could negatively impact our revenues and cash flows. Although we have processes in place that are designed to monitor and mitigate these risks, we cannot guarantee these programs will be effective. If we are unable to adequately control these risks, our business, operating results and financial condition could be harmed.

Our business is highly dependent upon our brand recognition and reputation, and the failure to maintain or enhance our brand recognition or reputation may adversely affect our business.

We believe that enhancing the “Varonis” brand identity and maintaining our reputation in the IT industry is critical to our relationships with our customers and to our ability to attract new customers. Our brand recognition and reputation are dependent upon:

• our ability to continue to offer high quality, innovative and error- and bug-free products;

• our ability to maintain customer satisfaction with our products;

• our ability to be responsive to customer concerns and provide high quality customer support, training and professional services;

• our marketing efforts;

• any misuse or perceived misuse of our products;

• positive or negative publicity;

• our ability to prevent or quickly react to any cyberattack on our IT systems or security breach of or related to our software;

• interruptions, delays or attacks on our website; and

• litigation or regulatory-related developments.

We may not be able to successfully promote our brand or maintain our reputation. In addition, independent industry analysts often provide reviews of our products, as well as other products available in the market, and perception of our product in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive than reviews about other products available in the market, our brand may be adversely affected. Furthermore, negative publicity relating to events or activities attributed to us, our employees, our channel partners or others associated with any of these parties, may tarnish our reputation and reduce the value of our brand. If we do not successfully enhance our brand and maintain our reputation, our business may not grow, we may have reduced pricing power relative to competitors with stronger brands, and we could lose customers or renewals, all of which would adversely affect our business, operations and financial results. Moreover, damage to our reputation and loss of brand equity may reduce demand for our products and have an adverse effect on our business, results of operations and financial condition. Any attempts to rebuild our reputation and restore the value of our brand may be costly and time consuming, and such efforts may not ultimately be successful.

Moreover, it may be difficult to enhance our brand and maintain our reputation in connection with sales to channel partners. Promoting our brand requires us to make significant expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, as we expand into new markets and geographies and as more sales are generated to our channel partners. To the extent that these activities yield increased revenues, these revenues may not offset the increased expenses we incur.

Our success depends in part on maintaining, converting to SaaS and increasing our sales to customers in the public sector.

We derive a portion of our revenues from contracts with federal, state, local and foreign governments and government-owned or -controlled entities (such as public health care bodies, educational institutions and utilities), which we refer to as the public sector herein. We believe that part of the success and growth of our business will continue to depend on our successful procurement of public sector contracts. Selling to public sector entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that our efforts will produce any sales. Government demand and payment for our products and services may be impacted by public sector budgetary cycles, or lack of, and funding authorizations, including in connection with an extended government shutdown, with funding reductions or delays adversely affecting public sector demand for our products and services. Factors that could impede our ability to maintain or increase the amount of revenues derived from public sector contracts include:

• changes in public sector fiscal or contracting policies;

• decreases or elimination of available public sector funding;

• non-compliance with or an inability to attain the proper certification to conduct business in the public sector;

• changes in public sector programs or applicable requirements;

• the adoption of new laws or regulations or changes to existing laws or regulations;

• potential delays or changes in the public sector appropriations or other funding authorization processes;

• the requirement of contractual terms that are unfavorable to us, such as most-favored-nation pricing provisions; and

• delays in the payment of our invoices by public sector payment offices.

In addition, we must comply with laws and regulations relating to public sector contracting, which affect how we and our channel partners do business in both the United States and abroad. These laws and regulations may impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, and temporary suspension or permanent debarment from public sector contracting. Moreover, governments may investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit uncovers improper or illegal activities.

Furthermore, on January 20, 2025, President Donald J. Trump announced an executive order establishing the “Department of Government Efficiency” to maximize government efficiency and productivity. Pressures on and uncertainty surrounding the U.S. federal government’s budget and potential changes in budgetary priorities, could adversely affect the funding for individual programs and delay purchasing decisions by our customers.

The occurrence of any of the foregoing could cause public sector customers to delay or refrain from purchasing licenses of our software in the future or otherwise have an adverse effect on our business, operations and financial results.

Risks Related to Human Capital

Talent acquisition and retention challenges could adversely affect our growth and operational performance.

Our ability to sustain growth and execute our strategy depends heavily on attracting, retaining and scaling a highly productive workforce, particularly in sales, marketing and research and development. As we continue to expand our platform, the complexity of our sales process has increased, requiring a more consultative and technically skilled sales force. This shift has introduced new challenges in hiring and onboarding qualified personnel, especially in competitive markets. We face intense competition for top talent, particularly in regions like Israel where we maintain a significant research and development presence. Recruiting individuals with the right expertise, whether for new geographies, specialized sales roles, or advanced research and development positions is increasingly difficult. Remote hiring and training, high attrition rates and the time required to ramp new hires (which can take up to 12 months for sales personnel to operate at a level that meets our expectations) further complicate our ability to scale effectively. Our growth also depends on retaining key employees and preserving our corporate culture. Any inability to attract or retain skilled personnel, including key managers, could hinder our ability to innovate, deliver new products and compete effectively. Additionally, equity compensation is a critical component of our talent strategy. A decline in our stock price or changes to our equity programs could reduce the attractiveness of our compensation packages, making it harder to recruit and retain top talent. If we fail to maintain or improve the productivity of our teams, or if we are unable to hire and integrate new personnel efficiently, our ability to meet growth targets, expand into new markets and serve our customers effectively could be materially impacted.

We are dependent on the continued services and performance of our co-founder, Chief Executive Officer and President, the loss of whom could adversely affect our business.

Much of our future performance depends on the continued services and continuing contributions of our co-founder, Chief Executive Officer and President, Yakov Faitelson, to successfully manage our company, to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of Mr. Faitelson’s services could significantly delay or prevent the achievement of our development and strategic objectives and adversely affect our business.

Risks Related to our Technology, Products, Services and Intellectual Property

Our failure to continually enhance and improve our technology could adversely affect sales of our products.

The market is characterized by the exponential growth in enterprise data, rapid technological advances, changes in customer requirements, including customer requirements driven by changes to legal, regulatory and self-regulatory compliance mandates,

frequent new product introductions and enhancements and evolving industry standards in computer hardware and software technology. As a result, we must continually change and improve our products in response to changes in operating systems, application software, computer and communications hardware, networking software, data center architectures, programming tools, computer language technology and various regulations. Moreover, the technology in our products is especially complex because it needs to effectively identify and respond to a user’s data retention, security and governance needs, while minimizing the impact on database and file system performance. Our products must also successfully interoperate with products from other vendors.

While we extend our technological capabilities though innovation and strategic transactions, including our recently announced MDDR, DAM, email security and cloud-based solutions, we cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to extend our technological expertise and develop new products or expand the functionality of our current products in a timely manner or at all. Even if we are able to anticipate, develop and introduce new products and expand the functionality of our current products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.

Our product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:

• failure to accurately predict market demand in terms of product functionality and to supply products that meet this demand in a timely fashion;

• inability to interoperate effectively with the database technologies and file systems of prospective customers;

• defects, errors or failures;

• negative publicity or customer complaints about performance or effectiveness; and

• poor business conditions, causing customers to delay IT purchases.

If we fail to anticipate market requirements or stay abreast of technological changes, we may be unable to successfully introduce new products, expand the functionality of our current products or convince our customers and potential customers of the value of our solutions in light of new technologies. In addition, it is possible that our product innovations, including our recently announced MDDR, DAM, email security and cloud-based solutions, may not provide satisfactory results to our customers. Accordingly, our business, results of operations and financial condition could be materially and adversely affected.

If our technical support, customer success or professional services are not satisfactory to our customers, they may not renew their agreements or not buy additional products in the future, which could adversely affect our future results of operations.

Our business relies on our customers’ satisfaction with the technical support, customer success and professional services we provide to support our products. Our customers have no obligation to renew their agreements with us after the initial terms have expired. Our customers have an option to renew their agreements and, for us to maintain and improve our results of operations, it is important that our existing customers renew their agreements, if applicable, when the existing contract term expires. For example, our renewal rate for the years ended December 31, 2025, 2024 and 2023 continued to be over 90%.

If we fail to provide technical support services that are responsive, satisfy our customers’ expectations and resolve issues that they encounter with our products and services, then they may elect not to purchase or renew contracts and they may choose not to purchase additional products and services from us. Accordingly, our failure to provide satisfactory technical support, customer success or professional services could lead our customers not to renew their agreements with us or renew on terms less favorable to us, and therefore have a material and adverse effect on our business and results of operations.

Interruptions or performance problems, including associated with our website or support website or any caused by cyberattacks, may adversely affect our business.

Our continued growth depends in part on the ability of our existing and potential customers to quickly access our website and support website. Access to our support website is also imperative to our daily operations and interaction with customers, as it allows customers to download our software, fixes and patches, as well as open and respond to support tickets and register license keys for evaluation or production purposes. We have experienced, and may in the future experience, website disruptions, outages and other performance problems due to a variety of factors, including technical failures, cyberattacks, natural disasters, infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our website simultaneously and denial of service or fraud. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. System failures or outages, including any potential disruptions due to a period of increased global demand on certain cloud-based systems or disruptions of our cloud-based solutions, could compromise our or our customer’s ability to perform day-to-day operations in a timely manner, which could negatively impact our business or delay our financial reporting. It may become increasingly difficult to maintain and improve the performance of our websites, especially during peak usage times and as our software becomes more complex and

our user traffic increases. If our websites are unavailable or if our users are unable to download our software, patches or fixes within a reasonable amount of time or at all, we may suffer reputational harm and our business would be negatively affected.

If our software is perceived as not being secure, customers may reduce the use of or stop using our software, and we may incur significant liabilities.

Our software involves the transmission of data between data stores, and between data stores and desktop and mobile computers, and will increasingly involve the storage of data. We have a legal and contractual obligation to protect the confidentiality and appropriate use of customer data. Any security breaches with respect to such data could result in the loss of this information, litigation, indemnity obligations and other liabilities. The security of our products and accompanied services is important in our customers’ decisions to purchase or use our products or services. Security threats are a significant challenge to companies like us whose business is providing technology products and services to others. While we have taken steps to protect the confidential information that we have access to, including confidential information we may obtain through our customer support services or customer usage of our products, we have no direct control over the substance of the content. Security measures might be breached as a result of third-party action, employee error, malfeasance or otherwise. We also incorporate open source software and other third-party software into our products. There may be vulnerabilities in open source software and third-party software that may make our products likely to be harmed by cyberattacks. Moreover, our products operate in conjunction with and are dependent on products and components across a broad ecosystem of third parties. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, such security vulnerability may adversely impact our product vulnerability and we could face increased costs, liability claims, reduced revenue, or harm to our reputation or competitive position. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures.

The limitations of liability in our contracts may not be enforceable or adequate or otherwise protect us from any such liabilities or damages with respect to any particular claim. While we maintain insurance coverage for some of the above events, the potential liabilities associated with these security breach events could exceed the insurance coverage we maintain.

We incorporate machine learning and AI solutions into parts of our platform, offerings, services and features, and these applications may become more important in our operations over time. AI technologies, including generative AI, are complex and rapidly evolving, and we face competition from other companies as well as an evolving regulatory landscape. Several jurisdictions around the globe, including Europe and the United States, have already proposed or enacted laws governing AI, and we may need to commit significant resources to maintain business practices that comply with the evolving regulatory landscape. Our competitors or other third parties may incorporate AI into their products more quickly and successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations.

Any or all of these issues could tarnish our reputation, negatively impact our ability to attract new customers or sell additional products to our existing customers, cause existing customers to elect not to renew their agreements or subject us to third-party lawsuits, regulatory fines or other action or liability, thereby adversely affecting our results of operations.

Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.

We use open source software and expect to continue to use open source software in the future. Some open source software licenses require users who distribute open source software as part of their own software product to publicly disclose all or part of the source code to such software product or to make available any derivative works of the open source code on unfavorable terms or at no cost. We may face ownership claims of third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code that was developed using such software. These claims could also result in litigation, require us to purchase a costly license or require us to devote additional research and development resources to change our software, any of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs. Some open source software may include generative AI software or other software that incorporates or relies on generative AI. The use of such software may expose us to risks as the intellectual property ownership and license rights, including copyright, of generative AI software and tools, has not been fully interpreted by U.S. courts or been fully addressed by federal or state regulation. Finally, while we implement policies and procedures, we cannot provide assurance that we have incorporated open source software into our own software in a manner that conforms with our current policies and procedures and we cannot assure that all open source software is reviewed prior to use in our solution, that our programmers have not incorporated open source software into our solution, or that they will not do so in the future.

In addition, our solution may incorporate third-party software under commercial licenses. We cannot be certain whether such third-party software incorporates open source software without our knowledge. In the past, companies that incorporate open

source software into their products have faced claims alleging noncompliance with open source license terms or infringement or misappropriation of proprietary software. Therefore, we could be subject to suits by parties claiming noncompliance with open source licensing terms or infringement or misappropriation of proprietary software. Because few courts have interpreted open source licenses, the manner in which these licenses may be interpreted and enforced is subject to some uncertainty. There is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or provide our solution. As a result of using open source software subject to such licenses, we could be required to release proprietary source code, pay damages, re-engineer our solution, limit or discontinue sales or take other remedial action, any of which could adversely affect our business.

False detection of security breaches, false identification of malicious sources or misidentification of sensitive or regulated information could adversely affect our business.

Our cybersecurity products may falsely detect threats that do not actually exist. For example, our DatAlert product may enrich metadata collected by our products with information from external sources and third-party data providers. If the information from these data providers is inaccurate, the potential for false positives increases. These false positives, while typical in the industry, may affect the perceived reliability of our products and solutions and may therefore adversely impact market acceptance of our products. As definitions and instantiations of personal identifiers and other sensitive content change, automated classification technologies may falsely identify or fail to identify data as sensitive. If our products and solutions fail to detect exposures or restrict access to important systems, files or applications based on falsely identifying legitimate use as an attack or otherwise unauthorized, then our customers’ businesses could be adversely affected. Any such false identification of use and subsequent restriction could result in negative publicity, loss of customers and sales, increased costs to remedy any problem and costly litigation.

Failure to protect our proprietary technology and intellectual property rights could substantially harm our business.

The success of our business and competitive position depends on our ability to obtain, protect and enforce our trade secrets, trademarks, copyrights, patents and other intellectual property rights. We attempt to protect our intellectual property under patent, trademark, copyrights and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection and may not now or in the future provide us with a competitive advantage.

As of December 31, 2025, we have 116 issued patents in the United States and 63 pending U.S. patent applications. We also had 95 patents issued and 79 applications pending for examination in non-U.S. jurisdictions, and 31 pending PCT patent applications, all of which are counterparts of our U.S. patent applications. We may file additional patent applications in the future. The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to develop such intellectual property). However, we may not be able to adequately protect our rights in every such agreement or execute an agreement with every such party. Finally, in order to benefit from patent and other intellectual property protection, we must monitor, detect and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which is costly and time-consuming. As a result, we may not be able to obtain adequate protection or to enforce our issued patents or other intellectual property effectively.

In addition to patented technology, we rely on our unpatented proprietary technology and trade secrets. Despite our efforts to protect our proprietary technologies and our intellectual property rights, unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade secrets or other confidential information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel partners and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot provide assurance that the steps taken by us will prevent misappropriation of our trade secrets or technology or infringement of our intellectual property. In addition, the laws of some foreign countries where we operate do not protect our proprietary rights to as great an extent as the laws of the

United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

We have registered the “Varonis” name and logo and “DatAdvantage,” “DataPrivilege,” “DatAlert,” and other names in the United States and, as related to some of these names, certain other countries. However, we cannot provide assurance that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights.

Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights or develop similar technologies and processes. Further, the contractual provisions that we enter into may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our solution, technologies or intellectual property rights. If we are unable to protect our intellectual property rights and ensure that we are not violating the intellectual property rights of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

Assertions by third parties of infringement or other violations by us of their intellectual property rights, whether or not correct, could result in significant costs and harm our business and operating results.

The industries in which we operate, such as data security, cybersecurity, compliance, data retention and data governance are characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. From time to time, third parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Successful claims of infringement or misappropriation by a third-party could prevent us from distributing certain products, performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others or to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. In some cases, we indemnify our channel partners and customers against claims that our products infringe the intellectual property of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services.

Risks Related to our Tax Regime

Our tax rate may vary significantly depending on our stock price.

The tax effects of the accounting for stock-based compensation may significantly impact our effective tax rate from period to period. In periods in which our stock price is higher than the grant price of the stock-based compensation vesting in that period, we will recognize excess tax benefits that will decrease our effective tax rate, while in periods in which our stock price is lower than the grant price of the stock-based compensation vesting in that period, our effective tax rate may increase. The amount and value of stock-based compensation issued relative to our earnings in a particular period will also affect the magnitude of the impact of stock-based compensation on our effective tax rate. These tax effects are dependent on our stock price, which we do not control, and a decline in our stock price could significantly increase our effective tax rate and adversely affect our financial results.

Multiple factors may adversely affect our ability to fully utilize our net operating loss carryforwards.

A U.S. corporation’s ability to utilize its federal and state net operating loss (“NOL”) and tax credit carryforwards to offset its taxable income is limited under Section 382 and Section 383 of the Internal Revenue Code of 1986, as amended (the “Code”), if the corporation undergoes an ownership change (within the meaning of Code Section 382).

As of December 31, 2025, we have accumulated $211.5 million of federal NOL, $182.0 million of state NOL and $10.5 million of federal research credit carryforwards since inception. Future changes in our stock ownership, including future offerings, as well as changes that may be outside of our control, could result in a subsequent ownership change under Section 382, that would impose an annual limitation on NOLs. In addition, the cash tax benefit from our NOLs is dependent upon our ability to generate sufficient taxable income. Accordingly, we may be unable to earn enough taxable income in order to fully utilize our current NOLs.

Changes in our provision for income taxes or adverse outcomes resulting from examination of our income tax returns could adversely affect our results.

We are subject to income taxation in the United States, Israel and numerous other jurisdictions. Determining our provision for income taxes requires significant management judgment. In addition, our provision for income taxes could be adversely affected by many factors, including, among other things, changes to our operating structure including a review of our intellectual property (“IP”) structure, changes in the amounts of earnings in jurisdictions with different statutory tax rates, changes in the valuation of deferred tax assets and liabilities and changes in tax laws. Significant judgment is required to determine the recognition and measurement attributes prescribed in Accounting Standards Codification 740-10-25 (“ASC 740-10-25”). ASC 740-10-25 applies to all income tax positions, including the potential recovery of previously paid taxes, which if settled unfavorably could adversely impact our provision for income taxes. Our income in certain countries is subject to reduced tax rates provided we meet certain criteria. Failure to meet these commitments could adversely impact our provision for income taxes.

We are also subject to the regular examination of our income tax returns by the U.S. Internal Revenue Services and other tax authorities in various jurisdictions. Tax authorities may disagree with our intercompany charges, cross-jurisdictional transfer pricing, IP structure or other matters and assess additional taxes. While we believe that we are currently in material compliance with our obligations under applicable taxing regimes, and regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our provision for income taxes, there can be no assurance that the outcomes from these regular examinations will not have a material adverse effect on our results of operations and cash flows. Further, we may be audited in various jurisdictions, and such jurisdictions may assess additional taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our results of operations or cash flows in the period or periods for which a determination is made.

The adoption of the U.S. tax reform and the enactment of additional legislation changes could materially impact our financial position and results of operations.

On July 4, 2025, the One Big Beautiful Bill Act ("OBBBA") was enacted. Included in the OBBBA are provisions that allow for the immediate expensing of U.S. research and development expenses and certain capital expenditures, as well as changes to the U.S. taxation of profits derived from foreign operations. While we continue to evaluate the impact of these legislative changes as additional guidance becomes available, uncertainty remains regarding the timing and interpretation by tax authorities in affected jurisdictions. These legislative changes could have an adverse impact on our future effective tax rate, tax liabilities and cash paid for income taxes.

On December 22, 2017, the Tax Cuts and Jobs Act (the "TCJA") was enacted. The TCJA remains unclear in some respects and has been, and may continue to be, subject to amendments and technical corrections, as well as interpretations and implementing regulations by the Treasury and Internal Revenue Service, any of which could lessen or increase certain adverse impacts of TCJA. Effective in July 2025, the TCJA, as revised by the OBBBA, requires all U.S. companies to capitalize and subsequently amortize research and development expenses that fall within the scope of Section 174 over fifteen years for research and development activities conducted outside of the U.S. As of the fourth quarter of 2025, we have accounted for an estimate of the effects of the research and development capitalization, based on interpretation of the law as currently enacted. Once our available NOLs or tax credits are fully utilized, then, due to the capitalization of research and development expenses for those activities conducted outside of the U.S., we would incur a significant increase in our tax expenses and a decrease in our cash flows provided by operations.

The Organization for Economic Cooperation and Development (“OECD”) introduced the base erosion and profit shifting project which sets out a plan to address international taxation principles in a globalized, digitized business world (the “BEPS Plan”). As a result, changes have been and continue to be made to numerous international tax principles and local tax regimes. Due to the expansion of our international business activities, those modifications may increase our worldwide effective tax rate, create tax and compliance obligations in jurisdictions in which we previously had none and adversely affect our financial position.

Risks Related to the 2029 Notes

We have incurred substantial indebtedness that may decrease our business flexibility, access to capital, and/or increase our borrowing costs, and we may still incur substantially more debt, which may adversely affect our operations and financial results.

In September 2024, we issued the 2029 Notes. As of December 31, 2025, we have $460.0 million outstanding aggregate principal amount of the 2029 Notes. Our indebtedness may limit our ability to borrow additional funds for working capital, capital expenditures, acquisitions or other general business purposes, limit our ability to use our cash flow or obtain additional financing for future working capital, capital expenditures, acquisitions or other general business purposes, require us to use a substantial portion of our cash flow from operations to make debt service payments, limit our flexibility to plan for, or react to, changes in our business and industry, place us at a competitive disadvantage compared to our less leveraged competitors and increase our vulnerability to the impact of adverse economic and industry conditions.

Our debt obligations may adversely affect our ability to raise additional capital and will be a burden on our future cash resources, particularly if we elect to settle these obligations in cash upon conversion or upon maturity or required repurchase.

Our ability to meet our payment obligations under the 2029 Notes depends on our future cash flow performance. This, to some extent, is subject to general economic, financial, competitive, legislative and regulatory factors, as well as other factors that may be beyond our control. There can be no assurance that our business will generate positive cash flow from operations, or that additional capital will be available to us, in an amount sufficient to enable us to meet our debt payment obligations and to fund other liquidity needs. If we are unable to generate sufficient cash flow to service our debt obligations, we may need to refinance or restructure our debt, sell assets, reduce or delay capital investments, or seek to raise additional capital. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. As a result, we may be more vulnerable to economic downturns, less able to withstand competitive pressures and less flexible in responding to changing business and economic conditions.

We may issue additional shares of our common stock in connection with conversions of the 2029 Notes, and thereby dilute our existing stockholders and potentially adversely affect the market price of our common stock.

In the event that the remaining 2029 Notes are converted and we elect to deliver shares of common stock, the ownership interests of existing stockholders will be diluted, and any sales in the public market of any shares of our common stock issuable upon such conversion could adversely affect the prevailing market price of our common stock. In addition, the anticipated conversion of the 2029 Notes could depress the market price of our common stock.

The fundamental change provisions of the 2029 Notes may delay or prevent an otherwise beneficial takeover attempt of us.

If the Company undergoes a “fundamental change,” subject to certain conditions, holders may require the Company to repurchase for cash all or part of their 2029 Notes at a fundamental change repurchase price equal to 100% of the principal amount of the 2029 Notes to be repurchased, plus accrued and unpaid interest to, but excluding, the fundamental change repurchase date. In addition, if such fundamental change also constitutes a “make-whole fundamental change,” the conversion rate for the 2029 Notes may be increased upon conversion of the 2029 Notes in connection with such “make-whole fundamental change.” Any increase in the conversion rate will be determined based on the date on which the “make-whole fundamental change” occurs or becomes effective and the price paid (or deemed paid) per share of our common stock in such transaction. Any such increase will be dilutive to our existing stockholders. Our obligation to repurchase the 2029 Notes or increase the conversion rate upon the occurrence of a make-whole fundamental change may, in certain circumstances, delay or prevent a takeover of us that might otherwise be beneficial to our stockholders.

The Capped Call Transactions may affect the value of the 2029 Notes and our common stock.

In connection with the issuance of the 2029 Notes, we entered into Capped Call Transactions with certain financial institutions. The Capped Call Transactions are expected generally to reduce or offset the potential dilution upon conversion of the 2029 Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted 2029 Notes, as the case may be, with such reduction and/or offset subject to a cap, subject to certain adjustments under the terms of the Capped Call Transactions.

From time to time, certain financial institutions (with which we entered into the Capped Call Transactions) or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock

and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the 2029 Notes. This activity could also cause or avoid an increase or a decrease in the market price of our common stock.

The potential effect, if any, of these transactions and activities on the price of our common stock or Notes will depend in part on market conditions and cannot be ascertained at this time. Any of these activities could adversely affect the value of our common stock.

We are subject to counterparty risk with respect to the Capped Call Transactions.

All or some of the financial institutions (which are counterparties to the capped call transactions) might default under the Capped Call Transactions. Our exposure to the credit risk of the counterparties will not be secured by any collateral. Past global economic conditions have resulted in the actual or perceived failure or financial difficulties of many financial institutions. If an option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at the time under the capped call transactions with such option counterparty. Our exposure will depend on many factors but, generally, an increase in our exposure will be correlated to an increase in the market price and in the volatility of our common stock. In addition, upon a default by an option counterparty, we may suffer adverse tax consequences and more dilution than we currently anticipate with respect to our common stock. We can provide no assurance as to the financial stability or viability of the option counterparties.

Risks Related to our International Operations

We face risks associated with operating in international markets that may limit our ability to develop and sell our products, which could result in a decrease of our revenues.

We operate on a global basis and political, social, economic and security conditions in countries in which we operate may limit our ability to develop and sell our products. Specifically, we have operations and do business in Israel, the United Kingdom, France, Brazil and Ukraine. Continued political and social instability and war in these regions, and any other areas in the world where we have operations, may affect our business and operations in those and other neighboring regions.

In March 2022, in response to the war between Russia and Ukraine, a number of countries, including the United States, imposed sanctions and export controls on Russia, which in turn imposed counter-sanctions in response. While sales in Russia represented a very small percentage of our overall business, and while our operations in Russia and Ukraine have historically been a small portion of our overall workforce, the conflict is complex and evolving and subjects us to additional regulatory risk and compliance costs. As of December 31, 2025, we do not have any employees or contractors in Russia. We have no way to predict the progress or outcome of the situation, including any impact on the rest of the world, as the conflict and government reactions are rapidly developing.

Our principal research and development facility, which also houses a portion of our support and general and administrative teams, is located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of terror activities and other hostilities, and a number of state and non-state actors have publicly committed to its destruction. In addition, Israel is currently in a war and recently experienced social unrest in connection with the judiciary reform bill. Security, political and economic conditions in Israel could directly affect our operations. We could be adversely affected by hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Lebanon, Syria, Iran or Yemen, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations.

Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli companies, companies with large Israeli operations and others doing business with Israel and Israeli companies. The boycott, restrictive laws, policies or practices directed towards Israel, Israeli businesses or Israeli citizens could, individually or in the aggregate, have a material adverse effect on our business in the future.

Some of our employees in Israel are obligated to perform routine military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they have been and may in the future be called to active reserve duty at any time under emergency circumstances for extended periods of time. Currently, due to the war in Israel that began on October 7, 2023, a portion of our employees have been called to active reserve duty and additional employees may be called in the future, if needed. It is possible that our operations could be disrupted if this continues for a significant period of time or if

the situation further deteriorates, including, among other things, an expansion of the war to other countries, damage to critical infrastructure and general unrest, which could harm our business.

Our insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East or for any resulting disruption in our operations. Although the Israeli government has in the past covered the reinstatement value of direct damages that were caused by terrorist attacks or acts of war, we cannot be assured that this government coverage will be maintained or, if maintained, will be sufficient to compensate us fully for damages incurred and the government may cease providing such coverage or the coverage might not suffice to cover potential damages. Any losses or damages incurred by us could have a material adverse effect on our business.

The tax benefits available to our Israeli subsidiary terminated in 2020 and we expect our Israeli subsidiary to become subject to an increase in taxes.

Our Israeli subsidiary has benefited from a status of a “Beneficiary Enterprise” under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law, since its incorporation. As of December 31, 2025, the tax benefit that we have been utilizing for our Israeli subsidiary terminated. A tax rate of 16% should be paid by our Israeli subsidiary per such eligible income under the terms of the Investment Law, subject to meeting various conditions. To the extent we do not meet these conditions, our Israeli operations will be subject to a corporate tax at the standard rate of 23%. If the Israeli subsidiary is subject to a corporate tax at the standard rate, it may adversely affect our tax expenses and effective tax rates. Additionally, if our Israeli subsidiary increases its activities outside of Israel, for example, through acquisitions, these activities may not be eligible for inclusion in Israeli tax benefit programs. The tax benefit derived from the Investment Law is dependent upon the ability to generate sufficient taxable income. Accordingly, our Israeli subsidiary may be unable to earn enough taxable income in order to fully utilize its tax benefits.

Risks Related to the Ownership of our Common Stock

Substantial future sales of shares of our common stock could cause the market price of our common stock to decline.

Sales of a substantial number of shares of our common stock into the public market, or the perception that these sales might occur, for whatever reason, including as a result of the conversion of the outstanding Notes or future public equity offerings, could depress the market price of our common stock and could impair our ability to raise capital through the sale of additional equity securities. We are unable to predict the effect that such sales may have on the prevailing market price of our common stock.

As of December 31, 2025, we have options, restricted stock units (“RSUs”) and performance stock units (“PSUs”) outstanding that, if fully vested and exercised, would result in the issuance of approximately 8.6 million shares of our common stock. All of the shares of our common stock issuable upon exercise of options and vesting of RSUs and PSUs have been registered for public resale under the Securities Act. Accordingly, these shares will be able to be freely sold in the public market upon issuance as permitted by any applicable vesting requirements.

Our stock price has been and will likely continue to be volatile.

The market price for our common stock has been, and is likely to continue to be, volatile for the foreseeable future, and is subject to wide fluctuations in response to various factors, some of which are beyond our control. These factors, as well as the volatility of our common stock, could affect the price at which our convertible noteholders could sell the common stock received upon conversion of the 2029 Notes and could also impact the trading price of the 2029 Notes. The market price of our common stock may fluctuate significantly in response to a number of factors, many of which we cannot predict or control, including the factors listed below and other factors described in this “Risk Factors” section:

• actual or anticipated fluctuations in our results or those of other companies in our industry;

• the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;

• failure of securities analysts to maintain coverage of our company, changes in financial estimates by any securities analysts who follow our company, or our failure to meet these estimates or the expectations of investors;

• ratings changes by any securities analysts who follow our company;

• announcements of new products, services or technologies, commercial relationships, acquisitions or other events by us or other companies in our industry;

• new announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks;

• changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;

• price and volume fluctuations in certain categories of companies or the overall stock market, including as a result of trends in the global economy;

• the trading volume of our common stock;

• volatility with respect to the Company's results of operation while we seek to convert the remaining term license subscription customers to our SaaS platform;

• changes in accounting principles;

• sales of large blocks of our common stock, including sales by our executive officers, directors and significant stockholders;

• additions or departures of any of our key personnel;

• lawsuits threatened or filed against us;

• short sales, hedging and other derivative transactions involving our capital stock;

• general economic conditions in the United States and abroad, including inflationary pressures and higher interest rates;

• changing legal or regulatory developments in the United States and other countries;

• conversion of the 2029 Notes; and

• other events or factors, including those resulting from war, incidents of terrorism, pandemics, natural disasters or responses to these events.

In addition, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many technology companies. Stock prices of many technology companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have instituted securities class action litigation following periods of market volatility. A significant decline in our stock price has and could in the future subject us to securities class action litigation, such as the purported class action litigation filed against us and certain of our executive officers in January 2026, as more fully described in Note 2N, “Contractual Purchase Obligations and Contingent Liabilities ” of our accompanying Notes to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K. Such securities litigation, and any potential securities litigation in the future, could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business, results of operations, financial condition and cash flows and may cause a significant increase in the premium paid for our directors and officers insurance.

We do not intend to pay dividends on our common stock, so any returns will be limited to the value of our stock.

We have never declared or paid cash dividends on our common stock. We currently anticipate that we will retain any future earnings and do not expect to pay any dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors and will be dependent on a number of factors, including our financial condition, results of operations, capital requirements, share repurchases, general business conditions and other factors that our board of directors may deem relevant. Until such time that we pay a dividend, stockholders, including holders of our Notes who receive shares of our common stock upon conversion of the 2029 Notes, must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Anti-takeover provisions in our charter documents and under Delaware law and provisions in the indentures for our Notes could make an acquisition of us, which may be beneficial to our stockholders, more difficult and may prevent attempts by our stockholders to replace or remove our current management, thereby depressing the trading price of our common stock and Notes.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may delay, discourage or prevent an acquisition of us or a change in our management, including transactions in which stockholders might otherwise receive a premium for their shares, or transactions that our stockholders might otherwise deem to be in their best interests. These provisions include:

• authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock, which would increase the number of outstanding shares and could thwart a takeover attempt;

• a classified board of directors whose members can only be dismissed for cause;

• the prohibition on actions by written consent of our stockholders;

• the limitation on who may call a special meeting of stockholders;

• the establishment of advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon at stockholder meetings; and

• the requirement of at least 75% of the outstanding capital stock to amend any of the foregoing second through fifth provisions.

In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which limits the ability of stockholders owning in excess of 15% of our outstanding voting stock to merge or combine with us, unless the merger or combination is approved in a prescribed manner. Although we believe these provisions collectively provide for an opportunity to obtain greater value for stockholders by requiring potential acquirers to negotiate with our board of directors, they would apply even if an offer rejected by our board were considered beneficial by some stockholders. In addition, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.

In addition, if a “fundamental change” occurs prior to the maturity date of the 2029 Notes, holders of the 2029 Notes will have the right, at their option, to require us to repurchase all or a portion of their Convertible Notes. If a “make-whole fundamental change” (as defined in the Indentures) occurs prior the maturity date, we will in some cases be required to increase the conversion rate of the 2029 Notes for a holder that elects to convert its Notes in connection with such “make-whole fundamental change.” These features of the 2029 Notes may make a potential acquisition more expensive for a potential acquiror, which may in turn make it less likely for a potential acquiror to offer to purchase our company, or reduce the amount of consideration offered for each share of our common stock in a potential acquisition. Furthermore, the Indentures prohibit us from engaging in certain mergers or acquisitions unless, among other things, the surviving entity assumes our obligations under the 2029 Notes.

General Risks Factors

Real or perceived errors, failures or bugs in our software could adversely affect our growth prospects.

Because our software uses complex technology, undetected errors, failures or bugs may occur. Our software is often installed and used in a variety of computing environments with different operating system management software, and equipment and networking configurations, which may cause errors or failures of our software or other aspects of the computing environment into which it is deployed. In addition, deployment of our software into computing environments may expose undetected errors, compatibility issues, failures or bugs in our software. Despite testing by us, errors, failures or bugs may not be found in our software until it is released to our customers. Moreover, our customers could incorrectly implement or inadvertently misuse our software, which could result in customer dissatisfaction and adversely impact the perceived utility of our products as well as our brand. Any of these real or perceived errors, compatibility issues, failures or bugs in our software could result in negative publicity, reputational harm, loss of or delay in market acceptance of our software, loss of competitive position or claims by customers for losses sustained by them. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem. Alleviating any of these problems could require significant expenditures of our capital and other resources and could cause interruptions or delays in the use of our solutions, which could cause us to lose existing or potential customers and could adversely affect our operating results and growth prospects.

We may require additional capital to support our business growth, and this capital might not be available on acceptable terms, or at all.

We continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our software, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financing to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

Our business is subject to the risks of fire, power outages, floods, earthquakes, pandemics and other catastrophic events, and to interruption by manmade problems such as terrorism and war.

A significant natural disaster, such as a fire, flood or an earthquake, an outbreak of a pandemic disease or a significant power outage could have a material adverse impact on our business, results of operations and financial condition. In the event our customers’ IT systems or our channel partners’ selling or distribution abilities are hindered by any of these events, we may miss financial targets, such as revenues and sales targets, for a particular quarter. Further, if a natural disaster occurs in a region from which we derive a significant portion of our revenue, customers in that region may delay or forego purchases of our products, which may materially and adversely impact our results of operations for a particular period. In addition, acts of terrorism or war could cause disruptions in our business or the business of channel partners, customers or the economy as a whole. Given our typical concentration of sales at each quarter end, any disruption in the business of our channel partners or customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. All of the aforementioned risks may be augmented if the disaster recovery plans for us and our channel partners prove to be inadequate. To the extent that any of the above results in delays or cancellations of customer orders, or the delay in the development, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.

Changes in financial accounting standards may adversely impact our reported results of operations.

New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may adversely affect our operating results or the way we conduct our business.

If securities or industry analysts do not publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.

The trading market for our common stock depends in part on the research and reports that securities or industry analysts publish about us or our business, our market and our competitors. We do not have any control over these analysts or their expectations regarding our performance on a quarterly or annual basis. If one or more of the analysts who cover us downgrade our stock or change their opinion of our stock, our stock price would likely decline. If we fail to meet one or more of these analysts’ published expectations regarding our performance on a quarterly basis, our stock price or trading volume could decline. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our stock price or trading volume to decline.

We are obligated to develop and maintain proper and effective internal control over financial reporting. These internal controls may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.

We are required, pursuant to Section 404 of the Sarbanes–Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting on an annual basis. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We are also required to have our independent registered public accounting firm issue an opinion on the effectiveness of our internal control over financial reporting on an annual basis. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective.

If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, which could cause the price of our common stock to decline, and we may be subject to investigation or sanctions by the SEC.

Future sales and issuances of our capital stock or rights to purchase capital stock could result in additional dilution of the percentage ownership of our stockholders and could cause our stock price to decline.

Future sales and issuances of our capital stock or rights to purchase our capital stock could result in substantial dilution to our existing stockholders. We may sell common stock, convertible securities and other equity securities in one or more transactions at prices and in a manner as we may determine from time to time. If we sell any such securities in subsequent transactions, investors may be materially diluted. New investors in such subsequent transactions could gain rights, preferences and privileges senior to those of holders of our common stock.

Item 1B. Unresolved Staff Comments

We do not have any unresolved comments from the SEC staff.

Item 1C. Cybersecurity

Risk management and strategy

We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, hardware and software and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, customer's data, sensitive financial information and personal identifiable information (“Information Systems and Data”).

The Chief Information Security Officer (“CISO”) and the information security team that reports to the CISO help identify, assess and manage our cybersecurity and privacy threats and risks, including through the use of our external and internal risk assessments. The CISO and the information security team identify and assess risks from cybersecurity threats by monitoring and evaluating our networks, data and our risk profile using various methods including, among other things, manual tools, automated tools, analyzing reports of threats and actors, conducting scans of the computer networks, internal and/or external audits (including compliance audits with respect to FedRamp, ISO (27001, 27017, 27018, and 27701), SOC 2, PCI DSS, HDS and HIPAA for our corporate and cloud based software solutions), conducting assessments for potential internal and external threats, third-party-conducted risk assessments, conducting vulnerability assessments, third-party-conducted red/blue team testing and tabletop incident response exercises and subscribing to reports and services providing cybersecurity threat intelligence.

Depending on the environment, we implement and maintain various technical, physical and administrative processes, measures, standards and policies designed to manage and mitigate risks from cybersecurity threats to our Information Systems and Data, including, among other things, incident detection and response plan and procedures, a vulnerability management policy, disaster recovery/business continuity plans, risk assessments, recovery tests, cryptography, network security controls, secured remote access, access controls, change management, physical security, asset management, secured software development lifecycle, logging and monitoring, third-party risk management programs, security awareness trainings, third-party and company penetration testing, cybersecurity insurance and dedicated cybersecurity staff. We use our own software to help further mitigate the risk of a material cybersecurity incident. In addition, our Varonis Data Security Platform is deployed internally as part of our insider threat, data security posture, security operations and compliance management programs.

Our assessment and management of material risks from cybersecurity and privacy threats are integrated into our overall risk management processes. For example, cybersecurity risk is addressed as a component of our enterprise risk management program and identified in our risk register. In addition, the information security team works with management to prioritize our risks that are more likely to have a material impact on our business and our CISO evaluates material risks from cybersecurity threats against our overall business objectives and reports to the technology committee of the board of directors (the “technology committee”) and the board of directors. In addition, the audit committee of the board of directors (the “audit committee”) oversees our overall enterprise risk management program and receives semi-annual updates on cybersecurity and privacy threat-related risks as part of such program.

We use third-party service providers to assist us from time to time to identify, assess and manage material risks from cybersecurity threats, including, among other things. cybersecurity consultants, cybersecurity software providers, penetration testing firms and other professional services firms.

We use third-party service providers to perform a variety of functions throughout our business, such as SaaS providers and cloud hosting companies. We have a vendor management program designed to manage cybersecurity and privacy risks associated with our use of these providers. The program includes risk assessments for vendors, security questionnaires, review of the vendor’s written security program, review of security assessments and reports, audits, and external attack surface scans related to the vendor and imposition of information contractual obligations on the vendor. Depending on the nature of the services provided, the sensitivity of the information systems and data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider and impose contractual obligations related to cybersecurity and privacy on the provider.

For a description of the risks from cybersecurity threats that may have a material effect on us, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including “Security breaches, cyberattacks or other cyber-risks of

our IT and production systems could expose us to significant liability and cause our business and reputation to suffer and harm our competitive position.”

Governance

Our board of directors addresses our cybersecurity risk management as part of its general oversight function. The technology committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. The technology committee meets quarterly with members of management, including our CISO, Chief Information Officer ("CIO") and Chief Technology Officer, as applicable, to discuss cybersecurity developments, significant cybersecurity threats and risks and the processes we have implemented to address them. The audit committee also receives presentations related to cybersecurity threats, risk and mitigation on a semi-annual basis unless more frequent discussions are necessary. The board of directors also receives a presentation from our CISO or CIO on our cybersecurity measures and risks at least annually.

Our cybersecurity risk assessment and management processes are implemented and maintained by our CISO. Dror Shemesh, our CISO beginning in August 2025, is certified by Certified Information Systems Security Professional (CISSP), among other technical certifications he holds with respect to cybersecurity. He has worked over the last fifteen years in the security industry, and prior to working with us, he was the Senior Director of Information Security of CyberArk, Global Information Security Manager of Playtech, Information Security Expert of 888holdings, Infrastructure Security Engineer of Bank Hapoalim, Support Team Leader of Perion Network and Support Engineer at Microsoft. Our CISO oversees the implementation and compliance of our information security standards and mitigation of information security related risks.

Our CISO is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into our overall risk management strategy and communicating key priorities to relevant personnel. Our CISO is responsible for approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes and reviewing security assessments and other security-related reports.

Our cybersecurity incident response plan is designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including Security Management, the Chief Executive Officer, the Chief Financial Officer, the General Counsel, the CIO and other senior members of the Company. Such individuals work with our incident response team to help us assess, mitigate and remediate cybersecurity incidents of which they are notified. In addition, our incident response plan includes reporting to the technology committee of the board of directors for certain cybersecurity incidents.

Item 2. Properties

We have offices in Herzliya, Israel where we employ the majority of our research and development team and a portion of our support and general and administrative teams. We also have offices in North Carolina and Cork, Ireland which serve as our primary U.S. and EMEA customer support and inside sales center, respectively. Additionally, we have offices in New York and Florida and smaller offices in the United Kingdom, Arizona, France, Oregon, Australia, Germany, the Netherlands, Singapore and Luxembourg which serve as regional sales offices and some of which are customer support centers. Our office space is primarily leased, the majority of which is under long-term leases with varying expiration dates. We believe that our facilities are adequate to meet our needs in the near future.

Item 3. Legal Proceedings

The information required by this Item is incorporated herein by reference to Part II, Item 8. “Financial Statements and Supplementary Data,” Note 2m, “Contractual Purchase Obligations and Contingent Liabilities” of our accompanying Notes to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K.

Item 4. Mine Safety Disclosures

Not applicable.

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Market for Registrant’s Common Equity

Our common stock has been listed on The NASDAQ Global Select Market under the symbol “VRNS” since February 28, 2014, the date of our initial public offering.

Dividend Policy

We have never declared or paid cash dividends on our common stock. We currently intend to retain any future earnings for use in the operation of our business and do not intend to declare or pay any cash dividends in the foreseeable future. Any further determination to pay dividends on our common stock will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors considers relevant.

Stockholders

As of January 21, 2026, there were five stockholders of record of our common stock, including The Depository Trust Company, which holds shares of our common stock on behalf of an indeterminate number of beneficial owners.

STOCK PERFORMANCE GRAPH

The following shall not be deemed “filed” for purposes of Section 18 of the Exchange Act, or incorporated by reference into any of our other filings under the Exchange Act or the Securities Act, except to the extent we specifically incorporate it by reference into such filing.

This chart compares the cumulative total return on our common stock with that of the NASDAQ Composite Index and the NASDAQ Computer Index. The chart assumes $100 was invested at the close of market on December 31, 2020 in our common stock, the NASDAQ Composite Index and the NASDAQ Computer Index, and assumes the reinvestment of any dividends. The stock price performance on the following graph is not necessarily indicative of future stock price performance.

The closing price of our common stock on December 31, 2025, the last trading day of our 2025 fiscal year, was $32.80 per share.

1913

Company/Index 12/31/2020 12/31/2021 12/31/2022 12/31/2023 12/30/2024 12/31/2025
Varonis Systems, Inc. $ 100.00 $ 89.44 $ 43.90 $ 83.03 $ 81.47 $ 60.14
NASDAQ Composite $ 100.00 $ 121.39 $ 81.21 $ 116.47 $ 149.83 $ 108.33
NASDAQ Computer $ 100.00 $ 137.86 $ 88.54 $ 147.39 $ 200.98 $ 258.44

Purchase of Equity Securities by Issuer and Affiliated Purchasers

In October 2025, our board of directors authorized a share repurchase program of up to $150.0 million of our common stock (the “October 2025 Share Repurchase Program”). Under the October 2025 Share Repurchase Program, we are authorized to repurchase shares through open market purchases, privately-negotiated transactions or otherwise in accordance with applicable federal securities laws, including through Rule 10b5-1 trading plans and under Rule 10b-18 of the Exchange Act. The October 2025 Share Repurchase Program will expire in October 2026. The number of shares to be purchased and the

timing of purchases will be based on the Company's trading windows, available liquidity, and general business and market conditions.

The following table summarizes the share repurchase activity during the quarter ended December 31, 2025:

Period Total Number of Shares Purchased<br>(in thousands) Average Price Paid Per Share (1) Total Number of Shares Purchased as Part of Publicly Announced Programs<br>(in thousands) Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program<br>(in thousands)
October 1 - October 31 $ 150,000
November 1 - November 30 $ 150,000
December 1 - December 31 448 $ 33.45 448 135,000

(1) Average price paid per share includes costs associated with the repurchases.

Item 6. Reserved
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
--- ---

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that reflect our plans, estimates and beliefs, and involve risks and uncertainties. Our actual results and the timing of certain events could differ materially from those anticipated in these forward-looking statements as a result of several factors, including those discussed in the section titled “Risk Factors” included under Part I, Item 1A and elsewhere in this Annual Report. See “Special Note Regarding Forward-Looking Statements and Summary Risk Factors” in this Annual Report.

The Transition to a SaaS Delivery Model

In response to the evolving needs of our customers and the growing threat landscape, we strategically transitioned to a SaaS delivery model. As of December 31, 2025, SaaS as a percentage of total ARR was approximately 86%. This transition was driven by the increased importance of an automated, data-centric approach to security and the demand for comprehensive protection in the face of heightened cyber risks, collaboration across multiple platforms, the adoption of generative AI tools and the necessity for compliance. Enterprises now use many different combinations of on-premises and cloud data stores, SaaS applications and IaaS environments and this complexity requires a greater level of automated security. We believe our offering provides comprehensive data coverage and our ability to address this demand has and will continue to be a key driver of our growth.

In the second half of 2021, we launched our first SaaS offering, introducing new products and support for cloud infrastructure environments and applications. At the end of 2022, we announced the availability of our flagship Varonis Data Security Platform as a SaaS solution, which was previously only sold as a self-hosted solution. The benefits of SaaS delivery are widely established for both customers and providers, and we believe this evolution of a SaaS delivery option for the Varonis Data Security Platform is transformational. The advantages include: quicker and easier deployment and maintenance of solutions with reduced infrastructure and personnel requirements; a lower total cost of ownership; faster deployment of risk assessments, which is the core of our sales motion; enhanced threat detection; continual threat model updates; increased automation for securing data in place; and the ability to deliver additional features and functionality to customers more efficiently. In addition, our MDDR offering further reduces both the likelihood of a breach and its potential impact through agentic AI, enabling automated 24x7x365 monitoring with a service level agreement (SLA) that requires Varonis to respond to alerts within a specified time frame. Our MDDR offering is only available for our SaaS customers because of the automation and visibility that’s built into our SaaS platform. In 2025, we further expanded our data coverage through the acquisition of Cyral which allowed us to enter the Database Activity Monitoring (DAM) market and SlashNext, which, together with our MDDR offering, strengthens our ability to stop attacks via email and collaboration apps.

Since launching our SaaS offerings, we have seen SaaS deployments grow significantly and they are now the primary driver of our revenues. We expect SaaS revenues to continue to increase. However, our revenues may be negatively impacted due to revenue recognition accounting treatment variations associated with the increase in SaaS sales and whether and when existing term license subscription customers will continue to convert to SaaS. In addition, we have announced the end-of-life for our self-hosted business as of December 31, 2026. We expect this to result in increased variability with our remaining self-hosted customers going forward and for revenue fluctuations to persist as we seek to convert our remaining term-license customers to SaaS.

Overview

Varonis is a data security company focused on protecting what matters most to organizations: their data. Modern enterprises run on data that is created, copied, shared and accessed across cloud services, SaaS applications and on-premises environments, often faster than security teams can see, understand or control. We started Varonis around a simple observation that we believe has only intensified over time: the ability to create and share data scales far faster than the ability to secure it. Our strategy is built around closing that gap, giving organizations the deep visibility and automated controls to deeply understand their enterprise data, reduce exposure and respond to threats quickly, wherever their data lives.

We sell substantially all of our products and services through channel partners, including distributors and resellers, which sell to end-user customers, which we refer to in this report as our customers. We believe that our sales model, which combines the leverage of a channel sales model with our highly trained and professional sales force, has and will continue to play a major role in our ability to grow and to successfully deliver our unique value proposition for enterprise data. While our products serve customers of all sizes, across industries and across geographies, the marketing focus and majority of our sales focus is on targeting larger organizations who can make sizable initial purchases with us and, over time, have a greater potential lifetime value. Our customers span leading firms in the financial services, public, healthcare, industrial, insurance,

energy and utilities, technology, construction and engineering, education and consumer and retail sectors. We believe our existing customer base serves as a strong source of future incremental revenues given our broad platform of products, their growing volumes and complexity of enterprise data and related security concerns. We will continue our focus on targeting larger organizations who can make sizable purchases with us initially and over time. We are also focused on maintaining a high renewal rate by investing in the quality and reliability of our customer service and support teams to ensure our customers receive value from our products and providing software upgrades and enhancements when and if they are available. Our product offering currently contains coverage for most mission-critical cloud and on-premises data stores and cloud infrastructure environments, and many critical SaaS applications. Our renewal rate continued to be over 90% for the year ended December 31, 2025. In addition, our business has substantially transitioned to SaaS and we have announced the end-of-life for our self-hosted business as of December 31, 2026. We expect this to result in increased variability with our remaining self-hosted customers throughout the end-of-life period and as we seek to convert these remaining customers to SaaS.

We believe there is a significant long-term growth opportunity in both domestic and international markets, which could include any organization that relies on data stored in SaaS applications, IaaS environments, NAS devices, file shares, databases and email servers. For the year ended December 31, 2025, approximately 71% of our revenues were derived from the United States, while approximately 21% of our revenues were derived from EMEA and approximately 8% from ROW. Additionally, despite the revenue recognition variations from the accounting treatment associated with the positive trend of our increase in SaaS sales and existing customer conversions to SaaS, total revenues still grew approximately 13% for the year ended December 31, 2025, compared with the year ended December 31, 2024. We continue to expect expansion in both domestic and international markets to be key components of our long-term growth strategy. Over the last few years, we have seen changes in customer buying patterns including some budgetary tightening and additional scrutiny on enterprise spending as a result of a higher inflation and interest rate environment.

We continue to expand our domestic and international operations as part of our long-term growth strategy. While the expansion of our domestic operations is focused primarily on our underpenetrated territories, the expansion of our international operations depends in particular on our ability to hire, integrate and retain local sales leadership and personnel in these international markets, acquire new channel partners and implement an effective marketing strategy. Given the nominal amount of our ROW revenues, our ROW revenue growth rates have fluctuated in the past and may fluctuate in the future based on the timing of deal closures. In addition, the further expansion of our international operations will increase our sales and marketing and general and administrative expenses and will subject us to a variety of risks and challenges, including those related to economic and political conditions in each region, compliance with foreign laws and regulations, and compliance with domestic laws and regulations applicable to our international operations.

Since inception, we have continued to scale our business and execute on strategic initiatives which we believe have positioned us for durable long-term growth. During 2025, we have continued to grow our revenues despite revenue recognition accounting treatment variations associated with the increase in SaaS sales and existing customer conversions to SaaS. For the years ended December 31, 2025, 2024 and 2023, SaaS revenues were $462.6 million, $208.8 million and $44.4 million, respectively. For the years ended December 31, 2025, 2024 and 2023, our total revenues were $623.5 million, $551.0 million and $499.2 million, respectively. For the years ended December 31, 2025, 2024 and 2023, we had operating losses of $146.5 million, $117.7 million and $117.2 million and net losses of $129.3 million, $95.8 million and $100.9 million, respectively.

Key Performance Indicators and Recent Business Highlights

Annual Recurring Revenues

Annual recurring revenues is a key performance indicator defined as the annualized value of active SaaS contracts, term-based subscription license contracts and maintenance contracts in effect at the end of that period. SaaS contracts, term-based subscription license contracts and maintenance contracts are annualized by dividing the total contract value by the number of days in the term and multiplying the result by 365. As we have substantially transitioned to a SaaS delivery model and announced the end-of-life of our self-hosted business as of December 31, 2026, ARR associated with SaaS contracts ("SaaS ARR") will become a key performance indicator throughout 2026. Accordingly, we are disclosing SaaS ARR until the end-of-life of the self-hosted business is complete, at which point, ARR and SaaS ARR will be materially consistent.

As of December 31, 2025, 2024 and 2023, ARR was $745.4 million, $641.9 million and $543.0 million, respectively, an increase of 16% and 18% period over period, respectively. As of December 31, 2025, SaaS ARR is $638.5 million. The annualized value of contracts is a legal and contractual determination made by assessing the contractual terms with our customers. The annualized value of these contracts is not determined by reference to historical revenues, deferred revenues or any other GAAP financial measure over any period. ARR and SaaS ARR is not a forecast of future revenues and can be

impacted by contract start and end dates and renewal rates. We expect ARR and SaaS ARR to continue to increase in absolute dollars.

Transition to SaaS Delivery Model, SaaS as a Percentage of ARR and SaaS renewal rate

Over the last several years, we strategically expanded our offering to be delivered as SaaS solutions. During that time, we have seen SaaS deployments grow significantly and expect them to continue to increase. Due to differences in the revenue recognition accounting treatment and the conversion of existing term license subscription customers to SaaS, there may be significant variations in the reported revenues for a given period compared to the same period in the previous year. We expect these revenue variations to persist as we seek to convert our remaining term license subscription customers to SaaS and complete the end-of-life of our self-hosted business.

As of December 31, 2025, SaaS as a percentage of total ARR was approximately 86%. We expect this percentage to continue to increase as we seek to convert our remaining self-hosted customers to SaaS and we end-of-life our self-hosted business by the end of 2026. Accordingly, the historical renewal rate disclosure will be replaced by the SaaS renewal rate starting in 2026. This performance metric aligns with our new business model and how management views the business.

Remaining Performance Obligations

Remaining performance obligations ("RPO") represent contracted revenues that have not yet been recognized, which includes deferred revenues and non-cancelable amounts that will be invoiced in the future. Our RPO was $1,096.7 million as of December 31, 2025 and we expect RPO to increase in absolute dollars.

Business Acquisitions

On March 17, 2025, we completed the acquisition of Cyral, a private company which develops DAM software that uses agentless and stateless interception technology.

On August 28, 2025, we completed the acquisition of SlashNext, a private AI-native email security provider that detects advanced phishing and social engineering attacks.

For further information regarding the Cyral and SlashNext acquisitions, refer to Note 8 of our consolidated financial statements.

Components of Operating Results

Revenues

SaaS Revenues. SaaS revenues relate to the Varonis Data Security Platform delivered as a SaaS model. Over the last several years, we began to offer SaaS-delivered solutions and strategically enhanced our platform to safeguard customers' most mission-critical assets, including cloud environments, SaaS applications and on-premises data. Each of these products allow customers to use hosted software, and the related revenue from these products is recognized ratably over the associated contract period. Our SaaS solutions are the primary driver of our revenues and we expect SaaS revenues to continue to grow considerably. Conversions from a license sold on-premises to our SaaS offering during the original subscription period are accounted for on a prospective basis.

Term License Subscription Revenues. Term license subscription revenues relate to subscription license revenues which are sold on-premises and are recognized at the point in time when the software license has been delivered and the benefit of the asset has transferred. Maintenance associated with a term license subscription is recognized ratably over the term of the agreement.

Maintenance and Services Revenues. Maintenance and services revenues consist of revenues from maintenance agreements of past perpetual license sales and, to a lesser extent, professional services. Customers with maintenance agreements are entitled to receive support and unspecified upgrades and enhancements when and if they become available. We recognize the revenues associated with maintenance ratably over the associated contract period.

Our renewal rate for each of the years ended December 31, 2025, 2024 and 2023 continued to be over 90%. We measure the renewal rate for our customers over a 12-month period, based on a dollar renewal rate for contracts expiring during that time period. The expected increase in SaaS revenues, combined with the timing of conversions and renewals, as well as conversion and renewal rates, may result in significant variation in the revenues we recognize in a given period. We expect

term license subscription revenues and perpetual license revenues, including the associated maintenance and support related to perpetual licenses, to continue to decline.

The following table sets forth the percentage of our revenues that have been derived from SaaS, term license subscriptions and maintenance and services revenues for the periods presented.

Year Ended December 31,
2025 2024 2023
(as a percentage of total revenues)
Revenues:
SaaS 74.2 % 37.9 % 8.9 %
Term license subscriptions 17.6 % 46.1 % 71.4 %
Maintenance and services 8.2 % 16.0 % 19.7 %
Total revenues 100.0 % 100.0 % 100.0 %

Our products are used by a wide range of enterprises, including Fortune 500 corporations and small and medium-sized businesses. Our customers span a broad array of industries and are located in over 95 countries.

Cost of Revenues, Gross Profit and Gross Margin

Cost of revenues consist primarily of salaries (including payroll tax expense related to stock-based compensation), employee benefits (including commissions and bonuses) and stock-based compensation for our customer support, customer success, MDDR and services employees; third-party hosting fees; amortization of certain acquired intangible assets; travel expenses; and allocated overhead costs for facilities, IT and depreciation. We recognize expenses related to these costs as they are incurred and expect that these costs will increase in absolute dollars as we continue to invest in our customer success, support and MDDR teams and support the underlying programs that play a critical role in maintaining our high renewal rate.

Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. As the majority of our expenses are relatively fixed quarter over quarter and due to the seasonality of our business, the first quarter typically results in the lowest gross margin as our first quarter revenues have historically been the lowest for the year. Conversely, the fourth quarter typically results in the highest gross margin as our fourth quarter revenues have historically been the highest for the year. We have seen the impact of these seasonal patterns, due to differences in revenue recognition accounting treatment, decline in 2025 and we expect it to continue to decline, as we seek to sell more of our SaaS offering to customers and complete the end-of-life of our self-hosted business.

Operating Expenses

Operating expenses are classified into three categories: research and development, sales and marketing and general and administrative. For each category, the largest component is personnel costs, which consists of salaries (including payroll tax expense related to stock-based compensation), employee benefits (including commissions and bonuses) and stock-based compensation. Operating expenses also include allocated overhead costs for facilities, IT and depreciation. Allocated costs for facilities primarily consist of rent and office maintenance. Operating expenses are generally recognized as incurred. As a company, we have always aimed to tie our level of investment in the business to the revenues we expect to achieve and we actively manage expenses across the business. We expect personnel costs to continue to increase in absolute dollars as we continue to grow our business.

Research and Development. Research and development expenses primarily consist of personnel costs attributable to our research and development personnel, as well as allocated overhead costs. We expense research and development costs as incurred, except for certain internal use software development costs that are capitalized. We expect that our research and development expenses will continue to increase in absolute dollars as we further strengthen our technology platform and invest in the development of both existing and new products through the hiring of talented and capable employees.

Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, as well as marketing and business development costs, travel expenses, third-party hosting fees, training and education, allocated overhead costs and amortization of certain acquired intangible assets. We expect that sales and marketing expenses will continue to increase in absolute dollars as we plan to expand our sales and marketing efforts, both domestically and internationally. We also expect sales and marketing expenses to continue to be our largest category of operating expenses.

General and Administrative. General and administrative expenses primarily consist of personnel and facility-related costs for our executive, finance, legal, human resources and administrative personnel. Other expenses are comprised of legal, accounting and other consultant fees and other corporate expenses and allocated overhead. We expect that general and administrative expenses will increase in absolute dollars as we expand our operations.

Financial Income (Expenses), Net

Financial income (expenses), net consists primarily of interest income, amortization of premiums and accretion of discounts related to our investment in available for sale marketable securities, foreign exchange gains or losses, amortization of debt issuance costs and interest expense. Interest income represents interest received on our cash, cash equivalents, marketable securities and deposits. Foreign exchange gains or losses relate to our business activities in foreign countries with different operational reporting currencies. As a result of our business activities in foreign countries, we expect that foreign exchange gains or losses will continue to occur due to fluctuations in exchange rates in the countries where we do business. Amortization of debt issuance costs relate to the Notes we issued in May 2020 and September 2024. Interest expense consists of the contractual interest expenses associated with the Notes. The Notes we issued in May 2020 matured on August 15, 2025, as such, no further amortization of debt issuance costs or contractual interest expense will be incurred related to these Notes.

Income Taxes

We operate in the U.S. and in foreign jurisdictions and are subject to taxes in each country or jurisdiction in which we conduct business. Earnings from our non-U.S. activities are subject to local country income tax and may be subject to U.S. income tax.

Because of our history of operating losses, we have established a full valuation allowance against potential future benefits for deferred tax assets, including loss carryforwards. Our income tax provision could be significantly impacted by estimates surrounding our uncertain tax positions and changes to our valuation allowance in future periods. We reevaluate the judgments surrounding our estimates and make adjustments as appropriate each reporting period.

In addition, we are subject to the regular examinations of our income tax returns by different tax authorities. We regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our provision for income taxes.

On July 4, 2025, the U.S. enacted tax reform legislation through the One Big Beautiful Bill Act (OBBBA). Included in this legislation are provisions that allow for the immediate expensing of U.S. research and development expenses and certain capital expenditures, as well as changes to the U.S. taxation of profits derived from foreign operations. The impact of this legislation has been included within our consolidated financial statements.

Results of Operations

The following tables are a summary of our consolidated statements of operations in dollars and as a percentage of our total revenues.

Year Ended December 31,
2025 2024 2023
(in thousands)
Statement of Operations Data:
Revenues:
SaaS $ 462,595 $ 208,781 $ 44,417
Term license subscriptions 109,635 254,241 356,490
Maintenance and services 51,302 87,928 98,253
Total revenues 623,532 550,950 499,160
Cost of revenues 131,974 93,847 71,751
Gross profit 491,558 457,103 427,409
Operating expenses:
Research and development 237,814 196,765 183,838
Sales and marketing 301,342 288,769 277,893
General and administrative 98,916 89,220 82,901
Total operating expenses 638,072 574,754 544,632
Operating loss (146,514) (117,651) (117,223)
Financial income, net 30,194 34,644 30,305
Loss before income taxes (116,320) (83,007) (86,918)
Income taxes (13,004) (12,758) (13,998)
Net loss $ (129,324) $ (95,765) $ (100,916)
Year Ended December 31,
--- --- --- --- --- --- ---
2025 2024 2023
(as a percentage of total revenues)
Statement of Operations Data:
Revenues:
SaaS 74.2 % 37.9 % 8.9 %
Term license subscriptions 17.6 46.1 71.4
Maintenance and services 8.2 16.0 19.7
Total revenues 100.0 100.0 100.0
Cost of revenues 21.2 17.0 14.4
Gross profit 78.8 83.0 85.6
Operating expenses:
Research and development 38.1 35.8 36.8
Sales and marketing 48.3 52.4 55.7
General and administrative 15.9 16.2 16.6
Total operating expenses 102.3 104.4 109.1
Operating loss (23.5) (21.4) (23.5)
Financial income, net 4.8 6.3 6.1
Loss before income taxes (18.7) (15.1) (17.4)
Income taxes (2.0) (2.3) (2.8)
Net loss (20.7) % (17.4) % (20.2) %

Comparison of Years Ended December 31, 2025 and 2024

Revenues

Year Ended December 31,
2025 2024 % Change
(in thousands)
Revenues:
SaaS $ 462,595 $ 208,781 121.6 %
Term license subscriptions 109,635 254,241 (56.9) %
Maintenance and services 51,302 87,928 (41.7) %
Total revenues $ 623,532 $ 550,950 13.2 %
Year Ended December 31,
--- --- --- --- ---
2025 2024
(as a percentage of total revenues)
Revenues:
SaaS 74.2 % 37.9 %
Term license subscriptions 17.6 46.1
Maintenance and services 8.2 16.0
Total revenues 100.0 % 100.0 %

For the year ended December 31, 2025, our revenues increased 13% compared to the year ended December 31, 2024, despite increased SaaS sales and existing customer conversions to SaaS which cause variations due to accounting treatment differences in revenue recognition for sales within the respective periods. SaaS revenues increased 122% from $208.8 million for the year ended December 31, 2024, to $462.6 million for the year ended December 31, 2025, as we completed our transition to a SaaS delivery model. The increase in SaaS revenues was driven by (i) new customer acquisitions, which are happening due to the simplicity and automated outcomes of our SaaS platform and MDDR offering, as well as customer interest in Gen AI, (ii) existing customer conversions and upselling and (iii) our high renewal rates. Consequently, there was an expected decrease to term license subscriptions given the aforementioned transition and customer conversions, a trend we expect to continue in the near future. ARR was $745.4 million and $641.9 million as of December 31, 2025 and 2024, respectively, representing an increase of 16%. The anticipated decrease in maintenance and services revenues was due to the conversion of existing customers to SaaS and churn, despite our renewal rate continuing to be over 90% for each of the years ended December 31, 2025 and 2024. We continue to expect less maintenance and services revenues in the future.

Cost of Revenues and Gross Margin

Year Ended December 31,
2025 2024 % Change
(in thousands)
Cost of revenues $ 131,974 $ 93,847 40.6 %
Year Ended December 31,
--- --- --- --- ---
2025 2024
(as a percentage of total revenues)
Total gross margin 78.8 % 83.0 %

The increase in cost of revenues was primarily related to a $19.7 million increase in third-party hosting costs associated with our transition to a SaaS delivery model. The increase is also due to a $15.0 million increase in salaries, benefits and stock-based compensation expense due to increased headcount for customer success personnel to assist with the completion of our SaaS transition, including our MDDR offering, to ensure high customer satisfaction and to maintain our strong renewal rates.

Operating Expenses

Year Ended December 31,
2025 2024 % Change
(in thousands)
Operating expenses:
Research and development $ 237,814 $ 196,765 20.9 %
Sales and marketing 301,342 288,769 4.4 %
General and administrative 98,916 89,220 10.9 %
Total operating expenses $ 638,072 $ 574,754 11.0 %
Year Ended December 31,
--- --- --- --- ---
2025 2024
(as a percentage of total revenues)
Operating expenses:
Research and development 38.1 % 35.8 %
Sales and marketing 48.3 % 52.4 %
General and administrative 15.9 % 16.2 %
Total operating expenses 102.3 % 104.4 %

The increase in research and development expenses was primarily related to a $35.5 million increase in salaries, benefits and stock-based compensation expense primarily due to increased headcount and conditional consideration related to the business acquisitions, an increase of $5.7 million in facilities and allocated overhead costs, a $4.3 million increase in third-party hosting costs associated with our transition to a SaaS delivery model and a $1.5 million increase in acquisition-related costs associated with the business acquisitions, partially offset by a $6.7 million decrease in acquired in-process research and development costs associated with a prior period asset acquisition.

The increase in sales and marketing expenses was primarily related to an increase of $5.2 million in general sales and marketing expenses, including increased travel, marketing events and third-party hosting costs associated with our transition to a SaaS delivery model, a $5.0 million increase in salaries, benefits and stock-based compensation expense and an increase of $2.1 million in facilities and allocated overhead costs.

The increase in general and administrative expenses was primarily related to an increase of $4.8 million in salaries and benefits and stock-based compensation expense primarily due to increased headcount to support the overall growth of our business, a $2.5 million increase in consulting and services fees and a $2.1 million increase in acquisition-related costs associated with the business acquisitions.

Financial Income, Net

Year Ended December 31,
2025 2024 % Change
(in thousands)
Financial income, net $ 30,194 $ 34,644 (12.8) %

The decrease in financial income, net was primarily due to amortization of premiums on marketable securities, foreign currency losses and higher interest and issuance cost amortization expense related to the 2029 convertible note, partially offset by higher interest income.

Income Taxes

Year Ended December 31,
2025 2024 % Change
(in thousands)
Income taxes $ (13,004) $ (12,758) 1.9 %

Income taxes for the year ended December 31, 2025, including the increase in income taxes, were comprised of foreign and U.S. income taxes.

Inflation

We do not believe that inflation rates have had a material effect on our business, financial condition or results of operations in the last three fiscal years. If our costs were to become subject to significant inflationary pressures, we may not be able to fully offset such higher costs through price increases. Our inability or failure to do so could harm our business, financial condition and results of operations.

Comparison of Years Ended December 31, 2024 and 2023

For a comparison of our results of operations for the years ended December 31, 2024 and 2023, see “Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of our Annual Report on Form 10-K for the year ended December 31, 2024, filed with the SEC on February 6, 2025, which comparative information is herein incorporated by reference.

Seasonality and Quarterly Trends

When selling on-premises subscription products, our quarterly results reflect seasonality in the sale of our products and services. Historically, we have experienced a pattern of increased sales in the fourth quarter. This trend makes it difficult to achieve sequential revenue growth in the first quarter of the following year. Because of purchasing trends, demand for our products and services is typically slowest in the first quarter, resulting in a decrease in quarterly revenues from the fourth quarter to the first quarter of the subsequent fiscal year. Our gross margins and operating margins have been affected by these historical trends because the majority of our expenses are relatively fixed quarter over quarter. Our expenses, which do not vary directly with revenues, and the seasonal pattern described above have an impact on the cost of revenues, research and development expenses, sales and marketing expenses and general and administrative expenses as a percentage of revenues in each calendar quarter during the year. We have seen the impact of these seasonal patterns, due to the ratable revenue recognition of SaaS, decline in 2025 and we expect it to continue to decline, as we seek to sell more of our SaaS offering to customers and complete the end-of-life of our self-hosted business. The majority of our expenses are personnel-related costs, which consist of salaries (including payroll tax expense related to stock-based compensation), employee benefits (including commissions and bonuses) and stock-based compensation. As a result, we have not experienced significant seasonal fluctuations in the timing of expenses from period to period.

Liquidity and Capital Resources

The following table shows our liquidity and capital resources and our cash flows from operating activities, investing activities and financing activities for the years ended December 31, 2025 and 2024. For a discussion of our liquidity and capital resources and our cash flow activities for the fiscal year ended December 31, 2023, see “Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of our Annual Report on Form 10-K for the year ended December 31, 2024, filed with the SEC on February 6, 2025, which discussion is herein incorporated by reference.

Year Ended December 31,
2025 2024
(in thousands)
Net cash provided by operating activities $ 147,431 $ 115,200
Net cash used in investing activities (837) (532,255)
Net cash provided by (used in) financing activities (129,697) 371,900
Increase (decrease) in cash and cash equivalents $ 16,897 $ (45,155)

As of December 31, 2025, our cash and cash equivalents, short-term marketable securities and short-term deposits of $921.0 million were held for working capital purposes. We believe that our existing cash and cash equivalents, short-term marketable securities, short-term deposits and cash flow from operations will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Additionally, as of December 31, 2025, we held $187.2 million in long-term marketable securities. Our future capital requirements will depend on many factors, including our rate of revenue growth, timing of renewals and renewal rates, the amount and timing of conversions, the expansion of our sales and marketing

activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new software products and enhancements to existing software products, the continuing market acceptance of our software offerings and our use of cash to pay for acquisitions or share repurchases, if any.

Operating Activities

Our operating activities are driven by sales of our products less costs and expenses, primarily payroll and related expenses, and adjusted for certain non-cash items, mainly depreciation and amortization, stock-based compensation, amortization of deferred commissions, non-cash operating lease costs, amortization of debt issuance costs, amortization of premium and accretion of discount on marketable securities and changes in operating assets and liabilities. Changes in operating assets and liabilities are driven mainly by collection of accounts receivable from the sales of our software products and deferred revenue, which primarily consists of billed fees for our subscriptions, prior to satisfying the criteria for revenue recognition, which are subsequently recognized as revenue in accordance with our revenue recognition policy.

For 2025, net cash provided by operating activities were $147.4 million. We have historically observed two seasonal patterns that impact our net cash provided by operating activities, which we continue to expect under a SaaS delivery model. First, a majority of our sales are made during the last three weeks of the quarter. Second, the highest dollar amount of sales of our products and services occurs in the fourth quarter. Consequently, we end the fourth quarter with our highest accounts receivable balance of any quarter which in turn generates the greatest amount of collections in the following quarter. In addition, there is negative sequential sales in the first quarter, which results in a relatively lower amount collected during the second quarter. These seasonal trends also impact our operating loss because the majority of our expenses are relatively fixed in the short-term. For 2025, cash inflows were $80.2 million from our net loss excluding non-cash and non-operating cash flow charges. Additional sources of cash inflows were from changes in our working capital, including a $148.1 million increase in deferred revenues, a $52.8 million increase in accrued expenses and other liabilities, a $2.4 million increase in other long-term liabilities and a $1.2 million increase in trade payables. This was partially offset by a $83.6 million increase in prepaid expenses and other short-term assets (including deferred commissions), a $52.6 million increase in accounts receivable and a $1.1 million increase in other long-term assets. Our days’ sales outstanding (“DSO”) for the three months and year ended December 31, 2025 was 81 and 77, respectively.

For 2024, net cash provided by operating activities were $115.2 million. Sources of cash inflows were $102.1 million from our net loss excluding non-cash and non-operating cash flow charges. Additional sources of cash inflows were from changes in our working capital, including a $110.4 million increase in deferred revenues, a $17.3 million increase in accrued expenses and other liabilities, a $3.6 million increase in trade payables, a $0.3 million decrease in other long-term assets and a $0.3 million increase in other long-term liabilities. This was partially offset by a $95.2 million increase in prepaid expenses and other short-term assets (including deferred commissions) and a $23.7 million increase in accounts receivable. Our DSO for the three months and year ended December 31, 2024 was 77 and 74, respectively.

Investing Activities

Our investing activities consist primarily of acquisitions, capital expenditures to purchase property and equipment, including leasehold improvements, capitalized internal-use software, purchase and sale of deposits and marketable securities. In the future, we expect to continue to incur capital expenditures to support our expanding operations.

For 2025, net cash used in investing activities of $0.8 million was primarily attributable to $123.5 million of cash paid for acquisitions, net of cash acquired, $12.6 million in capital expenditures to support our growth including hardware, software, office equipment and leasehold improvements mainly in connection with existing office space and $2.9 million for capitalized internal-use software expenditures. This was partially offset by net proceeds of $135.5 million in marketable securities and net proceeds of $2.7 million in deposits.

For 2024, net cash used in investing activities of $532.3 million was primarily attributable to net investments of $529.4 million in marketable securities, $6.7 million for in-process research and development and $6.7 million in capital expenditures to support our growth including hardware, office equipment and leasehold improvements mainly in connection with existing office space. This was partially offset by net proceeds of $10.5 million in deposits.

Financing Activities

For 2025, net cash used in financing activities of $129.7 million was attributable to $115.0 million in repurchases of common stock, $29.2 million in taxes paid related to net share settlement of equity awards and $0.1 million in repayment of

2025 convertible senior note principal, partially offset by $14.3 million of proceeds from employee stock plans and $0.3 million in proceeds from options to repurchase common stock.

For 2024, net cash provided by financing activities of $371.9 million was attributable to $449.6 million of net proceeds from the issuance of convertible senior notes and $16.1 million of proceeds from employee stock plans, partially offset by $55.5 million related to purchases of capped calls associated with the issued convertible senior notes and $38.3 million in taxes paid related to net share settlement of equity awards.

Convertible Notes

On September 10, 2024, we issued $460.0 million aggregate principal amount of Notes (the "2029 Notes"). The net proceeds from the offering, after deducting issuance costs, were approximately $449.6 million. In connection with the issuance of the 2029 Notes, we used $55.5 million of the net proceeds to enter into Capped Call Transactions.

On May 11, 2020, we issued $253.0 million aggregate principal amount of Notes (the "2025 Notes" and together with the 2029 Notes, the "Notes"). The net proceeds from the offering, after deducting issuance costs, were approximately $245.2 million. In connection with the issuance of the 2025 Notes, we used $29.3 million of the net proceeds to enter into Capped Call Transactions. The 2025 Notes were settled prior to or on their maturity date of August 15, 2025 in accordance with the terms of the 2025 Indenture. Additionally, the Capped Call Transactions entered into in connection with the 2025 Notes were executed and net share settled.

For further information regarding the Notes and Capped Call Transactions, refer to Note 7 of our consolidated financial statements.

Share Repurchase Programs

In February 2025, our board of directors authorized a share repurchase program of up to $100.0 million of the Company’s common stock (the “February 2025 Share Repurchase Program”). Under the February 2025 Share Repurchase Program, we were authorized to repurchase shares through open market purchases, privately-negotiated transactions or otherwise in accordance with applicable federal securities laws, including through Rule 10b5-1 trading plans and under Rule 10b-18 of the Exchange Act. The February 2025 Share Repurchase Program was completed in April 2025.

In October 2025, our board of directors authorized a share repurchase program of up to $150.0 million of the Company’s common stock (the “October 2025 Share Repurchase Program”). Under the October 2025 Share Repurchase Program, we are authorized to repurchase shares through open market purchases, privately-negotiated transactions or otherwise in accordance with applicable federal securities laws, including through Rule 10b5-1 trading plans and under Rule 10b-18 of the Exchange Act. At December 31, 2025, we had $135.0 million of capacity remaining under our October 2025 Share Repurchase Program which will expire in October 2026. The number of shares to be purchased and the timing of purchases will be based on our trading windows, available liquidity, and general business and market conditions.

Contractual Payment Obligations

Our principal commitments primarily consist of obligations under leases for office space and motor vehicles. Aggregate minimum rental commitments under non-cancelable leases as of December 31, 2025 for the upcoming years were as follows:

Payments Due by Period
2026 2027 2028 2029 2030 Thereafter Total
(in thousands)
Operating lease obligations $ 13,639 $ 14,929 $ 11,809 $ 13,440 $ 12,364 $ 24,808 $ 90,989

We have obligations related to unrecognized tax benefit liabilities totaling $50.5 million and others related to severance pay, which have been excluded from the table above as we do not believe it is practicable to make reliable estimates of the periods in which payments for these obligations will be made. We also have contractual minimum purchase commitments with service providers through August 31, 2027, October 31, 2028 and May 31, 2031. These commitments total $4.9 million, $2.5 million and $23.9 million due within the next 12 months, respectively and $10.5 million, $3.8 million and $377.6 million (with no specified annual commitments), respectively, due thereafter. We expect to fund these obligations with cash flows from operations and cash on our balance sheet.

Off-Balance Sheet Arrangements

As of December 31, 2025, we did not have any off-balance sheet arrangements.

Critical Accounting Policies and Estimates

We prepare our consolidated financial statements in accordance with generally accepted accounting principles in the United States. The preparation of consolidated financial statements also requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenues, costs and expenses and related disclosures. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances. Actual results could differ significantly from the estimates made by our management. To the extent that there are differences between our estimates and actual results, our future financial statement presentation, financial condition, results of operations and cash flows will be affected. We believe that our accounting policies described in Note 2. Significant Accounting Policies in Part II, Item 8 of this Annual Report on Form 10-K, the critical accounting policy estimates, assumptions and judgments that have the most significant impact on our consolidated financial statements are described below. Critical accounting policies and estimates are those that we consider the most important to the portrayal of our financial condition and results of operations because they require our most difficult, subjective or complex judgments, often as a result of the need to make estimates about the effect of the matters that are inherently uncertain.

Revenue Recognition:

We generate revenues primarily in the form of SaaS revenues, term license subscriptions and maintenance and services fees. SaaS revenue is recognized ratably over the associated contract period. Term license subscription software sold on-premises is recognized at the point in time when the software license has been delivered and the benefit of the asset has transferred. Maintenance associated with term license subscription software is recognized ratably over the term of the agreement.

We enter into contracts that can include combinations of products and services, which are generally capable of being distinct and accounted for as separate performance obligations. Judgment is required when considering the terms and conditions of these contracts and estimating the standalone selling price ("SSP"). The transaction price for these contracts is allocated to the separate performance obligations on a relative SSP basis. The SSP is the price at which we would sell the promised SaaS, term-based license or maintenance services to a customer. For software licenses and maintenance included in term license subscriptions, we determine the standalone selling prices based on the price at which we separately sell maintenance renewals for past perpetual licenses.

Income Taxes:

We account for income taxes using the asset and liability method whereby deferred tax assets and liability account balances are determined based on the differences between financial reporting and the tax basis for assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. We provide a valuation allowance, if necessary, to reduce deferred tax assets to the amounts that are more likely-than-not to be realized.

We account for unrecognized tax positions under a two-step approach. The first step is to evaluate the tax position taken or expected to be taken in a tax return by determining if the weight of available evidence indicates that it is more likely than not that, on an evaluation of the technical merits, the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. The second step is to measure the tax benefit as the largest amount that is more than 50% likely to be realized upon ultimate settlement. Assumptions, judgment, and the use of estimates are required in determining if the more-likely-than-not standard has been met and in determining the expected benefit when developing the provision for income taxes. Our evaluations are based upon a number of factors, including changes in facts or circumstances, changes in tax law or guidance, correspondence with tax authorities during the course of audits, and effective settlement of audit issues. Changes in these or other factors could result in material increases or decreases in our provision for income taxes in the period in which we make the change.

Business Combinations:

We account for our business combinations using the acquisition method of accounting, which requires, among other things, allocation of the fair value of purchase consideration to the tangible and intangible assets acquired and liabilities assumed at their estimated fair values on the acquisition date. The excess of the fair value of purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill. When determining the fair value of assets acquired and liabilities assumed, we make judgments, estimates and assumptions, especially with respect to intangible assets. Although

we believe our estimates of fair value are based upon assumptions believed to be reasonable, they are based on historical experience, market conditions and information obtained from management of the acquired companies and are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates. Examples of these judgments include, but are not limited to, future expected cash flows, discount rates, useful lives, technology obsolescence rates and customer attrition rates.

Recently Adopted Accounting Pronouncements

In December 2023, the Financial Accounting Standards Board (“FASB”) issued Accounting Standards Update ("ASU") 2023-09, Income Taxes (Topic 740) - Improvements to Income Tax Disclosures. The ASU requires that an entity disclose specific categories in the effective tax rate reconciliation, as well as provide additional information for reconciling items that meet a quantitative threshold. Further, the ASU requires certain disclosures of state versus federal income tax expense and taxes paid. The amendments in this ASU are required to be adopted for fiscal years beginning after December 15, 2024. We adopted ASU 2023-09 during the year ended December 31, 2025, on a prospective basis, which resulted in updated income tax disclosures. See Note 12 in the accompanying notes to our consolidated financial statements for further detail.

In July 2025, the FASB issued ASU 2025-05, Financial Instruments-Credit Losses (Topic 326) - Measurement of Credit Losses for Accounts Receivable and Contract Assets. The ASU provides a practical expedient to measure credit losses on current accounts receivable and contract assets under ASC No. 606, "Revenue from Contracts with Customers." The practical expedient assumes that current conditions as of the balance sheet date do not change for the remaining life of the asset. For public business entities, ASU 2025-05 is effective for annual reporting periods beginning after December 15, 2025, and interim reporting periods within those annual reporting periods. Early adoption of ASU 2025-05 is permitted. We adopted ASU 2025-05 during the year ended December 31, 2025, on a prospective basis, which did not have a material impact on our consolidated financial statements.

Recently Issued Accounting Pronouncements Not Yet Adopted

In November 2024, the FASB issued ASU 2024-03, Income Statement-Reporting Comprehensive Income-Expense Disaggregation Disclosures (Subtopic 220-40) - Disaggregation of Income Statement Expenses. The ASU requires, among other items, additional disaggregated disclosures in the notes to the financial statements for certain categories of expenses that are included in the statements of operations. ASU 2024-03 is effective for fiscal years beginning after December 15, 2026, and for interim periods within fiscal years beginning after December 15, 2027, with early adoption permitted, and may be applied either prospectively or retrospectively. We are currently evaluating the effect of adopting the ASU on our disclosures.

In September 2025, the FASB issued ASU 2025-06, Intangibles-Goodwill and Other-Internal-Use Software (Subtopic 350-40) - Targeted Improvements to the Accounting for Internal-Use Software. The ASU was updated to consider different methods of software development and requires internal use software costs to be capitalized when management has authorized and committed to funding the software project and when significant uncertainty associated with the development of the software has been resolved. The amendments in this ASU are required to be adopted for annual and interim reporting periods beginning after December 15, 2027, with early adoption permitted, and may be applied either through a prospective, retrospective or a modified transition approach. We are currently evaluating the effect of adopting the ASU on our consolidated financial statements.

In December 2025, the FASB issued ASU 2025-11, Interim Reporting (Topic 270) - Narrow-Scope Improvements. The ASU was updated to improve the navigability of the required interim disclosures within ASC No. 270 and to clarify when the guidance applies. This ASU is not intended to change the fundamental nature of interim reporting or expand or reduce current interim disclosure requirements. The amendments in this ASU are required to be adopted for interim reporting periods beginning after December 15, 2027, with early adoption permitted, and may be applied either through a prospective or retrospective approach. We are currently evaluating the effect of adopting the ASU on our condensed consolidated financial statement disclosures.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk exposure is primarily a result of fluctuations in foreign currency exchange rates. We do not hold financial instruments for trading or speculative purposes.

Market Risk

We are exposed to certain financial risks, including fluctuations in foreign currency exchange rates and interest rates. We manage our exposure to these market risks through internally established policies and procedures. Our policies do not allow speculation in derivative instruments for profit or execution of derivative instrument contracts for which there are no underlying exposures. We do not use financial instruments for trading or speculative purposes, and we are not a party to any leveraged derivatives. We monitor our underlying market risk exposures on an ongoing basis and, where appropriate, may use hedging strategies to mitigate these risks.

Foreign Currency Exchange Risk

Approximately one quarter of our revenues for the years ended December 31, 2025 and 2024 were earned in non-U.S. dollar denominated currencies, mainly in the Euro and Pound Sterling. Our expenses are generally denominated in the currencies in which our operations are located, primarily the U.S. dollar and New Israeli Shekel, and to a lesser extent the Euro, Pound Sterling, Canadian dollar, Australian dollar and Singapore dollar. Our expenses denominated in foreign currencies consist primarily of personnel and overhead costs from our international operations. Our consolidated results of operations and cash flow are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates. We enter into financial hedging strategies to reduce our exposure to foreign currency rate changes. During 2025, the effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business, after considering foreign currency hedges, would not have had a material impact on our consolidated financial statements.

For purposes of our consolidated financial statements, local currency assets and liabilities are translated at the rate of exchange to the U.S. dollar on the balance sheet date and local currency revenues and expenses are translated at the exchange rate at the date of the transaction or the average exchange rate during the reporting period.

We use derivative financial instruments, specifically foreign currency forward contracts, to manage exposure to foreign currency risks, by hedging a portion of our forecasted revenues and expenses generally expected to occur within periods of up to 24 months. A majority of our revenues and operating expenses are transacted in U.S. dollars; however, certain revenues and operating expenses are incurred in or exposed to other currencies, specifically, the Euro and Pound Sterling for revenues and the New Israeli Shekel, Euro and Pound Sterling for operating expenses. The effect of exchange rate changes on foreign currency forward contracts is expected to offset the effect of exchange rate changes on the underlying hedged item. We do not use derivative financial instruments for trading or speculative purposes.

Interest Rate Risk

As of December 31, 2025, we have cash and cash equivalents, short-term marketable securities and short-term deposits of $921.0 million and investments in long-term marketable securities of $187.2 million. We hold our cash and cash equivalents, short-term marketable securities and short-term deposits for working capital purposes. We do not enter into marketable security investments for trading or speculative purposes.

Our cash and cash equivalents, marketable securities and short-term deposits are subject to market risk due to changes in interest rates, which may affect our interest income and the fair value of our marketable securities. Due in part to these factors, our future investment income may fluctuate due to changes in interest rates or we may suffer losses in principal if we are forced to sell securities that decline in market value due to changes in interest rates. Due to the liquid and short-term nature of our cash and cash equivalents, short-term marketable securities and short-term deposit instruments, we believe that we do not have any material exposure to changes in the fair value of these instruments as a result of changes in interest rates. Additionally, because we classify our marketable securities as available-for-sale securities, no gains or losses are recognized in the consolidated statements of operations due to the changes in interest rates, unless securities are sold prior to maturity or declines in fair value are determined to be other-than-temporary. The effect of a hypothetical 100 basis point change in interest rates would not have a material impact on our consolidated financial statements.

In September 2024 we issued the 2029 Notes, which have a fixed annual interest rate of 1.00%, and therefore, we do not have economic interest rate exposure on the 2029 Notes. However, the value of the 2029 Notes is exposed to interest rate risk. Generally, the fair market value of our fixed interest rate 2029 Notes will increase as interest rates fall and decrease as interest rates rise. In addition, the fair value of the 2029 Notes is affected by our stock price. The fair value of the 2029 Notes will generally increase as our common stock price increases and will generally decrease as our common stock price declines in value. Additionally, we carry the 2029 Notes at face value less unamortized costs in our consolidated balance sheets, and we present the fair value for required disclosure purposes only.

To the extent we enter into other long-term debt arrangements in the future, we would be subject to fluctuations in interest rates which could have a material impact on our future financial condition and results of operation.

Item 8. Financial Statements and Supplementary Data

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

Page
Reports of Independent Registered Public Accounting Firm (PCAOB ID No. 1281) 54
Consolidated Balance Sheets 58
Consolidated Statements of Operations 60
Consolidated Statements of Comprehensive Loss 61
Consolidated Statements of Changes in Stockholders’ Equity 62
Consolidated Statements of Cash Flows 63
Notes to Consolidated Financial Statements 65
Kost Forer Gabbay & Kasierer<br><br>144 Menachem Begin Road, Building A<br><br>Tel-Aviv 6492102, Israel Tel: +972-3-6232525<br>Fax: +972-3-5622555<br>ey.com
--- ---

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Stockholders and the Board of Directors of

VARONIS SYSTEMS, INC.

Opinion on the Financial Statements

We have audited the accompanying consolidated balance sheets of Varonis Systems, Inc. and subsidiaries (the Company) as of December 31, 2025 and 2024, the related consolidated statements of operations, comprehensive loss, changes in stockholders’ equity and cash flows for each of the three years in the period ended December 31, 2025, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2025 and 2024, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2025, in conformity with U.S. generally accepted accounting principles.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of December 31, 2025, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated February 4, 2026 expressed an unqualified opinion thereon.

Basis for Opinion

These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

Critical Audit Matter

The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective or complex judgments. The communication of the critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.

Kost Forer Gabbay & Kasierer<br><br>144 Menachem Begin Road, Building A<br><br>Tel-Aviv 6492102, Israel Tel: +972-3-6232525<br>Fax: +972-3-5622555<br>ey.com
Revenue Recognition - Evaluation of standalone selling price of subscription licenses
---

Description of the Matter

As described in Note 2n to the consolidated financial statements, the Company generates revenues, among others, from term license subscriptions that are sold on-premises and are comprised of time-based licenses whereby customers use the Company's software and maintenance associated with term license subscriptions software (including support and unspecified upgrades and enhancements when and if they are available) for a specified period. The term license subscriptions software and maintenance are distinct and accounted for as separate performance obligations, and the Company allocates the transaction price to each performance obligation based on its relative standalone selling price.

Term license software subscriptions are recognized at the point in time when the software license has been delivered and the benefit of the asset has been transferred. Maintenance associated with term license software subscriptions is recognized ratably over the term of the agreement.

The Company does not sell term license software subscriptions or maintenance for term license software subscriptions on a standalone basis. Therefore, the Company makes subjective assumptions to estimate the standalone selling price for each of the performance obligations and determines the standalone selling price based on observable standalone selling prices of maintenance contracts associated with past perpetual licenses.

Auditing the Company’s determination of the standalone selling price for the term license software subscriptions and maintenance for term license software subscriptions was challenging and complex due to the high degree of judgment involved in the determination of the estimated standalone selling price. Changes to the standalone selling price could have a significant impact on revenues recognized.

How We Addressed the Matter in Our Audit

We obtained an understanding, evaluated the design and tested the operating effectiveness of internal controls related to the Company’s estimation of the standalone selling price for the term license software subscriptions and maintenance for term license software subscriptions.

We evaluated management’s methodology and reasonableness of assumptions used for the estimate of standalone selling price by testing the completeness and accuracy of management’s analysis and underlying data by tracing a selection of data points from relevant transactions to management's analysis. We also tested the mathematical accuracy of management’s related calculations.

Finally, we assessed the appropriateness of the related disclosures in the consolidated financial statements.

We have served as the Company’s auditor since 2007.

/s/ KOST FORER GABBAY & KASIERER

A Member of EY Global

Tel-Aviv, Israel

February 4, 2026

Kost Forer Gabbay & Kasierer<br><br>144 Menachem Begin Road, Building A<br><br>Tel-Aviv 6492102, Israel Tel: +972-3-6232525<br>Fax: +972-3-5622555<br>ey.com

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Stockholders and the Board of Directors of

VARONIS SYSTEMS, INC.

Opinion on Internal Control over Financial Reporting

We have audited Varonis Systems, Inc. and subsidiaries' internal control over financial reporting as of December 31, 2025, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Varonis Systems, Inc. and subsidiaries (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31, 2025, based on the COSO criteria.

As indicated in the accompanying Management's Annual Report on Internal Control Over Financial Reporting, management’s assessment of and conclusion on the effectiveness of internal control over financial reporting did not include the internal controls of Cyral, LLC (Cyral) and SlashNext, LLC (SlashNext), which are included in the 2025 consolidated financial statements of the Company. Cyral and SlashNext each constituted less than 1% of total and net assets (excluding acquired goodwill and intangible assets), as of December 31, 2025 and less than 1% of revenues, for the year then ended. Our audit of internal control over financial reporting of the Company also did not include an evaluation of the internal control over financial reporting of Cyral and SlashNext.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of December 31, 2025 and 2024, the related consolidated statements of operations, comprehensive loss, changes in stockholders’ equity and cash flows for each of the three years in the period ended December 31, 2025, and the related notes and our report dated February 4, 2026 expressed an unqualified opinion thereon.

Basis for Opinion

The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management's Annual Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects.

Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

Definition and Limitations of Internal Control Over Financial Reporting

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and

Kost Forer Gabbay & Kasierer<br><br>144 Menachem Begin Road, Building A<br><br>Tel-Aviv 6492102, Israel Tel: +972-3-6232525<br>Fax: +972-3-5622555<br>ey.com

procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

/s/ KOST FORER GABBAY & KASIERER

A Member of EY Global

Tel-Aviv, Israel

February 4, 2026

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

CONSOLIDATED BALANCE SHEETS

(in thousands)

December 31,
2025 2024
Assets
Current assets:
Cash and cash equivalents $ 202,482 $ 185,585
Marketable securities 681,225 343,383
Short-term deposits 37,259 39,450
Trade receivables (net of allowance of $1,260 and $2,518 at December 31, 2025 and December 31, 2024, respectively) 242,822 192,832
Prepaid expenses and other short-term assets 134,767 116,824
Total current assets 1,298,555 878,074
Long-term assets:
Long-term marketable securities 187,202 658,896
Operating lease right-of-use assets 57,677 45,593
Property and equipment, net 36,032 30,795
Intangible assets, net 16,687
Goodwill 135,276 23,135
Other assets 60,183 27,782
Total long-term assets 493,057 786,201
Total assets $ 1,791,612 $ 1,664,275

The accompanying notes are an integral part of these consolidated financial statements.

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

CONSOLIDATED BALANCE SHEETS

(in thousands, except share data)

December 31,
2025 2024
Liabilities and stockholders’ equity
Current liabilities:
Trade payables $ 5,735 $ 4,313
Accrued expenses and other short-term liabilities 225,411 164,930
Convertible senior notes, net 250,529
Deferred revenues 427,811 290,113
Total current liabilities 658,957 709,885
Long-term liabilities:
Convertible senior notes, net 452,259 450,243
Operating lease liabilities 59,749 42,789
Deferred revenues 14,406 2,211
Other liabilities 7,585 3,491
Total long-term liabilities 533,999 498,734
Stockholders’ equity:
Share capital
Common stock of $0.001 par value - Authorized: 200,000,000 shares at December 31, 2025 and December 31, 2024; Issued and outstanding: 117,546,852 shares at December 31, 2025 and 112,550,156 shares at December 31, 2024 118 113
Accumulated other comprehensive income 23,132 2,676
Additional paid-in capital 1,444,885 1,193,022
Accumulated deficit (869,479) (740,155)
Total stockholders’ equity 598,656 455,656
Total liabilities and stockholders’ equity $ 1,791,612 $ 1,664,275

The accompanying notes are an integral part of these consolidated financial statements.

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

CONSOLIDATED STATEMENTS OF OPERATIONS

(in thousands, except share and per share data)

Year ended
December 31,
2025 2024 2023
Revenues:
SaaS $ 462,595 $ 208,781 $ 44,417
Term license subscriptions 109,635 254,241 356,490
Maintenance and services 51,302 87,928 98,253
Total revenues 623,532 550,950 499,160
Cost of revenues 131,974 93,847 71,751
Gross profit 491,558 457,103 427,409
Operating expenses:
Research and development 237,814 196,765 183,838
Sales and marketing 301,342 288,769 277,893
General and administrative 98,916 89,220 82,901
Total operating expenses 638,072 574,754 544,632
Operating loss (146,514) (117,651) (117,223)
Financial income, net 30,194 34,644 30,305
Loss before income taxes (116,320) (83,007) (86,918)
Income taxes (13,004) (12,758) (13,998)
Net loss $ (129,324) $ (95,765) $ (100,916)
Net loss per share of common stock, basic and diluted $ (1.13) $ (0.86) $ (0.92)
Weighted average number of shares used in computing net loss per share of common stock, basic and diluted 114,413,076 111,660,541 109,141,894

The accompanying notes are an integral part of these consolidated financial statements.

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS

(in thousands)

Year ended
December 31,
2025 2024 2023
Net loss $ (129,324) $ (95,765) $ (100,916)
Other comprehensive income (loss):
Unrealized income (loss) on marketable securities, net of tax 4,085 (3,448) 1,547
Income (loss) on marketable securities reclassified into earnings, net of tax (161) (650) 401
3,924 (4,098) 1,948
Unrealized income on derivative instruments, net of tax 12,428 26,264 13,216
Income (loss) on derivative instruments reclassified into earnings, net of tax 4,104 (10,841) (14,256)
16,532 15,423 (1,040)
Total other comprehensive income 20,456 11,325 908
Comprehensive loss $ (108,868) $ (84,440) $ (100,008)

The accompanying notes are an integral part of these consolidated financial statements.

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

CONSOLIDATED STATEMENTS OF CHANGES IN STOCKHOLDERS’ EQUITY

(in thousands, except share data)

Common stock Additional<br>paid-in capital Accumulated<br>other<br>comprehensive income (loss) Accumulated deficit Total<br>stockholders’ equity
Number Amount
Balance as of January 1, 2023 107,673,052 $ 108 $ 1,055,048 $ (9,557) $ (543,474) $ 502,125
Stock-based compensation expense 139,819 139,819
Common stock issued under employee stock plans 2,931,316 2 12,647 12,649
Taxes related to net share settlement of equity awards (21,415) (21,415)
Repurchase of common stock (1,500,647) (1) (43,521) (43,522)
Unrealized loss on derivative instruments, net of tax (1,040) (1,040)
Unrealized income on available for sale securities, net of tax 1,948 1,948
Net loss (100,916) (100,916)
Balance as of December 31, 2023 109,103,721 109 1,142,578 (8,649) (644,390) 489,648
Stock-based compensation expense 126,682 126,682
Common stock issued under employee stock plans 3,397,390 3 16,079 16,082
Taxes related to net share settlement of equity awards (38,295) (38,295)
Unrealized income on derivative instruments, net of tax 15,423 15,423
Unrealized loss on available for sale securities, net of tax (4,098) (4,098)
Common stock issued for debt conversion 49,045 1 1,500 1,501
Purchase of capped calls related to Convertible senior notes (55,522) (55,522)
Net loss (95,765) (95,765)
Balance as of December 31, 2024 112,550,156 113 1,193,022 2,676 (740,155) 455,656
Stock-based compensation expense 130,242 130,242
Common stock issued under employee stock plans 2,344,025 2 14,347 14,349
Taxes related to net share settlement of equity awards (29,162) (29,162)
Repurchase of common stock (2,928,780) (3) (114,997) (115,000)
Unrealized income on derivative instruments, net of tax 16,532 16,532
Unrealized income on available for sale securities, net of tax 3,924 3,924
Common stock issued for debt conversion 8,185,885 8 251,431 251,439
Settlement of capped call transactions (2,604,434) (2) 2
Net loss (129,324) (129,324)
Balance as of December 31, 2025 117,546,852 $ 118 $ 1,444,885 $ 23,132 $ (869,479) $ 598,656

The accompanying notes are an integral part of these consolidated financial statements.

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

CONSOLIDATED STATEMENTS OF CASH FLOWS

(in thousands)

Year ended
December 31,
2025 2024 2023
Cash flows from operating activities:
Net loss $ (129,324) $ (95,765) $ (100,916)
Adjustments to reconcile net loss to net cash provided by operating activities:
Depreciation and amortization 12,309 11,126 11,703
Stock-based compensation 130,242 126,682 139,819
Amortization of deferred commissions 51,920 54,392 53,072
Non-cash operating lease costs 10,059 9,526 9,468
Amortization of debt issuance costs 2,976 2,144 1,514
Amortization of premium and accretion of discount on marketable securities, net 2,267 (12,690) (9,354)
Income from options to repurchase common stock (253)
Acquired in-process research and development 6,653
Changes in assets and liabilities:
Trade receivables (52,554) (23,716) (33,137)
Prepaid expenses and other short-term assets 7,256 (35,332) (21,459)
Deferred commissions (90,866) (59,820) (53,505)
Other long-term assets (1,134) 347 (577)
Trade payables 1,229 3,641 (2,290)
Accrued expenses and other short-term liabilities 52,826 17,317 (5,278)
Deferred revenues 148,074 110,389 69,882
Other long-term liabilities 2,404 306 474
Net cash provided by operating activities 147,431 115,200 59,416
Cash flows from investing activities:
Proceeds from maturities of marketable securities 364,955 308,840 301,350
Proceeds from sales of marketable securities 111,552
Investment in marketable securities (229,446) (949,841) (517,948)
Proceeds from short-term and long-term deposits 253,268 34,795 214,444
Investment in short-term and long-term deposits (250,579) (24,254) (135,823)
Acquisitions, net of cash acquired (123,514)
Purchases of property and equipment (12,628) (6,694) (5,099)
Capitalized internal-use software (2,893)
Purchase of in-process research and development (6,653)
Net cash used in investing activities (837) (532,255) (143,076)
Cash flows from financing activities:
Proceeds from employee stock plans 14,349 16,082 11,537
Taxes paid related to net share settlement of equity awards (29,162) (38,295) (21,415)
Repurchase of common stock (115,000) (43,522)
Repayment of convertible senior notes (137)
Proceeds from options to repurchase common stock 253
Proceeds from issuance of convertible senior notes, net of issuance costs 449,635
--- --- --- --- --- --- ---
Purchases of capped calls (55,522)
Net cash provided by (used in) financing activities (129,697) 371,900 (53,400)
Increase (decrease) in cash and cash equivalents 16,897 (45,155) (137,060)
Cash and cash equivalents at beginning of period 185,585 230,740 367,800
Cash and cash equivalents at end of period $ 202,482 $ 185,585 $ 230,740
Supplemental disclosure of cash flow information:
Cash paid for income taxes $ 3,585 $ 24,249 $ 16,089
Cash paid for interest $ 7,724 $ 3,193 $ 3,196
Liability related to acquisition holdback $ 3,502 $ $
Lease liabilities arising from obtaining right-of-use assets $ 19,118 $ 3,148 $ 3,166
Common stock issued for debt conversion $ 251,439 $ 1,501 $

The accompanying notes are an integral part of these consolidated financial statements.

VARONIS SYSTEMS, INC. AND SUBSIDIARIES

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

(in thousands, except share and per share data)

NOTE 1:- GENERAL

Varonis Systems, Inc. ("VSI" and together with its subsidiaries, collectively, the “Company” or "Varonis") was incorporated under the laws of the State of Delaware on November 3, 2004, commenced operations on January 1, 2005 and has sixteen wholly-owned subsidiaries.

The Company's software specializes in data security, threat detection and response and data privacy and compliance. Varonis software enables enterprises of all sizes and industries to protect data stored in the cloud and on-premises including: sensitive files and emails; confidential personal data belonging to customers, patients and employees; financial records; source code, strategic and product plans; and other intellectual property. Recognizing the challenge of protecting data with growing volume, velocity, and variety, the Company has built an integrated platform to simplify and streamline data security, threat detection and response, and data privacy and compliance.

The Company offers coverage for most mission-critical cloud and on-premises data stores and cloud infrastructure environments, and many critical SaaS applications. In 2022, Varonis announced the availability of its flagship Varonis Data Security Platform as a SaaS solution, which offers simpler deployment, faster time-to-value, and new automation capabilities that help customers prevent data breaches.

The Varonis Data Security Platform helps enterprises protect data against cyberattacks from both external and internal threats. The Company's products enable enterprises to analyze data, application and account activity and user and AI-related behavior to detect and prevent attacks. Its software platform prevents or limits unauthorized use of sensitive information, detects and prevents potential cyberattacks and limits potential damage by automatically locking down data, allowing access to only those who need it and automating the removal of stale data when it is no longer useful.

Customers rely on the Company's technology to achieve three board-level outcomes: preventing data breaches, complying with data-related regulations and enabling secure AI usage. Within each of these major areas, Varonis enables numerous use cases. These use cases include: automatic discovery and classification of high-risk, sensitive data, emails and databases; AI-readiness; data security posture management (DSPM); database activity monitoring ("DAM"); SaaS security posture management; automated remediation of over-exposed data; centralized visibility and risk analysis of enterprise data and monitoring of user behavior and file, e-mail and AI-related activity; security monitoring and risk reduction; data breach, insider threat, malware, ransomware and phishing detection with Managed Data Detection and Response ("MDDR"); automatic response to ransomware and other severe incidents to limit exposure and reduce recovery times; data ownership identification, assignment, and automatic involvement; forensics, reporting and auditing with searchable logs; meeting security policy and compliance regulation; automatic data migration; cloud migration; automation of retention and disposition policies; automatic data quarantine; intelligent archiving; and automated indexing for data subject requests related to privacy and compliance requirements.

NOTE 2:- SIGNIFICANT ACCOUNTING POLICIES

The consolidated financial statements are prepared according to United States generally accepted accounting principles (“U.S. GAAP”), applied on a consistent basis, as follows:

a. Financial Statements in U.S. Dollars:

Most of the Company's revenues and costs are denominated in United States dollars (“dollars”). Some of the subsidiaries’ revenues and costs are incurred in Euros, the Pound Sterling, Canadian dollars, Australian dollars, Singapore dollars and New Israeli Shekels ("NIS"); however, the Company’s management believes that the dollar is the primary currency of the economic environment in which it and each of its subsidiaries operate. Thus, the dollar is the Company’s functional and reporting currency.

Accordingly, transactions denominated in currencies other than the functional currency are remeasured to the functional currency in accordance with Accounting Standards Codification ("ASC") No. 830, “Foreign Currency Matters” at the exchange rate at the date of the transaction or the average exchange rate in the quarter. At the end of each reporting period, financial assets and liabilities are remeasured to the functional currency using exchange rates in effect at the

balance sheet date. Non-financial assets and liabilities are remeasured at historical exchange rates. Gains and losses related to remeasurement are recorded as financial income, net in the consolidated statements of operations as appropriate.

b. Principles of Consolidation:

The consolidated financial statements include the accounts of VSI and its wholly-owned subsidiaries. All intercompany transactions and balances have been eliminated upon consolidation.

c. Use of Estimates:

The preparation of the consolidated financial statements in conformity with U.S. generally accepted accounting principles requires management to make estimates, judgments and assumptions. The Company’s management believes that the estimates, judgments and assumptions used are reasonable based upon information available at the time they are made. These estimates, judgments and assumptions can affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the dates of the financial statements, and the reported amounts of revenues and expenses during the reporting period. Actual results could differ from those estimates. On an ongoing basis, the Company’s management evaluates estimates, including those related to evaluation of the standalone selling price of term license subscriptions, accounts receivable credit loss allowance, fair values of stock-based awards, deferred taxes and income tax uncertainties, and contingent liabilities. Such estimates are based on historical experience and on various other assumptions that are believed to be reasonable, the results of which form the basis for making judgments about the carrying values of assets and liabilities.

d. Cash, Cash Equivalents, Marketable Securities and Short-Term Investments:

The Company accounts for investments in marketable securities in accordance with ASC No. 320, “Investments—Debt Securities” and ASC No. 326, “Financial Instruments—Credit Losses.” The Company considers all highly liquid investments with a maturity of three months or less when purchased to be cash equivalents. Cash and cash equivalents consist of cash on hand, highly liquid investments in money market funds and other securities.

The Company considers all investments and marketable securities purchased with maturities at the date of purchase of less than one year to be short-term. Investments and marketable securities purchased with maturities at the date of purchase greater than one year are classified as long-term assets, until the maturity date is in less than one year, at which point they are reclassified as short-term assets. Marketable securities are classified as available for sale debt securities and are, therefore, recorded at fair value in the consolidated balance sheets, with any unrealized gains and losses reported in accumulated other comprehensive income (loss), which is reflected as a separate component of stockholders’ equity in the Company’s consolidated balance sheets, until realized. Realized gains and losses are determined based on the specific identification method and are reported in financial income, net in the consolidated statements of operations. The amortized cost of securities is adjusted for amortization of premiums and accretion of discounts to maturity. Such amortization and accretion is included as a component of financial income, net in the consolidated statement of operations. Cash equivalents, marketable securities and short-term deposits consist of the following (in thousands):

As of December 31, 2025
Amortized<br>Cost Gross<br>Unrealized<br>Gains Gross<br>Unrealized<br>Losses Fair<br>Value
Cash equivalents
Money market funds $ 120,155 $ $ $ 120,155
Total $ 120,155 $ $ $ 120,155
Marketable securities
US Treasury securities $ 679,959 $ 1,267 $ (1) $ 681,225
Total $ 679,959 $ 1,267 $ (1) $ 681,225
Short-term deposits
Term bank deposits $ 37,259 $ $ $ 37,259
Total $ 37,259 $ $ $ 37,259
Long-term marketable securities
US Treasury securities $ 186,971 $ 231 $ $ 187,202
Total $ 186,971 $ 231 $ $ 187,202
As of December 31, 2024
--- --- --- --- --- --- --- --- ---
Amortized<br>Cost Gross<br>Unrealized<br>Gains Gross<br>Unrealized<br>Losses Fair<br>Value
Cash equivalents
Money market funds $ 133,113 $ $ $ 133,113
Total $ 133,113 $ $ $ 133,113
Marketable securities
US Treasury securities $ 342,751 $ 632 $ $ 343,383
Total $ 342,751 $ 632 $ $ 343,383
Short-term deposits
Term bank deposits $ 39,450 $ $ $ 39,450
Total $ 39,450 $ $ $ 39,450
Long-term marketable securities
US Treasury securities $ 661,955 $ 104 $ (3,163) $ 658,896
Total $ 661,955 $ 104 $ (3,163) $ 658,896

Unrealized losses associated with investments in available for sale securities have all been in a continuous unrealized loss position of less than one year as of December 31, 2025 and 2024.

The gross unrealized gains and losses related to these investments were due primarily to changes in interest rates. If the amortized cost of an individual security exceeds its fair value, the Company considers its intent to sell the security or whether it is more likely than not that it will be required to sell the security before recovery of its amortized basis. If either of these criteria are met, then impairment is recorded to the fair value of the security. If neither of these criteria are met, the securities are assessed using the credit losses model for marketable securities to determine what portion of that difference, if any, is caused by expected credit losses. Expected credit losses on available for sale debt securities are recognized in financial income, net in the consolidated statements of operations. During the years ended December 31, 2025 and 2024, the Company did not recognize impairment or an allowance for credit losses on available for sale marketable securities.

A short-term bank deposit is a deposit with a maturity of more than three months but less than one year. These deposits bore interest at rates ranging from 4.23% - 4.55%, per annum, as of December 31, 2025 and rates of 4.34% - 5.24%, per annum, as of December 31, 2024. Short-term deposits are presented at cost which approximates fair value due to their short maturities.

e. Concentration of Credit Risks:

Financial instruments that potentially subject the Company to concentrations of credit risk consist principally of cash, cash equivalents, marketable securities, short-term deposits and trade receivables.

The Company’s cash, cash equivalents, marketable securities and short-term deposits are invested in major banks mainly in the United States but also in France, Israel, the United Kingdom, Canada, Singapore, Ireland, Australia, Germany, the Netherlands, Luxembourg and India. Such deposits in the United States may be in excess of insured limits and are not insured in other jurisdictions. The Company maintains cash and cash equivalents with reputable financial institutions and monitors the amount of credit exposure to each financial institution.

Trade receivables are recorded when the right to consideration is unconditional. The Company’s trade receivables are geographically diversified and derived primarily from sales through a network of distributors and value-added resellers (VAR) mainly in the United States and Europe, and to a lesser extent, in Asia. Concentration of credit risk with respect to trade receivables is limited by credit limits, ongoing credit evaluation and account monitoring procedures. The Company performs ongoing credit evaluations of its customers and establishes an allowance for credit losses based upon a review of all significant outstanding invoices, historical collection experience, customer creditworthiness and current economic and market conditions. The Company elected to apply the practical expedient and assumed that current conditions as of the balance sheet date would not change for the remaining life of the assets. The Company writes off receivables when they are deemed uncollectible and having exhausted all collection efforts.

f. Fair Value of Financial Instruments:

Fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in pricing an asset or a liability.

A three-tier fair value hierarchy is established as a basis for considering such assumptions and for inputs used in the valuation methodologies in measuring fair value:

•Level 1: Observable inputs that reflect quoted prices (unadjusted) for identical assets or liabilities in active markets.

•Level 2: Observable inputs that reflect quoted prices for identical assets or liabilities in markets that are not active; quoted prices for similar assets or liabilities in active markets; inputs other than quoted prices that are observable for the assets or liabilities; or inputs that are derived principally from or corroborated by observable market data by correlation or other means.

•Level 3: Unobservable inputs reflecting the Company's own assumptions incorporated in valuation techniques used to determine fair value. These assumptions are required to be consistent with market participant assumptions that are reasonably available.

The fair value hierarchy also requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value.

The carrying amounts of cash and cash equivalents, marketable securities, trade receivables, short-term deposits and trade payables approximate their fair value due to the short-term maturity of such instruments.

g. Property and Equipment:

Property and equipment are stated at cost, net of accumulated depreciation. Depreciation is calculated using the straight-line method over the estimated useful lives of the assets at the following annual rates:

Computer equipment 33%
Office furniture and equipment 14% 15%
Leasehold improvements Over the shorter of the expected lease<br>term or estimated useful life
h. Capitalized Internal-use Software Development Costs:
--- ---

The Company capitalizes certain development costs incurred in connection with its internal-use software in accordance with ASC No. 350-40, "Intangibles-Goodwill and Other-Internal Use Software." These capitalized costs are related to the Company's SaaS platform. Costs incurred in the preliminary and post-implementation stages of development are expensed as incurred. Once internal-use software has reached the application development stage, direct internal and external costs are capitalized until the internal-use software is substantially complete and ready for its intended use. Capitalized costs are recorded as part of property and equipment, net in the consolidated balance sheets. Management tests these assets for impairment whenever events or changes in circumstances occur that could impact recoverability of these assets. As of December 31, 2025, all capitalized internal-use software development assets were in the application development stage, as such, no amortization has been recorded in the consolidated statements of operations related to these assets and no impairment has been recorded.

i. Leases:

The Company has various operating leases for office space and vehicles. The lease agreements generally do not contain any material residual value guarantees or material restrictive covenants. Some leases include one or more options to renew. The exercise of lease renewal options is typically at the Company's sole discretion; therefore, the majority of renewals to extend the lease terms are not included in our right-of-use assets and lease liabilities as they are not reasonably certain of exercise. The Company regularly evaluates the renewal options, and, when it is reasonably certain of exercise, it will include the renewal period in its lease term. Lease modifications result in remeasurement of the right-of-use assets and lease liabilities. In addition, some of the real estate leases contain variable lease payments, including payments based on a Consumer Price Index ("CPI"). Variable lease payments based on a CPI are initially measured using the index in effect at lease commencement. Additional payments based on the change in a CPI are recorded as a period expense when incurred. Further, as the implicit rate of the leases is not readily determinable, the Company uses an incremental borrowing rate based on the information available at the lease commencement date in determining the present value of lease payments. The Company has elected the short-term lease exception for leases with a term of 12 months or less and it does not recognize right-of-use assets and lease liabilities on the balance sheet for these leases. The Company also elected the practical expedient to not separate lease and non-lease components for all its leases.

j. Business Combinations:

The Company accounts for its business combinations using the acquisition method of accounting, which requires, among other things, allocation of the fair value of the purchase consideration to the tangible and intangible assets acquired and liabilities assumed at their estimated fair values on the acquisition date. The excess of the fair value of the purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill. When determining the fair value of assets acquired and liabilities assumed, the Company makes estimates and assumptions, especially with respect to intangible assets. The Company's estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from such estimates. During the measurement period, not to exceed one year from the date of acquisition, the Company may record adjustments to the assets acquired and liabilities assumed, with a corresponding offset to goodwill if new information is obtained related to facts and circumstances that existed as of the acquisition date. After the measurement period, any subsequent adjustments are reflected in the consolidated statements of operations. Acquisition costs, such as legal and consulting fees, are expensed as incurred.

k. Goodwill and Other Long-Lived Assets, including Acquired Intangible Assets and Right-of-Use Assets:

Goodwill represents the excess of the fair value of the purchase consideration in a business combination over the fair value of the net tangible and intangible assets acquired. Goodwill amounts are not amortized, but rather tested for impairment at least annually or more often if circumstances indicate that the carrying value may not be recoverable. The Company operates as one reporting segment, which consists of a single reporting unit. If the carrying amount of the Company's reporting unit exceeds its fair value, the Company recognizes an impairment loss in an amount equal to that excess, limited to the total amount of goodwill allocated to that reporting unit. During the periods presented, no impairment of goodwill has been recorded.

Acquired intangible assets consist of identifiable intangible assets, including developed technology, customer relationships and non-compete agreements, resulting from business combinations. Acquired finite-lived intangible assets are initially recorded at fair value and are amortized on a straight-line basis over their estimated useful lives. Amortization expense of the acquired intangible assets are recorded within cost of revenues and sales and marketing expense in the consolidated statements of operations.

The Company’s long-lived assets are reviewed for impairment in accordance with ASC No. 360 “Property, Plant and Equipment” whenever events or changes in circumstances indicate that the carrying amount of an asset (or asset group) may not be recoverable. Recoverability of assets (or asset group) to be held and used is measured by a comparison of the carrying amount of an asset to the future undiscounted cash flows expected to be generated by the assets. If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which the carrying amount of the assets exceeds the fair value of the assets. During the periods presented, no impairment of long-lived assets has been recorded.

l. Long-Term Lease Deposits:

Long-term lease deposits include long-term deposits for offices.

m. Contractual Purchase Obligations and Contingent Liabilities:

Contractual Purchase Obligations

The Company has contractual minimum purchase commitments with service providers through August 31, 2027, October 31, 2028 and May 31, 2031. These commitments total $4,892, $2,505 and $23,872 due within the next 12 months, respectively and $10,500, $3,820, and $377,620 (with no specified annual commitments), respectively, due thereafter.

Contingent Liabilities

The Company accounts for its contingent liabilities in accordance with ASC No. 450 “Contingencies.” A provision is recorded when it is both probable that a liability has been incurred and the amount of the loss can be reasonably estimated. From time to time, the Company is involved in claims and litigation in the ordinary course of business. The Company investigates these claims as they arise and legal provisions are reviewed and adjusted to reflect the impact of negotiations, estimated settlements, legal rulings, advice of legal counsel and other information and events pertaining to a particular matter. Although claims are inherently unpredictable, as of December 31, 2025 and 2024, the Company was not a party to any litigation that it believes will have a material adverse effect on the Company’s consolidated balance sheets, results of operations or cash flows.

On January 7, 2026, the Company and certain officers of the Company were named as defendants in a putative securities class action captioned, Molchanov v. Varonis Systems, Inc. et al, filed in the U.S. District Court for the Southern District of New York. The complaint alleges that defendants made misrepresentations or omissions in its public disclosures about the Company’s expected annual recurring revenue for fiscal year 2025 and the Company’s ability to convert existing self-hosted customers to its SaaS offering, between February 4, 2025 and July 29, 2025, in violation of Section 10(b) of the Exchange Act and Rule 10b-5 promulgated thereunder, and further alleges that certain officers are liable as control persons under Section 20(a) of the Exchange Act. The complaint seeks monetary damages. The Company believes these claims are without merit and intends to defend the action vigorously. At this early stage of the proceedings, the Company can neither predict the ultimate outcome of the litigation nor estimate any range of possible losses.

n. Revenue Recognition:

The Company generates revenues primarily in the form of SaaS revenues, term license subscriptions and maintenance and services fees. SaaS revenues, including SaaS with MDDR, are provided on a subscription basis and allow customers to use hosted software. Over the last few years, the Company has introduced new products and support for cloud applications and infrastructure environments, including the Varonis Data Security Platform delivered as a SaaS solution, which was previously only sold as a self-hosted solution. Term license subscription revenues are sold on-premises and are comprised of time-based licenses whereby customers use the Company's software (including support and unspecified upgrades and enhancements when and if they are available) for a specified period. Maintenance and services primarily consist of fees for maintenance of past perpetual license sales (including support and unspecified upgrades and enhancements when and if they are available), although the user can benefit from the software without its assistance. The Company sells its products worldwide through a network of distributors and value-added resellers and payment is typically due within 30 to 60 calendar days of the invoice date.

The Company recognizes revenues in accordance with ASC No. 606, “Revenue from Contracts with Customers.” As such, the Company identifies a contract with a customer, identifies the performance obligations in the contract, determines the transaction price, allocates the transaction price to each performance obligation in the contract and recognizes revenues when (or as) the Company satisfies a performance obligation.

SaaS revenue is recognized ratably over the associated contract period, as this service has a consistent and continuous pattern of transfer to a customer during the contract period, beginning when access is provided and the benefit of the service is available. Conversions from a license sold on-premises to the Company’s SaaS offering during the original subscription period are accounted for on a prospective basis.

Term license subscription software sold on-premises is recognized at the point in time when the software license has been delivered and the benefit of the asset has transferred. Maintenance associated with term license subscription software is recognized ratably over the term of the agreement since these services have a consistent continuous pattern of transfer to a customer during the contract period, and is included within the term license subscriptions line of the consolidated statements of operations.

The Company recognizes revenues from maintenance agreements ratably over the term of the underlying maintenance contract, as these services have a consistent continuous pattern of transfer to a customer during the contract period, which is usually one year.

The Company enters into contracts that can include combinations of products and services, which are generally capable of being distinct and accounted for as separate performance obligations. SaaS, term license subscriptions (including maintenance associated with term license subscriptions) and maintenance and services are generally distinct since the customer can benefit from the products and services either on its own or together with other resources that are readily available and the promise to transfer these products and services is separately identifiable from other promises in the contract. The Company allocates the transaction price to each performance obligation based on its relative standalone selling price out of the total consideration of the contract. For software licenses and maintenance included in term license subscriptions, the Company determines the standalone selling prices based on the price at which it separately sells maintenance renewals for past perpetual licenses.

The transaction price is determined based on the consideration to which the Company will be entitled in exchange for transferring goods or services to the customer. In instances of contracts where revenue recognition differs from the timing of invoicing, the Company generally determined that those contracts do not include a significant financing component. The primary purpose of the invoicing terms is to provide customers with simplified and predictable ways of purchasing the Company's solutions, not to receive or provide financing. The Company uses the practical expedient and does not assess the existence of a significant financing component when the difference between payment and revenue recognition is a year or less. Revenue is recognized net of any taxes collected from customers which are subsequently remitted to the tax authorities.

Deferred revenues represent mostly unrecognized fees billed or collected for SaaS and maintenance contracts. Deferred revenues are recognized as (or when) the Company performs its obligations under the contract. Pursuant to these contracts, customers are generally invoiced on an annual basis. The amount of revenues recognized in the period that was included in the opening deferred revenues balance was $286,331 for the year ended December 31, 2025.

Revenues allocated to remaining performance obligations represent contracted revenues that have not yet been recognized, which includes deferred revenues and non-cancelable amounts that will be invoiced in the future. The Company's remaining performance obligations were $1,096,662 as of December 31, 2025, of which it expects to recognize approximately 54% as revenue over the next 12 months and the remainder thereafter.

For information regarding disaggregated revenues, refer to Note 14.

o. Contract Costs:

The Company pays sales commissions to sales and marketing and certain management personnel based on their attainment of certain predetermined sales goals. The Company capitalizes sales commissions earned by employees that are considered incremental and recoverable costs of obtaining a contract with a customer. Incremental sales commissions paid for initial contracts, which are not commensurate with sales commissions paid for renewal contracts, are capitalized and amortized over an expected period of benefit. Based on its technology, customer contracts and other factors, the Company has determined the expected period of benefit to be approximately four years. Incremental sales commissions which are commensurate, are capitalized and amortized over the related contractual period and aligned with revenue recognized from these contracts. Amortization expenses related to these costs are included in sales and marketing expenses in the accompanying consolidated statements of operations.

Deferred sales commissions in the Company’s consolidated balance sheets were $97,020 and $57,047 as of December 31, 2025 and 2024, respectively. Amortization expense was $51,920, $54,392 and $53,072 for the years ended December 31, 2025, 2024 and 2023, respectively.

p. Cost of Revenues:

Cost of revenues consist primarily of salaries (including payroll tax expense related to stock-based compensation), employee benefits (including commissions and bonuses) and stock-based compensation for the Company's customer support, customer success, MDDR and services employees; amortization of certain acquired intangible assets; third-party hosting fees; travel expenses; and allocated overhead costs for facilities, IT and depreciation.

q. Accounting for Stock-Based Compensation:

The Company accounts for stock-based compensation in accordance with ASC No. 718, “Compensation-Stock Compensation.” The Company grants restricted stock units which are generally subject to a service-based vesting condition. For restricted stock units, stock-based compensation expense is measured at the grant date, based on the estimated fair value of the equity award granted, and is recognized as expense on a straight-line basis over the requisite service period. In addition, the Company grants performance stock units which are generally subject to both a service-based vesting condition and a performance-based vesting condition. The number of performance stock units earned and eligible to vest are generally determined after a one-year performance period. For performance stock units, stock-based compensation expense is recognized using the graded vesting method over the requisite service period for each separately-vesting tranche of the award when it is probable that the performance conditions will be achieved. Compensation expense for performance stock units with financial performance measures is measured using the fair value at the date of grant and recorded over each vesting period, and may be adjusted over the vesting period based on interim estimates of performance against the pre-set objectives. The Company accounts for forfeitures as they occur for all stock-based awards.

r. Research and Development Costs:

Research and development costs are charged to the statement of operations as incurred. ASC No. 985-20, “Software-Costs of Software to Be Sold, Leased, or Marketed,” requires capitalization of certain software development costs subsequent to the establishment of technological feasibility.

Based on the Company’s product development process, technological feasibility is established upon the completion of a working model. The Company does not incur material costs between the completion of the working model and the point at which the product is ready for general release. Therefore, research and development costs are charged to the statement of operations as incurred, except for certain internal-use software development costs that are capitalized.

s. Income Taxes:

The Company accounts for income taxes in accordance with ASC No. 740, using the asset and liability method whereby deferred tax assets and liability account balances are determined based on the differences between financial reporting and the tax basis for assets and liabilities and are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. The Company provides a valuation allowance, if necessary, to reduce deferred tax assets to the amounts that are more likely-than-not to be realized.

ASC No. 740 contains a two-step approach to recognizing and measuring a liability for uncertain tax positions. The first step is to evaluate the tax position taken or expected to be taken in a tax return by determining if the weight of available evidence indicates that it is more likely than not that, on an evaluation of the technical merits, the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. The second step is to measure the tax benefit as the largest amount that is more than 50% likely to be realized upon ultimate settlement. The Company accrues interest and penalties related to unrecognized tax provisions in its taxes on income.

t. Derivative Instruments:

The Company’s primary objective for holding derivative instruments is to reduce its exposure to foreign currency rate changes. The Company reduces its exposure by entering into forward foreign exchange contracts with respect to revenues and operating expenses that are forecasted to be incurred in currencies other than the U.S. dollar. A majority of the Company’s revenues and operating expenses are transacted in U.S. dollars; however, certain revenues and operating expenses are incurred in or exposed to other currencies, specifically, the Euro and Pound Sterling for revenues and the New Israeli Shekel, Euro and Pound Sterling for operating expenses.

The Company has established forecasted transaction currency risk management programs to protect against the volatility of future cash flows caused by changes in exchange rates. The Company’s currency risk management program includes forward foreign exchange contracts designated as cash flow hedges. These forward foreign exchange contracts generally mature within periods of up to 24 months. The Company does not enter into derivative financial instruments for trading or speculative purposes.

Derivative instruments measured at fair value and their classification in the consolidated balance sheets are presented in the following table (in thousands):

Assets (liabilities) as of Assets (liabilities) as of
December 31, 2025 December 31, 2024
Notional<br>Amount Fair<br>Value Notional<br>Amount Fair<br>Value
Foreign exchange forward contract derivatives in cash flow hedging relationships for operating expenses included in prepaid expenses and other short-term assets $ 187,767 $ 21,605 $ 131,363 $ 773
Foreign exchange forward contract derivatives in cash flow hedging relationships for operating expenses included in accrued expenses and other short-term liabilities $ $ $ 56,256 $ (2,902)
Foreign exchange forward contract derivatives in cash flow hedging relationships for operating expenses included in long-term other assets $ 123,959 $ 6,465 $ 96,950 $ 3,083
Foreign exchange forward contract derivatives in cash flow hedging relationships for revenues included in prepaid expenses and other short-term assets $ $ $ 142,051 $ 7,326
Foreign exchange forward contract derivatives in cash flow hedging relationships for revenues included in accrued expenses and other short-term liabilities $ 128,132 $ (2,515) $ $
Foreign exchange forward contract derivatives in cash flow hedging relationships for revenues included in long-term other liabilities $ 185,688 $ (1,691) $ $

Net gains (losses) related to cash flow hedges that were reclassified from accumulated other comprehensive income to the consolidated statements of operations are presented in the following table (in thousands):

Year ended
December 31,
2025 2024 2023
Revenues $ 846 $ 580 $
Cost of revenues 213 (159)
Research and development 2,363 (8,425) (10,908)
Sales and marketing 281 (274)
General and administrative 699 (2,399) (3,348)
Financial income, net (298) (164)
Total net gain (loss) related to cash flow hedges $ 4,104 $ (10,841) $ (14,256)

No material ineffective hedges were recognized for the years ended December 31, 2025, 2024 and 2023 in the consolidated statement of operations.

u. Retirement and Severance Pay:

VSI and Varonis U.S. Public Sector LLC ("VPS") make available to its employees a retirement plan (the “U.S. Plan”) that qualifies as a deferred salary arrangement under Section 401(k) of the Internal Revenue Code of 1986, as amended (the "Code"). Participants in the U.S. Plan may elect to defer a portion of their pre-tax earnings, up to the Internal Revenue Service annual contribution limit. VSI and VPS match 100% of each participant’s contributions up to a maximum of 3% of the participant’s total pay and 50% of each participant’s contributions on contributions between 3% and 5% of the participant’s total pay. Each participant may contribute up to 80% of total remuneration up to the Internal Revenue Service’s annual contribution limit. Contributions to the U.S. Plan are recorded during the year contributed as an expense in the consolidated statements of operations.

Varonis Systems Ltd ("VSL") makes available to its employees, pursuant to Israel’s Severance Pay Law, severance pay equal to one month’s salary for each year of employment, or a portion thereof. The employees of the Israeli subsidiary elected to be included under section 14 of the Severance Pay Law, 1963 (“section 14”). According to this section, these employees are entitled only to monthly deposits, at a rate of 8.33% of their monthly salary, made in their name with insurance companies. Payments in accordance with section 14 release the Company from any future severance payments (under the above Israeli Severance Pay Law) in respect of those employees; therefore, related assets and liabilities are not presented in the balance sheet.

The Company’s liability for severance pay for the employees of its French subsidiary is calculated pursuant to French law, according to which French employees are entitled to an indemnity (a statutory redundancy). The law provides for the payment of severance payment to any employee working for the French subsidiary for at least a year.

In addition, the Company also makes available pension plans to employees of other subsidiaries in which it operates. Total expenses related to retirement and severance pay amounted to $16,823, $13,774 and $11,707 for the years ended December 31, 2025, 2024 and 2023, respectively. The amount of severance payable included in other liabilities as of December 31, 2025 and 2024 is $3,012 and $2,952, respectively.

v. Basic and Diluted Net Loss Per Share:

Basic net loss per share is computed by dividing net loss by the weighted-average number of shares of common stock outstanding during the period.

Diluted net loss per share is computed by giving effect to all potentially dilutive securities, including stock options, restricted stock units, performance stock units and the shares related to the conversion of the 1.25% Convertible Senior Notes issued by the Company on May 11, 2020 and matured August 15, 2025 in an aggregate principal amount of $253,000 (the "2025 Notes") and the 1.00% Convertible Senior Notes issued by the Company on September 10, 2024 and

due September 15, 2029 in an aggregate principal amount of $460,000 (the "2029 Notes" and, together with the 2025 Notes, the "Notes"), to the extent dilutive.

Basic and diluted net loss per share were the same for each period presented as the inclusion of all potential shares of common stock outstanding would have been anti-dilutive. There were 8,562,690, 7,645,858 and 8,824,701 potentially dilutive shares from the conversion of outstanding stock options, restricted stock units and performance stock units that were not included in the calculation of diluted net loss per share for the years ending December 31, 2025, 2024 and 2023, respectively. Additionally, 6,781,660 shares underlying the conversion option of the 2029 Notes for the year ending December 31, 2025, 14,971,860 shares underlying the conversion of the Notes for the year ending December 31, 2024 and 8,239,254 shares underlying the conversion option of the 2025 Notes for the year ending December 31, 2023, were not considered in the calculation of diluted net loss per share as the effect would be anti-dilutive.

w. Recently Adopted Accounting Pronouncements:

In December 2023, the Financial Accounting Standards Board (“FASB”) issued Accounting Standards Update ("ASU") 2023-09, Income Taxes (Topic 740) - Improvements to Income Tax Disclosures. The ASU requires that an entity disclose specific categories in the effective tax rate reconciliation, as well as provide additional information for reconciling items that meet a quantitative threshold. Further, the ASU requires certain disclosures of state versus federal income tax expense and taxes paid. The amendments in this ASU are required to be adopted for fiscal years beginning after December 15, 2024. The Company adopted ASU 2023-09 during the year ended December 31, 2025, on a prospective basis, which resulted in updated income tax disclosures. See Note 12 in the accompanying notes to the consolidated financial statements for further detail.

In July 2025, the FASB issued ASU 2025-05, Financial Instruments-Credit Losses (Topic 326) - Measurement of Credit Losses for Accounts Receivable and Contract Assets. The ASU provides a practical expedient to measure credit losses on current accounts receivable and contract assets under ASC No. 606, "Revenue from Contracts with Customers." The practical expedient assumes that current conditions as of the balance sheet date do not change for the remaining life of the asset. For public business entities, ASU 2025-05 is effective for annual reporting periods beginning after December 15, 2025, and interim reporting periods within those annual reporting periods. Early adoption of ASU 2025-05 is permitted. The Company adopted ASU 2025-05 during the year ended December 31, 2025, on a prospective basis, which did not have a material impact on the consolidated financial statements.

x. Recently Issued Accounting Pronouncements Not Yet Adopted:

In November 2024, the FASB issued ASU 2024-03, Income Statement-Reporting Comprehensive Income-Expense Disaggregation Disclosures (Subtopic 220-40) - Disaggregation of Income Statement Expenses. The ASU requires, among other items, additional disaggregated disclosures in the notes to the financial statements for certain categories of expenses that are included in the consolidated statements of operations. ASU 2024-03 is effective for fiscal years beginning after December 15, 2026, and for interim periods within fiscal years beginning after December 15, 2027, with early adoption permitted, and may be applied either prospectively or retrospectively. The Company is currently evaluating the effect of adopting the ASU on its disclosures.

In September 2025, the FASB issued ASU 2025-06, Intangibles-Goodwill and Other-Internal-Use Software (Subtopic 350-40) - Targeted Improvements to the Accounting for Internal-Use Software. The ASU was updated to consider different methods of software development and requires internal use software costs to be capitalized when management has authorized and committed to funding the software project and when significant uncertainty associated with the development of the software has been resolved. The amendments in this ASU are required to be adopted for annual and interim reporting periods beginning after December 15, 2027, with early adoption permitted, and may be applied either through a prospective, retrospective or a modified transition approach. The Company is currently evaluating the effect of adopting the ASU on its consolidated financial statements.

In December 2025, the FASB issued ASU 2025-11, Interim Reporting (Topic 270) - Narrow-Scope Improvements. The ASU was updated to improve the navigability of the required interim disclosures within ASC No. 270 and to clarify when the guidance applies. This ASU is not intended to change the fundamental nature of interim reporting or expand or reduce current interim disclosure requirements. The amendments in this ASU are required to be adopted for interim reporting periods beginning after December 15, 2027, with early adoption permitted, and may be applied either through a prospective or retrospective approach. The Company is currently evaluating the effect of adopting the ASU on its condensed consolidated financial statement disclosures.

NOTE 3:- PREPAID EXPENSES AND OTHER SHORT-TERM ASSETS

Prepaid expenses and other short-term assets consist of the following (in thousands):

December 31,
2025 2024
Government authorities and other receivables $ 46,518 $ 46,053
Deferred commission 45,723 34,132
Foreign currency forward contracts derivatives 21,605 8,099
Prepaid expenses 20,921 28,540
Prepaid expenses and other short-term assets $ 134,767 $ 116,824

NOTE 4:- PROPERTY AND EQUIPMENT, NET

Property and equipment, net consist of the following (in thousands):

December 31,
2025 2024
Cost:
Leasehold improvements $ 49,788 $ 45,062
Computer equipment 32,251 30,933
Office furniture and equipment 6,573 6,078
Internal-use software 3,660
92,272 82,073
Accumulated depreciation 56,240 51,278
Property and equipment, net $ 36,032 $ 30,795

Depreciation expense of property and equipment, net for the years ended December 31, 2025, 2024 and 2023 were $11,256, $9,863 and $10,177, respectively.

NOTE 5:- ACCRUED EXPENSES AND OTHER SHORT-TERM LIABILITIES

Accrued expenses and other short-term liabilities consist of the following (in thousands):

December 31,
2025 2024
Government authorities and other $ 91,129 $ 59,904
Accrued commissions 56,212 35,868
Employees and payroll related 38,054 24,693
Accrued expenses 27,762 30,718
Operating lease liabilities, current 9,739 10,845
Foreign exchange forward contract derivatives 2,515 2,902
Accrued expenses and other short-term liabilities $ 225,411 $ 164,930

NOTE 6:- LEASES

The Company has various operating leases for office space and vehicles that expire through 2035. The lease agreements generally do not contain any material residual value guarantees or material restrictive covenants. Below is a summary of the Company's operating right-of-use assets and operating lease liabilities (in thousands):

December 31, 2025
Operating lease right-of-use assets $ 57,677
Operating lease liabilities, current $ 9,739
Operating lease liabilities, long-term 59,749
Total operating lease liabilities $ 69,488

Operating lease liabilities, current are included within accrued expenses and other short-term liabilities in the consolidated balance sheets.

Some leases include one or more options to renew. The exercise of lease renewal options is typically at the Company's sole discretion; therefore, the majority of renewals to extend the lease terms are not included in the Company's right-of-use assets and lease liabilities, as they are not reasonably certain of exercise. The Company regularly evaluates the renewal options, and, when it is reasonably certain of exercise, it will include the renewal period in its lease term. Lease modifications result in remeasurement of the right-of-use assets and lease liabilities.

Some of the real estate leases contain variable lease payments, including payments based on a CPI. Variable lease payments based on a CPI are initially measured using the index in effect at lease commencement. Additional payments based on the change in a CPI are recorded as a period expense when incurred.

The Company has deposit guarantees issued by a financial institution to secure various operating lease agreements in connection with its office space.

Minimum lease payments for the Company's right-of-use assets over the remaining lease periods as of December 31, 2025, are as follows (in thousands):

December 31, 2025
2026 $ 12,588
2027 13,020
2028 9,842
2029 11,414
2030 10,277
Thereafter 24,808
Total undiscounted lease payments $ 81,949
Less: Imputed interest $ (12,461)
Present value of lease liabilities $ 69,488

As of December 31, 2025, the Company has an additional operating lease that has not yet commenced of $9,040. This operating lease is expected to commence in the first quarter of 2026 with a lease term of five years.

The weighted average remaining lease term and discount rate for all operating leases were as follows, as of December 31, 2025 and 2024:

December 31,
2025 2024
Weighted average remaining lease term (years) 7.61 5.39
Weighted average discount rate 4.27 % 2.89 %

Total operating lease cost for the years ended December 31, 2025, 2024 and 2023 was $9,868, $9,812 and $9,803, inclusive of sublease income of $1,635, $1,154 and $1,772, respectively and short-term lease cost of $908, $1,091 and $400, respectively.

Cash paid for amounts included in the measurement of operating lease liabilities for the years ended December 31, 2025, 2024 and 2023 was $8,578, $8,242 and $11,044, respectively.

NOTE 7:- CONVERTIBLE SENIOR NOTES AND CAPPED CALL TRANSACTIONS

2025 Notes

The Company issued the 2025 Notes in an aggregate principal amount of $253,000 pursuant to an Indenture dated May 11, 2020 (the “2025 Indenture”). The net proceeds to the Company after issuance costs were approximately $245,158. The Company used $29,348 of the net proceeds from the offering to pay the cost of the capped call transactions described below.

The 2025 Notes were settled prior to or on their maturity date of August 15, 2025 in accordance with the terms of the 2025 Indenture. During the year ended December 31, 2025, the Company received and settled conversion notices from holders of $251,439. The unconverted principal of the 2025 Notes and the accrued interest due at maturity were settled in cash.

2029 Notes

The Company issued the 2029 Notes pursuant to an Indenture dated September 10, 2024 (the “2029 Indenture”). The offering totaled $460,000 aggregate principal amount. The net proceeds to the Company after issuance costs were approximately $449,649. The Company used $55,522 of the net proceeds from the offering to pay the cost of the capped call transactions described below.

The 2029 Notes will mature on September 15, 2029, unless earlier converted, redeemed or repurchased. Interest will be payable semi-annually in arrears on March 15 and September 15 of each year, beginning on March 15, 2025, at a rate of 1.00% per year.

The initial conversion rate for the 2029 Notes is 14.7419 shares of the Company’s common stock for each $1,000 principal amount of the 2029 Notes, which is equivalent to an initial conversion price of approximately $67.83 per share. The conversion rate is subject to adjustment in specified events. The 2029 Notes are convertible into shares of the Company’s common stock, at the option of a holder, prior to the close of business on the business day immediately preceding March 15, 2029, only under the following circumstances:

(1) during any calendar quarter commencing after the calendar quarter ending on December 31, 2024 (and only during such calendar quarter), if the last reported sale price of the common stock for at least 20 trading days (whether or not consecutive) during the 30 consecutive trading days ending on, and including, the last trading day of the immediately preceding calendar quarter is greater than or equal to 130% of the conversion price on each applicable trading day;

(2) during the five consecutive business day period immediately after any five consecutive trading day period (the “measurement period”) in which the “trading price” (as defined in the 2029 Indenture) per $1,000 principal amount of the 2029 Notes, as determined following a request by a holder of the 2029 Notes in the manner described in the 2029 Indenture, for each trading day of the measurement period was less than 98% of the product of the last reported sale price of the Company’s common stock and the conversion rate on each such trading day;

(3) if the Company calls any or all of the 2029 Notes for redemption, at any time prior to the close of business on the scheduled trading day immediately preceding the redemption date; or

(4) upon the occurrence of certain corporate events specified in the 2029 Indenture.

In addition, on or after March 15, 2029, a holder may convert all or any portion of its 2029 Notes at any time. Upon conversion, the Company may elect to repay the 2029 Notes in cash, shares of common stock, or a combination of both. As of December 31, 2025, the 2029 Notes were classified as long-term in the Company's consolidated balance sheets.

Effective September 20, 2027, the Company may redeem the 2029 Notes for cash, at its option, subject to the terms and conditions provided in the 2029 Indenture.

In accordance with ASC No. 470, "Debt", the Company accounts for the 2029 Notes as a single liability measured at amortized cost. The carrying value of the liability is represented by the face amount of the 2029 Notes, less debt issuance costs. The total offering costs upon issuance of the 2029 Notes are amortized as interest expense over the term of the 2029 Notes, using the effective interest rate method.

The net carrying amount of the Notes were as follows (in thousands):

December 31, 2025 December 31, 2024
2025 Notes 2029 Notes Total 2025 Notes 2029 Notes Total
Liability
Principal $ $ 460,000 $ 460,000 $ 251,494 $ 460,000 $ 711,494
Unamortized issuance costs (7,741) (7,741) (965) (9,757) (10,722)
Net carrying amount $ $ 452,259 $ 452,259 $ 250,529 $ 450,243 $ 700,772

The effective interest rate for the year ended December 31, 2025 was 1.86% and 1.46% for the 2025 and 2029 Notes, respectively. The interest expense recognized related to the Notes for the years ended December 31, 2025, 2024 and 2023 were as follows (in thousands):

Year ended December 31,
2025
2025 Notes 2029 Notes Total
Contractual interest expense $ 1,957 $ 4,600 $ 6,557
Amortization of debt issuance costs 960 2,016 2,976
Total $ 2,917 $ 6,616 $ 9,533
Year ended December 31,
--- --- --- --- --- --- ---
2024
2025 Notes 2029 Notes Total
Contractual interest expense $ 3,159 $ 1,406 $ 4,565
Amortization of debt issuance costs 1,550 594 2,144
Total $ 4,709 $ 2,000 $ 6,709
Year ended December 31,
--- --- --- --- --- --- ---
2023
2025 Notes 2029 Notes Total
Contractual interest expense $ 3,163 $ $ 3,163
Amortization of debt issuance costs 1,514 1,514
Total $ 4,677 $ $ 4,677

As of December 31, 2025 and 2024, the total estimated fair value of the 2029 Notes was approximately $429,028 and $431,851, respectively. The fair values were determined based on the closing trading price per $100 of the 2029 Notes as of the last day of trading for the period. The fair value of the 2029 Notes is primarily affected by the trading price of the Company's common stock and market interest rates. The fair value of the 2029 Notes is considered Level 2 within the fair

value hierarchy and was determined based on inputs that are observable in the market or that could be derived from, or corroborated with, observable market data.

Capped Call Transactions

In May 2020 and September 2024, in connection with the pricing of the 2025 and 2029 Notes, respectively, the Company entered into privately negotiated capped call transactions (the “Capped Call Transactions”). The Capped Call Transactions are generally expected to reduce the potential dilution to the Company’s common stock upon any conversion of the Notes and/or offset any cash payments the Company is required to make in excess of the principal amount of converted Notes, as the case may be, with such reduction and/or offset subject to a cap initially equal to $47.24 and $104.36, for the 2025 and 2029 Notes, respectively.

The Capped Call Transactions are considered a freestanding instrument in accordance with ASC No. 480, "Distinguishing Liabilities from Equity", as they were entered into separately and apart from the Notes and since the conversion or redemption of the Notes does not automatically result in the exercise of the Capped Call Transactions. As the Capped Call Transactions are considered indexed to the Company's stock and are considered equity classified, they are recorded in stockholders’ equity in the consolidated balance sheets and are not accounted for as derivatives. The cost of the Capped Call Transactions for the 2025 and 2029 Notes were approximately $29,348 and $55,522, respectively, and were recorded as a reduction to additional paid-in capital.

In connection with the maturity of the 2025 Notes, the capped call transactions entered into in May 2020 were exercised and net share settled. The Company received and subsequently retired 2,604,434 shares of its common stock.

NOTE 8:- BUSINESS COMBINATIONS

Cyral, Inc. ("Cyral")

On March 17, 2025, the Company completed the acquisition of the share capital of Cyral, a provider of DAM software that uses agentless and stateless interception technology, which has been combined with the Company's database security capabilities. The acquisition was accounted for as a business combination in accordance with ASC No. 805, "Business Combinations." The transaction price was for $25,486 in cash and comprised of the fair value of total consideration transferred ("Purchase Price") and an aggregate conditional consideration of $2,435, subject to employee retention and potential indemnification claims. From the purchase price, $3,502 was held back for potential indemnification claims. The conditional consideration is recorded as research and development compensation expense in the consolidated statements of operations.

The allocation of the purchase price for the acquisition is not finalized as of December 31, 2025, and is subject to adjustment as the Company completes the valuation analysis of the acquisition. The following table summarizes the preliminary allocation of the purchase price to the fair value of the tangible and intangible assets acquired and liabilities assumed as of the acquisition date (in thousands, except useful life):

Purchase Price Allocation Estimated Weighted Average Useful Life (in years)
Net tangible assets acquired $ 396
Developed technology intangible asset 5,900 9
Non-compete intangible asset 40 3
Goodwill 16,715
Total purchase price $ 23,051

The fair value of the developed technology intangible asset of $5,900 was estimated using the multi-period excess earnings method, which utilizes assumptions including projected future revenue generated from the acquired developed technology, projected profit margin, discount rate, and the technology obsolescence curve. The excess of the purchase price and liabilities assumed over the fair value of tangible and identifiable intangible assets acquired was recorded as goodwill. The Company believes the goodwill represents the synergies expected from expanded market opportunities when integrating the business with the Company's offerings. The goodwill is deductible for income tax purposes.

Acquisition-related costs of $662 are included in general and administrative expenses in the consolidated statements of operations.

The pro forma results of operations related to this acquisition have not been disclosed, as they are immaterial to the Company's consolidated financial statements.

SlashNext, Inc. ("SlashNext")

On August 28, 2025, the Company completed the acquisition of the share capital of SlashNext, an AI-native email security provider that detects advanced phishing and social engineering attacks, which, together with MDDR, has been integrated with the Company's technology platform. The acquisition was accounted for as a business combination in accordance with ASC No. 805, "Business Combinations." The transaction price was for $105,953 in cash and comprised of the fair value of total consideration transferred and an aggregate conditional consideration of $4,662, subject to employee retention, along with the settlement of a $4,156 pre-existing relationship. The conditional consideration is recorded as research and development compensation expense in the consolidated statements of operations.

The allocation of the purchase price for the acquisition is not finalized as of December 31, 2025, and is subject to adjustment as the Company completes the valuation analysis of the acquisition. The following table summarizes the preliminary allocation of the purchase price to the fair value of the tangible and intangible assets acquired and liabilities assumed as of the acquisition date (in thousands, except useful life):

Purchase Price Allocation Estimated Weighted Average Useful Life (in years)
Net tangible assets (liabilities) acquired $ (1,779)
Developed technology intangible asset 8,400 7
Customer relationship intangible asset 3,400 10
Goodwill 95,426
Total purchase price $ 105,447

The fair values of the developed technology and customer relationship intangible assets were estimated using the following methods, respectively (including valuation assumptions): relief from royalty (projected future revenue generated from the acquired developed technology, royalty and discount rates and the technology obsolescence curve) and the multi-period excess earnings method (projected future revenue generated from the acquired customers, projected profit margin, discount rate and the customer survival curve). The excess of the purchase price and liabilities assumed over the fair value of tangible and identifiable intangible assets acquired was recorded as goodwill. The Company believes the goodwill represents the synergies expected from expanded market opportunities when integrating the business with the Company's offerings. The goodwill is not deductible for income tax purposes. Acquisition-related costs of $1,469 are included in general and administrative and research and development expenses in the consolidated statements of operations.

The pro forma results of operations related to this acquisition have not been disclosed, as they are immaterial to the Company's consolidated financial statements.

NOTE 9:- GOODWILL AND INTANGIBLE ASSETS

Goodwill

Goodwill represents the excess of the purchase price over the identifiable tangible and intangible assets acquired less liabilities assumed arising from business combinations. The Company believes the goodwill represents the synergies expected from expanded market opportunities when integrating with its offerings.

All goodwill balances are subject to annual goodwill impairment testing. As of December 31, 2025, the Company concluded that no impairment for goodwill was required. The change in the carrying amount of goodwill during the year ended December 31, 2025 is due to the Cyral and SlashNext acquisitions. For additional information regarding the acquisitions, see Note 8 of the consolidated financial statements. There were no additions or any other changes to the carrying amount of goodwill during the year ended December 31, 2024.

The following table reflects goodwill activity for the year ended December 31, 2025 (in thousands):

Amount
Balance at December 31, 2024 $ 23,135
Goodwill acquired 112,141
Balance at December 31, 2025 $ 135,276

Intangible Assets, net

The total cost and amortization of the Company's intangible assets for the period ended December 31, 2025 is comprised of the following (in thousands):

December 31, 2025
Gross Carrying Amount Accumulated Amortization Net Carrying Amount
Developed technology $ 14,300 $ (926) $ 13,374
Customer relationship 3,400 (116) 3,284
Non-compete 40 (11) 29
Total $ 17,740 $ (1,053) $ 16,687

Intangible assets are expensed on a straight-line basis over the useful life of the asset. The Company recorded amortization expense of $1,053, $1,263 and $1,525 for the years ended December 31, 2025, 2024 and 2023, respectively.

The following table summarizes estimated future amortization expense of the Company's intangible assets as of December 31, 2025 (in thousands):

Years ending December 31, Amount
2026 $ 2,209
2027 2,209
2028 2,198
2029 2,196
2030 2,195
Thereafter 5,680
Total future amortization expense $ 16,687

NOTE 10:- FAIR VALUE MEASUREMENTS

The Company evaluates assets and liabilities subject to fair value measurements on a recurring basis to determine the appropriate level to classify them for each reporting period. There have been no transfers between fair value measurement levels during the years ended December 31, 2025 and 2024. The carrying amounts of cash and cash equivalents, trade receivables, short-term deposits and trade payables approximate their fair value due to the short-term maturity of such instruments.

The following table sets forth the Company’s assets and liabilities that were measured at fair value as of December 31, 2025 and 2024 by level within the fair value hierarchy (in thousands):

As of December 31, 2025 As of December 31, 2024
Level I Level<br>II Level<br>III Level I Level<br>II Level<br>III
Financial assets:
Cash equivalents:
Money market funds $ 120,155 $ $ $ 133,113 $ $
Marketable securities:
US Treasury securities 681,225 343,383
Prepaid expenses and other short-term assets:
Forward foreign exchange contracts 21,605 8,099
Long-term marketable securities:
US Treasury securities 187,202 658,896
Long-term other assets:
Forward foreign exchange contracts 6,465 3,083
Financial liabilities:
Accrued expenses and other short-term liabilities:
Forward foreign exchange contracts (2,515) (2,902)
Long-term other liabilities:
Forward foreign exchange contracts (1,691)
Total financial assets, net $ 120,155 $ 892,291 $ $ 133,113 $ 1,010,559 $

See Note 8, "Business Combinations", for the estimated fair value of acquired net tangible and intangible assets and liabilities and Note 7, “Convertible Senior Notes and Capped Call Transactions”, for the carrying amount and estimated fair value of the Company's 2029 Notes, as of December 31, 2025. Marketable securities and derivative instruments are classified within Level 2, as these assets are valued using alternative pricing sources utilizing market observable inputs.

NOTE  11:- STOCKHOLDERS’ EQUITY

a. Common stock rights:

The Company’s Amended and Restated Certificate of Incorporation authorizes the Company to issue 200,000,000 shares of common stock, par value $0.001 per share.

The common stock confers upon its holders the right to participate in the general meetings of the Company, to vote at such meetings (each share represents one vote), to elect board members and to participate in any distribution of dividends or any other distribution of the Company’s property, including the distribution of surplus assets upon liquidation.

b. Stock plans:

On November 14, 2013, the Company’s board of directors adopted the Varonis Systems, Inc. 2013 Omnibus Equity Incentive Plan (the “2013 Plan”) which was subsequently approved by the Company’s stockholders. The Company initially reserved 5,713,899 shares of common stock for issuance under the 2013 Plan to employees, directors, officers and consultants of the Company and its subsidiaries. Since January 1, 2016, the share reserve under the 2013 Plan has been automatically increased by an aggregate of 27,579,672 shares. Awards granted under the 2013 Plan generally vest over four years. No awards were granted under the 2013 Plan subsequent to June 5, 2023, and no further awards will be granted under the 2013 Plan.

On October 22, 2020, and as part of the Polyrize Security Ltd. ("Polyrize") acquisition, the Company’s board of directors approved the assumption of a certain portion of Polyrize Options pursuant to the terms and conditions of the Polyrize 2019 Share Incentive (“Polyrize Plan”). No further awards were or will be granted under the Polyrize Plan.

On April 20, 2023, the Company’s board of directors adopted the Varonis Systems, Inc. 2023 Omnibus Equity Incentive Plan (the “2023 Plan”), subject to approval by the Company's stockholders. On June 5, 2023, the Company’s stockholders approved the 2023 Plan which became effective and replaced the 2013 Plan. The Company initially reserved 5,500,000 shares of common stock for issuance under the 2023 Plan to employees, directors, officers and consultants of the Company and its subsidiaries. Since June 5, 2023, the Company’s stockholders have approved an additional 6,280,000 shares under the 2023 Plan, including the Company's stockholders approval that occurred on June 5, 2025 for an additional 1,880,000 shares.

There were no options granted in 2025 pursuant to the 2013 Plan, Polyrize Plan or 2023 Plan (collectively "Stock Plans"). Total intrinsic value of options exercised for the years ended December 31, 2025, 2024 and 2023 was $162, $22,174 and $2,469, respectively. As of December 31, 2025 there was no unrecognized compensation cost related to employees and non-employees unvested stock options as all options have vested.

c. Restricted stock units ("RSUs") and performance stock units ("PSUs"):

A summary of RSUs and PSUs for employees, consultants and non-employee directors of the Company for the year ended December 31, 2025 is as follows:

Number of shares<br>underlying outstanding<br>RSUs and PSUs Weighted-average<br>grant date<br>fair value
Unvested balance as of January 1, 2025 7,642,492 $ 38.60
Granted 4,315,985 $ 45.64
Vested (2,621,234) $ 40.85
Forfeited (774,598) $ 41.77
Unvested balance as of December 31, 2025 8,562,645 $ 38.60

For the periods ended December 31, 2025, 2024 and 2023, the weighted-average grant date fair value of RSU and PSU shares granted was $45.64, $43.38 and $28.74, respectively. For the periods ended December 31, 2025, 2024 and 2023, the total fair value of RSU and PSU shares that vested was $114,186, $162,694 and $85,475, respectively.

As of December 31, 2025 and 2024, there was $231,295 and $181,874, respectively, of total unrecognized compensation cost related to employees and non-employees unvested restricted stock units and performance stock units which is expected to be recognized over a weighted-average period of 2.067 and 2.082 years, respectively.

d. Employee Stock Purchase Plans

On May 5, 2015, the Company’s stockholders approved the Varonis Systems, Inc. 2015 Employee Stock Purchase Plan (the “2015 ESPP”), which the Company’s board of directors had adopted on March 19, 2015. The 2015 ESPP became effective as of June 30, 2015. The Company initially reserved 1,500,000 shares of common stock for issuance under the 2015 ESPP. The number of shares available for issuance under the 2015 ESPP was increased on January 1, 2016 and has been increased each January 1 thereafter. Since January 1, 2016, the share reserve under the 2015 ESPP has been automatically increased by an aggregate of 4,321,921 shares. There will be no further offering periods under the 2015 ESPP.

On June 5, 2025, the Company’s stockholders approved the Varonis Systems, Inc. 2025 Employee Stock Purchase Plan (the “2025 ESPP”, together with the 2015 ESPP, the "ESPP plans"), which the Company’s board of directors adopted on April 17, 2025. The Company initially reserved 8,000,000 shares of common stock for issuance under the 2025 ESPP. The 2025 ESPP will continue in effect until the earlier of (i) the date when no shares of common stock are available for issuance thereunder, or (ii) June 5, 2035; unless terminated prior thereto by the Company’s board of directors or compensation committee, each of which has the right to terminate the 2025 ESPP at any time.

The ESPP plans allow eligible employees to purchase shares of the Company’s common stock at a discount through payroll deductions of up to 15% of their eligible compensation, at not less than 85% of the fair market value of the Company’s common stock on the first day or last trading day in the offering period, subject to any plan limitations.

The following table summarizes the assumptions used in the Black-Scholes option-pricing model to estimate the stock-based compensation expense on the date of grant for the ESPP plans:

Year ended
December 31,
2025 2024 2023
Expected term (in years) 0.5 0.5 0.5
Risk-free interest rate 4.0% - 4.3% 4.8% - 5.3% 5.2% - 5.5%
Expected stock price volatility 30.1% - 34.1% 32.8% - 35.4% 37.7% - 75.0%
Dividend yield 0.0 % 0.0 % 0.0 %
e. Stock-based compensation expense:
--- ---

The Company recognized stock-based compensation expense in the consolidated statements of operations as follows (in thousands):

Year ended
December 31,
2025 2024 2023
Cost of revenues $ 5,924 $ 5,192 $ 7,221
Research and development 44,370 41,766 48,679
Sales and marketing 39,411 41,494 48,047
General and administrative 40,537 38,230 35,872
Total $ 130,242 $ 126,682 $ 139,819
f. Share Repurchase Programs:
--- ---

In October 2022, the Company's board of directors authorized a share repurchase program of up to $100,000 of the Company’s common stock (the “October 2022 Share Repurchase Program”). Under the October 2022 Share Repurchase Program, the Company was authorized to repurchase shares through open market purchases, privately-negotiated transactions or otherwise in accordance with applicable federal securities laws, including through Rule 10b5-1 trading plans and under Rule 10b-18 of the Exchange Act. The October 2022 Share Repurchase Program expired on October 31, 2023. The Company repurchased and subsequently retired 4,415,093 shares under its October 2022 Share Repurchase Program, for a total of $99,967.

In February 2025, the Company's board of directors authorized a share repurchase program of up to $100,000 of the Company’s common stock (the “February 2025 Share Repurchase Program”). Under the February 2025 Share Repurchase Program, the Company was authorized to repurchase shares through open market purchases, privately-negotiated transactions or otherwise in accordance with applicable federal securities laws, including through Rule 10b5-1 trading plans and under Rule 10b-18 of the Exchange Act. The Company completed its February 2025 Share Repurchase Program

in April 2025. During 2025, the Company repurchased and subsequently retired 2,480,341 shares under its February 2025 Share Repurchase Program, for a total of $100,000.

In October 2025, the Company's board of directors authorized a share repurchase program of up to $150,000 of the Company’s common stock (the “October 2025 Share Repurchase Program”). Under the October 2025 Share Repurchase Program, the Company is authorized to repurchase shares through open market purchases, privately-negotiated transactions or otherwise in accordance with applicable federal securities laws, including through Rule 10b5-1 trading plans and under Rule 10b-18 of the Exchange Act. The October 2025 Share Repurchase Program will expire in October 2026. The number of shares to be purchased and the timing of purchases will be based on the Company's trading windows, available liquidity, and general business and market conditions.

During 2025, the Company repurchased and subsequently retired 448,439 shares under its October 2025 Share Repurchase Program, for a total of $15,000. At December 31, 2025, the Company had $135,000 of capacity remaining under its October 2025 Share Repurchase Program.

NOTE 12:- INCOME TAXES

a. U.S. Tax Reform:

On December 22, 2017, the Tax Cuts and Jobs Act (the "TCJA") was signed into law. The TCJA makes broad and complex changes to the Code that impact the Company's provision for income taxes. The changes include, but are not limited to:

•Decreasing the corporate income tax rate from 35% to 21% effective for tax years beginning after December 31, 2017 (“Rate Reduction”); and

•Taxation of GILTI earned by foreign subsidiaries beginning after December 31, 2017. The GILTI tax imposes a tax on foreign income in excess of a deemed return on tangible assets of foreign corporations.

•Beginning in 2022, the TCJA requires taxpayers to capitalize specified research and development expenses with amortization periods over five and fifteen years, which has increased the Company's tax liability in the U.S. As the Company has a valuation allowance against its deferred tax assets, including capitalized research and development costs, the taxable income in the United States has increased to account for the capitalization of research and development costs starting in 2022.

On July 4, 2025, the One Big Beautiful Bill Act ("OBBBA") entered into effect. This legislation introduces several measures, including provisions that allow for the immediate expensing of U.S. research and development expenses and certain capital expenditures, as well as changes to the U.S. taxation of profits derived from foreign operations. The OBBBA has multiple effective dates, with certain provisions that became effective in 2025 and others implemented through 2027.

Effective in July 2025, the TCJA, as revised by the OBBBA, requires all U.S. companies to capitalize and subsequently amortize specified research and development expenses over fifteen years for research and development activities conducted outside of the U.S.

GILTI Tax

Certain income (i.e., GILTI) earned by controlled foreign corporations (“CFCs”) must be included currently in the gross income of the CFCs’ U.S. shareholder. GILTI is the excess of the shareholder’s “net CFC tested income” over the net deemed tangible income return.

For 2025, the Company is subject to tax on account of GILTI as it has net CFC tested income on an aggregated basis. The resulting tax liability is not significant due to utilization of carried forward net operating loss ("NOL") and research and development tax credits.

Accounting for the TCJA and OBBBA

The Company accounted for the tax impact related to the TCJA and believes its analysis to be completed. The Company recognizes that the IRS is continuing to publish and finalize ongoing guidance which may modify accounting interpretation for the TCJA. The Company would look to account for these impacts in the period of such change is enacted.

The Company accounted for the tax impact related to the OBBBA for legislation that was effective in 2025 and these matters did not have a material effect on the Company's effective tax rate. The Company recognizes that additional legislation becomes effective after 2025 and that the IRS is continuing to publish and finalize ongoing guidance which may modify accounting interpretation for the OBBBA. The Company would look to account for these impacts when effective and in the period of such change is enacted.

b. The Company:

The Company is taxed in accordance with U.S. tax laws.

As of December 31, 2025, the Company had gross federal NOL carry-forwards of approximately $211,483, of which $1,435 can be carried forward until December 31, 2037 and can fully offset taxable income, while $210,049 of which can be carried forward indefinitely but can only be used to offset 80% of taxable income. As of December 31, 2025, the Company had NOL carry-forwards for state and foreign income tax purposes of approximately $182,043 and $84,605, respectively. State NOL carry-forwards of $148,154 expire between 2027-2044 and the remainder do not expire. Foreign NOL carry-forwards do not expire. In addition, as of December 31, 2025, the Company had federal research credit carryforwards of approximately $10,533. If not utilized, the federal tax carryforwards will begin to expire in 2041.

A U.S. corporation's ability to utilize its federal and state NOL and tax credit carryforwards to offset its taxable income is limited under Section 382 and Section 383 of the Code if the corporation undergoes an ownership change (within the meaning of Code Section 382). In general, an “ownership change” occurs whenever the percentage of the stock of a corporation owned by “5-percent shareholders” (within the meaning of Code Section 382) increases by more than 50 percentage points over the lowest percentage of the stock of such corporation owned by such “5-percent shareholders” at any time over the testing period.

An ownership change within the meaning of Code Section 382 would establish an annual limitation to the amount of federal and state NOL and tax credit carryforwards the Company could utilize to offset its taxable income or income tax in any single year. The annual limitation may result in the expiration of state net operating losses and federal and state credits before utilization and in the event we have a change of ownership, utilization of the carryforwards could be restricted.

c. Loss before income taxes is comprised as follows (in thousands):
Year ended
--- --- --- --- --- --- ---
December 31,
2025 2024 2023
Domestic $ (69,006) $ (19,840) $ (21,491)
Foreign (47,314) (63,167) (65,427)
$ (116,320) $ (83,007) $ (86,918)
d. Income taxes is comprised as follows (in thousands):
--- ---
Year ended
--- --- --- --- --- --- ---
December 31,
2025 2024 2023
Current:
Domestic:
Federal $ (1,002) $ 15 $ (1,077)
State 665 1,511 2,420
Foreign 13,089 11,214 12,569
Total current income tax $ 12,752 $ 12,740 $ 13,912
Deferred:
Domestic:
Federal $ 153 $ 62 $ 61
State 12 12 21
Foreign 87 (56) 4
Total deferred income tax $ 252 $ 18 $ 86
Income tax expense $ 13,004 $ 12,758 $ 13,998
e. Deferred income taxes:
--- ---

Deferred income taxes reflect the net tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax purposes. The Company’s deferred tax assets are derived from its U.S. NOL carry-forwards and other temporary differences.

ASC No. 740 requires an assessment of both positive and negative evidence concerning the realizability of deferred tax assets in each jurisdiction. After considering evidence such as current and cumulative financial reporting incomes, the expected sources of future taxable income and tax planning strategies, the Company’s management concluded that a valuation allowance is required in the United States and some foreign jurisdictions. A net deferred tax liability of $700 was recorded as of December 31, 2025. Future changes in these factors, including the Company’s anticipated results, could have a significant impact on the realization of the deferred tax assets which would result in an increase or decrease to the valuation allowance and a corresponding charge to income tax expense. The Company reevaluates the judgements surrounding its estimates and makes adjustments as appropriate each reporting period.

Significant components of the Company's deferred tax assets and liabilities as of December 31, 2025 and 2024 are as follows (in thousands):

December 31,
2025 2024
Deferred tax assets:
Carry forward losses and credits $ 63,310 $ 42,218
Deferred revenues 2,399
Accrued payroll, commissions, vacation 14,601 14,409
Equity compensation 38,841 36,169
Allowance for credit losses 774 2,521
Accrued severance pay 229 240
Operating lease liabilities 12,233 7,226
Research and development capitalized expense 102,094 91,706
Other 12,198 5,367
Deferred tax assets before valuation allowance 246,679 199,856
Valuation allowance (215,693) (181,124)
Deferred tax assets $ 30,986 $ 18,732
Deferred tax liability:
Deferred commissions $ (20,121) $ (12,548)
Operating lease right-of-use assets (10,303) (5,373)
Other (1,262) (1,245)
Deferred tax liability $ (31,686) $ (19,166)
Net deferred tax liability $ (700) $ (434)

The change in the valuation allowance was an increase of $34,569 and $11,650 during 2025 and 2024, respectively.

f. Reconciliation of the theoretical tax expenses:

The company adopted ASU 2023-09 for the year ended December 31, 2025 on a prospective basis. A reconciliation between the theoretical tax expense, assuming all income is taxed at the statutory tax rate applicable to income of the Company, and the actual tax expense as reported in the consolidated statements of operations is as follows (in thousands, except for percentages):

Year ended December 31,
2025
Amount Percent
Provision computed at federal statutory rate $ (24,427) 21.0 %
State and local income taxes, net of federal income tax effect* 612 (0.5)
Foreign tax effects:
Israel:
Statutory tax rate difference between Israel and the United States (1,071) 0.9
Effect of Investment Law 3,749 (3.2)
Changes in valuation allowance 2,686 (2.3)
Other adjustments (192) 0.2
Other foreign jurisdictions (1,284) 1.1
Effect of cross-border tax laws:
Global intangible low-taxed income inclusion 2,803 (2.4)
Tax credits:
Research and development tax credit (3,187) 2.7
Changes in valuation allowances 3,085 (2.7)
Non-taxable or non-deductible items:
Equity-based compensation expenses (3,562) 3.1
Section 162(m) limitation on officer compensation 14,270 (12.3)
Other 1,893 (1.6)
Changes in unrecognized tax benefits 17,629 (15.2)
Income tax expense $ 13,004 (11.2) %

* State taxes in Massachusetts, New York and Virginia made up the majority (greater than 50 percent) of the tax effect in this category.

Year ended December 31,
2024 2023
Loss before income taxes, as reported in the consolidated statements of operations $ (83,007) $ (86,918)
Statutory tax rate 21 % 21 %
Theoretical tax benefits on the above amount at the US statutory tax rate $ (17,431) $ (18,253)
Income tax at rate other than the U.S. statutory tax rate 3,207 6,954
Non-deductible expenses including equity based compensation expenses (339) (3,983)
Operating losses and other temporary differences for which valuation allowance was provided 12,096 27,291
Research and development tax credit (2,525) (1,516)
State tax (1,204) (1,780)
Impact of rate change 999 (3,199)
Change in tax reserve for uncertain tax positions 17,083 7,869
Other individually immaterial income tax items 872 615
Actual tax expense $ 12,758 $ 13,998
g. A reconciliation of the beginning and ending amounts of unrecognized tax benefits, including interest and penalties, in the years ended December 31, 2025 and 2024 are as follows (in thousands):
--- ---
Gross unrecognized tax benefits as of January 1, 2024 $ 25,193
--- --- ---
Increase in tax position for current year 10,487
Increase in tax position for prior years 7,088
Decrease in tax position for prior years (287)
Decrease for lapse of statute of limitations/settlements (205)
Gross unrecognized tax benefits as of December 31, 2024 $ 42,276
Increase in tax position for current year 12,989
Increase in tax position for prior years 11,635
Decrease in tax position for prior years (1,104)
Decrease for lapse of statute of limitations/settlements (131)
Gross unrecognized tax benefits as of December 31, 2025 $ 65,665

There was $65,665 of unrecognized income tax benefits that, if recognized, approximately $50,474 would impact the effective tax rate after consideration of valuation allowance on deferred tax assets in the period in which each of the benefits is recognized. The Company includes interest and penalties related to unrecognized tax benefits within the provision for income taxes in the consolidated statements of operations. The total amount of interest and penalties is approximately $5,009 as of December 31, 2025, which is included in the table above.

h. Foreign taxation:
  1. Israeli tax benefits under the Law for the Encouragement of Capital Investments, 1959 (the “Investment Law”):

VSL has utilized various benefits under the Investment Law. Those benefits relate only to taxable income attributable to the specific investment program and are conditioned upon meeting the terms stipulated in the Investment Law, the related regulations and the applicable certificate of approval. If VSL does not fulfill these conditions, in whole or in part, the benefits will most likely be cancelled, and VSL may be required to refund the benefits, in an amount linked to the Israeli consumer price index plus interest.

If cash dividends are distributed out of tax-exempt profits in a manner other than upon complete liquidation, VSL will then become liable for tax at the rate of 10% - 25% (depending on the level of foreign investments in VSL) in respect of the amount distributed.

  1. Undistributed earnings of foreign subsidiaries:

In general, it is the Company’s practice and intention to reinvest the earnings of its non-U.S. subsidiaries in those operations. Undistributed earnings, if any, of foreign subsidiaries are immaterial for all periods presented. Because the Company’s non-U.S. subsidiary earnings have previously been included in the computation of the one-time Transition Tax on foreign earnings required by the TCJA and throughout the years have been included in the GILTI computations, any additional taxes due with respect to such earnings or the excess of the amount for financial reporting over the tax basis of its foreign investments would generally be limited to foreign withholding taxes and/or U.S. state income taxes.

i. Tax assessments:

As of December 31, 2025, the Company's federal tax returns for the years 2010 through the current period, excluding the 2016 tax year which was audited by the Internal Revenue Service, and most state tax returns for the years 2009 through the current period, are still open to examination. The Company remains open to examination to the extent net carry-over unused operating losses and tax credit attributable to those years remain unutilized.

The Israeli Tax Authority is conducting an income tax audit for the years 2020-2023 and a value added tax audit for the years 2020-2025. In early 2026, New York state initiated a corporate income tax audit for the years 2022-2024.

The Company has final income tax assessments for VSL through 2019.

j. Income tax payments:

Pursuant to the disclosure requirements of ASU 2023-09, below is a summary of income taxes paid, net of refunds received, by jurisdiction for the year ended December 31, 2025 (in thousands):

Year ended December 31,
Cash taxes paid (refunds received) 2025
Federal income taxes $ 4,082
State and local income taxes:
New York State 370
New York City 275
Montana (351)
Florida (241)
Other 346
Total state and local income taxes, net of refunds 399
Foreign income taxes:
France 598
Canada 373
Israel (2,231)
Other foreign jurisdictions 364
Total foreign income taxes, net of refunds (896)
Total cash paid for income taxes, net of refunds $ 3,585

NOTE 13:- FINANCIAL INCOME, NET

Year ended
December 31,
(in thousands)
2025 2024 2023
Financial income:
Interest on bank deposits and other $ 49,946 $ 30,355 $ 25,207
Accretion of discount on marketable securities, net 12,690 9,354
Foreign exchange gains, net 916
49,946 43,045 35,477
Financial expenses:
Foreign exchange losses, net 7,147 827
Interest expenses, principally from convertible notes 6,568 4,571 3,197
Amortization of debt issuance costs 2,976 2,144 1,514
Amortization of premium on marketable securities, net 2,267
Bank and other charges 794 859 461
(19,752) (8,401) (5,172)
Financial income, net $ 30,194 $ 34,644 $ 30,305

NOTE 14:- GEOGRAPHIC INFORMATION AND MAJOR CUSTOMER DATA

ASC No. 280, “Segment Reporting,” establishes standards for reporting information about operating segments. Operating segments are defined as components of an enterprise about which separate financial information is available that is evaluated regularly by the chief operating decision maker ("CODM") in deciding how to allocate resources and in assessing performance. The Company manages its business on the basis of one reportable segment and unit and derives revenues mainly from SaaS revenues, term license subscriptions and maintenance and services fees (see Note 1 for a brief description of the Company’s business and Note 2n for details on the Company's revenue recognition).

The CODM of the Company is the Chief Executive Officer. The CODM assesses the performance of the Company and decides how to allocate resources based upon consolidated net loss that is also reported within the Consolidated Statements of Operations. The measure of segment assets that is reviewed by the CODM is reported within the Consolidated Balance Sheets as consolidated total assets. The CODM uses consolidated net loss to monitor period-over-period results and decides where to allocate and invest additional resources within the business to continue growth. The following is a summary of the significant expense categories and consolidated net loss details provided to the CODM (in thousands):

Year ended
December 31,
2025 2024 2023
Total revenues $ 623,532 $ 550,950 $ 499,160
Less:
Stock-based compensation 130,242 126,682 139,819
Other segment items (*) 622,614 520,033 460,257
Net loss $ (129,324) $ (95,765) $ (100,916)

(*) Other segment expense items included within net loss include payroll, financial income, net, marketing activities, overhead and depreciation, travel and entertainment, income taxes, information technology and communication, department activities, amortization of acquired intangibles and other miscellaneous expenses. See the consolidated financial statements for other financial information regarding the Company’s operating segment.

Summary information about geographic areas (in thousands):

Year ended
December 31,
2025 2024 2023
Revenues based on customer’s location:
United States $ 440,468 $ 400,778 $ 358,258
EMEA 133,591 114,355 109,587
Rest of the World 49,473 35,817 31,315
Total revenues $ 623,532 $ 550,950 $ 499,160

During the years ended December 31, 2025, 2024 and 2023, respectively, there were no revenues to a single customer exceeding 10% of the Company’s total revenues.

The following is a summary of long-lived assets, including property and equipment, net and operating lease right-of-use assets, within geographic areas (in thousands):

December 31,
2025 2024
Long-lived assets by geographic region:
Israel $ 49,914 $ 32,026
United States 33,112 31,725
Ireland 6,784 11,326
Other 3,899 1,311
$ 93,709 $ 76,388

NOTE 15:- SUBSEQUENT EVENTS

On February 3, 2026, the Company entered into a definitive agreement to acquire all the shares of AllTrue.ai Inc., an AI security company that adds end‑to‑end visibility and guardrails for AI tools, for approximately $126,000 in cash consideration, subject to customary purchase price adjustments. The acquisition is expected to close during the first quarter of 2026, subject to the satisfaction of closing conditions.

Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

There have been no changes in our independent registered public accounting firm, Kost Forer Gabbay & Kasierer, a member of EY Global, or disagreements with our accountants on matters of accounting and financial disclosure.

Item 9A. Controls and Procedures

Evaluation of Disclosure Controls and Procedures

Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) of the Exchange Act) as of the end of the period covered by this report. Based on that evaluation, our Chief Executive Officer and Chief Financial Officer concluded that our disclosure controls and procedures as of the end of the period covered by this report were effective at a reasonable assurance level in ensuring that information required to be disclosed by us in reports that we file or submit under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms. We believe that a control system, no matter how well designed and operated, cannot provide absolute assurance that the objectives of the control system are met, and no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, within a company have been detected.

Management’s Annual Report on Internal Control Over Financial Reporting

Our management is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act). Our management conducted an evaluation of the effectiveness of our internal control over financial reporting as of December 31, 2025 based on the criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.

Based on the results of its evaluation, management concluded that our internal control over financial reporting was effective as of December 31, 2025.

In accordance with guidance issued by the Securities and Exchange Commission staff, companies are permitted to exclude acquisitions from their assessment of internal control over financial reporting for the first fiscal year in which the acquisition occurred. Accordingly, our management has excluded Cyral, LLC and SlashNext, LLC, which were acquired on March 17, 2025 and August 28, 2025, respectively, from its assessment of internal control over financial reporting as of December 31, 2025. Cyral, LLC and SlashNext, LLC each constituted less than 1% of total and net assets (excluding acquired goodwill and intangible assets), as of December 31, 2025 and less than 1% of revenues, for the year then ended.

The effectiveness of our internal control over financial reporting as of December 31, 2025 has been audited by Kost Forer Gabbay & Kasierer, a member of EY Global and an independent registered public accounting firm, as stated in their attestation report which is included in Part II, Item 8 of this Annual Report on Form 10-K.

Changes in Internal Control over Financial Reporting

There was no change in our internal control over financial reporting that occurred during the three months ended December 31, 2025 that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.

We regularly seek to identify, develop and implement improvements to our technology systems and business processes, some of which may affect our internal control over financial reporting. These changes may include such activities as implementing new, more efficient systems, updating existing systems or platforms, automating manual processes or utilizing technology developed by third parties. These system changes are often phased in over multiple periods in order to limit the implementation risk in any one period, and as each change is implemented we monitor its effectiveness as part of its internal control over financial reporting.

Item 9B. Other Information

Rule 10b5-1 Trading Plan

On October 30, 2025, Yakov Faitelson, our Chief Executive Officer, President and Chairman of the Board, terminated a Rule 10b5–1 trading arrangement that was previously adopted on September 15, 2025. Mr. Faitelson’s terminated Rule 10b5–1 trading arrangement would have expired on June 30, 2026, if not earlier terminated, and included the potential sale of up to 217,521 shares of our common stock. As of the date of termination of the Rule 10b5–1 trading arrangement, no shares of our common stock had been sold under its terms.

Except as described above, during the fiscal quarter ended December 31, 2025, no director or officer of the Company adopted or terminated a “Rule 10b5-1 trading arrangement” or “non-Rule 10b5-1 trading arrangement,” as each term is defined in Item 408(a) of Regulation S-K.

Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

Not applicable.

Item 10. Directors, Executive Officers and Corporate Governance

The information required by this item (other than the information set forth in the next paragraph in this Item 10) will be included in our definitive proxy statement with respect to our 2026 Annual Meeting of Stockholders to be filed with the SEC and is incorporated herein by reference.

Code of Business Conduct and Ethics

We have adopted a code of business conduct and ethics that is applicable to all of our employees, officers and directors, including our chief executive and senior financial officers. The code of business conduct and ethics is available on our website at www.varonis.com. We expect that any amendment to the code, or any waivers of its requirements, will be disclosed on our website. The inclusion of our website in this Form 10-K does not include or incorporate by reference the information on our website into this Form 10-K.

Insider Trading Policy and Procedures

We have adopted an insider trading policy governing the purchase, sale, and/or other dispositions of our securities by our directors, officers and employees and other covered persons. We believe these policies and procedures are reasonably designed to promote compliance with insider trading laws, rules and regulations and applicable listing standards. A copy of our Insider Trading Policy is filed as Exhibit 19.1 to this Annual Report on Form 10-K.

Item 11. Executive Compensation

The information called for by this item will be included in our definitive proxy statement with respect to our 2026 Annual Meeting of Stockholders to be filed with the SEC and is incorporated herein by reference.

Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

The information called for by this item will be included in our definitive proxy statement with respect to our 2026 Annual Meeting of Stockholders to be filed with the SEC and is incorporated herein by reference.

Item 13. Certain Relationships and Related Transactions, and Director Independence

The information called for by this item will be included in our definitive proxy statement with respect to our 2026 Annual Meeting of Stockholders to be filed with the SEC and is incorporated herein by reference.

Item 14. Principal Accounting Fees and Services

The information called for by this item will be included in our definitive proxy statement with respect to our 2026 Annual Meeting of Stockholders to be filed with the SEC and is incorporated herein by reference.

Item 15. Exhibits and Financial Statement Schedules

(a) Financial Statements

Our consolidated financial statements are listed in the “Index to Consolidated Financial Statements” under Part II, Item 8 of this Annual Report on Form 10-K. All schedules are omitted because they are not applicable or the required information is shown in the financial statements or notes thereto.

(b) Exhibits

The exhibits listed below in the accompanying “Index to Exhibits” are filed or incorporated by reference as part of this Annual Report on Form 10-K.

Item  16. Form 10-K Summary

None.

SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.

VARONIS SYSTEMS, INC.
February 4, 2026 By: /s/ Yakov Faitelson
Yakov Faitelson
Chief Executive Officer and President<br>(Principal Executive Officer)
February 4, 2026 By: /s/ Guy Melamed
Guy Melamed
Chief Financial Officer and Chief Operating Officer (Principal Financial Officer and Principal Accounting Officer)

POWER OF ATTORNEY

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Yakov Faitelson and Guy Melamed, jointly and severally, his or her attorneys-in-fact, each with the power of substitution, for him or her in any and all capacities, to sign any amendments to this Annual Report on Form 10-K, and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that each of said attorneys-in-fact, or his substitute or substitutes, may do or cause to be done by virtue hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant in the capacities and on the dates indicated.

Signature Title Date
/s/ Yakov Faitelson Chief Executive Officer, President February 4, 2026
Yakov Faitelson and Chairman of the Board<br>(Principal Executive Officer)
/s/ Guy Melamed Chief Financial Officer and Chief Operating Officer February 4, 2026
Guy Melamed (Principal Financial Officer and Principal Accounting Officer)
/s/ Carlos Aued Director February 4, 2026
Carlos Aued
/s/ Kevin Comolli Director February 4, 2026
Kevin Comolli
/s/ John J. Gavin, Jr. Director February 4, 2026
John J. Gavin, Jr.
/s/ Gili Iohan Director February 4, 2026
Gili Iohan
/s/ Avrohom J. Kess Director February 4, 2026
Avrohom J. Kess
/s/ Ohad Korkus Director February 4, 2026
Ohad Korkus
/s/ Thomas F. Mendoza Director February 4, 2026
Thomas F. Mendoza
/s/ Rachel Prishkolnik Director February 4, 2026
Rachel Prishkolnik
/s/ Ofer Segev Director February 4, 2026
Ofer Segev
/s/ Fred Van Den Bosch Director February 4, 2026
Fred Van Den Bosch

EXHIBIT INDEX

Exhibit<br>Number Description of the Document
3.1(1) Amended and Restated Certificate of Incorporation
3.2(2) Amended and Restated Bylaws
4.1 Description of Securities Registered under Section 12 of the Securities Exchange Act of 1934
4.2(3) Indenture, dated as of May 11, 2020, by and between Varonis Systems, Inc. and U.S. Bank National Association, as Trustee (including Form of Note, representing Varonis Systems, Inc.’s 1.25% Convertible Senior Notes due 2025)
4.3(4) Indenture, dated as of September 10, 2024, by and between Varonis Systems, Inc. and U.S. Bank Trust Company, National Association, as Trustee (including Form of Note, representing Varonis Systems, Inc.’s 1.00% Convertible Senior Notes due 2029)
10.1(5)† Form of Indemnification Agreement between the Company and its directors and officers
10.2(6)† 2013 Omnibus Equity Incentive Plan
10.3(7)† Amended and Restated Varonis Systems, Inc. 2023 Omnibus Equity Incentive Plan
10.4(8)† Forms of Restricted Stock Unit Award Grant Notice and Restricted Stock Unit Award Agreement under the 2013 Omnibus Equity Incentive Plan
10.5(9)† Forms of Performance-Based Restricted Stock Unit Award Grant Notice and Performance-Based Restricted Stock Unit Award Agreement under the 2013 Omnibus Equity Incentive Plan
10.6(10)† 2015 Employee Stock Purchase Plan
10.7(11)† 2025 Employee Stock Purchase Plan
10.8(12)† Employment Agreement, dated as of May 15, 2024, by and between Varonis Systems, Inc. and Yakov Faitelson
10.9(13)† Employment Agreement, dated as of May 15, 2024, by and between Varonis Systems Ltd. and Yakov Faitelson
10.10(14)† Varonis Systems Severance Plan
10.11(15)† Employment Agreement, dated as of January 31, 2024, by and between Varonis Systems, Inc. and Guy Melamed
10.12(16)† Employment Agreement, dated as of January 31, 2024, by and between Varonis Systems Ltd. and Guy Melamed
10.13† Employment Agreement, dated as of July 23, 2008, by and between the Company and Gregory Pomeroy
10.14(17)† Employment Agreement, dated as of February 8, 2018, by and between Varonis Systems Ltd. and David Bass
--- ---
10.15(18)† Employment Agreement, dated as of March 12, 2021, by and between the Company and Dov Gottlieb
10.16(19) Form of Confirmation for 2020 Capped Call Transactions
10.17(20) Form of Confirmation for 2024 Capped Call Transactions
10.18(21)† Forms of Restricted Stock Unit Award Grant Notice and Restricted Stock Unit Award Agreement under the 2013 Omnibus Equity Incentive Plan (Israeli Employees)
10.19(22)† Forms of Performance-Based Restricted Stock Unit Award Grant Notice and Performance-Based Restricted Stock Unit Award Agreement under the 2013 Omnibus Equity Incentive Plan (Israeli Employees)
10.20† Forms of Restricted Stock Unit Award Grant Notice and Restricted Stock Unit Award Agreement under the Amended and Restated 2023 Omnibus Equity Incentive Plan
10.21† Forms of Performance-Based Restricted Stock Unit Award Grant Notice and Performance-Based Restricted Stock Unit Award Agreement under the Amended and Restated 2023 Omnibus Equity Incentive Plan
10.22† Forms of Restricted Stock Unit Award Grant Notice and Restricted Stock Unit Award Agreement under the Amended and Restated 2023 Omnibus Equity Incentive Plan (Israeli Employees)
10.23† Forms of Performance-Based Restricted Stock Unit Award Grant Notice and Performance-Based Restricted Stock Unit Award Agreement under the Amended and Restated 2023 Omnibus Equity Incentive Plan (Israeli Employees)
19.1 Insider Trading Policy
21.1 List of Subsidiaries
23.1 Consent of Kost Forer Gabbay & Kasierer, a member of EY Global
31.1 Rule 13a-14(a) Certification of Chief Executive Officer and President of the Company in accordance with Section 302 of the Sarbanes-Oxley Act of 2002
31.2 Rule 13a-14(a) Certification of Chief Financial Officer of the Company in accordance with Section 302 of the Sarbanes-Oxley Act of 2002
32.1** Section 1350 Certification of Chief Executive Officer and President of the Company in accordance with Section 906 of the Sarbanes-Oxley Act of 2002
32.2** Section 1350 Certification of Chief Financial Officer of the Company in accordance with Section 906 of the Sarbanes-Oxley Act of 2002
97 Policy For The Recovery Of Erroneously Awarded Compensation
101 The following materials from the Company’s Annual Report on Form 10-K for the year ended December 31, 2025, formatted in inline XBRL (eXtensible Business Reporting Language): (i) the Consolidated Balance Sheets, (ii) the Consolidated Statements of Operations, (iii) the Consolidated Statements of Comprehensive Loss, (iv) the Unaudited Consolidated Statements of Changes in Stockholders' Equity, (v) the Consolidated Statements of Cash Flows and (vi) related notes to these consolidated financial statements, tagged as blocks of text and in detail
--- ---
104 Cover Page Interactive Data File - (formatted as Inline XBRL and contained in Exhibit 101)

____________________________________

Indicates management contract or compensatory plan or arrangement.
** Document has been furnished, is not deemed filed and is not to be incorporated by reference into any of the Company’s filings under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended, irrespective of any general incorporation language contained in any such filing.
(1) Filed as Exhibit 3.1 to the Company’s Quarterly Report on Form 10-Q filed with the SEC on May 8, 2014 (the “Company’s First Quarter 2014 Form 10-Q”) and incorporated herein by reference.
(2) Filed as Exhibit 3.2 to the Company’s Annual Report on Form 10-K filed with the SEC on February 8, 2022 (the "Company's 2021 Form 10-K") and incorporated herein by reference.
(3) Filed as Exhibit 4.1 to the Company’s Current Report on Form 8-K filed with the SEC on May 11, 2020 and incorporated herein by reference.
(4) Filed as Exhibit 4.1 to the Company’s Current Report on Form 8-K with the Securities and Exchange Commission on September 10, 2024 and incorporated herein by reference
(5) Filed as Exhibit 10.1 to the Company's Registration Statement on Form S-1 (Registration No. 333-191840) (the "IPO Registration Statement") with the SEC on February 18, 2014 and incorporated herein by reference.
(6) Filed as Exhibit 99.2 to the Company’s Registration Statement on Form S-8 (Registration No. 333-194657) with the SEC on March 18, 2014 and incorporated herein by reference.
(7) Filed as Exhibit 10.1 to the Company’s Current Report on Form 8-K with the Securities and Exchange Commission on June 5, 2024 and incorporated herein by reference.
(8) Filed as Exhibit 10.1 to the Company’s Quarterly Report on Form 10-Q filed with the SEC on August 6, 2014 (the “Company’s Third Quarter 2014 Form 10-Q”) and incorporated herein by reference.
(9) Filed as Exhibit 10.4 to the Company’s Current Report on Form 8-K filed with the SEC on June 26, 2019 and incorporated herein by reference.
(10) Filed as Exhibit A of the Proxy Statement on Form DEF 14A with the SEC on March 26, 2015 and incorporated herein by reference.
(11) Filed as Appendix A of the Proxy Statement on Form DEF 14A with the SEC on April 22, 2025 and incorporated herein by reference.
(12) Filed as Exhibit 10.2 to the Company’s Quarterly Report on Form 10-Q filed with the SEC on July 30, 2024 (the “Company’s Second Quarter 2024 Form 10-Q”) and incorporated herein by reference.
(13) Filed as Exhibit 10.3 to the Company’s Quarterly Report on Form 10-Q filed with the SEC on July 30, 2024 (the “Company’s Second Quarter 2024 Form 10-Q”) and incorporated herein by reference.
(14) Filed as Exhibit 10.9 to the Company’s Annual Report on Form 10-K filed with the SEC on February 7, 2023 (the “Company’s 2022 Form 10-K”) and incorporated herein by reference.
(15) Filed as Exhibit 10.10 to the Company’s Annual Report on Form 10-K filed with the SEC on February 6, 2024 (the "Company's 2023 Form 10-K") and incorporated herein by reference.
(16) Filed as Exhibit 10.11 to the Company’s Annual Report on Form 10-K filed with the SEC on February 6, 2024 (the "Company's 2023 Form 10-K") and incorporated herein by reference.
(17) Filed as Exhibit 10.13 to the Company’s Annual Report on Form 10-K filed with the SEC on February 12, 2019 (the “Company’s 2018 Form 10-K”) and incorporated herein by reference.
(18) Filed as Exhibit 10.16 to the Company’s Annual Report on Form 10-K filed with the SEC on February 7, 2023 (the “Company’s 2022 Form 10-K”) and incorporated herein by reference.
(19) Filed as Exhibit 10.1 to the Company’s Current Report on Form 8-K filed with the SEC on May 11, 2020 and incorporated herein by reference.
(20) Filed as Exhibit 10.1 to the Company’s Current Report on Form 8-K with the SEC on September 10, 2024 and incorporated herein by reference.
(21) Filed as Exhibit 10.1 to the Company’s Quarterly Report on Form 10-Q filed with the SEC on May 3, 2022 (the “Company’s First Quarter 2022 Form 10-Q”) and incorporated herein by reference.
(22) Filed as Exhibit 10.2 to the Company’s Quarterly Report on Form 10-Q filed with the SEC on May 3, 2022 (the “Company’s First Quarter 2022 Form 10-Q”) and incorporated herein by reference.

Document

EXHIBIT 4.1

DESCRIPTION OF THE REGISTRANT'S SECURITIES REGISTERED PURSUANT TO SECTION 12 OF THE SECURITIES EXCHANGE ACT OF 1934

The following is a description of the common stock, par value $0.001 per share, of Varonis Systems, Inc. (the “Company,” “we” or “us”) registered under Section 12 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). This description is a summary and is qualified in its entirety by reference to the amended and restated certificate of incorporation and amended and restated bylaws, copies of which are filed as Exhibit 3.1 and 3.2, respectively, to the Annual Report on Form 10-K of the Company for the fiscal year ended December 31, 2025 (the “Annual Report”). We refer in this exhibit to our amended and restated certificate of incorporation as our certificate of incorporation, and we refer to our amended and restated bylaws as our bylaws.

General

Our authorized capital stock consists of 200 million shares of common stock, par value $0.001 per share, and 5,000,000 shares of preferred stock, par value $0.001 per share, all of which shares of preferred stock are undesignated.

As of December 31, 2025, 117,546,852 shares of our common stock were outstanding, and no shares of preferred stock were outstanding.

Common Stock

Voting Rights. The holders of our common stock are entitled to one vote for each share held on all matters properly submitted to a vote of the stockholders. The holders of our common stock do not have any cumulative voting rights. Directors shall be elected by a plurality of the votes of the shares present in person or represented by proxy at the meeting and entitled to vote on the election of directors. All other matters, unless otherwise provided by applicable law, the rules or regulations of any stock exchange applicable to the Company, the certificate of incorporation or the bylaws (as disclosed herein), shall be decided by the affirmative vote of the holders of a majority of the voting power of the shares of stock entitled to vote thereon, regardless of whether such holders actually vote their shares on such matter or abstain from doing so.

Dividend Rights and Liquidation Rights. Holders of our common stock are entitled to receive ratably any dividends declared by the board of directors out of funds legally available for that purpose, subject to any preferential dividend rights of any outstanding preferred stock. In the event of our liquidation, dissolution or winding up, holders of our common stock will be entitled to share ratably in all assets remaining after payment of all debts and other liabilities and any liquidation preference of any outstanding preferred stock.

Other Rights and Preferences. Our common stock has no preemptive rights, conversion rights or other subscription rights or redemption or sinking fund provisions. The outstanding shares are validly issued, fully paid and non-assessable. The rights and privileges of holders of our common stock are subject to any series of preferred stock that we may issue, as described below.

Preferred Stock

Our board of directors is authorized, subject to any limitations prescribed by law, without stockholder approval, to issue from time to time up to an aggregate of 5,000,000 shares of preferred stock, in one or more series, each series to have such rights and preferences, including voting rights, dividend rights, conversion rights, redemption privileges and liquidation preferences as our board of directors

determines. The rights of the holders of common stock will be subject to, and may be adversely affected by, the rights of holders of any preferred stock that may be issued in the future. As of the date of the filing of the Annual Report, we had no shares of preferred stock outstanding.

Anti-Takeover Effects of our Certificate of Incorporation and Bylaws and Delaware Law

Our certificate of incorporation and bylaws include a number of provisions that may have the effect of delaying, deferring or preventing another party from acquiring control of us and encouraging persons considering unsolicited tender offers or other unilateral takeover proposals to negotiate with our board of directors rather than pursue non-negotiated takeover attempts. These provisions include the items described below.

Board Composition and Filling Vacancies. Our certificate of incorporation provides for the division of our board of directors into three classes serving staggered three-year terms, with one class being elected each year. Our certificate of incorporation also provides that directors may be removed only for cause and then only by the affirmative vote of the holders of 75% or more of the shares then entitled to vote at an election of directors. Furthermore, any vacancy on our board of directors, however occurring, including a vacancy resulting from an increase in the size of our board, may only be filled by the affirmative vote of a majority of our directors then in office even if less than a quorum, unless otherwise determined by our board to be filled by stockholders. The classification of directors, together with the limitations on removal of directors and treatment of vacancies, has the effect of making it more difficult for stockholders to change the composition of our board of directors.

No Written Consent of Stockholders. Our certificate of incorporation provides that all stockholder actions are required to be taken by a vote of the stockholders at an annual or special meeting, and that stockholders may not take any action by written consent in lieu of a meeting. This limit may lengthen the amount of time required to take stockholder actions and would prevent the amendment of our bylaws or removal of directors by our stockholders without holding a meeting of stockholders.

Meetings of Stockholders. Our certificate of incorporation and bylaws provide that only the chairperson of our board, the lead independent director, if any, the chief executive offer, the president or a majority of the total authorized number of directors may call special meetings of stockholders and only those matters set forth in the notice of the special meeting may be considered or acted upon at a special meeting of stockholders. Our bylaws limit the business that may be conducted at an annual meeting of stockholders to those matters properly brought before the meeting.

Advance Notice Requirements. Our bylaws establish advance notice procedures with regard to stockholder proposals relating to the nomination of candidates for election as directors or new business to be brought before meetings of our stockholders. These procedures provide that notice of stockholder proposals must be timely given in writing to our corporate secretary prior to the meeting at which the action is to be taken. Generally, to be timely, notice must be received at our principal executive offices not less than 75 days nor more than 105 days prior to the first anniversary date of the annual meeting for the preceding year. Our bylaws specify the requirements as to form and content of all stockholders’ notices. These requirements may preclude stockholders from bringing matters before the stockholders at an annual or special meeting.

Amendment to Certificate of Incorporation and Bylaws. Any amendment of our certificate of incorporation must first be approved by a majority of our board of directors, and if required by law or our certificate of incorporation, must thereafter be approved by a majority of the outstanding shares entitled to

vote on the amendment and, if applicable, by a majority of the outstanding shares of each class entitled to vote thereon as a class, except that the amendment of the provisions relating to stockholder action, the requirements for the amendment of our bylaws, board composition (including size, classification, term, removal and vacancies), director liability and indemnification and the requirements for the amendment of our certificate of incorporation must be approved by not less than 75% of the outstanding shares entitled to vote on the amendment voting together as a single class.

Our bylaws may be amended by the affirmative vote of a majority of the directors then in office, subject to any limitations set forth in the bylaws; and may also be amended by the affirmative vote of at least 75% of the outstanding shares entitled to vote on the amendment, or, if our board of directors recommends that the stockholders approve the amendment, by the affirmative vote of the majority of the outstanding shares entitled to vote on the amendment, in each case voting together as a single class.

Undesignated Preferred Stock. Our certificate of incorporation provides for 5,000,000 authorized shares of preferred stock. The existence of authorized but unissued shares of preferred stock may enable our board of directors to render more difficult or to discourage an attempt to obtain control of us by means of a merger, tender offer, proxy contest or otherwise. For example, if in the due exercise of its fiduciary obligations, our board of directors were to determine that a takeover proposal is not in the best interests of our stockholders, our board of directors could cause shares of preferred stock to be issued without stockholder approval in one or more private offerings or other transactions that might dilute the voting or other rights of the proposed acquirer or insurgent stockholder or stockholder group. In this regard, our certificate of incorporation grants our board of directors broad power to establish the rights and preferences of authorized and unissued shares of preferred stock. The issuance of shares of preferred stock could decrease the amount of earnings and assets available for distribution to holders of shares of common stock. The issuance may also adversely affect the rights and powers, including voting rights, of these holders and may have the effect of delaying, deterring or preventing a change in control of us.

Section 203 of the Delaware General Corporation Law. We are subject to the provisions of Section 203 of the Delaware General Corporation Law. In general, Section 203 prohibits a publicly held Delaware corporation from engaging in a “business combination” with an “interested stockholder” (any entity or person beneficially owning 15% or more of the outstanding voting stock) for a three-year period following the time that this stockholder becomes an interested stockholder, unless the business combination satisfies one of the following conditions:

•before the stockholder became interested, our board of directors approved either the business combination or the transaction which resulted in the stockholder becoming an interested stockholder;

•upon consummation of the transaction which resulted in the stockholder becoming an interested stockholder, the interested stockholder owned at least 85% of the voting stock of the corporation outstanding at the time the transaction commenced, excluding for purposes of determining the voting stock outstanding, shares owned by persons who are directors and also officers, and employee stock plans, in some instances, but not the outstanding voting stock owned by the interested stockholder; or

•at or after the time the stockholder became interested, the business combination was approved by our board of directors and authorized at an annual or special meeting of the stockholders by the affirmative vote of at least two-thirds of the outstanding voting stock which is not owned by the interested stockholder.

Section 203 defines a business combination to include:

•any merger or consolidation involving the corporation and the interested stockholder;

•any sale, transfer, lease, pledge or other disposition involving the interested stockholder of 10% or more of the assets of the corporation;

•subject to exceptions, any transaction that results in the issuance of transfer by the corporation of any stock of the corporation to the interested stockholder;

•subject to exceptions, any transaction involving the corporation that has the effect of increasing the proportionate share of the stock of any class or series of the corporation beneficially owned by the interested stockholder; and

•the receipt by the interested stockholder of the benefit of any loans, advances, guarantees, pledges or other financial benefits provided by or through the corporation.

Market Listing

Our common stock is listed on The Nasdaq Global Select Market under the symbol “VRNS.”

4

Document

Exhibit 10.13

July 21, 2008

Mr. Greg Pomeroy

Dear Greg,

Varonis Systems, Inc. is pleased to offer you the position of Sales Manager. This letter embodies the terms of our offer of employment to you.

As a Sales Manager, you will report to Mark Wilcox, Director of East Coast Sales, but this reporting relationship may be changed. Your annual base salary will be $120,000 per year, paid on a semi-monthly basis (the "Annual Base Salary"). In addition, you will be eligible to receive a commission based on performance goals agreed upon in writing by you and your manager (the "Allegeable Commission") pursuant to the Company's standard compensation plan. Your total On Target Earnings (OTE) will be $240,000 (such amount shall be inclusive of the Annual Base Salary).

You shall be eligible for a lump sum (the "Advanced Commission"), which shall be paid to you in accordance with the terms and conditions of the Advance Commission Agreement substantially in the form attached hereto as Exhibit A. The Advanced Commission shall be counted towards the aggregate Allegeable Commission that may become due and payable to you.

You will be granted stock options totaling 12,500 shares to be vested over your first four years of employment subject to Varonis' Board of Directors' approval. Twenty-five (25%) of this stock option will vest after you have completed one full year of employment with Varonis Systems, Inc. and one forty-eightieth (1/48th) will vest at the end of each month thereafter. The option will be subject to all other terms and conditions set forth in the Varonis Systems, Inc. 2005 Stock Plan.

As an employee of Varonis Systems, Inc., you are entitled to medical, dental, and other benefits such as 401-K plan (the "Benefits").

As a Varonis Systems, Inc. employee, you will be expected to abide by all company rules, policies and procedures. You will be expected to sign and comply with the attached Proprietary Information and Inventions Agreement which requires, among other provisions, the assignment of patent rights to any invention made during your employment at Varonis Systems, Inc. and non-disclosure of proprietary information.

This offer is subject to your submission of an 1-9 form and satisfactory documentation respecting your identification and right to work in the United States of America on your first day of employment.

As an employee, you may terminate employment at any time, for any or no reason with notice to Varonis Systems, Inc. Varonis Systems, Inc. may terminate your employment at any time, for any or no reason, with or without cause, or advance notice.

The terms and conditions of employment set forth in this letter including the "at will" employment arrangement described above supersedes all our prior written and oral communication with you regarding employment with Varonis Systems, Inc. and can only be modified by written agreement signed by the CEO of Varonis Systems, Inc.

If you wish to accept employment at Varonis Systems, Inc. under the terms set out above, please sign and dated this letter and date this letter and Proprietary Information and Inventions Agreement prior to 7/23/08, and return in the enclosed envelope. If you accept our offer, your first day of employment will be no later than 8/15/08.

Sincerely,

/s/ Yakov Faitelson

Yaki Faitelson

Founder and CEO

Agreed and Accepted

/s/ Greg Pomeroy

Greg Pomeroy

7/23/08

Date

Advance Bonus Agreement

This Advance Bonus Agreement ("Agreement") made as of July 21, 2008, by and between Varonis Systems, Inc., a Delaware corporation (the "Company") and Greg Pomeroy_ (the "Employee").

WITNESS ETH:

WHEREAS, the Company and the Employee have entered onto an offer letter dated as of the date hereof (the "Offer Letter"); and

WHEREAS, pursuant to the Offer Letter the Employee is entitled to an Advance Bonus (as such term is defined in the Offer Letter).

NOW, THEREFORE, in consideration of the foregoing and of the covenants herein contained, the receipt and sufficiency of which are hereby acknowledged, the parties hereto agree as follows:

1.Advance Bonus. Employee will be eligible for a lump sum of $6,000 (the "Advance Bonus"), which shall be counted towards the aggregate Allegeable Bonus (as such term is defined in the Offer Letter) that may become due and payable to the Employee. The Advance Bonus shall be paid to the Employee in 6 equal installments during the first 3 months of Employee's employment (to be paid to Employee with his monthly base salary) (each, an "Installment"), provided that the Employee remains continually employed by the Company from the date hereof through the payment of each applicable Installment.

2.Repayment of Advance Bonus. Upon the termination of Employee's employment with the Company (the "Termination Date"), for any reason whatsoever and by any party hereof, in the event that the aggregate Allegeable Bonuses the Employee is entitled to pursuant to the Offer Letter are less than the actual Advance Bonus paid to the Employee pursuant to this Agreement until the Termination Date, Employee shall, immediately and with no delay, repay to the Company the difference between the actual Advance Bonus paid by the Company pursuant to this Agreement and the aggregate Allegeable Bonuses the Employee is entitled to.

3.Set-Off Rights. The Company is hereby allowed to set-off any such differences referring to in Section 2 above from any due amount the Company may owe the Employee upon the termination of Employee's employment with the Company.

4.Recovery. If any proceeding is brought by the Company for the enforcement of the Company's rights under Section 2 above and the Company shall be the successful or prevailing party, it will be entitled to recover from the Employee reasonable attorneys! fees and other costs incurred in that proceeding (including, in the case of an arbitration, arbitration fees and expenses), in addition to any other relief to which the Company may be entitled.

5.No Right to Continued Employment. Nothing contained in this Agreement shall confer upon the Employee the right to continue in the employ of the Company or to be entitled to any right or benefit not set forth in this Agreement or to interfere with or limit in any way the right of the Company to terminate the Employee's employment with the Company.

6.Taxes. The Company shall deduct from all amounts payable under this Agreement all federal, state, local and other taxes required by law to be withheld with respect to such payments.

7.Notice. For purposes of this Agreement, notices, demands and all other communications provided for in the Agreement shall be in writing and shall be deemed to have been duly given (i) when hand delivered, (ii) when sent if sent by overnight mail, overnight courier, facsimile transmission, or email, or (iii) when mailed by United States certified mail, return receipt requested, postage prepaid, addressed as follows: (a) if to the Employee, to the then current address set forth in the employee payroll records of the Company and (b) if to the Company, to Varonis Systems, Inc., 499 7th Ave., 23rd Floor South Tower, New York, NY, or to such other address as any party may have furnished to the other in writing in accordance herewith, except that notices of change of address shall be effective only upon receipt.

8.Miscellaneous.

(a)The parties hereto agree that this Agreement and the Offer Letter contain the entire understanding and agreement between them with respect to the subject matter hereof, and supersedes all prior understandings and agreements between the parties respecting such subject matter, and that the provisions of this Agreement may not be modified, waived or discharged unless such waiver, modification or discharge is agreed to in writing signed by the parties hereto. No agreements or representations, oral or otherwise, express or implied, with respect to the subject matter hereof have been made by either party which are not set forth expressly in this Agreement or the Offer Letter. The descriptive headings of the several sections and paragraphs contained herein have been inserted for convenience of reference only and shall in no way limit or otherwise affect the meaning hereof.

(b)No waiver by either party hereto at any time of any breach by the other party hereto of, or compliance with, any condition or provision of this Agreement to be performed by such other party shall be deemed a waiver of similar or dissimilar provisions or conditions at the same or at any prior or subsequent time.

(c)The validity, interpretation, construction and performance of this Agreement shall be governed by the laws of the State of New York without giving effect to the conflict of laws principles thereof.

(d)The invalidity or unenforceability of any provision or provisions of this Agreement shall not affect the validity or enforceability of any other provision or provisions of this Agreement, which shall remain in full force and effect.

(e)This Agreement may be executed in more than one counterpart, each of which shall be deemed to be an original but both of which together shall constitute one and the same instrument.

IN WITNESS WHEREOF, the Company has caused its name to be subscribed to this Agreement by its duly authorized representative and the Employee has executed this Agreement as of the date and the year first above written.

Varonis Systems, Inc.

By: /s/ Yakov Faitelson

Name: Yaki Faitelson

Title: Founder and CEO

/s/ Greg Pomeroy

Greg Pomeroy

VARONIS SYSTEMS, INC.

CONFIDENTIAL INFORMATION,

INVENTION ASSIGNMENT

AND NON-COMPETITION AGREEMENT

As a condition of my employment with Varonis Systems, Inc., its subsidiaries, affiliates, successors or assigns (together the “Company”), and in consideration of my employment with the Company and my receipt of the compensation now and hereafter paid to me by Company, I agree to the following:

  1. Confidential Information

A. Company Information. I agree at all times during the term of my employment and thereafter, to hold in strictest confidence, and not to use, except for the benefit of the Company, or to disclose to any person, firm or corporation without written authorization of the Board of Directors of the Company, any Confidential Information of the Company, except under a non-disclosure agreement duly authorized and executed by the Company. I understand that “Confidential Information” means any non-public information that relates to the actual or anticipated business or research and development of the Company, technical data, trade secrets or know-how, including, but not limited to, research, product plans or other information regarding Company's products or services and markets therefor, customer lists and customers (including, but not limited to, customers of the Company on whom I called or with whom I became acquainted during the term of my employment), software, developments, inventions, processes, formulas, technology, designs, drawings, engineering, hardware configuration information, marketing, finances or other business information. I further understand that Confidential Information does not include any of the foregoing items which have become publicly known and made generally available through no wrongful act of mine or of others who were under confidentiality obligations as to the item or items involved or improvements or new versions thereof.

B. Former Employer Information. I agree that I will not, during my employment with the Company, improperly use or disclose any proprietary information or trade secrets of any former or concurrent employer or other person or entity and that I will not bring onto the premises of the Company any unpublished document or proprietary information belonging to any such employer, person or entity unless consented to in writing by such employer, person or entity.

C. Third Party Information. I recognize that the Company has received and in the future will receive from third parties their confidential or proprietary information subject to a duty on the Company's part to maintain the confidentiality of such information and to use it only for certain limited purposes. I agree to hold all such confidential or

proprietary information in the strictest confidence and not to disclose it to any person, firm or corporation or to use it except as necessary in carrying out my work for the Company consistent with the Company's agreement with such third party.

2.     Inventions

A. Inventions Retained and Licensed. I have attached hereto, as Exhibit A, a list describing all inventions, original works of authorship, developments, improvements, and trade secrets which were made by me prior to my employment with the Company (collectively referred to as “Prior Inventions”), which belong to me, which relate to the Company's proposed business, products or research and development, and which are not assigned to the Company hereunder; or, if no such list is attached, I represent that there are no such Prior Inventions. If in the course of my employment with the Company, I incorporate into a Company product, process or service a Prior Invention owned by me or in which I have an interest, I hereby grant to the Company a nonexclusive, royalty-free, fully paid-up, irrevocable, perpetual, worldwide license to make, have made, modify, use and sell such Prior Invention as part of or in connection with such product, process or service, and to practice any method related thereto.

B. Assignment of Inventions. I agree that I will promptly make full written disclosure to the Company, will hold in trust for the sole right and benefit of the Company, and hereby assign to the Company, or its designee, all my right, title, and interest in and to any and all inventions, original works of authorship, developments, concepts, improvements, designs, discoveries, ideas, trademarks or trade secrets, whether or not patentable or registrable under copyright or similar laws, which I may solely or jointly conceive or develop or reduce to practice, or cause to be conceived or developed or reduced to practice, during the period of time I am in the employ of the Company, and/or with the use of any Company’s equipment, supplies, facilities, or Confidential Information (collectively referred to as "Inventions"). I understand and agree that the decision whether or not to commercialize or market any invention developed by me solely or jointly with others is within the Company's sole discretion and for the Company's sole benefit and that no royalty will be due to me as a result of the Company's efforts to commercialize or market any such invention.

C. Maintenance of Records. I agree to keep and maintain adequate and current written records of all Inventions made by me (solely or jointly with others). The records will be in the form of notes, sketches, drawings, and any other format that may be specified by the Company. The records will be available to and remain the sole property of the Company at all times.

D. Patent and Copyright Registrations. I agree to assist the Company, or its designee, at the Company's expense, in every proper way to secure the Company's rights in the Inventions and any copyrights, patents, mask work rights or other intellectual property rights relating thereto in any and all countries, including the disclosure to the Company of all

pertinent information and data with respect thereto, the execution of all applications, specifications, oaths, assignments and all other instruments which the Company shall deem necessary in order to apply for and obtain such rights and in order to assign and convey to the Company, its successors, assigns, and nominees the sole and exclusive rights, title and interest in and to such Inventions, and any copyrights, patents, mask work rights or other intellectual property rights relating thereto. I further agree that my obligation to execute or cause to be executed, when it is in my power to do so, any such instrument or papers shall continue after the termination of this Agreement. If the Company is unable because of my mental or physical incapacity or for any other reason to secure my signature to apply for or to pursue any application for any Israeli, United States or other foreign patents or copyright registrations covering Inventions or original works of authorship assigned to the Company as above, then I hereby irrevocably designate and appoint the Company and its duly authorized officers and agents as my agent and attorney in fact, to act for and in my behalf and stead to execute and file any such applications and to do all other lawfully permitted acts to further the prosecution and issuance of letters patent or copyright registrations thereon with the same legal force and effect as if executed by me.

  1. Conflicting Employment.

I agree that, during the term of my employment with the Company, I will not engage in any other employment, occupation or consulting directly related to the business in which the Company is now involved or becomes involved during the term of my employment, nor will I engage in any other activities that conflict with my obligations to the Company.

4.Returning Company Documents. I agree that, at the time of leaving the employ of the Company, I will deliver to the Company (and will not keep in my possession, recreate or deliver to anyone else) any and all devices, records, data, notes, reports, proposals, lists, correspondence, specifications, drawings blueprints, sketches, materials, equipment, other documents or property, or reproductions of any aforementioned items developed by me pursuant to my employment with the Company or otherwise belonging to the Company, its successors or assigns, including, without limitation, those records maintained pursuant to paragraph 2.C. Without derogating in any way from my undertakings under this Agreement, in the event of the termination of my employment, I agree to sign and deliver, for the sake of good order, the “Termination Certification” attached hereto as Exhibit B.

5.Notification of New Employer. In the event that I leave the employ of the Company, I hereby grant consent to notification by the Company to my new employer about my rights and obligations under this Agreement.

6.Non-Solicitation. I agree that during my employment with the Company and for a period of twelve (12) months immediately following the termination of my relationship with the Company for any reason, whether with or without cause, I shall not either directly or indirectly: (i) solicit, induce, recruit or encourage any of the Company's personnel to leave their employment, or take away such personnel, or attempt to solicit, induce, recruit, encourage or take away personnel of the

Company, either for myself or for any other person or entity; or (ii) solicit, hire, endeavor to entice away from the Company or otherwise interfere with the relationship of the Company with any person or organization who is, or was within the preceding two years prior to termination of my employment, a customer or a supplier of the Company.

7.Conflict of Interest Guidelines. I agree to diligently adhere to the Conflict of Interest Guidelines attached as Exhibit C hereto.

8.Non-competition. In consideration for compensation paid to me by the Company, I shall not, during my employment with the Company and for a period of twelve (12) months immediately following the termination of my relationship with the Company for any reason, whether with or without cause, directly or indirectly own an interest in, manage, operate, join, control, or participate in or be connected with, as an officer, employee, partner, stockholder, consultant or otherwise, any person or organization that, at such time, competes with the Company anywhere in the world; provided that this undertaking shall not preclude me from owning a stock interest not greater than 2% in a publicly traded company. I further recognize and acknowledge that a breach of this Section 8 would cause the Company substantial non-revisable damages which may create a threat on the existence of the Company.

9.Representations. I agree to execute any proper oath or verify any proper document required to carry out the terms of this Agreement. I represent that my performance of all the terms of this Agreement will not breach any agreement to keep in confidence proprietary information acquired by me in confidence or in trust prior to my employment by the Company. I hereby represent and warrant that I have not entered into, and I will not enter into, any oral or written agreement in conflict herewith.

10.     General Provisions

A.Governing Law; Consent to Jurisdiction. This Agreement will be governed by the laws of the State of Delaware. I hereby expressly consent to the jurisdiction of the competent courts of Delaware for any lawsuit filed there against me by the Company arising from or relating to this Agreement.

B.Entire Agreement. This Agreement sets forth the entire agreement and understanding between the Company and me relating to the subject matter herein and supersedes all prior discussions or representations between us including, but not limited to, any representations made during my interview(s) or relocation negotiations, whether written or oral. No modification of or amendment to this Agreement, nor any waiver of any rights under this Agreement, will be effective unless in writing signed by the Company and me. Any subsequent change or changes in my duties, salary or compensation will not affect the validity or scope of this Agreement.

C.Severability. The provisions of this Agreement shall, where possible, be interpreted in a manner necessary to sustain their legality and enforceability. Without derogating from the foregoing, in the event that any one or more of the provisions contained in this Agreement should be held invalid, illegal or unenforceable in any respect due to the fact that it is over-broad or insufficiently limited in time, geography or else, I hereby authorize, to the maximum extent legally permissible, the tribunal interpreting such provision(s) to replace the invalid, illegal or unenforceable provision(s) with valid provision(s) the effect of which come as close as possible to that of the invalid, illegal or unenforceable provision(s). The validity, legality and enforceability of the remaining provisions contained herein shall in no way be affected or impaired as a result of any provision contained in this Agreement being held invalid, illegal or unenforceable in any respect.

D.Successors and Assigns. This Agreement will be binding upon my heirs, executors, administrators and other legal representatives and will be for the benefit of the Company and its parent company, and their respective subsidiaries, affiliates, successors and assigns.

Date: 7/23/08                                 /s/ Greg Pomeroy

Signature

Gregory M. Pomeroy

Name of Employee (typed or printed)

Document

[FORM OF]

VARONIS SYSTEMS, INC.

2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN RESTRICTED STOCK UNIT AWARD GRANT NOTICE

Varonis Systems, Inc. (the “Company”), pursuant to the Varonis Systems, Inc. 2023 Amended and Restated Omnibus Equity Incentive Plan (the “Plan”), attached hereto as Exhibit B, hereby grants to the individual listed below (the “Participant”), an Award of restricted stock units (“Restricted Stock Units” or “RSUs”). Each vested Restricted Stock Unit represents the right to receive, in accordance with the Restricted Stock Unit Award Agreement attached hereto as Exhibit A (together, the “Agreement”), one share of the Common Stock of the Company (“Share”). This Award of Restricted Stock Units is subject to all of the terms and conditions set forth herein and in the Agreement and the Plan, which are incorporated herein by reference.

Capitalized terms not specifically defined herein shall have the meanings specified in the Plan. Participant:    ###PARTICIPANT_NAME###

Grant Date:    ###GRANT_DATE###

Total Number of RSUs Subject to Grant: ###TOTAL_AWARDS###

Vesting Schedule:

###VEST_SCHEDULE_TABLE###

Termination: Except to the extent paid in accordance with the above vesting schedule, the Total Number of RSUs Subject to Grant shall terminate, become forfeited or expire without settlement in accordance with the terms of the Agreement.

By his or her signature, the Participant agrees to be bound by the terms and conditions of the Plan, the Agreement and this Notice. The Participant has reviewed the Agreement, the Plan and this Notice in their entirety, has had an opportunity to obtain the advice of counsel prior to executing this Notice and fully understands all provisions of this Notice, the Agreement and the Plan. The Participant hereby agrees to accept as binding, conclusive and final all decisions or interpretations of the Administrator upon any questions arising under the Plan or relating to the Award of RSUs.

VARONIS SYSTEMS, INC.

1.2
1.5
---

Exhibit A

RESTRICTED STOCK UNIT AWARD AGREEMENT

Pursuant to the Restricted Stock Unit Award Grant Notice (the “Notice”) to which this Restricted Stock Unit Award Agreement (together, this “Agreement”) are attached, Varonis Systems, Inc. (the “Company”) has granted to the Participant an Award of restricted stock units (“Restricted Stock Units” or “RSUs”) under the Company’s 2023 Amended and Restated Omnibus Equity Incentive Plan (the “Plan”). Each vested Restricted Stock Unit represents the right to receive one share of Common Stock of the Company (“Share”) subject to the terms and conditions set forth in the Plan and this Agreement. Capitalized terms not specifically defined herein shall have the meanings specified in the Plan and Notice.

ARTICLE I GENERAL

1.1Incorporation of Terms of Plan. The RSUs are subject to

the terms and conditions of the Plan, which are incorporated herein by reference. In the event of any inconsistency between the Plan and this Agreement, the terms of the Plan shall control.

ARTICLE II

GRANT OF RESTRICTED STOCK UNITS

1.1Grant of RSUs. Effective as of the Grant Date set forth in the Notice, the Company hereby grants to the Participant an Award of RSUs under the Plan, upon the terms and conditions set forth in the Notice, the Plan and this Agreement.

1.2Unsecured Obligation. Unless and until the RSUs have vested in the manner set forth in Article II hereof, the Participant will have no right to receive Shares with respect to any such RSUs. Prior to the actual settlement of any vested RSUs, such RSUs will represent an unsecured obligation of the Company, payable (if at all) only from the general assets of the Company.

1.3Vesting Schedule. Subject to Sections 2.5 and 3.1 hereof, the RSUs shall vest and become nonforfeitable with respect to the applicable portion thereof according to the vesting schedule set forth in the Notice (rounded down to the nearest whole Share).

1

1.1Consideration to the Company. In consideration of the grant of RSUs pursuant hereto, the Participant agrees to render faithful and efficient employment or other service to the Company or any Affiliate. Nothing in the Plan or this Agreement shall confer upon the Participant any right to continue in the employment or service of the Company or any Affiliate or shall interfere with or restrict in any way the rights of the Company and its Affiliates, which rights are hereby expressly reserved, to discharge or terminate the employment or service of the Participant at any time for any reason whatsoever, with or without Cause.

1.2Forfeiture, Termination and Cancellation Upon Termination of Employment or Service.

(1)Upon the Participant’s termination of Service with the Company and all Affiliates thereof, the RSUs shall be treated as follows, except as specifically provided otherwise herein or in a separate arrangement between the Company and the Participant:

1.1In the event that the employment or service of the Participant with the Company and all Affiliates shall terminate for any reason other than Cause, unvested RSUs granted to the Participant shall terminate at the close of business on the date of such termination.

1.2In the event of the termination of the Participant’s employment or service for Cause, all outstanding RSUs (whether vested or not) granted to the Participant shall terminate at the commencement of business on the date of such termination.

(2)

(3)The Administrator or its delegate shall determine in its sole discretion the manner in which the RSUs shall be affected, both with regard to the vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of the Participant.

(4)For purposes of the RSUs, as determined in the Administrator’s or its delegate’s exclusive discretion, the Participant’s employment or service relationship will be considered terminated as of the date the Participant is no longer actively providing services to the Company or any Affiliate (regardless of the reason for such termination and whether or not later to be found invalid or in breach of Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any), and unless otherwise expressly provided in this Agreement or determined by the Administrator or its delegate, the Participant’s right to vest in the RSUs, if any, will terminate as of such date and will not be extended by any notice period (e.g., the Participant’s period of service would not include any contractual notice period or any period of “garden leave” or similar period mandated under Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any).

4.1Issuance of Shares upon Vesting.

(1)The RSUs shall represent the right to receive, on the first business day following the vesting date, the number of Shares determined in accordance with the vesting schedule set forth in the Notice to have been earned to the extent determined by the Administrator, provided that the Participant remains employed or engaged by the Company or an Affiliate through the vesting date, subject to the provisions of Section 2.5 or Section 3.1. The Company shall deliver to the

(2)As set forth in Section 17 of the Plan and Section 4.3 of this Agreement, the Participant shall satisfy all Tax-Related Items (as defined in Section 4.3 below). The Company shall not be obligated to deliver any new certificate representing Shares to the Participant or the Participant’s legal representative or enter such Shares in book entry form unless and until the Participant or the Participant’s legal representative shall have paid or otherwise satisfied in full the amount of all Tax-Related Items.

2.1Conditions to Delivery of Shares. The Shares deliverable hereunder may be either previously authorized but unissued Shares, treasury Shares or issued Shares which have then been reacquired by the Company. Such Shares shall be fully paid and nonassessable. The Company shall not be required to issue or deliver any certificates or make any book entries evidencing Shares deliverable hereunder prior to fulfillment of the conditions set forth in Section 20 of the Plan.

ARTICLE III CHANGE IN CONTROL

2.1Change in Control. In the event of a Change in Control, the RSUs shall be treated in accordance with Section 13 of the Plan.

ARTICLE IV OTHER PROVISIONS

2.1Administration. The Administrator shall have the power and authority to interpret and construe the terms and provisions of this Agreement and to adopt such rules for the administration, interpretation and application of this Agreement as are consistent therewith and to interpret, amend or revoke any such rules. All decisions made by the Administrator shall be final, conclusive and binding on all persons, including the Participant, the Company and any other interested persons and entities.

2.2Transferability of Grant. Except as otherwise set forth in the

Plan:

(1)The RSUs may not be sold, pledged, assigned or transferred in any manner other than by will or the laws of descent and distribution; and

(2)Neither the RSUs nor any interest or right therein shall be liable for the debts, contracts or engagements of the Participant or his or her successors in interest or shall be subject to disposition by transfer, alienation, anticipation, pledge, hypothecation, encumbrance, assignment or any other means whether such disposition be voluntary or involuntary or by operation of law by judgment, levy, attachment, garnishment or any other legal or equitable proceedings (including bankruptcy), and any attempted disposition thereof shall be null and void and of no effect, except to the extent that such disposition is permitted by Section 4.2(a) hereof.

2.1Responsibility for Taxes. Regardless of any action the Company or, if different, the Affiliate to which the Participant provides services takes with respect to any or all income tax, social insurance, payroll tax, fringe benefits tax, payment on account or other tax related items related to the Participant’s participation in the Plan and legally applicable to the Participant (“Tax-Related Items”), the Participant acknowledges that the ultimate liability for all Tax-Related Items is and remains the Participant’s responsibility and may exceed the amount actually withheld by the Company or the Affiliate. The Participant further acknowledges that the Company and/or the Affiliate (i) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the RSUs, including, but not limited to, the grant, vesting or settlement of the RSUs, the subsequent sale of Shares acquired pursuant to such settlement and the receipt of any dividends and/or dividend equivalent; and (ii) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the RSUs to reduce or eliminate the Participant’s liability for Tax-Related Items or achieve any particular tax result. Further, if the Participant has become subject to tax in more than one jurisdiction, the Participant acknowledges that the Company and/or the Affiliate may be required to withhold or account for Tax-Related Items in more than one jurisdiction.

2.2Withholding of Taxes. Prior to any relevant taxable or tax withholding event, as applicable, the Participant agrees to make adequate arrangements satisfactory to the Company and/or the Affiliate to satisfy all Tax-Related Items. In this regard, the Participant authorizes the Company and/or the Affiliate, or their respective agents, at their discretion, to satisfy any applicable withholding obligations with regard to all Tax-Related Items by one or a combination of the following:

(1)withholding from the Participant’s wages or other cash compensation paid to the Participant by the Company and/or the Affiliate;

(2)withholding from proceeds of the sale of Shares acquired upon settlement of the RSUs either through a voluntary sale or through a mandatory sale arranged by the Company (on the Participant’s behalf pursuant to this authorization); and

(3)withholding in Shares to be issued upon settlement of the RSUs, unless the use of such withholding method is problematic under Applicable Laws, in which case the obligation for Tax-Related Items may be satisfied by one or a combination of methods (a) and (b) above.

Depending on the withholding method, the Company and/or the Affiliate may withhold or account for Tax-Related Items by considering applicable minimum statutory withholding rates or other applicable withholding rates, including maximum applicable rates, in which case the Participant may receive a refund of any over-withheld amount in cash and will have no entitlement to the Share equivalent. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, the Participant is deemed to have been issued the full number of Shares subject to the vested RSUs, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items.

Finally, the Participant agrees to pay to the Company or the Affiliate any amount of Tax-Related Items that the Company or the Affiliate may be required to withhold or account for as a result of the Participant’s participation in the Plan that cannot be satisfied by the means previously described. The Company may refuse to issue or deliver the Shares or the proceeds of the sale of Shares, if the Participant fails to comply with his or her obligations in connection with the Tax- Related Items.

3.1No Advice Regarding Grant. The Participant represents that the Participant has consulted with any tax consultants the Participant deems advisable in connection with the grant of RSUs and the issuance of Shares with respect thereto and that the Participant is not relying on the Company for any tax advice. The Company makes no warranties or representations whatsoever to the Participant regarding the tax consequences of the grant of RSUs or the receipt of Shares with respect thereto. The Participant shall be solely responsible for any taxes in respect of the RSUs.

3.2Equitable Adjustments. The Participant acknowledges that the RSUs are subject to modification and termination in certain events as provided in this Agreement and Section 5 of the Plan.

3.3Notices. Any notice to be given under the terms of this Agreement to the Company shall be addressed to the Company in care of the Legal Department at the Company’s principal office, and any notice to be given to the Participant shall be addressed to the Participant at the Participant’s last address reflected on the Company’s records. Any notice which is required to be given to the Participant shall, if the Participant is then deceased, be given to the person entitled to the RSUs pursuant to Section 4.2(a) hereof by written notice under this Section 4.7.

3.4Participant’s Representations. If the Shares issuable hereunder have not been registered under the Securities Act or any Applicable Laws on an effective registration statement at the time of such issuance, the Participant shall, if required by the Company, concurrently with such issuance, make such written representations as are deemed necessary or appropriate by the Company and/or its counsel.

3.5Titles. Titles are provided herein for convenience only and are not to serve as a basis for interpretation or construction of this Agreement.

3.6Governing Law and Venue. The laws of the State of Delaware shall govern the interpretation, validity, administration, enforcement and performance of the terms of this Agreement regardless of the law that might be applied under principles of conflicts of laws. For purposes of litigating any dispute that arises under this grant or this Agreement, the parties hereby submit to and consent to the exclusive jurisdiction of the State of New York, agree that such litigation shall be conducted in the courts of New York County, New York, or the federal courts for the U.S. for the Southern District of New York, where this grant is made and/or to be performed.

3.7Conformity to Securities Laws. The Participant acknowledges that the Plan and this Agreement are intended to conform to the extent necessary with all provisions of the Securities Act and the Exchange Act and any and all regulations and rules promulgated by the U.S. Securities and Exchange Commission thereunder, and state and foreign securities laws and regulations. Notwithstanding anything herein to the contrary, the Plan shall be administered, and the RSUs be granted and settled, only in such a manner as to conform to such laws, rules and regulations. To the extent permitted by Applicable Laws, the Plan and this Agreement shall be deemed amended to the extent necessary to conform to such laws, rules and regulations.

(4)

4.1Clawback. The Participant hereby acknowledges the RSUs are subject to, and agrees to be bound by, the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion in accordance with Section 22 of the Plan.

4.2Amendments and Termination. To the extent permitted by the Plan, this Agreement may be wholly or partially amended, altered or terminated at any time or from time to time by the Administrator or the Board.

4.3Successors and Assigns. The Company may assign any of its rights under this Agreement to single or multiple assignees, and this Agreement shall inure to the benefit of the successors and assigns of the Company. Subject to the restrictions on transfer herein set forth in Section 4.2 hereof, this Agreement shall be binding upon the Participant and his or her heirs, executors, administrators, successors and assigns.

4.4Limitations Applicable to Section 16 Persons. Notwithstanding any other provision of the Plan or this Agreement, if the Participant is subject to Section 16 of the Exchange Act, then the Plan, the RSUs and this Agreement shall be subject to any additional limitations set forth in any applicable exemptive rule under Section 16 of the Exchange Act (including any amendment to Rule 16b-3 of the Exchange Act) that are requirements for the application of such exemptive rule. To the extent permitted by Applicable Laws, this Agreement shall be deemed amended to the extent necessary to conform to such applicable exemptive rule.

4.5Entire Agreement. The Plan, the Notice and this Agreement (including all Exhibits thereto, if any) constitute the entire agreement of the parties and supersede in their entirety all prior undertakings and agreements of the Company and the Participant with respect to the subject matter hereof.

(5)

(6)

6.1Section 409A for U.S. Taxpayers. This Award of RSUs is intended to comply with Code Section 409A to the extent subject thereto and shall be interpreted in accordance with Code Section 409A and Department of Treasury regulations and other interpretive guidance issued thereunder, including, without limitation, any such regulations or other guidance that may be issued after the Grant Date. Notwithstanding any provision in the Plan or Agreement to the contrary, no payment or distribution under this Agreement that constitutes an item of deferred compensation under Code Section 409A and becomes payable by

reason of the Participant’s termination of employment or service with the Company will be made to the Participant until the Participant’s termination of employment or service constitutes a “separation from service” (as defined in Code Section 409A). For purposes of this Agreement, each amount to be paid or benefit to be provided shall be construed as a separate identified payment for purposes of Code Section 409A. If the Participant is a “specified employee” (as defined in Code Section 409A), then to the extent necessary to avoid the imposition of taxes under Code Section 409A, the Participant shall not be entitled to any payments upon a termination of his or her employment or service until the earlier of: (i) the expiration of the six (6)-month period measured from the date of the Participant’s “separation from service” or (ii) the date of the Participant’s death. Upon the expiration of the applicable waiting period set forth in the preceding sentence, all payments and benefits deferred pursuant to this Section 4.17 (whether they would have otherwise been payable in a single lump sum or in installments in the absence of such deferral) shall be paid to the Participant in a lump sum as soon as practicable, but in no event later than sixty (60) calendar days, following such expired period, and any remaining payments due under this Agreement will be paid in accordance with the normal payment dates specified for them herein. The Administrator may, in its discretion, adopt such amendments to the Plan, this Agreement or the Notice or adopt other policies and procedures (including amendments, policies and procedures with retroactive effect), or take any other actions, as the Administrator determines are necessary or appropriate to comply with the requirements of Code Section 409A.

6.2Electronic Signature; Electronic Delivery and Acceptance. The Participant’s electronic signature of this Agreement shall have the same validity and effect as a signature affixed by hand. The Company may, in its sole discretion, decide to deliver any documents related to the Participant’s current or future participation in the Plan by electronic means. The Participant hereby consents to receive such documents by electronic delivery and agrees to participate in the Plan through an on-line or electronic system established and maintained by the Company or a third party designated by the Company.

(7)

7.1Waiver. The Participant acknowledges that a waiver by the Company of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any other provision of this Agreement, or of any subsequent breach by the Participant or any other participants.

7.2Severability. The provisions of this Agreement are severable and if any one or more provisions are determined to be illegal or otherwise unenforceable, in whole or in part, the remaining provisions shall nevertheless be binding and enforceable.

7.1Data Privacy Notice and Consents.

(1)What personal data we collect and for which purpose? The Company collects, processes and uses personal data of the Participant, including, but not limited to, his or her name, home address and telephone number, email address, date of birth, social insurance, passport or other identification number (e.g., resident registration number), nationality, job title, any Shares or directorships held in the Company, details of all RSUs or any other entitlement to Shares awarded, canceled, exercised, vested, unvested or outstanding in the Participant’s favor. If the Company offers the Participant a grant of RSUs under the Plan, then the Company will collect the Participant’s personal data

for purposes of allocating stock and implementing, administering and managing the Plan.

(2)

(3)Legal basis for processing of personal data. The Company’s legal basis for the processing of the Participant’s personal data would be his or her consent, and where applicable, the performance of the Company's legal duties as an employer and/or issuer of RSUs.

(4)To whom do we disclose such personal data? The Company transfers participant data to Stock Plan Administration Service Providers such as Morgan Stanley, an independent service provider based in the United States, which assists the Company with the implementation, administration and management of the Plan. In the future, the Company may select a different service provider and may share the Participant’s data with another company that serves in a similar manner. The Company’s service provider(s) will open an account for the Participant to receive and trade Shares.

(5)

(6)What safeguards are applied to your personal data? We apply and contractually enforce on any service provider or recipient with which we share personal data, separate terms and data processing agreements, to protect the personal data, including by applying various technical and organizational safeguards. Where required we also rely on additional data transfer mechanisms, as further described in the 'International Data Transfers' section below.

(7)

(8)Data Retention. The Company will use the Participant’s personal data only as long as is necessary to implement, administer and manage the Participant’s participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and securities laws. When the Company no longer needs the Participant’s personal data, which will generally be seven years after the Participant is granted RSUs under the Plan, the Company will remove it from its systems. If the Company keeps data longer, it would be to satisfy legal or regulatory obligations and the Company’s legal basis would be relevant laws or regulations.

(9)

(10)Voluntariness and Consequences of Consent Denial or Withdrawal. The Participant’s participation in the Plan and the Participant’s grant of consent is purely voluntary. The Participant may deny or withdraw his or her consent at any time. If the Participant does not consent, or if the Participant withdraws his or her consent, the Participant cannot participate in the Plan. This would not affect the Participant’s salary as an employee or his or her career; the Participant would merely forfeit the opportunities associated with the Plan.

(11)Data Subject Rights.

Depending on the jurisdiction in which you reside, you may have certain rights under relevant applicable laws regarding the collection and processing of your

Personal Data. To the extent these rights apply and concern you, you can contact us via the contact details available below and ask to exercise the following rights:

(12)

EU Residents Right Virginia Residents Rights California Residents Rights
Right to know or access Personal Data collected by us The right to know what Personal Information the business has collected.
Deletion Rights
Correct Inaccurate Data
N/A Opt-Out of Sharing for Cross-Contextual Behavioral Advertising
N/A Opt-out from selling
N/A Limit the Use or Disclosure of Sensitive Personal Information (SPI)
N/A Opt-out from profiling in furtherance of decisions that produce legal or similarly significant effects concerning the user N/A
Opt-Out of the Use of Automated Decision Making N/A
N/A Non-Discrimination
Data Portability
--- ---
Restriction or Objection to Processing N/A

Authorized Agent - You can use an authorized agent to make a request to exercise your right under applicable laws on your behalf if: the authorized agent is a natural person or a business entity; and to sign a written declaration that you authorize the authorized agent to act on your behalf. If you use an authorized agent to submit a request to exercise your right, please provide us with a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below. The request must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Data or an authorized agent. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you; and describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it. We will only use Personal Data provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

(13)Additional Disclosure for California based Participants

This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively: "CCPA").

In the preceding twelve (12) months, we have collected the following categories of Personal Data:

Category Personal Data collected Sources
Identifiers Name and contact information (full name, home address, phone number and emergency contact information), date of birth, government identification numbers (such as social security numbers, tax payer id's and driver’s license), etc. •Information you provided with us;<br><br>•Information collected from third parties.
Records Financial information, name, telephone number. •Information you provided with us;<br><br>•Information collected from third parties.
--- --- ---
Characteristics of protected classifications under California or federal law Gender, age. •Information you provided with us;<br><br>•Information collected from third parties.
Professional or employment-related information. Current or past job history or performance evaluations. •Information you provided with us;<br><br>•Information collected from third parties

We use the data types described in the table above, as described in sections 5 and 6 of this notice.

Sharing Personal Data - We disclose your Personal Data as described above. When we disclose Personal Data to third parties, we enter into a contract that describes the purpose and requires both parties to keep that Personal Data confidential and not use it for any purpose except in the performance of the contract. In the preceding twelve (12) months, we have disclosed the above-mentioned categories of Personal Data to our affiliates and services providers, for a business purposes.

(14)Selling or Sharing Personal Data - We do not "sell" nor "Share" your Personal Data. We only disclose Personal Data as described in this notice.

(15)Data Protection Officer - The Company has appointed a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. If you have any questions about this Policy, please contact our Data Protection Officer via privacy@varonis.com.

(16)

(17)For further information, please refer to our Employees and Contractors Privacy Policy.

17.1Insider-Trading/Market-Abuse Laws. The Participant acknowledges that, depending on his or her country of residence or the country of residence of the Participant’s broker, the Participant may be subject to insider-trading restrictions and/or market-abuse laws, which may affect his or her ability to accept, acquire, sell or otherwise dispose of Shares, rights to Shares (e.g., RSUs) or rights linked to the value of Shares during

such times as the Participant is considered to have “inside information” regarding the Company, as defined by the laws or regulations in the Participant’s country. Local insider trading laws and regulations may prohibit the cancellation or amendment of orders placed by the Participant before the Participant possessed inside information. Furthermore, the Participant could be prohibited from (i) disclosing the inside information to any third party (other than on a “need to know” basis) and (ii) “tipping” third parties or causing them otherwise to buy or sell securities. Note that third parties include fellow employees. Any restrictions under these laws or regulations are separate from and in addition to any restrictions that may be imposed under any applicable Company insider trading policy. The Participant acknowledges that it is his or her responsibility to be informed of and compliant with such regulations, and the Participant should speak to his or her personal legal advisor on this matter.

17.2Language. If the Participant has received this Agreement or any other document related to the Plan translated into a language other than English and if the meaning of the translated version is different than the English version, the English version will control.

17.3Imposition of Other Requirements. The Company reserves the right to impose other requirements on the Participant’s participation in the Plan, on the RSUs and on any Shares acquired under the Plan, to the extent the Company determines it is necessary or advisable for legal or administrative reasons, and to require the Participant to sign any additional agreements or undertakings that may be necessary to accomplish the foregoing.

EXHIBIT B

VARONIS SYSTEMS, INC.

2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN

Section 1. Purpose of Plan.

The name of the Plan, as amended and restated from time to time is the Amended and Restated Varonis Systems, Inc. 2023 Omnibus Equity Incentive Plan. The purposes of the Plan are to provide an additional incentive to selected employees, directors, independent contractors and consultants of the Company or its Affiliates whose contributions are essential to the growth and success of the Company’s business, in order to strengthen the commitment of such persons to the Company and its Subsidiaries, motivate such persons to faithfully and diligently perform their responsibilities and attract and retain competent and dedicated persons whose efforts will result in the long-term growth and profitability of the Company. To accomplish such purposes, the Plan provides that the Company may grant Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Other Share-Based Awards, Cash Awards or any combination of the foregoing. Upon originally becoming effective on June 7, 2023, the Plan replaced the Varonis Systems, Inc. 2013 Omnibus Equity Incentive Plan (the “Prior Plan”) and no further awards could be made under the Prior Plan; provided, however, that the Prior Plan shall continue to govern the terms and condition of outstanding awards granted thereunder.

Section 2. Definitions.

For purposes of the Plan, the following terms shall be defined as set forth below:

(a) “Administrator” means the Board, or, if and to the extent the Board does not administer the Plan, the Committee in accordance with Section 3 hereof.

(b) “Affiliate” means a Person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the Person specified. An entity shall be deemed an Affiliate of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

(c) “Applicable Laws” means the applicable requirements under U.S. federal and state corporate laws, U.S. federal and state securities laws, including the Code, any stock exchange or quotation system on which the Common Stock is listed or quoted and the applicable laws of any other country or jurisdiction where Awards are granted under the Plan, as are in effect from time to time.

(d) “Award” means any Option, Share Appreciation Right, Restricted Share, Restricted Stock Unit, Performance Share, Other Share-Based Award or Cash Award granted under the Plan.

(e) “Award Agreement” means any written agreement, contract or other instrument or document evidencing an Award.

(f) “Beneficial Owner” (or any variant thereof) has the meaning defined in Rule 13d-3 under the Exchange Act.

(g) “Board” means the Board of Directors of the Company.

(h) “Bylaws” mean the bylaws of the Company, as may be amended and/or restated from time to time.

(i) “Cash Award” means cash awarded under Section 11 of the Plan, including cash awarded as a bonus or upon the attainment of Performance Goals or otherwise as permitted under the Plan.

(j) “Cause” shall have the meaning assigned to such term in any individual employment, change in control or severance agreement or plan or Award Agreement with the Participant or, if no such agreement exists or if such agreement does not define “Cause,” Cause shall mean (i) an act of dishonesty made by Participant in connection with Participant’s responsibilities as an employee which is materially injurious to the financial condition or business reputation of the Company or any of its Subsidiaries; (ii) Participant’s conviction of or plea of nolo contendere to, a felony or any crime involving fraud, embezzlement or any other act of moral turpitude; (iii) Participant’s gross misconduct; (iv) Participant’s willful unauthorized use or disclosure of any proprietary information or trade secrets of the Company or any of its Subsidiaries; (v) Participant’s willful and material violation of any written policies of the Company or any of its Subsidiaries (to the extent applicable); (vi) Participant’s material breach of any obligations under any material written agreement or covenant with the Company or any of its Subsidiaries; or (vii) Participant’s

continued failure to perform his or her employment duties after Participant has received a written demand for performance from the Company or any of its Subsidiaries which specifically sets forth the factual basis for the applicable Company’s or its Subsidiary’s belief that Participant has not substantially performed his or her duties.

(k) “Change in Capitalization” means any (i) merger, amalgamation, consolidation, reclassification, recapitalization, spin-off, spin-out, repurchase or other reorganization or corporate transaction or event, (ii) dividend (whether in the form of cash, Common Stock or other property), share subdivision or consolidation, (iii) combination or exchange of shares, (iv) other change in corporate structure or (v) declaration of a special dividend (including a cash dividend) or other distribution, which, in any such case, the Administrator determines, in its sole discretion, affects the Shares such that an adjustment pursuant to Section 5 hereof is appropriate.

(l) “Change in Control” shall be deemed to have occurred if an event set forth in any one of the following paragraphs shall have occurred:

(1) any Person (other than the Company, any trustee or other fiduciary holding securities under an employee benefit plan of the Company, or any company owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of Shares) is or becomes the Beneficial Owner, directly or indirectly, of securities of the Company (not including in the securities beneficially owned by such Person or any securities acquired directly from the Company or any Affiliate thereof) representing 50% or more of the combined voting power of the Company’s then outstanding securities; or

(2) the following individuals cease for any reason to constitute a majority of the number of directors then serving on the Board: individuals who, on the date hereof, constitute the Board and any new director (other than a director whose initial assumption of office is in connection with an actual or threatened election contest, including, but not limited to, a consent solicitation, relating to the election of directors of the Company) whose appointment or election by the Board or nomination for election by the Company’s shareholders was approved or recommended by a vote of at least two-thirds (2/3) of the directors then still in office who either were directors on the date hereof or whose appointment, election or nomination for election was previously so approved or recommended; or

(3) there is consummated a merger, amalgamation or consolidation of the Company or any Subsidiary thereof with any other corporation, other than a merger, amalgamation or consolidation immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the Board of the entity surviving such merger, amalgamation or consolidation or, if the Company or the entity surviving such merger is then a subsidiary, the ultimate parent thereof; or

(4) the shareholders of the Company approve a plan of complete liquidation or dissolution of the Company or there is consummated an agreement for the sale or disposition by the Company of all or substantially all of the Company’s assets, other than (A) a sale or disposition by the Company of all or substantially all of the Company’s assets to an entity, at least fifty percent (50%) of the combined voting power of the voting securities of which are owned by shareholders of the Company following the completion of such transaction in substantially the same proportions as their ownership of the Company immediately prior to such sale or (B) a sale or disposition of all or substantially all of the Company’s assets immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the board of directors of the entity to which such assets are sold or disposed or, if such entity is a subsidiary, the ultimate parent thereof.

For each Award that constitutes deferred compensation under Section 409A of the Code, a Change in Control shall be deemed to have occurred under the Plan with respect to such Award only if a change in the ownership or effective control of the Company or a change in ownership of a substantial portion of the assets of the Company shall also be deemed to have occurred under Section 409A of the Code.

Notwithstanding the foregoing, a Change in Control shall not be deemed to have occurred by virtue of the consummation of any transaction or series of integrated transactions immediately following which the holders of Common Stock immediately prior to such transaction or series of transactions continue to have

substantially the same proportionate ownership in an entity which owns all or substantially all of the assets of the Company immediately following such transaction or series of transactions.

(m) “Code” means the Internal Revenue Code of 1986, as amended from time to time, or any successor thereto.

(n) “Committee” means any committee or subcommittee the Board may appoint to administer the Plan. Subject to the discretion of the Board, the Committee shall be composed entirely of individuals who meet the qualifications of a “non-employee director” within the meaning of Rule 16b-3 under the Exchange Act and any other qualifications required by the applicable stock exchange on which the Common Stock is traded. If at any time or to any extent the Board shall not administer the Plan, then the functions of the Administrator specified in the Plan shall be exercised by the Committee. Except as otherwise provided in the Certificate of Incorporation or Bylaws of the Company, any action of the Committee with respect to the administration of the Plan shall be taken by a majority vote at a meeting at which a quorum is duly constituted or unanimous written consent of the Committee’s members.

(o) “Common Stock” means the common stock, par value $0.001 per share, of the Company.

(p) “Company” means Varonis Systems, Inc., a Delaware corporation (or any successor company, except as the term “Company” is used in the definition of “Change in Control” above).

(q) “Disability” shall have the meaning set forth in the employment, severance or change in control agreement or plan between the Participant and the Company, provided that if no such agreement or definition exists, then “Disability” shall mean, with respect to any Participant, that such Participant (i) as determined by the Administrator in its sole discretion, is unable to engage in any substantial gainful activity by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, or (ii) is, by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, receiving income replacement benefits for a period of not less than three (3) months under an accident and health plan covering employees of the Company or an Affiliate thereof.

(r) “Eligible Recipient” means an employee, director, independent contractor or consultant of the Company or any Affiliate of the Company who has been selected as an eligible participant by the Administrator; provided, however, to the extent required to avoid the imposition of additional taxes under Section 409A of the Code, an Eligible Recipient of an Option or a Share Appreciation Right means an employee, director, independent contractor or consultant of the Company or any Subsidiary of the Company who has been selected as an eligible participant by the Administrator.

(s) “Exchange Act” shall mean the Securities Exchange Act of 1934, as amended from time to time.

(t) “Exercise Price” means, with respect to any Award under which the holder may purchase Shares, the per share price at which a holder of such Award granted hereunder may purchase Shares issuable upon exercise of such Award, which in any event will not be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(u) “Fair Market Value” as of a particular date shall mean the fair market value of a share of Common Stock as determined by the Administrator in its sole discretion; provided, however, that (i) if the Common Stock is admitted to trading on a national securities exchange, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such exchange on such date or, if no sale was reported on such date, on the last day preceding such date on which a sale was reported, (ii) if the Common Stock is admitted to quotation on the National Association of Securities Dealers Automated Quotation (“NASDAQ”) system or other comparable quotation system and has been designated as a National Market System (“NMS”) security, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such system on such date or, if no sale was reported on such date, on the last date preceding such date on which a sale was reported, or (iii) if the Common Stock is admitted to quotation on NASDAQ but has not been designated as an NMS security, the fair market value of a share of Common Stock on any date shall be the average of the highest bid and lowest asked prices of such share on such system on such date or, if both bid and ask prices were not reported on such date, on the last date preceding such date on which both bid and ask prices were reported.

(v) “ISO” means an Option intended to be and designated as an incentive stock option within the meaning of Section 422 of the Code.

(w) “Nonqualified Stock Option” shall mean an Option that is not designated as an ISO.

(x) “Option” means an option to purchase Shares granted pursuant to Section 7 hereof. The term “Option” as used in the Plan includes the terms “Nonqualified Stock Option” and “ISO.”

(y) “Other Share-Based Award” means a right or other interest granted pursuant to Section 10 hereof that may be denominated or payable in, valued in whole or in part by reference to, or otherwise based on or related to, the Common Stock, including, but not limited to, unrestricted Shares, restricted share units, dividend equivalents or performance units, each of which may be subject to the attainment of Performance Goals or a period of continued employment or other terms or conditions as permitted under the Plan.

(z) “Participant” means any Eligible Recipient selected by the Administrator, pursuant to the Administrator’s authority provided for in Section 3 below, to receive grants of Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing, and, upon his or her death, his or her successors, heirs, executors and administrators, as the case may be.

(aa) “Performance Goals” means performance goals based on one or more of (but not limited to) the following criteria: (i) earnings, including one or more of operating income, earnings before or after taxes, earnings before or after interest, depreciation, amortization, adjusted EBITDA, economic earnings, or extraordinary or special items or book value per share (which may exclude nonrecurring items); (ii) pre-tax income or after-tax income; (iii) earnings per Share (basic or diluted); (iv) operating profit; (v) revenue, revenue growth or rate of revenue growth; (vi) return on assets (gross or net), return on investment, return on capital, or return on equity; (vii) returns on sales or revenues; (viii) operating expenses; (ix) share price appreciation; (x) cash flow, free cash flow, cash flow return on investment (discounted or otherwise), net cash provided by operations, or cash flow in excess of cost of capital; (xi) implementation or completion of critical projects or processes; (xii) cumulative earnings per share growth; (xiii) operating margin or profit margin; (xiv) cost targets, reductions and savings, productivity and efficiencies; (xv) strategic business criteria, consisting of one or more objectives based on meeting specified market penetration, geographic business expansion, customer satisfaction, employee satisfaction, human resources management, supervision of litigation, information technology, and goals relating to acquisitions, divestitures, joint ventures and similar transactions, and budget comparisons; (xvi) personal professional objectives, including any of the foregoing performance goals, the implementation of policies and plans, the negotiation of transactions, the development of long term business goals, formation of joint ventures, research or development collaborations, and the completion of other corporate transactions; and (xvii) any combination of, or a specified increase in, any of the foregoing. Where applicable, the Performance Goals may be expressed in terms of attaining a specified level of the particular criteria or the attainment of a percentage increase or decrease in the particular criteria, and may be applied to one or more of the Company or Affiliate thereof, or a division or strategic business unit of the Company, or may be applied to the performance of the Company relative to a market index, a group of other companies or a combination thereof, all as determined by the Committee. The Performance Goals may include a threshold level of performance below which no payment shall be made (or no vesting shall occur), levels of performance at which specified payments shall be made (or specified vesting shall occur), and a maximum level of performance above which no additional payment shall be made (or at which full vesting shall occur); provided, that the Committee shall have the authority to make equitable adjustments to the Performance Goals, including in recognition of unusual or non-recurring events affecting the Company or any Affiliate thereof or the financial statements of the Company or any Affiliate thereof, in response to changes in applicable laws or regulations, or to account for items of gain, loss or expense determined to be extraordinary or unusual in nature or infrequent in occurrence or related to an acquisition or similar transaction or the disposal of a segment of a business or related to a change in accounting principles.

(bb) “Performance Shares” means Shares or units denominated in Shares that are subject to restrictions that lapse upon the attainment of specified performance objectives and that are granted pursuant to Section 9 below.

(cc) “Person” shall have the meaning given in Section 3(a)(9) of the Exchange Act, as modified and used in Sections 13(d) and 14(d) thereof, except that such term shall not include (i) the Company or any Subsidiary thereof, (ii) a trustee or other fiduciary holding securities under an employee benefit plan of the Company or any Subsidiary thereof, (iii) an underwriter temporarily holding securities pursuant to an offering of such securities, or (iv) a corporation owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of shares of the Company.

(dd) “Plan” means this Amended and Restated 2023 Omnibus Equity Incentive Plan, including any appendixes thereto, as amended and restated herein and as may be amended from time to time.

(ee) “Restricted Shares” means Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(ff) “Restricted Stock Units” means units denominated in Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(gg) “Service” means that the Participant’s service with the Company or an Affiliate, whether as an employee, consultant or director, is not interrupted or terminated. The Participant’s Service shall not be deemed to have terminated merely because of a change in the capacity in which the Participant renders service to the Company or an Affiliate as an employee, consultant or director or a change in the entity for which the Participant renders such service, provided that the Administrator or its delegate determines, in its sole discretion, there is no interruption or termination of the Participant’s Service; provided further that if any Award is subject to Section 409A of the Code, this sentence shall only be given effect to the extent consistent with Section 409A of the Code. For example, a change in status from an employee of the Company to a director of an Affiliate will not constitute an interruption of Service. The Administrator or its delegate, in its sole discretion, may determine whether Service shall be considered interrupted in the case of any leave of absence approved by that party, including sick leave, military leave or any other personal or family leave of absence. The Administrator or its delegate, in its sole discretion, may determine whether a Company transaction, such as a sale or spin-off of a division or subsidiary that employs a Participant, shall be deemed to result in a termination of Service for purposes of affected Awards, and such decision shall be final, conclusive and binding.

(hh) “Shares” means Common Stock reserved for issuance under the Plan, as adjusted pursuant to the Plan, and any successor (pursuant to a merger, amalgamation, consolidation or other reorganization) security.

(ii) “Share Appreciation Right” or “SAR” means the right pursuant to an Award granted under Section 8 below to receive an amount equal to the excess, if any, of (i) the aggregate Fair Market Value, as of the date such Award or portion thereof is surrendered, of the Shares covered by such Award or such portion thereof, over (ii) the aggregate Exercise Price of such Award or such portion thereof.

(jj) “Subsidiary” means, with respect to any Person, as of any date of determination, any other Person as to which such first Person owns or otherwise controls, directly or indirectly, more than 50% of the voting shares or other similar interests or a sole general partner interest or managing member or similar interest of such other Person. An entity shall be deemed a Subsidiary of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

Section 3. Administration.

(a) The Plan shall be administered by the Administrator and shall be administered in accordance with the requirements of, to the extent applicable, Rule 16b-3 under the Exchange Act (“Rule 16b-3”). Within the scope of such authority, the Board or the Committee may delegate to a committee of one or more members of the Board who are not non-employee directors or who are officers of the Company the authority to grant Awards to eligible persons who are not then subject to Section 16 of the Exchange Act. The Plan is intended to comply, and shall be administered in a manner that is intended to comply, with Section 409A of the Code and shall be construed and interpreted in accordance with such intent. To the extent that an Award, issuance and/or payment is subject to Section 409A of the Code, it shall be awarded and/or issued or paid in a manner that will comply with Section 409A of the Code, including any applicable regulations or guidance issued by the Secretary of the United States Treasury Department and the Internal Revenue Service with respect thereto.

(b) Pursuant to the terms of the Plan, the Administrator, subject, in the case of any Committee, to any restrictions on the authority delegated to it by the Board, shall have the power and authority, without limitation:

(1) to select those Eligible Recipients who shall be Participants;

(2) to determine whether and to what extent Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or a combination of any of the foregoing, are to be granted hereunder to Participants;

(3) to determine the number of Shares to be covered by each Award granted hereunder;

(4) to determine the terms and conditions, not inconsistent with the terms of the Plan, of each Award granted hereunder (including, but not limited to, (i) the restrictions applicable to Restricted Shares or Restricted Stock Units and the conditions under which restrictions applicable to such Restricted Shares or Restricted Stock Units shall lapse, (ii) the performance goals and periods applicable to Performance Shares or Cash Awards, (iii) the Exercise Price of each Award, (iv) the vesting schedule applicable to each Award, (v) the number of Shares subject to each Award and (vi) subject to the requirements of Section 409A of the Code and Section 3(d) of the Plan (in each case, to the extent applicable), any amendments to the terms and conditions of outstanding Awards, including, but not limited to, extending the exercise period of such Awards and accelerating the vesting schedule of such Awards, and, if the Administrator in its discretion determines to accelerate the vesting of Options and/or Share Appreciation Rights in connection with a Change in Control, the Administrator shall also have discretion in connection with such action to provide that all Options and/or Share Appreciation Rights outstanding immediately prior to such Change in Control shall expire on the effective date of such Change in Control;

(5) to determine the terms and conditions, not inconsistent with the terms of the Plan, which shall govern all written instruments evidencing Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing granted hereunder;

(6) to determine the Fair Market Value;

(7) to determine the duration and purpose of leaves of absence which may be granted to a Participant without constituting termination of the Participant’s employment for purposes of Awards granted under the Plan;

(8) to adopt, alter and repeal such administrative rules, regulations, guidelines and practices governing the Plan as it shall from time to time deem advisable;

(9) to construe and interpret the terms and provisions of, and supply or correct omissions in, the Plan and any Award issued under the Plan (and any Award Agreement relating thereto), and to otherwise supervise the administration of the Plan and to exercise all powers and authorities either specifically granted under the Plan or necessary and advisable in the administration of the Plan; and

(10) to prescribe, amend and rescind rules and regulations relating to sub-plans established for the purpose of satisfying applicable foreign laws or for qualifying for favorable tax treatment under applicable foreign laws, which rules and regulations may be set forth in an appendix or appendixes to the Plan.

(c) All decisions made by the Administrator pursuant to the provisions of the Plan shall be final, conclusive and binding on all persons, including the Company and the Participants. The Administrator’s determinations under the Plan need not be uniform and may be made by it selectively among persons who are eligible to receive, or actually receive, Awards. Without limiting the generality of the foregoing, the Administrator shall be entitled to make non-uniform and selective determinations, amendments and adjustments (including in connection with a Change in Control or a Change in Capitalization), and to enter into non-uniform and selective Award Agreements. No member of the Board or the Committee, nor any officer or employee of the Company or any Subsidiary thereof acting on behalf of the Board or the Committee, shall be personally liable for any action, omission, determination or interpretation taken or made in good faith with respect to the Plan, and all members of the Board or the Committee and each and any officer or employee of the Company and of any Subsidiary thereof acting on their behalf shall, to the maximum extent permitted by law, be fully indemnified and protected by the Company in respect of any such action, omission, determination or interpretation.

(d) Except in the case of Substitute Awards granted pursuant to Sections 4(e), any equity or equity-based Award (including any portion thereof) shall have a minimum vesting period of one year from the date of its grant with no vesting prior to the first anniversary of the grant date. Notwithstanding the foregoing, (i) the Committee may provide in an Award Agreement or following the time of grant that the vesting of an Award shall accelerate in the event of the Participant’s death, Disability, or a termination of Service other than for cause, and (ii) the Committee may grant Awards covering up to five percent (5%) of the total number of Shares authorized under Section 4(a) of the Plan (subject to adjustment pursuant to Section 5 of the Plan) without respect to the minimum vesting requirements set forth in this Section 3(d). Notwithstanding the foregoing, with regard to Awards granted to a non-employee director, the vesting of such Awards will be deemed to satisfy the one year minimum vesting requirement to the extent that the Awards vest on the earlier of the one year anniversary of the date of grant and the next annual meeting of the Company’s shareholders that is at least 50 weeks after the immediately preceding year’s annual meeting.

Section 4. Shares Reserved for Issuance Under the Plan; Limitations.

(a) Subject to Section 5 hereof, 9,900,000 Shares are reserved and available for issuance pursuant to Awards granted under the Plan (which includes shares of Common Stock underlying Awards that are outstanding, have been issued in settlement of Awards or are no longer available for issuance hereunder, in each case, as of the Effective Date), plus the number of Shares underlying awards under the Prior Plan that on or after the Effective Date are forfeited, cancelled, exchanged or surrendered or otherwise terminate, expire or are settled without a distribution of Shares (the “Total Share Limit”).

(b) Shares issued under the Plan may, in whole or in part, be authorized but unissued Shares or Shares that shall have been or may be reacquired by the Company in the open market, in private transactions or otherwise.

(c) If any Shares subject to an Award are forfeited, cancelled, exchanged or surrendered or if an Award otherwise terminates, expires or is settled without a distribution of Shares to the Participant (including those withheld as payment of withholding taxes in respect of an Award), the Shares with respect to such Award shall, to the extent of any such forfeiture, cancellation, exchange, surrender, termination or expiration, again be available for Awards under the Plan. Notwithstanding the forgoing, shares surrendered or withheld as payment of either the Exercise Price of an Option or Share Appreciation Right or an option or share appreciation right under the Prior Plan (including Shares otherwise underlying an Award or an award under the Prior Plan of a share appreciation right that are retained by the Company to account for the grant price of such Share Appreciation Right) and/or withholding taxes in respect of an Option or Share Appreciation Right or an award under the Prior Plan shall not be available for grant under the Plan.

(d) No more than 5,500,000 Shares shall be issued pursuant to the exercise of ISOs.

(e) Awards may, in the sole discretion of the Committee, be granted under the Plan in assumption of, or in substitution for, outstanding awards previously granted by an entity acquired by the Company or with which the Company combines (“Substitute Awards”). Substitute Awards shall not be counted against the Total Share Limit; provided that Substitute Awards issued in connection with the assumption of, or in substitution for, outstanding options intended to qualify as ISO shall be counted against the ISO limit. Subject to applicable stock exchange requirements, available shares under a shareholder-approved plan of an entity directly or indirectly acquired by the Company or with which the Company combines (as appropriately adjusted to reflect such acquisition or transaction) may be used for Awards under the Plan and shall not count toward the Total Share Limit.

Section 5. Equitable Adjustments.

In the event of any Change in Capitalization, an equitable substitution or proportionate adjustment shall be made, in each case, as may be determined by the Administrator, in its sole discretion, in (i) the aggregate number of Shares reserved for issuance under the Plan pursuant to Section 4 and the maximum number of Shares that may be subject to Awards granted to any Participant in any calendar or fiscal year (including the limits set forth in Sections 4(a) and 4(d)), (ii) the kind, number and Exercise Price subject to outstanding Options and Share Appreciation Rights granted under the Plan, and (iii) the kind, number and purchase price of Shares or other securities subject to outstanding Restricted Shares, Restricted Stock Units, Performance Shares or Other Share-Based Awards granted under the Plan; provided, however, that any

fractional shares resulting from the adjustment shall be eliminated. Such other equitable substitutions or adjustments shall be made as may be determined by the Administrator, in its sole discretion. Without limiting the generality of the foregoing, in connection with a Change in Capitalization or Change in Control, the Administrator may provide, in its sole discretion, but subject in all events to the requirements of Section 409A of the Code, for the cancellation of any outstanding Award granted hereunder in exchange for payment in cash or other property having an aggregate Fair Market Value of the Shares covered by such award (with or without regard to any holdback or contingent consideration arrangement), reduced by the aggregate Exercise Price or purchase price thereof, if any (including, for the avoidance of doubt, the cancellation for no consideration of any Option or Share Appreciation Right with an Exercise Price that equals or exceeds the price paid for the underlying Shares). Further, without limiting the generality of the foregoing, with respect to Awards subject to foreign laws, adjustments made hereunder shall be made in compliance with applicable requirements. Except to the extent determined by the Administrator, any adjustments to ISOs under this Section 5 shall be made only to the extent not constituting a “modification” within the meaning of Section 424(h)(3) of the Code. The Administrator’s determinations pursuant to this Section 5 shall be final, binding and conclusive.

Section 6. Eligibility.

The Participants under the Plan shall be selected from time to time by the Administrator, in its sole discretion, from those individuals that qualify as Eligible Recipients.

Section 7. Options.

(a) General. Options granted under the Plan shall be designated as Nonqualified Stock Options or ISOs. Each Participant who is granted an Option shall enter into an Award Agreement with the Company, containing such terms and conditions as the Administrator shall determine, in its sole discretion, which Award Agreement shall set forth, among other things, the Exercise Price of the Option, the term of the Option and provisions regarding exercisability of the Option, and whether the Option is intended to be an ISO or a Nonqualified Stock Option (and in the event the Award Agreement has no such designation, the Option shall be a Nonqualified Stock Option). The provisions of each Option need not be the same with respect to each Participant. More than one Option may be granted to the same Participant and be outstanding concurrently hereunder. Options granted under the Plan shall be subject to the terms and conditions set forth in this Section 7 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable and set forth in the applicable Award Agreement.

(b) Exercise Price. The Exercise Price of Shares purchasable under an Option shall be determined by the Administrator in its sole discretion at the time of grant, but in no event shall the exercise price of an Option be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(c) Option Term. The maximum term of each Option shall be fixed by the Administrator, but no Option shall be exercisable more than ten (10) years after the date such Option is granted. Each Option’s term is subject to earlier expiration pursuant to the applicable provisions in the Plan and the Award Agreement.

(d) Exercisability. Each Option shall be exercisable at such time or times and subject to such terms and conditions, including the attainment of pre-established corporate performance goals, as shall be determined by the Administrator in the applicable Award Agreement. The Administrator may also provide that any Option shall be exercisable only in installments, and the Administrator may waive such installment exercise provisions at any time, in whole or in part, based on such factors as the Administrator may determine in its sole discretion. Notwithstanding anything to the contrary contained herein, an Option may not be exercised for a fraction of a share.

(e) Method of Exercise. Options may be exercised in whole or in part by giving written notice of exercise to the Company specifying the number of whole Shares to be purchased, accompanied by payment in full of the aggregate Exercise Price of the Shares so purchased in cash or its equivalent, as determined by the Administrator. As determined by the Administrator, in its sole discretion, with respect to any Option or category of Options, payment in whole or in part may also be made (i) by means of consideration received under any cashless exercise procedure approved by the Administrator (including the withholding of Shares otherwise issuable upon exercise), (ii) in the form of unrestricted Shares already owned by the Participant

which have a Fair Market Value on the date of surrender equal to the aggregate exercise price of the Shares as to which such Option shall be exercised, (iii) any other form of consideration approved by the Administrator and permitted by applicable law or (iv) any combination of the foregoing.

(f) ISOs. The terms and conditions of ISOs granted hereunder shall be subject to the provisions of Section 422 of the Code and the terms, conditions, limitations and administrative procedures established by the Administrator from time to time in accordance with the Plan. At the discretion of the Administrator, ISOs may be granted only to an employee of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary.

(1) ISO Grants to 10% Shareholders. Notwithstanding anything to the contrary in the Plan, if an ISO is granted to a Participant who owns shares representing more than ten percent (10%) of the voting power of all classes of shares of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary, the term of the ISO shall not exceed five (5) years from the time of grant of such ISO and the Exercise Price shall be at least one hundred and ten percent (110%) of the Fair Market Value of the Shares on the date of grant.

(2) $100,000 Per Year Limitation For ISOs. To the extent the aggregate Fair Market Value (determined on the date of grant) of the Shares for which ISOs are exercisable for the first time by any Participant during any calendar year (under all plans of the Company) exceeds $100,000, such excess ISOs shall be treated as Nonqualified Stock Options.

(3) Disqualifying Dispositions. Each Participant awarded an ISO under the Plan shall notify the Company in writing immediately after the date he or she makes a “disqualifying disposition” of any Share acquired pursuant to the exercise of such ISO. A “disqualifying disposition” is any disposition (including any sale) of such Shares before the later of (i) two years after the date of grant of the ISO and (ii) one year after the date the Participant acquired the Shares by exercising the ISO. The Company may, if determined by the Administrator and in accordance with procedures established by it, retain possession of any Shares acquired pursuant to the exercise of an ISO as agent for the applicable Participant until the end of the period described in the preceding sentence, subject to complying with any instructions from such Participant as to the sale of such shares.

(g) Rights as Stockholder. A Participant shall have no rights to dividends or distributions or any other rights of a stockholder with respect to the Shares subject to an Option until the Participant has given written notice of the exercise thereof, has paid in full for such Shares.

(h) Termination of Service. Unless otherwise provided by the Committee, either pursuant to its powers under Section 3(b) or in the applicable Award Agreement:

(1) In the event that the Service of a Participant shall terminate for any reason other than Cause, Disability, or death, (A) Options granted to such Participant, to the extent that they are exercisable at the time of such termination, shall remain exercisable until the date that is ninety (90) days after such termination, on which date they shall expire, and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. The ninety (90) day period described in this Section 7(h)(1) shall be extended to one (1) year after the date of such termination in the event of the Participant’s death during such ninety (90) day period. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(2) In the event that the Service of a Participant with the Company and all Affiliates thereof shall terminate on account of the Disability, or death of the Participant, (A) Options granted to such Participant, to the extent that they were exercisable at the time of such termination, shall remain exercisable until the date that is one (1) year after such termination, on which date they shall expire and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(3) In the event of the termination of a Participant’s Service for Cause, all outstanding Options granted to such Participant shall expire at the commencement of business on the date of such termination.

(i) Other Change in Employment Status. An Option shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence,

changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 8. Share Appreciation Rights.

(a) General. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, grants of Share Appreciation Rights shall be made, the number of Shares to be awarded, the price per Share, and all other conditions of Share Appreciation Rights. The provisions of Share Appreciation Rights need not be the same with respect to each Participant. Share Appreciation Rights granted under the Plan shall be subject to the following terms and conditions set forth in this Section 8 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable, as set forth in the applicable Award Agreement.

(b) Awards; Rights as Stockholder. Participants who are granted Share Appreciation Rights shall have no rights as shareholders of the Company with respect to the grant or exercise of such rights.

(c) Exercisability. Share Appreciation Rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(d) Payment Upon Exercise.

(1) Upon the exercise of a Share Appreciation Right, the Participant shall be entitled to receive up to, but not more than, that number of Shares equal in value to the excess of the Fair Market Value as of the date of exercise over the price per share specified in the Share Appreciation Right multiplied by the number of Shares in respect of which the Share Appreciation Right is being exercised, with the Administrator having the right to determine the form of payment.

(2) Notwithstanding the foregoing, the Administrator may determine to settle the exercise of a Share Appreciation Right in cash (or in any combination of Shares and cash).

(e) Termination of Service. Unless otherwise provided by the Committee pursuant to its powers under Section 3(b), in the event of the termination of Service of a Participant who has been granted one or more Share Appreciation Right, such rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(f) Term. The term of each Share Appreciation Right shall be fixed by the Administrator, but no Share Appreciation Right shall be exercisable more than ten (10) years after the date such right is granted.

(g) Other Change in Employment Status. Share Appreciation Rights shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 9. Restricted Shares, Restricted Stock Units Shares and Performance Shares.

(a) General. Restricted Shares, Restricted Stock Units or Performance Shares may be issued either alone or in addition to other awards granted under the Plan. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, Restricted Shares, Restricted Stock Units or Performance Shares shall be made; the number of Shares to be awarded; the price, if any, to be paid by the Participant for the acquisition of Restricted Shares, Restricted Stock Units or Performance Shares; the period of time prior to which such shares become vested and free of restrictions on Transfer (the “Restricted Period”), if any, applicable to Restricted Shares, Restricted Stock Units or Performance Shares; the performance objectives (if any) applicable to Restricted Shares, Restricted Stock Units or Performance Shares; and all other conditions of the Restricted Shares, Restricted Stock Units and Performance Shares. If the restrictions, performance objectives and/or conditions established by the Administrator are not attained, a Participant shall forfeit his or her Restricted Shares, Restricted Stock Units or Performance Shares, in accordance with the terms of the grant. The provisions of the Restricted Shares, Restricted Stock Units or Performance Shares need not be the same with respect to each Participant.

(b) Awards and Certificates.

(1) The prospective recipient of Restricted Shares, Restricted Stock Units or Performance Shares shall not have any rights with respect to any such award, unless and until such recipient has executed an Award Agreement and delivered a fully executed copy thereof to the Company, within a period of thirty (30) days (or such other period as the Administrator may specify) after the award date. Except as otherwise provided

below in Section 9(c), (i) each Participant who is granted an award of Restricted Shares may, in the Company’s sole discretion, be issued a share certificate in respect of such Restricted Shares; and (ii) any such certificate so issued shall be registered in the name of the Participant, and shall bear an appropriate legend referring to the terms, conditions and restrictions applicable to any such Award.

(2) The Company may require that the share certificates, if any, evidencing Restricted Shares granted hereunder be held in the custody of the Company until the restrictions thereon shall have lapsed, and that, as a condition of any award of Restricted Shares, the Participant shall have delivered a share transfer form, endorsed in blank, relating to the Shares covered by such award.

(3) Notwithstanding anything in the Plan to the contrary, any Shares issued in respect of Restricted Shares, Restricted Stock Units (at the expiration of the Restricted Period) or Performance Shares (whether before or after any vesting conditions have been satisfied) may, in the Company’s sole discretion, be issued in uncertificated form pursuant to the customary arrangements for issuing shares in such form.

(4) Further, notwithstanding anything in the Plan to the contrary, with respect to Restricted Stock Units, at the expiration of the Restricted Period, Shares shall promptly be issued (either in certificated or uncertificated form) to the Participant, unless otherwise deferred in accordance with procedures established by the Company in accordance with Section 409A of the Code, and such issuance shall in any event be made within such period as is required to avoid the imposition of a tax under Section 409A of the Code.

(c) Restrictions and Conditions. The Restricted Shares, Restricted Stock Units and Performance Shares granted pursuant to this Section 9 shall be subject to the following restrictions and conditions and any additional restrictions or conditions as determined by the Administrator at the time of grant or, subject to Section 409A of the Code, thereafter:

(1) Except as provided in the applicable Award Agreement, the Participant shall generally have the rights of a stockholder of the Company with respect to Restricted Shares during the Restricted Period; provided, however, that dividends declared during the Restricted Period with respect to an Award that vests or becomes payable based upon the achievement of performance goals, shall only become payable if and to the extent the performance levels on the underlying Award is achieved . Except as provided in the applicable Award Agreement, the Participant shall generally not have the rights of a stockholder with respect to Shares subject to Restricted Stock Units or Performance Shares during the Restricted Period; provided, however, that, subject to Section 409A of the Code, an amount equal to dividends declared during the Restricted Period with respect to the number of Shares covered by Restricted Stock Units or Performance Shares shall, unless otherwise set forth in an Award Agreement, be paid to the Participant at the time shares in respect of the related Restricted Stock Units are delivered to the Participant or the Restricted Period with respect to the Performance Shares expires. Certificates for Shares of unrestricted Common Stock may, in the Company’s sole discretion, be delivered to the Participant only after the Restricted Period has expired without forfeiture in respect of such Restricted Shares, Restricted Stock Units or Performance Shares, except as the Administrator, in its sole discretion, shall otherwise determine.

(2) The rights of Participants granted Restricted Shares, Restricted Stock Units or Performance Shares upon termination of Service for any reason during the Restricted Period shall be set forth in the Award Agreement.

Section 10. Other Share-Based Awards.

The Administrator is authorized to grant Awards to Participants in the form of Other Share-Based Awards, as deemed by the Administrator to be consistent with the purposes of the Plan and as evidenced by an Award Agreement. The Administrator shall determine the terms and conditions of such Awards, consistent with the terms of the Plan, at the date of grant or thereafter, including any Performance Goals and performance periods. Common Stock or other securities or property delivered pursuant to an Award in the nature of a purchase right granted under this Section 10 shall be purchased for such consideration, paid for at such times, by such methods, and in such forms, including, without limitation, Shares, other Awards, notes or other property, as the Administrator shall determine, subject to any required corporate action.

Section 11. Cash Awards.

The Administrator may grant awards that are denominated in, or payable to Participants solely in, cash, as deemed by the Administrator to be consistent with the purposes of the Plan, and, except as otherwise

provided in this Section 11, such Cash Awards shall be subject to the terms, conditions, restrictions and limitations determined by the Administrator, in its sole discretion, from time to time. Awards granted pursuant to this Section 11 may be granted with value and payment contingent upon the achievement of Performance Goals.

Section 12. Dividends and Dividend Equivalents.

Any Award (other than an Option, SAR or Cash Award) may provide the Participant with dividends or dividend equivalents, payable in cash, Shares, other securities, other Awards or other property, on a current or deferred or vested or unvested basis, including (i) payment directly to the Participant, (ii) withholding of such amounts by the Company subject to vesting of the Award or (iii) reinvestment in additional Shares, Restricted Shares or other Awards; provided, however, that any dividends or dividend equivalents with respect to Awards subject to vesting requirements shall be accumulated in a manner determined by the Committee until such Award is earned and such dividends and dividend equivalents shall not be paid if the vesting requirements of the underlying Award are not satisfied.

Section 13. Change in Control.

Unless otherwise provided in an employment, severance or change in control agreement between the Participant and the Company, in the event of a Change in Control:

(a) With respect to each outstanding Award that is assumed or substituted in connection with the Change in Control, in the event the Participant’s Service is terminated by the Company, its successor or Affiliate thereof without Cause on or after the effective date of the Change in Control but prior to twelve (12) months following the Change in Control, then:

(1) any unvested or unexercisable portion of any Award carrying a right to exercise shall become fully vested and exercisable; and

(2) the restrictions, deferral limitations, payment conditions and forfeiture conditions applicable to an Award granted under the Plan shall lapse and such Awards shall be deemed fully vested and any outstanding performance conditions imposed with respect to such Awards shall be deemed to be fully achieved at the greater of target and actual performance levels.

(b) With respect to each outstanding Award that is not assumed or substituted in connection with a Change in Control, immediately upon the occurrence of the Change in Control, (i) such Award shall become fully vested and exercisable, (ii) the restrictions, payment conditions, and forfeiture conditions applicable to any such Award granted shall lapse, and (iii) and any performance conditions imposed with respect to such Award shall be deemed to be achieved at the greater of target and actual performance levels (as determined in the Administrator’s sole discretion as of the Change in Control).

(c) For purposes of this Section 13, an Award shall be considered assumed or substituted if, following the Change in Control, the Award is of substantially comparable value and remains subject to the same terms and conditions that were applicable to the Award immediately prior to the Change in Control except that, if the Award related to shares of Common Stock, the Award instead confers the right to receive common stock of the acquiring or ultimate parent entity.

Section 14. Deferrals and Settlements.

The Committee may require or permit Participants to elect to defer the issuance of shares or the settlement of Awards in cash under such rules and procedures as it may establish under the Plan. It may also provide that deferred settlements include the payment or crediting of interest or dividend equivalents on the deferral amounts. Any such rules or procedures shall comply with the requirements of Section 409A of the Code, including those with respect to the time when a deferral election may be made, the period of the deferral and the events that would result in the payment of the deferred amount.

Section 15. Amendment and Termination.

The Board may amend, alter or terminate the Plan, but no amendment, alteration or termination shall be made that would impair the rights of a Participant under any Award theretofore granted without such Participant’s consent. Unless the Board determines otherwise, the Board shall obtain approval of the Company’s shareholders for any amendment that would require such approval in order to satisfy the requirements of any rules of the stock exchange on which the Common Stock is traded or other applicable law. The Administrator may amend the terms of any Award theretofore granted, prospectively or

retroactively, but, subject to Section 5 and Section 13 of the Plan and the immediately preceding sentence, no such amendment shall materially impair the rights of any Participant without his or her consent.

Notwithstanding anything herein to the contrary, in no event may any Option or SAR (i) be amended to decrease the Exercise Price thereof, (ii) be canceled at a time when its Exercise Price exceeds the Fair Market Value of the underlying Share in exchange for another Award, award under any other equity- compensation plan or any cash payment or (iii) be subject to any action that would be treated, for accounting purposes, as a “repricing” of such Option or SAR, unless such amendment, cancelation or action is approved by the Company’s shareholders. For the avoidance of doubt, an adjustment to the Exercise Price of an Option or SAR that is made in accordance with Section 5 or Section 13 shall not be considered a reduction in Exercise Price or “repricing” of such Option or SAR.

Section 16. Unfunded Status of Plan.

The Plan is intended to constitute an “unfunded” plan for incentive compensation. With respect to any payments not yet made to a Participant by the Company, nothing contained herein shall give any such Participant any rights that are greater than those of a general creditor of the Company.

Section 17. Withholding Taxes.

Each Participant shall, no later than the date as of which the value of an Award first becomes includible in the gross income of such Participant for federal and/or state income tax purposes, pay to the Company, or make arrangements satisfactory to the Administrator regarding payment of, any federal, state or local taxes of any kind required by law to be withheld with respect to the Award. The obligations of the Company under the Plan shall be conditional on the making of such payments or arrangements, and the Company shall, to the extent permitted by law, have the right to deduct any such taxes from any payment of any kind otherwise due to such Participant. Whenever cash is to be paid pursuant to an award granted hereunder, the Company shall have the right to deduct therefrom an amount sufficient to satisfy any federal, state and local withholding tax requirements related thereto. Whenever Shares are to be delivered pursuant to an Award, the Company shall have the right to require the Participant to remit to the Company in cash an amount sufficient to satisfy any related federal, state and local taxes to be withheld and applied to the tax obligations. With the approval of the Administrator, a Participant may satisfy the foregoing requirement by electing to have the Company withhold from delivery of Shares or by delivering already owned unrestricted Common Stock, in each case, having a value not exceeding the federal, state and local taxes to be withheld and applied to the tax obligations. Such Shares shall be valued at their Fair Market Value on the date of which the amount of tax to be withheld is determined. Fractional share amounts shall be settled in cash. Such an election may be made with respect to all or any portion of the Shares to be delivered pursuant to an award. The Company may also use any other method of obtaining the necessary payment or proceeds, as permitted by law, to satisfy its withholding obligation with respect to any Option or other Award.

Section 18. Transfer of Awards.

Until such time as the Awards are fully vested and/or exercisable in accordance with the Plan or an Award Agreement, no purported sale, assignment, mortgage, hypothecation, transfer, charge, pledge, encumbrance, gift, transfer in trust (voting or other) or other disposition of, or creation of a security interest in or lien on, any Award or any agreement or commitment to do any of the foregoing (each, a “Transfer”) by any holder thereof in violation of the provisions of the Plan or an Award Agreement will be valid, except with the prior written consent of the Administrator, which consent may be granted or withheld in the sole discretion of the Administrator. Any purported Transfer of an Award or any economic benefit or interest therein in violation of the Plan or an Award Agreement shall be null and void ab initio and shall not create any obligation or liability of the Company, and any person purportedly acquiring any Award or any economic benefit or interest therein transferred in violation of the Plan or an Award Agreement shall not be entitled to be recognized as a holder of such Shares. Unless otherwise determined by the Administrator in accordance with the provisions of the immediately preceding sentence, an Option or a share appreciation right may be exercised, during the lifetime of the Participant, only by the Participant or, during any period during which the Participant is under a legal disability, by the Participant’s guardian or legal representative.

Section 19. Continued Employment.

Neither the adoption of the Plan nor the grant of an Award shall confer upon any Eligible Recipient any right to continued Service, as the case may be, nor shall it interfere in any way with the right of the Company or any Affiliate thereof to terminate the Service of any of its Eligible Recipients at any time.

Section 20. Conditions on Issuance.

Shares shall not be issued pursuant to the exercise of an Award unless the exercise of such Award and the issuance and delivery of such Shares shall comply with Applicable Laws and securities regulations, and shall be further subject to the approval of counsel for the Company with respect to such compliance. The inability of the Company to obtain authority from any regulatory body having jurisdiction, which authority is deemed by the Company’s counsel to be necessary to the lawful issuance and sale of any Shares hereunder, shall relieve the Company of any liability in respect of the failure to issue or sell such Shares as to which such requisite authority shall not have been obtained. As a condition to the exercise of an Award, the Administrator may in its discretion require the person exercising such Award to represent and warrant at the time of any such exercise that the Shares are being purchased only for investment and without any present intention to sell or distribute such Shares.

Section 21. Sub-Plans.

The Administrator may from time to time establish sub-plans under the Plan for purposes of satisfying securities, tax or other laws of various jurisdictions in which the Company intends to grant Awards. Any sub-plans shall contain such limitations and other terms and conditions as the Administrator determines are necessary or desirable. All sub-plans shall be deemed a part of the Plan, but each sub-plan shall apply only to the Participants in the jurisdiction for which the sub-plan was designed.

Section 22. Clawback

Notwithstanding any other provisions in this Plan, the Company may cancel any Award, require reimbursement of any Award by a Participant, and effect any other right of recoupment of equity or other compensation provided under the Plan in accordance with any Company policies that may be adopted and/or modified from time to time (“Clawback Policy”). In addition, a Participant may be required to repay to the Company previously paid compensation, whether provided pursuant to the Plan or an Award Agreement, in accordance with the Clawback Policy. By accepting an Award, the Participant is agreeing to be bound by the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion (including, without limitation, to comply with applicable law or stock exchange listing requirements).

Section 23. Effective Date.

The effective date (the “Effective Date”) is the date on which the Plan is approved by the shareholders of the Company.

Section 24. Electronic Signature.

Participant’s electronic signature of an Award Agreement shall have the same validity and effect as a signature affixed by hand.

Section 25. Term of Plan.

No Award shall be granted pursuant to the Plan on or after the tenth anniversary of the Effective Date, but Awards theretofore granted may extend beyond that date.

Section 26. Section 409A of the Code.

The intent of the parties is that payments and benefits under the Plan comply with Section 409A of the Code to the extent subject thereto, and, accordingly, to the maximum extent permitted, the Plan shall be interpreted and be administered to be in compliance therewith. Any payments described in the Plan that are due within the “short-term deferral period” as defined in Section 409A of the Code shall not be treated as deferred compensation unless applicable law requires otherwise. Notwithstanding anything to the contrary in the Plan, to the extent required in order to avoid accelerated taxation and/or tax penalties under Section 409A of the Code, amounts that would otherwise be payable and benefits that would otherwise be provided pursuant to the Plan during the six (6) month period immediately following the Participant’s termination of employment shall instead be paid on the first business day after the date that is six (6) months following the Participant’s separation from service (or upon the Participant’s death, if earlier). In addition, for purposes of

the Plan, each amount to be paid or benefit to be provided to the Participant pursuant to the Plan, which constitute deferred compensation subject to Section 409A of the Code, shall be construed as a separate identified payment for purposes of Section 409A of the Code.

Section 27. Governing Law.

The Plan shall be governed by, and construed in accordance with, the laws of the State of Delaware, without giving effect to principles of conflicts of law of such state.

(18)

Document

[FORM OF]

VARONIS SYSTEMS, INC. 2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN

PERFORMANCE-BASED RESTRICTED STOCK UNIT AWARD GRANT NOTICE

Varonis Systems, Inc. (the “Company”), pursuant to its 2023 Amended and Restated Omnibus Equity Incentive Plan (the ”Plan”), attached hereto as Exhibit C, hereby grants to the individual listed below (the “Participant”) an Award of performance-based restricted stock units (“PSUs”). Each earned and vested PSU represents the right to receive, in accordance with the PSU Award Agreement attached hereto as Exhibit B (the “Agreement”), one share of the Common Stock of the Company (each, a “Share”). This Award of PSUs is subject to all of the terms and conditions set forth herein and in the Agreement and the Plan, which are incorporated herein by reference.

Capitalized terms not specifically defined herein shall have the meanings specified in the Plan.

Participant [●]
Grant Date: [●]
Performance Period: [●]
Target Number of PSUs Subject to Grant: [●]

Vesting Schedule: The number of PSUs earned with respect to each Performance Period shall be determined in accordance with the performance metrics attached as Exhibit A to this Notice (the “Performance Metrics”), as determined by the Administrator in its sole discretion. Each PSU earned in accordance with the Performance Metrics (an “Earned PSU”). PSUs deemed by the Administrator not to have been earned in accordance with the Performance Metrics shall immediately terminate.

XXX

Any and all vesting of Earned PSUs is subject to the Participant’s continued employment or service with the Company or an Affiliate thereof through such vesting date.

Termination: Except to the extent paid in accordance with the above vesting schedule, the PSUs shall terminate, become forfeited or expire without settlement in accordance with the terms of the Agreement.

By his or her signature, the Participant agrees to be bound by the terms and conditions of the Plan, the Agreement and this Notice. The Participant has reviewed the Agreement, the Plan and this Notice in their entirety, has had an opportunity to obtain the advice of counsel prior to executing this Notice and fully understands all provisions of this Notice, the Agreement and the

Plan. The Participant hereby agrees to accept as binding, conclusive and final all decisions or interpretations of the Administrator upon any questions arising under the Plan or relating to the award of PSUs.

VARONIS SYSTEMS, INC.     PARTICIPANT

__________________________

Exhibit A

PERFORMANCE METRICS

Exhibit B

PERFORMANCE-BASED RESTRICTED STOCK UNIT AWARD AGREEMENT

Pursuant to the Performance-Based Restricted Stock Unit Award Grant Notice (the “Notice”) to which this Performance-Based Restricted Stock Unit Award Agreement (this “Agreement”) is attached, Varonis Systems, Inc. (the “Company”) has granted to the Participant an Award of performance-based restricted stock units (“PSUs”) under the Company's 2023 Amended and Restated Omnibus Equity Incentive Plan (the “Plan”). Each earned and vested PSU represents the right to receive one share of the Common Stock of the Company (each a “Share”). Capitalized terms not specifically defined herein shall have the meanings specified in the Plan and Notice.

ARTICLE I

GENERAL

1.Incorporation of Terms of Plan. The PSUs are subject to the terms and conditions of the Plan, which are incorporated herein by reference. In the event of any inconsistency between the Plan and this Agreement, the terms of the Plan shall control.

ARTICLE II

GRANT OF PSUS

1.Grant of PSUs. In consideration of the Participant's employment or service to the Company or any Affiliate and other good and valuable consideration, effective as of the Grant Date set forth in the Notice, the Company hereby grants to the Participant an Award of PSUs under the Plan, upon the terms and conditions set forth in the Notice, the Plan and this Agreement.

2.Unsecured Obligation. Unless and until the PSUs have been earned and vested in the manner set forth in Article 2 hereof, the Participant will have no right to receive Shares with respect to any such PSUs. Prior to actual payment of any earned and vested PSUs, such PSUs will represent an unsecured obligation of the Company, payable (if at all) only from the general assets of the Company.

3.Vesting Schedule. Subject to Sections 2.5 and 3.1 hereof, the PSUs shall be earned and shall thereafter vest and become nonforfeitable with respect to the applicable portion thereof according to the vesting schedule set forth in the Notice (rounding down to the nearest whole Share).

4.Consideration to the Company. In consideration of the grant of PSUs pursuant hereto, the Participant agrees to render faithful and efficient employment or other service to the Company or any Affiliate. Nothing in the Plan or this Agreement shall confer upon the Participant any right to continue in the employment or service of the Company or any Affiliate or shall interfere with or restrict in any way the rights of the Company and its Affiliates, which rights are hereby expressly reserved, to discharge or terminate the employment or service of the Participant at any time for any reason whatsoever, with or without Cause.

5.Forfeiture, Termination and Cancellation Upon Termination of Employment or Service.

(a)Upon the Participant's termination of employment or service with the Company and all Affiliates thereof, the PSUs shall be treated as follows, except as specifically provided otherwise herein or in a employment agreement between the Company and the Participant:

(i)In the event that the employment or service of the Participant with the Company and all Affiliates thereof shall terminate for any reason other than for Cause, unvested PSUs granted to the Participant shall terminate at the close of business on the date of such termination.

(ii)In the event of the termination of the Participant's employment or service for Cause, all outstanding PSUs (whether vested or not and whether an Earned PSU or not) granted to the Participant shall terminate at the commencement of business on the date of such termination.

(iii)[for CEO only] Notwithstanding the foregoing or any provision herein to the contrary, in the event of the Participant’s voluntary resignation at any time when the Participant is Retirement Eligible, then, solely for purposes of continued vesting under this Agreement, the Participants Service is deemed to continue uninterrupted so long as the Participant (x) remains in compliance with all of the Participant’s continuing obligations to the Company and its Affiliates, and (y) the Participant provides such cooperation as the Company may reasonably request relating to the transfer of the Participant’s responsibilities. As used in the preceding sentence, “Retirement Eligible” means that the Participant has obtained age 55 and the Participant has remained in continuous Service to the Company for at least ten (10) years.

(b)The Administrator or its delegate shall determine in its sole discretion the manner in which the PSUs shall be affected, both with regard to the vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of the Participant.

(c)For purposes of the PSUs, as determined in the Administrator’s or its delegate’s exclusive discretion, the Participant’s Service will be considered terminated as of the date the Participant is no longer actively providing services to the Company or any Affiliate (regardless of the reason for such termination and whether or not later to be found invalid or in breach of Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any), and unless otherwise expressly provided in this Agreement or determined by the Administrator or its delegate, the Participant’s right to vest in the PSUs, if any, will terminate as of such date and will not be extended by any notice period (e.g., the Participant’s period of service would not include any contractual notice period or any period of “garden leave” or similar period mandated under Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any).

6.Issuance of Shares upon Vesting.

(a)Earned PSUs to the extent determined by the Compensation Committee after the applicable year-end audit shall represent the right to receive, on the first business day following the applicable vesting date, the number of Shares determined in accordance with the Vesting Schedule set forth in the Notice and provided that the Participant remains employed by the Company or an Affiliate through the applicable vesting date, subject to the provisions of Section 2.5 or Section 3.1. Notwithstanding the above, Shares earned with respect to vested Earned PSUs shall be delivered on a date (the “Delivery Date”) that is in the same calendar year as the vesting date. On the Delivery Date, the Company shall deliver to the Participant (or any transferee permitted under Section 4.2 hereof) a number of Shares (either by delivering one or more certificates for such Shares or by entering such Shares in book entry form, as determined by the Company in its sole discretion) equal to the number of Earned PSUs that vest on the applicable vesting date, unless such Earned PSUs terminate prior to the applicable vesting date pursuant to Section 2.5 hereof. Notwithstanding the foregoing, in the

event Shares cannot be issued pursuant to Section 20 of the Plan, the Shares shall be issued pursuant to the preceding sentence as soon as administratively practicable after the Administrator determines that Shares can again be issued in accordance with such Section.

(b) As set forth in Section 17 of the Plan and Section 4.3 of this Agreement, the Participant shall satisfy all Tax-Related Items (as defined in Section 4.3 below). The Company shall not be obligated to deliver any new certificate representing Shares to the Participant or the Participant’s legal representative or enter such Shares in book entry form unless and until the Participant or the Participant’s legal representative shall have paid or otherwise satisfied in full the amount of all Tax-Related Items.

7.Conditions to Delivery of Shares. The Shares deliverable hereunder may be either previously authorized but unissued Shares, treasury Shares or issued Shares which have then been reacquired by the Company. Such Shares shall be fully paid and nonassessable. The Company shall not be required to issue or deliver any certificates or make any book entries evidencing Shares deliverable hereunder prior to fulfillment of the conditions set forth in Section 20 of the Plan.

ARTICLE III

CHANGE IN CONTROL

1.Change in Control. In the event of a Change in Control, the PSUs shall be treated in accordance with Section 13 of the Plan.

ARTICLE IV

OTHER PROVISIONS

1.Administration. The Administrator shall have the power and authority to interpret and construe the terms and provisions of this Agreement and to adopt such rules for the administration, interpretation and application of this Agreement as are consistent therewith and to interpret, amend or revoke any such rules. All decisions made by the Administrator shall be final, conclusive and binding on all persons, including the Participant, the Company and any other interested persons and entities.

2.Transferability of Grant. Except as otherwise set forth in the Plan:

(a)The PSUs may not be sold, pledged, assigned or transferred in any manner other than by will or the laws of descent and distribution;

(b)Neither the PSUs nor any interest or right therein shall be liable for the debts, contracts or engagements of the Participant or his or her successors in interest or shall be subject to disposition by transfer, alienation, anticipation, pledge, encumbrance, assignment or any other means whether such disposition be voluntary or involuntary or by operation of law by judgment, levy, attachment, garnishment or any other legal or equitable proceedings (including bankruptcy), and any attempted disposition thereof shall be null and void and of no effect, except to the extent that such disposition is permitted by Section 4.2(a).

3.Responsibility for Taxes. Regardless of any action the Company or, if different, the Affiliate to which the Participant provides services takes with respect to any or all income tax, social insurance, payroll tax, fringe benefits tax, payment on account or other tax related items related to the Participant’s participation in the Plan and legally applicable to the Participant (“Tax-Related Items”), the Participant acknowledges that the ultimate liability for all Tax-Related Items is and remains the Participant’s responsibility and may exceed the amount actually

withheld by the Company or the Affiliate. The Participant further acknowledges that the Company and/or the Affiliate (i) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the PSUs, including, but not limited to, the grant, vesting or settlement of the PSUs, the subsequent sale of Shares acquired pursuant to such settlement and the receipt of any dividends and/or dividend equivalent; and (ii) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the PSUs to reduce or eliminate the Participant’s liability for Tax-Related Items or achieve any particular tax result. Further, if the Participant has become subject to tax in more than one jurisdiction, the Participant acknowledges that the Company and/or the Affiliate may be required to withhold or account for Tax-Related Items in more than one jurisdiction.

4.Withholding of Taxes. Prior to any relevant taxable or tax withholding event, as applicable, the Participant agrees to make adequate arrangements satisfactory to the Company and/or the Affiliate to satisfy all Tax-Related Items. In this regard, the Participant authorizes the Company and/or the Affiliate, or their respective agents, at their discretion, to satisfy any applicable withholding obligations with regard to all Tax-Related Items by one or a combination of the following:

(a)withholding from the Participant’s wages or other cash compensation paid to the Participant by the Company and/or the Affiliate;

(b)withholding from proceeds of the sale of Shares acquired upon settlement of the PSUs either through a voluntary sale or through a mandatory sale arranged by the Company (on the Participant’s behalf pursuant to this authorization); and

(c)withholding in Shares to be issued upon settlement of the PSUs, unless the use of such withholding method is problematic under Applicable Laws, in which case the obligation for Tax-Related Items may be satisfied by one or a combination of methods (a) and (b) above.

Depending on the withholding method, the Company and/or the Affiliate may withhold or account for Tax-Related Items by considering applicable minimum statutory withholding rates or other applicable withholding rates, including maximum applicable rates, in which case the Participant may receive a refund of any over-withheld amount in cash and will have no entitlement to the Share equivalent. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, the Participant is deemed to have been issued the full number of Shares subject to the vested PSUs, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items.

Finally, the Participant agrees to pay to the Company or the Affiliate any amount of Tax-Related Items that the Company or the Affiliate may be required to withhold or account for as a result of the Participant’s participation in the Plan that cannot be satisfied by the means previously described. The Company may refuse to issue or deliver the Shares or the proceeds of the sale of Shares, if the Participant fails to comply with his or her obligations in connection with the Tax-Related Items.

5.No Advice Regarding Grant. The Participant represents that the Participant has consulted with any tax consultants the Participant deems advisable in connection with the grant of PSUs and the issuance of Shares with respect thereto and that the Participant is not relying on the Company for any tax advice. The Company makes no warranties or representations whatsoever to the Participant regarding the tax consequences of the grant of PSUs or the receipt

of Shares with respect thereto. The Participant shall be solely responsible for any taxes in respect of the PSUs.

6.Equitable Adjustments. The Participant acknowledges that the PSUs are subject to modification and termination in certain events as provided in this Agreement and Section 5 of the Plan.

7.Notices. Any notice to be given under the terms of this Agreement to the Company shall be addressed to the Company in care of the Legal Department at the Company's principal office, and any notice to be given to the Participant shall be addressed to the Participant at the Participant's last address reflected on the Company's records. Any notice which is required to be given to the Participant shall, if the Participant is then deceased, be given to the person entitled to the PSUs pursuant to Section 4.2(a) hereof by written notice under this Section 4.7.

8.Participant’s Representations. If the Shares issuable hereunder have not been registered under the Securities Act or any applicable state laws on an effective registration statement at the time of such issuance, the Participant shall, if required by the Company, concurrently with such issuance, make such written representations as are deemed necessary or appropriate by the Company and/or its counsel.

9.Titles. Titles are provided herein for convenience only and are not to serve as a basis for interpretation or construction of this Agreement.

10.Governing Law and Venue. The laws of the State of Delaware shall govern the interpretation, validity, administration, enforcement and performance of the terms of this Agreement regardless of the law that might be applied under principles of conflicts of laws. For purposes of litigating any dispute that arises under this grant or this Agreement, the parties hereby submit to and consent to the exclusive jurisdiction of the State of New York, agree that such litigation shall be conducted in the courts of New York County, New York, or the federal courts for the U.S. for the Southern District of New York, where this grant is made and/or to be performed.

11.Conformity to Securities Laws. The Participant acknowledges that the Plan and this Agreement are intended to conform to the extent necessary with all provisions of the Securities Act and the Exchange Act and any and all regulations and rules promulgated by the Securities and Exchange Commission thereunder, and state securities laws and regulations. Notwithstanding anything herein to the contrary, the Plan shall be administered, and the PSUs are granted and settled, only in such a manner as to conform to such laws, rules and regulations. To the extent permitted by applicable law, the Plan and this Agreement shall be deemed amended to the extent necessary to conform to such laws, rules and regulations.

12.Clawback. The Participant hereby acknowledges the PSUs are subject to, and agrees to be bound by, the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion in accordance with Section 22 of the Plan.

13.Amendments and Termination. To the extent permitted by the Plan, this Agreement may be wholly or partially amended, altered or terminated at any time or from time to time by the Administrator or the Board.

14.Successors and Assigns. The Company may assign any of its rights under this Agreement to single or multiple assignees, and this Agreement shall inure to the benefit of the successors and assigns of the Company. Subject to the restrictions on transfer herein set forth in Section 4.2 hereof, this Agreement shall be binding upon the Participant and his or her heirs, executors, administrators, successors and assigns.

15.Limitations Applicable to Section 16 Persons. Notwithstanding any other provision of the Plan or this Agreement, if the Participant is subject to Section 16 of the Exchange Act, then the Plan, the PSUs and this Agreement shall be subject to any additional limitations set forth in any applicable exemptive rule under Section 16 of the Exchange Act (including any amendment to Rule 16b-3 of the Exchange Act) that are requirements for the application of such exemptive rule. To the extent permitted by applicable law, this Agreement shall be deemed amended to the extent necessary to conform to such applicable exemptive rule.

16.Entire Agreement. The Plan, the Notice and this Agreement (including all Exhibits thereto, if any) constitute the entire agreement of the parties and supersede in their entirety all prior undertakings and agreements of the Company and the Participant with respect to the subject matter hereof.

17.Section 409A. This PSU Award is intended to comply with Code Section 409A to the extent subject thereto and shall be interpreted in accordance with Code Section 409A and Department of Treasury regulations and other interpretive guidance issued thereunder, including without limitation any such regulations or other guidance that may be issued after the Grant Date. Notwithstanding any provision in the Plan or Agreement to the contrary, no payment or distribution under this Agreement that constitutes an item of deferred compensation under Code Section 409A and becomes payable by reason of the Participant's termination of employment or service with the Company will be made to the Participant until the Participant's termination of employment or service constitutes a “separation from service” (as defined in Code Section 409A). For purposes of this Agreement, each amount to be paid or benefit to be provided shall be construed as a separate identified payment for purposes of Code Section 409A. If the Participant is a “specified employee” (as defined in Code Section 409A), then to the extent necessary to avoid the imposition of taxes under Code Section 409A, the Participant shall not be entitled to any payments upon a termination of his or her employment or service until the earlier of: (i) the expiration of the six (6)-month period measured from the date of such Participant's “separation from service” or (ii) the date of the Participant's death. Upon the expiration of the applicable waiting period set forth in the preceding sentence, all payments and benefits deferred pursuant to this Section 4.17 (whether they would have otherwise been payable in a single lump sum or in installments in the absence of such deferral) shall be paid to the Participant in a lump sum as soon as practicable, but in no event later than sixty (60) calendar days, following such expired period, and any remaining payments due under this Agreement will be paid in accordance with the normal payment dates specified for them herein. The Administrator may, in its discretion, adopt such amendments to the Plan, this Agreement or the Notice or adopt other policies and procedures (including amendments, policies and procedures with retroactive effect), or take any other actions, as the Administrator determines are necessary or appropriate to comply with the requirements of Code Section 409A.

18.Electronic Signature; Electronic Delivery and Acceptance. The Participant's electronic signature of this Agreement shall have the same validity and effect as a signature affixed by hand. The Company may, in its sole discretion, decide to deliver any documents related to the Participant’s current or future participation in the Plan by electronic means. The Participant hereby consents to receive such documents by electronic delivery and agrees to participate in the Plan through an on-line or electronic system established and maintained by the Company or a third party designated by the Company.

19.Waiver. The Participant acknowledges that a waiver by the Company of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any other provision of this Agreement, or of any subsequent breach by the Participant.

20.Severability. The provisions of this Agreement are severable and if any one or more provisions are determined to be illegal or otherwise unenforceable, in whole or in part, the remaining provisions shall nevertheless be binding and enforceable.

21.Data Privacy Notice and Consents.

(a)What personal data we collect and for which purpose? The Company collects, processes and uses personal data of the Participant, including, but not limited to, his or her name, home address and telephone number, email address, date of birth, social insurance, passport or other identification number (e.g., resident registration number), nationality, job title, any Shares or directorships held in the Company, details of all PSUs or any other entitlement to Shares awarded, canceled, exercised, vested,

unvested or outstanding in the Participant’s favor. If the Company offers the Participant a grant of PSUs under the Plan, then the Company will collect the Participant’s personal data for purposes of allocating stock and implementing, administering and managing the Plan.

(b)Legal basis for processing of personal data. The Company’s legal basis for the processing of the Participant’s personal data would be his or her consent, and where applicable, the performance of the Company's legal duties as an employer and/or issuer of PSUs.

(c)To whom do we disclose such personal data? The Company transfers participant data to Stock Plan Administration Service Providers such as Morgan Stanley, an independent service provider based in the United States, which assists the Company with the implementation, administration and management of the Plan. In the future, the Company may select a different service provider and may share the Participant’s data with another company that serves in a similar manner. The Company’s service provider(s) will open an account for the Participant to receive and trade Shares.

(d)What safeguards are applied to your personal data? We apply and contractually enforce on any service provider or recipient with which we share personal data, separate terms and data processing agreements, to protect the personal data, including by applying various technical and organizational safeguards. Where required we also rely on additional data transfer mechanisms, as further described in the 'International Data Transfers' section below.

(e)Data Retention. The Company will use the Participant’s personal data only as long as is necessary to implement, administer and manage the Participant’s participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and securities laws. When the Company no longer needs the Participant’s personal data, which will generally be seven years after the Participant is granted PSUs under the Plan, the Company will remove it from its systems. If the Company keeps data longer, it would be to satisfy legal or regulatory obligations and the Company’s legal basis would be relevant laws or regulations.

(f)Voluntariness and Consequences of Consent Denial or Withdrawal. The Participant’s participation in the Plan and the Participant’s grant of consent is purely voluntary. The Participant may deny or withdraw his or her consent at any time. If the Participant does not consent, or if the Participant withdraws his or her consent, the Participant cannot participate in the Plan. This would not affect the Participant’s salary as an employee or his or her

career; the Participant would merely forfeit the opportunities associated with the Plan.

(g)Data Subject Rights.

Depending on the jurisdiction in which you reside, you may have certain rights under relevant applicable laws regarding the collection and processing of your Personal Data. To the extent these rights apply and concern you, you can contact us via the contact details available below and ask to exercise the following rights:

EU Residents Right Virginia Residents Rights California Residents Rights
Right to know or access Personal Data collected by us The right to know what Personal Information the business has collected.
Deletion Rights
Correct Inaccurate Data
N/A Opt-Out of Sharing for Cross-Contextual Behavioral Advertising
N/A Opt-out from selling
N/A Limit the Use or Disclosure of Sensitive Personal Information (SPI)
N/A Opt-out from profiling in furtherance of decisions that produce legal or similarly significant effects concerning the user N/A
--- --- --- ---
Opt-Out of the Use of Automated Decision Making N/A
N/A Non-Discrimination
Data Portability
Restriction or Objection to Processing N/A

Authorized Agent - You can use an authorized agent to make a request to exercise your right under applicable laws on your behalf if: the authorized agent is a natural person or a business entity; and to sign a written declaration that you authorize the authorized agent to act on your behalf. If you use an authorized agent to submit a request to exercise your right, please provide us with a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below. The request must provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Data or an authorized agent. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you; and describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it. We will only use Personal Data provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

(h)Additional Disclosure for California based Participants

This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively: "CCPA").

In the preceding twelve (12) months, we have collected the following categories of Personal Data:

Category Personal Data collected Sources
Identifiers Name and contact information (full name, home address, phone number and emergency contact information), date of birth, government identification numbers (such as social security numbers, tax payer id's and driver’s license), etc. •Information you provided with us;<br><br>•Information collected from third parties.
Records Financial information, name, telephone number. •Information you provided with us;<br><br>•Information collected from third parties.
Characteristics of protected classifications under California or federal law Gender, age. •Information you provided with us;<br><br>•Information collected from third parties.
Professional or employment-related information. Current or past job history or performance evaluations. •Information you provided with us;<br><br>•Information collected from third parties

We use the data types described in the table above, as described in sections 5 and 6 of this notice.

Sharing Personal Data - We disclose your Personal Data as described above. When we disclose Personal Data to third parties, we enter into a contract that describes the purpose and requires both parties to keep that Personal Data confidential and not use it for any purpose except in the performance of the contract. In the preceding twelve

(12) months, we have disclosed the above-mentioned categories of Personal Data to our affiliates and services providers, for a business purposes.

Selling or Sharing Personal Data - We do not "sell" nor "Share" your Personal Data. We only disclose Personal Data as described in this notice.

(i)Data Protection Officer - The Company has appointed a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. If you have any questions about this Policy, please contact our Data Protection Officer via privacy@varonis.com.

For further information, please refer to our Employees and Contractors Privacy Policy.

22.Insider-Trading/Market-Abuse Laws. The Participant acknowledges that, depending on his or her country of residence or the country of residence of the Participant’s broker, the Participant may be subject to insider-trading restrictions and/or market-abuse laws, which may affect his or her ability to accept, acquire, sell or otherwise dispose of Shares, rights to Shares (e.g., PSUs) or rights linked to the value of Shares during such times as the Participant is considered to have “inside information” regarding the Company, as defined by the laws or regulations in the Participant’s country. Local insider trading laws and regulations may prohibit the cancellation or amendment of orders placed by the Participant before the Participant possessed inside information. Furthermore, the Participant could be prohibited from (i) disclosing the inside information to any third party (other than on a “need to know” basis) and (ii) “tipping” third parties or causing them otherwise to buy or sell securities. Note that third parties include fellow employees. Any restrictions under these laws or regulations are separate from and in addition to any restrictions that may be imposed under any applicable Company insider trading policy. The Participant acknowledges that it is his or her responsibility to be informed of and compliant with such regulations, and the Participant should speak to his or her personal legal advisor on this matter.

23.Language. If the Participant has received this Agreement or any other document related to the Plan translated into a language other than English and if the meaning of the translated version is different than the English version, the English version will control.

24.Imposition of Other Requirements. The Company reserves the right to impose other requirements on the Participant’s participation in the Plan, on the PSUs and on any Shares acquired under the Plan, to the extent the Company determines it is necessary or advisable for legal or administrative reasons, and to require the Participant to sign any additional agreements or undertakings that may be necessary to accomplish the foregoing.

Exhibit C

VARONIS SYSTEMS, INC.

2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN

Section 1. Purpose of Plan.

The name of the Plan, as amended and restated from time to time is the Amended and Restated Varonis Systems, Inc. 2023 Omnibus Equity Incentive Plan. The purposes of the Plan are to provide an additional incentive to selected employees, directors, independent contractors and consultants of the Company or its Affiliates whose contributions are essential to the growth and success of the Company’s business, in order to strengthen the commitment of such persons to the Company and its Subsidiaries, motivate such persons to faithfully and diligently perform their responsibilities and attract and retain competent and dedicated persons whose efforts will result in the long-term growth and profitability of the Company. To accomplish such purposes, the Plan provides that the Company may grant Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Other Share-Based Awards, Cash Awards or any combination of the foregoing. Upon originally becoming effective on June 7, 2023, the Plan replaced the Varonis Systems, Inc. 2013 Omnibus Equity Incentive Plan (the “Prior Plan”) and no further awards could be made under the Prior Plan; provided, however, that the Prior Plan shall continue to govern the terms and condition of outstanding awards granted thereunder.

Section 2. Definitions.

For purposes of the Plan, the following terms shall be defined as set forth below:

(a) “Administrator” means the Board, or, if and to the extent the Board does not administer the Plan, the Committee in accordance with Section 3 hereof.

(b) “Affiliate” means a Person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the Person specified. An entity shall be deemed an Affiliate of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

(c) “Applicable Laws” means the applicable requirements under U.S. federal and state corporate laws, U.S. federal and state securities laws, including the Code, any stock exchange or quotation system on which the Common Stock is listed or quoted and the applicable laws of any other country or jurisdiction where Awards are granted under the Plan, as are in effect from time to time.

(d) “Award” means any Option, Share Appreciation Right, Restricted Share, Restricted Stock Unit, Performance Share, Other Share-Based Award or Cash Award granted under the Plan.

(e) “Award Agreement” means any written agreement, contract or other instrument or document evidencing an Award.

(f) “Beneficial Owner” (or any variant thereof) has the meaning defined in Rule 13d-3 under the Exchange Act.

(g) “Board” means the Board of Directors of the Company.

(h) “Bylaws” mean the bylaws of the Company, as may be amended and/or restated from time to time.

B-1

(i) “Cash Award” means cash awarded under Section 11 of the Plan, including cash awarded as a bonus or upon the attainment of Performance Goals or otherwise as permitted under the Plan.

(j) “Cause” shall have the meaning assigned to such term in any individual employment, change in control or severance agreement or plan or Award Agreement with the Participant or, if no such agreement exists or if such agreement does not define “Cause,” Cause shall mean (i) an act of dishonesty made by Participant in connection with Participant’s responsibilities as an employee which is materially injurious to the financial condition or business reputation of the Company or any of its Subsidiaries; (ii) Participant’s conviction of or plea of nolo contendere to, a felony or any crime involving fraud, embezzlement or any other act of moral turpitude; (iii) Participant’s gross misconduct; (iv) Participant’s willful unauthorized use or disclosure of any proprietary information or trade secrets of the Company or any of its Subsidiaries; (v) Participant’s willful and material violation of any written policies of the Company or any of its Subsidiaries (to the extent applicable); (vi) Participant’s material breach of any obligations under any material written agreement or covenant with the Company or any of its Subsidiaries; or (vii) Participant’s continued failure to perform his or her employment duties after Participant has received a written demand for performance from the Company or any of its Subsidiaries which specifically sets forth the factual basis for the applicable Company’s or its Subsidiary’s belief that Participant has not substantially performed his or her duties.

(k) “Change in Capitalization” means any (i) merger, amalgamation, consolidation, reclassification, recapitalization, spin-off, spin-out, repurchase or other reorganization or corporate transaction or event, (ii) dividend (whether in the form of cash, Common Stock or other property), share subdivision or consolidation, (iii) combination or exchange of shares, (iv) other change in corporate structure or (v) declaration of a special dividend (including a cash dividend) or other distribution, which, in any such case, the Administrator determines, in its sole discretion, affects the Shares such that an adjustment pursuant to Section 5 hereof is appropriate.

(l) “Change in Control” shall be deemed to have occurred if an event set forth in any one of the following paragraphs shall have occurred:

(1) any Person (other than the Company, any trustee or other fiduciary holding securities under an employee benefit plan of the Company, or any company owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of Shares) is or becomes the Beneficial Owner, directly or indirectly, of securities of the Company (not including in the securities beneficially owned by such Person or any securities acquired directly from the Company or any Affiliate thereof) representing 50% or more of the combined voting power of the Company’s then outstanding securities; or

(2) the following individuals cease for any reason to constitute a majority of the number of directors then serving on the Board: individuals who, on the date hereof, constitute the Board and any new director (other than a director whose initial assumption of office is in connection with an actual or threatened election contest, including, but not limited to, a consent solicitation, relating to the election of directors of the Company) whose appointment or election by the Board or nomination for election by the Company’s shareholders was approved or recommended by a vote of at least two-thirds (2/3) of the directors then still in office who either were directors on

B-2

the date hereof or whose appointment, election or nomination for election was previously so approved or recommended; or

(3) there is consummated a merger, amalgamation or consolidation of the Company or any Subsidiary thereof with any other corporation, other than a merger, amalgamation or consolidation immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the Board of the entity surviving such merger, amalgamation or consolidation or, if the Company or the entity surviving such merger is then a subsidiary, the ultimate parent thereof; or

(4) the shareholders of the Company approve a plan of complete liquidation or dissolution of the Company or there is consummated an agreement for the sale or disposition by the Company of all or substantially all of the Company’s assets, other than (A) a sale or disposition by the Company of all or substantially all of the Company’s assets to an entity, at least fifty percent (50%) of the combined voting power of the voting securities of which are owned by shareholders of the Company following the completion of such transaction in substantially the same proportions as their ownership of the Company immediately prior to such sale or (B) a sale or disposition of all or substantially all of the Company’s assets immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the board of directors of the entity to which such assets are sold or disposed or, if such entity is a subsidiary, the ultimate parent thereof.

For each Award that constitutes deferred compensation under Section 409A of the Code, a Change in Control shall be deemed to have occurred under the Plan with respect to such Award only if a change in the ownership or effective control of the Company or a change in ownership of a substantial portion of the assets of the Company shall also be deemed to have occurred under Section 409A of the Code.

Notwithstanding the foregoing, a Change in Control shall not be deemed to have occurred by virtue of the consummation of any transaction or series of integrated transactions immediately following which the holders of Common Stock immediately prior to such transaction or series of transactions continue to have substantially the same proportionate ownership in an entity which owns all or substantially all of the assets of the Company immediately following such transaction or series of transactions.

(m) “Code” means the Internal Revenue Code of 1986, as amended from time to time, or any successor thereto.

(n) “Committee” means any committee or subcommittee the Board may appoint to administer the Plan. Subject to the discretion of the Board, the Committee shall be composed entirely of individuals who meet the qualifications of a “non-employee director” within the meaning of Rule 16b-3 under the Exchange Act and any other qualifications required by the applicable stock exchange on which the Common Stock is traded. If at any time or to any extent the Board shall not administer the Plan, then the functions of the Administrator specified in the Plan shall be exercised by the Committee. Except as otherwise provided in the Certificate of Incorporation or Bylaws of the Company, any action of the Committee with respect to the administration of the Plan shall be taken by a majority vote at a meeting at which a quorum is duly constituted or unanimous written consent of the Committee’s members.

(o) “Common Stock” means the common stock, par value $0.001 per share, of the Company.

B-3

(p) “Company” means Varonis Systems, Inc., a Delaware corporation (or any successor company, except as the term “Company” is used in the definition of “Change in Control” above).

(q) “Disability” shall have the meaning set forth in the employment, severance or change in control agreement or plan between the Participant and the Company, provided that if no such agreement or definition exists, then “Disability” shall mean, with respect to any Participant, that such Participant (i) as determined by the Administrator in its sole discretion, is unable to engage in any substantial gainful activity by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, or (ii) is, by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, receiving income replacement benefits for a period of not less than three (3) months under an accident and health plan covering employees of the Company or an Affiliate thereof.

(r) “Eligible Recipient” means an employee, director, independent contractor or consultant of the Company or any Affiliate of the Company who has been selected as an eligible participant by the Administrator; provided, however, to the extent required to avoid the imposition of additional taxes under Section 409A of the Code, an Eligible Recipient of an Option or a Share Appreciation Right means an employee, director, independent contractor or consultant of the Company or any Subsidiary of the Company who has been selected as an eligible participant by the Administrator.

(s) “Exchange Act” shall mean the Securities Exchange Act of 1934, as amended from time to time.

(t) “Exercise Price” means, with respect to any Award under which the holder may purchase Shares, the per share price at which a holder of such Award granted hereunder may purchase Shares issuable upon exercise of such Award, which in any event will not be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(u) “Fair Market Value” as of a particular date shall mean the fair market value of a share of Common Stock as determined by the Administrator in its sole discretion; provided, however, that (i) if the Common Stock is admitted to trading on a national securities exchange, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such exchange on such date or, if no sale was reported on such date, on the last day preceding such date on which a sale was reported, (ii) if the Common Stock is admitted to quotation on the National Association of Securities Dealers Automated Quotation (“NASDAQ”) system or other comparable quotation system and has been designated as a National Market System (“NMS”) security, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such system on such date or, if no sale was reported on such date, on the last date preceding such date on which a sale was reported, or (iii) if the Common Stock is admitted to quotation on NASDAQ but has not been designated as an NMS security, the fair market value of a share of Common Stock on any date shall be the average of the highest bid and lowest asked prices of such share on such system on such date or, if both bid and ask prices were not reported on such date, on the last date preceding such date on which both bid and ask prices were reported.

B-4

(v) “ISO” means an Option intended to be and designated as an incentive stock option within the meaning of Section 422 of the Code.

(w) “Nonqualified Stock Option” shall mean an Option that is not designated as an ISO.

(x) “Option” means an option to purchase Shares granted pursuant to Section 7 hereof. The term “Option” as used in the Plan includes the terms “Nonqualified Stock Option” and “ISO.”

(y) “Other Share-Based Award” means a right or other interest granted pursuant to Section 10 hereof that may be denominated or payable in, valued in whole or in part by reference to, or otherwise based on or related to, the Common Stock, including, but not limited to, unrestricted Shares, restricted share units, dividend equivalents or performance units, each of which may be subject to the attainment of Performance Goals or a period of continued employment or other terms or conditions as permitted under the Plan.

(z) “Participant” means any Eligible Recipient selected by the Administrator, pursuant to the Administrator’s authority provided for in Section 3 below, to receive grants of Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing, and, upon his or her death, his or her successors, heirs, executors and administrators, as the case may be.

(aa) “Performance Goals” means performance goals based on one or more of (but not limited to) the following criteria: (i) earnings, including one or more of operating income, earnings before or after taxes, earnings before or after interest, depreciation, amortization, adjusted EBITDA, economic earnings, or extraordinary or special items or book value per share (which may exclude nonrecurring items); (ii) pre-tax income or after-tax income; (iii) earnings per Share (basic or diluted); (iv) operating profit; (v) revenue, revenue growth or rate of revenue growth; (vi) return on assets (gross or net), return on investment, return on capital, or return on equity; (vii) returns on sales or revenues; (viii) operating expenses; (ix) share price appreciation; (x) cash flow, free cash flow, cash flow return on investment (discounted or otherwise), net cash provided by operations, or cash flow in excess of cost of capital; (xi) implementation or completion of critical projects or processes; (xii) cumulative earnings per share growth; (xiii) operating margin or profit margin; (xiv) cost targets, reductions and savings, productivity and efficiencies; (xv) strategic business criteria, consisting of one or more objectives based on meeting specified market penetration, geographic business expansion, customer satisfaction, employee satisfaction, human resources management, supervision of litigation, information technology, and goals relating to acquisitions, divestitures, joint ventures and similar transactions, and budget comparisons; (xvi) personal professional objectives, including any of the foregoing performance goals, the implementation of policies and plans, the negotiation of transactions, the development of long term business goals, formation of joint ventures, research or development collaborations, and the completion of other corporate transactions; and (xvii) any combination of, or a specified increase in, any of the foregoing. Where applicable, the Performance Goals may be expressed in terms of attaining a specified level of the particular criteria or the attainment of a percentage increase or decrease in the particular criteria, and may be applied to one or more of the Company or Affiliate thereof, or a division or strategic business unit of the Company, or may be applied to the performance of the Company relative to a market index, a group of other companies or a combination thereof, all as determined by the Committee. The Performance Goals may include a threshold level of performance below which no payment shall be made (or no vesting shall

B-5

occur), levels of performance at which specified payments shall be made (or specified vesting shall occur), and a maximum level of performance above which no additional payment shall be made (or at which full vesting shall occur); provided, that the Committee shall have the authority to make equitable adjustments to the Performance Goals, including in recognition of unusual or non-recurring events affecting the Company or any Affiliate thereof or the financial statements of the Company or any Affiliate thereof, in response to changes in applicable laws or regulations, or to account for items of gain, loss or expense determined to be extraordinary or unusual in nature or infrequent in occurrence or related to an acquisition or similar transaction or the disposal of a segment of a business or related to a change in accounting principles.

(bb) “Performance Shares” means Shares or units denominated in Shares that are subject to restrictions that lapse upon the attainment of specified performance objectives and that are granted pursuant to Section 9 below.

(cc) “Person” shall have the meaning given in Section 3(a)(9) of the Exchange Act, as modified and used in Sections 13(d) and 14(d) thereof, except that such term shall not include (i) the Company or any Subsidiary thereof, (ii) a trustee or other fiduciary holding securities under an employee benefit plan of the Company or any Subsidiary thereof, (iii) an underwriter temporarily holding securities pursuant to an offering of such securities, or (iv) a corporation owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of shares of the Company.

(dd) “Plan” means this Amended and Restated 2023 Omnibus Equity Incentive Plan, including any appendixes thereto, as amended and restated herein and as may be amended from time to time.

(ee) “Restricted Shares” means Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(ff) “Restricted Stock Units” means units denominated in Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(gg) “Service” means that the Participant’s service with the Company or an Affiliate, whether as an employee, consultant or director, is not interrupted or terminated. The Participant’s Service shall not be deemed to have terminated merely because of a change in the capacity in which the Participant renders service to the Company or an Affiliate as an employee, consultant or director or a change in the entity for which the Participant renders such service, provided that the Administrator or its delegate determines, in its sole discretion, there is no interruption or termination of the Participant’s Service; provided further that if any Award is subject to Section 409A of the Code, this sentence shall only be given effect to the extent consistent with Section 409A of the Code. For example, a change in status from an employee of the Company to a director of an Affiliate will not constitute an interruption of Service. The Administrator or its delegate, in its sole discretion, may determine whether Service shall be considered interrupted in the case of any leave of absence approved by that party, including sick leave, military leave or any other personal or family leave of absence. The Administrator or its delegate, in its sole discretion, may determine whether a Company transaction, such as a sale or spin-off of a division or subsidiary that employs a Participant, shall be deemed to result in a termination of Service for purposes of affected Awards, and such decision shall be final, conclusive and binding.

B-6

(hh) “Shares” means Common Stock reserved for issuance under the Plan, as adjusted pursuant to the Plan, and any successor (pursuant to a merger, amalgamation, consolidation or other reorganization) security.

(ii) “Share Appreciation Right” or “SAR” means the right pursuant to an Award granted under Section 8 below to receive an amount equal to the excess, if any, of (i) the aggregate Fair Market Value, as of the date such Award or portion thereof is surrendered, of the Shares covered by such Award or such portion thereof, over (ii) the aggregate Exercise Price of such Award or such portion thereof.

(jj) “Subsidiary” means, with respect to any Person, as of any date of determination, any other Person as to which such first Person owns or otherwise controls, directly or indirectly, more than 50% of the voting shares or other similar interests or a sole general partner interest or managing member or similar interest of such other Person. An entity shall be deemed a Subsidiary of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

Section 3. Administration.

(a) The Plan shall be administered by the Administrator and shall be administered in accordance with the requirements of, to the extent applicable, Rule 16b-3 under the Exchange Act (“Rule 16b-3”). Within the scope of such authority, the Board or the Committee may delegate to a committee of one or more members of the Board who are not non-employee directors or who are officers of the Company the authority to grant Awards to eligible persons who are not then subject to Section 16 of the Exchange Act. The Plan is intended to comply, and shall be administered in a manner that is intended to comply, with Section 409A of the Code and shall be construed and interpreted in accordance with such intent. To the extent that an Award, issuance and/or payment is subject to Section 409A of the Code, it shall be awarded and/or issued or paid in a manner that will comply with Section 409A of the Code, including any applicable regulations or guidance issued by the Secretary of the United States Treasury Department and the Internal Revenue Service with respect thereto.

(b) Pursuant to the terms of the Plan, the Administrator, subject, in the case of any Committee, to any restrictions on the authority delegated to it by the Board, shall have the power and authority, without limitation:

(1) to select those Eligible Recipients who shall be Participants;

(2) to determine whether and to what extent Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or a combination of any of the foregoing, are to be granted hereunder to Participants;

(3) to determine the number of Shares to be covered by each Award granted hereunder;

(4) to determine the terms and conditions, not inconsistent with the terms of the Plan, of each Award granted hereunder (including, but not limited to, (i) the restrictions applicable to Restricted Shares or Restricted Stock Units and the conditions under which restrictions applicable to such Restricted Shares or Restricted Stock Units shall lapse, (ii) the performance goals and periods applicable to Performance Shares or Cash Awards, (iii) the Exercise Price of each Award, (iv) the vesting schedule applicable to each Award, (v) the number of Shares subject to each Award and (vi) subject to the requirements of Section 409A of the Code and Section 3(d) of the Plan (in each case, to the extent applicable), any amendments to the terms and

B-7

conditions of outstanding Awards, including, but not limited to, extending the exercise period of such Awards and accelerating the vesting schedule of such Awards, and, if the Administrator in its discretion determines to accelerate the vesting of Options and/or Share Appreciation Rights in connection with a Change in Control, the Administrator shall also have discretion in connection with such action to provide that all Options and/or Share Appreciation Rights outstanding immediately prior to such Change in Control shall expire on the effective date of such Change in Control;

(5) to determine the terms and conditions, not inconsistent with the terms of the Plan, which shall govern all written instruments evidencing Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing granted hereunder;

(6) to determine the Fair Market Value;

(7) to determine the duration and purpose of leaves of absence which may be granted to a Participant without constituting termination of the Participant’s employment for purposes of Awards granted under the Plan;

(8) to adopt, alter and repeal such administrative rules, regulations, guidelines and practices governing the Plan as it shall from time to time deem advisable;

(9) to construe and interpret the terms and provisions of, and supply or correct omissions in, the Plan and any Award issued under the Plan (and any Award Agreement relating thereto), and to otherwise supervise the administration of the Plan and to exercise all powers and authorities either specifically granted under the Plan or necessary and advisable in the administration of the Plan; and

(10) to prescribe, amend and rescind rules and regulations relating to sub-plans established for the purpose of satisfying applicable foreign laws or for qualifying for favorable tax treatment under applicable foreign laws, which rules and regulations may be set forth in an appendix or appendixes to the Plan.

(c) All decisions made by the Administrator pursuant to the provisions of the Plan shall be final, conclusive and binding on all persons, including the Company and the Participants. The Administrator’s determinations under the Plan need not be uniform and may be made by it selectively among persons who are eligible to receive, or actually receive, Awards. Without limiting the generality of the foregoing, the Administrator shall be entitled to make non-uniform and selective determinations, amendments and adjustments (including in connection with a Change in Control or a Change in Capitalization), and to enter into non-uniform and selective Award Agreements. No member of the Board or the Committee, nor any officer or employee of the Company or any Subsidiary thereof acting on behalf of the Board or the Committee, shall be personally liable for any action, omission, determination or interpretation taken or made in good faith with respect to the Plan, and all members of the Board or the Committee and each and any officer or employee of the Company and of any Subsidiary thereof acting on their behalf shall, to the maximum extent permitted by law, be fully indemnified and protected by the Company in respect of any such action, omission, determination or interpretation.

(d) Except in the case of Substitute Awards granted pursuant to Sections 4(e), any equity or equity-based Award (including any portion thereof) shall have a minimum vesting period of one year from the date of its grant with no vesting prior to the first anniversary of the grant date.

B-8

Notwithstanding the foregoing, (i) the Committee may provide in an Award Agreement or following the time of grant that the vesting of an Award shall accelerate in the event of the Participant’s death, Disability, or a termination of Service other than for cause, and (ii) the Committee may grant Awards covering up to five percent (5%) of the total number of Shares authorized under Section 4(a) of the Plan (subject to adjustment pursuant to Section 5 of the Plan) without respect to the minimum vesting requirements set forth in this Section 3(d). Notwithstanding the foregoing, with regard to Awards granted to a non-employee director, the vesting of such Awards will be deemed to satisfy the one year minimum vesting requirement to the extent that the Awards vest on the earlier of the one year anniversary of the date of grant and the next annual meeting of the Company’s shareholders that is at least 50 weeks after the immediately preceding year’s annual meeting.

Section 4. Shares Reserved for Issuance Under the Plan; Limitations.

(a) Subject to Section 5 hereof, 9,900,000 Shares are reserved and available for issuance pursuant to Awards granted under the Plan (which includes shares of Common Stock underlying Awards that are outstanding, have been issued in settlement of Awards or are no longer available for issuance hereunder, in each case, as of the Effective Date), plus the number of Shares underlying awards under the Prior Plan that on or after the Effective Date are forfeited, cancelled, exchanged or surrendered or otherwise terminate, expire or are settled without a distribution of Shares (the “Total Share Limit”).

(b) Shares issued under the Plan may, in whole or in part, be authorized but unissued Shares or Shares that shall have been or may be reacquired by the Company in the open market, in private transactions or otherwise.

(c) If any Shares subject to an Award are forfeited, cancelled, exchanged or surrendered or if an Award otherwise terminates, expires or is settled without a distribution of Shares to the Participant (including those withheld as payment of withholding taxes in respect of an Award), the Shares with respect to such Award shall, to the extent of any such forfeiture, cancellation, exchange, surrender, termination or expiration, again be available for Awards under the Plan. Notwithstanding the forgoing, shares surrendered or withheld as payment of either the Exercise Price of an Option or Share Appreciation Right or an option or share appreciation right under the Prior Plan (including Shares otherwise underlying an Award or an award under the Prior Plan of a share appreciation right that are retained by the Company to account for the grant price of such Share Appreciation Right) and/or withholding taxes in respect of an Option or Share Appreciation Right or an award under the Prior Plan shall not be available for grant under the Plan.

(d) No more than 5,500,000 Shares shall be issued pursuant to the exercise of ISOs.

(e) Awards may, in the sole discretion of the Committee, be granted under the Plan in assumption of, or in substitution for, outstanding awards previously granted by an entity acquired by the Company or with which the Company combines (“Substitute Awards”). Substitute Awards shall not be counted against the Total Share Limit; provided that Substitute Awards issued in connection with the assumption of, or in substitution for, outstanding options intended to qualify as ISO shall be counted against the ISO limit. Subject to applicable stock exchange requirements, available shares under a shareholder-approved plan of an entity directly or indirectly acquired by the Company or with which the Company combines (as appropriately

B-9

adjusted to reflect such acquisition or transaction) may be used for Awards under the Plan and shall not count toward the Total Share Limit.

Section 5. Equitable Adjustments.

In the event of any Change in Capitalization, an equitable substitution or proportionate adjustment shall be made, in each case, as may be determined by the Administrator, in its sole discretion, in (i) the aggregate number of Shares reserved for issuance under the Plan pursuant to Section 4 and the maximum number of Shares that may be subject to Awards granted to any Participant in any calendar or fiscal year (including the limits set forth in Sections 4(a) and 4(d)), (ii) the kind, number and Exercise Price subject to outstanding Options and Share Appreciation Rights granted under the Plan, and (iii) the kind, number and purchase price of Shares or other securities subject to outstanding Restricted Shares, Restricted Stock Units, Performance Shares or Other Share-Based Awards granted under the Plan; provided, however, that any fractional shares resulting from the adjustment shall be eliminated. Such other equitable substitutions or adjustments shall be made as may be determined by the Administrator, in its sole discretion. Without limiting the generality of the foregoing, in connection with a Change in Capitalization or Change in Control, the Administrator may provide, in its sole discretion, but subject in all events to the requirements of Section 409A of the Code, for the cancellation of any outstanding Award granted hereunder in exchange for payment in cash or other property having an aggregate Fair Market Value of the Shares covered by such award (with or without regard to any holdback or contingent consideration arrangement), reduced by the aggregate Exercise Price or purchase price thereof, if any (including, for the avoidance of doubt, the cancellation for no consideration of any Option or Share Appreciation Right with an Exercise Price that equals or exceeds the price paid for the underlying Shares). Further, without limiting the generality of the foregoing, with respect to Awards subject to foreign laws, adjustments made hereunder shall be made in compliance with applicable requirements. Except to the extent determined by the Administrator, any adjustments to ISOs under this Section 5 shall be made only to the extent not constituting a “modification” within the meaning of Section 424(h)(3) of the Code. The Administrator’s determinations pursuant to this Section 5 shall be final, binding and conclusive.

Section 6. Eligibility.

The Participants under the Plan shall be selected from time to time by the Administrator, in its sole discretion, from those individuals that qualify as Eligible Recipients.

Section 7. Options.

(a) General. Options granted under the Plan shall be designated as Nonqualified Stock Options or ISOs. Each Participant who is granted an Option shall enter into an Award Agreement with the Company, containing such terms and conditions as the Administrator shall determine, in its sole discretion, which Award Agreement shall set forth, among other things, the Exercise Price of the Option, the term of the Option and provisions regarding exercisability of the Option, and whether the Option is intended to be an ISO or a Nonqualified Stock Option (and in the event the Award Agreement has no such designation, the Option shall be a Nonqualified Stock Option). The provisions of each Option need not be the same with respect to each Participant. More than one Option may be granted to the same Participant and be outstanding concurrently hereunder. Options granted under the Plan shall be subject to the terms and conditions set forth in this Section 7 and shall contain such additional terms and conditions, not inconsistent with the

B-10

terms of the Plan, as the Administrator shall deem desirable and set forth in the applicable Award Agreement.

(b) Exercise Price. The Exercise Price of Shares purchasable under an Option shall be determined by the Administrator in its sole discretion at the time of grant, but in no event shall the exercise price of an Option be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(c) Option Term. The maximum term of each Option shall be fixed by the Administrator, but no Option shall be exercisable more than ten (10) years after the date such Option is granted. Each Option’s term is subject to earlier expiration pursuant to the applicable provisions in the Plan and the Award Agreement.

(d) Exercisability. Each Option shall be exercisable at such time or times and subject to such terms and conditions, including the attainment of pre-established corporate performance goals, as shall be determined by the Administrator in the applicable Award Agreement. The Administrator may also provide that any Option shall be exercisable only in installments, and the Administrator may waive such installment exercise provisions at any time, in whole or in part, based on such factors as the Administrator may determine in its sole discretion. Notwithstanding anything to the contrary contained herein, an Option may not be exercised for a fraction of a share.

(e) Method of Exercise. Options may be exercised in whole or in part by giving written notice of exercise to the Company specifying the number of whole Shares to be purchased, accompanied by payment in full of the aggregate Exercise Price of the Shares so purchased in cash or its equivalent, as determined by the Administrator. As determined by the Administrator, in its sole discretion, with respect to any Option or category of Options, payment in whole or in part may also be made (i) by means of consideration received under any cashless exercise procedure approved by the Administrator (including the withholding of Shares otherwise issuable upon exercise), (ii) in the form of unrestricted Shares already owned by the Participant which have a Fair Market Value on the date of surrender equal to the aggregate exercise price of the Shares as to which such Option shall be exercised, (iii) any other form of consideration approved by the Administrator and permitted by applicable law or (iv) any combination of the foregoing.

(f) ISOs. The terms and conditions of ISOs granted hereunder shall be subject to the provisions of Section 422 of the Code and the terms, conditions, limitations and administrative procedures established by the Administrator from time to time in accordance with the Plan. At the discretion of the Administrator, ISOs may be granted only to an employee of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary.

(1) ISO Grants to 10% Shareholders. Notwithstanding anything to the contrary in the Plan, if an ISO is granted to a Participant who owns shares representing more than ten percent (10%) of the voting power of all classes of shares of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary, the term of the ISO shall not exceed five (5) years from the time of grant of such ISO and the Exercise Price shall be at least one hundred and ten percent (110%) of the Fair Market Value of the Shares on the date of grant.

(2) $100,000 Per Year Limitation For ISOs. To the extent the aggregate Fair Market Value (determined on the date of grant) of the Shares for which ISOs are exercisable for the first time

B-11

by any Participant during any calendar year (under all plans of the Company) exceeds $100,000, such excess ISOs shall be treated as Nonqualified Stock Options.

(3) Disqualifying Dispositions. Each Participant awarded an ISO under the Plan shall notify the Company in writing immediately after the date he or she makes a “disqualifying disposition” of any Share acquired pursuant to the exercise of such ISO. A “disqualifying disposition” is any disposition (including any sale) of such Shares before the later of (i) two years after the date of grant of the ISO and (ii) one year after the date the Participant acquired the Shares by exercising the ISO. The Company may, if determined by the Administrator and in accordance with procedures established by it, retain possession of any Shares acquired pursuant to the exercise of an ISO as agent for the applicable Participant until the end of the period described in the preceding sentence, subject to complying with any instructions from such Participant as to the sale of such shares.

(g) Rights as Stockholder. A Participant shall have no rights to dividends or distributions or any other rights of a stockholder with respect to the Shares subject to an Option until the Participant has given written notice of the exercise thereof, has paid in full for such Shares.

(h) Termination of Service. Unless otherwise provided by the Committee, either pursuant to its powers under Section 3(b) or in the applicable Award Agreement:

(1) In the event that the Service of a Participant shall terminate for any reason other than Cause, Disability, or death, (A) Options granted to such Participant, to the extent that they are exercisable at the time of such termination, shall remain exercisable until the date that is ninety (90) days after such termination, on which date they shall expire, and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. The ninety (90) day period described in this Section 7(h)(1) shall be extended to one (1) year after the date of such termination in the event of the Participant’s death during such ninety (90) day period. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(2) In the event that the Service of a Participant with the Company and all Affiliates thereof shall terminate on account of the Disability, or death of the Participant, (A) Options granted to such Participant, to the extent that they were exercisable at the time of such termination, shall remain exercisable until the date that is one (1) year after such termination, on which date they shall expire and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(3) In the event of the termination of a Participant’s Service for Cause, all outstanding Options granted to such Participant shall expire at the commencement of business on the date of such termination.

(i) Other Change in Employment Status. An Option shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 8. Share Appreciation Rights.

B-12

(a) General. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, grants of Share Appreciation Rights shall be made, the number of Shares to be awarded, the price per Share, and all other conditions of Share Appreciation Rights. The provisions of Share Appreciation Rights need not be the same with respect to each Participant. Share Appreciation Rights granted under the Plan shall be subject to the following terms and conditions set forth in this Section 8 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable, as set forth in the applicable Award Agreement.

(b) Awards; Rights as Stockholder. Participants who are granted Share Appreciation Rights shall have no rights as shareholders of the Company with respect to the grant or exercise of such rights.

(c) Exercisability. Share Appreciation Rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(d) Payment Upon Exercise.

(1) Upon the exercise of a Share Appreciation Right, the Participant shall be entitled to receive up to, but not more than, that number of Shares equal in value to the excess of the Fair Market Value as of the date of exercise over the price per share specified in the Share Appreciation Right multiplied by the number of Shares in respect of which the Share Appreciation Right is being exercised, with the Administrator having the right to determine the form of payment.

(2) Notwithstanding the foregoing, the Administrator may determine to settle the exercise of a Share Appreciation Right in cash (or in any combination of Shares and cash).

(e) Termination of Service. Unless otherwise provided by the Committee pursuant to its powers under Section 3(b), in the event of the termination of Service of a Participant who has been granted one or more Share Appreciation Right, such rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(f) Term. The term of each Share Appreciation Right shall be fixed by the Administrator, but no Share Appreciation Right shall be exercisable more than ten (10) years after the date such right is granted.

(g) Other Change in Employment Status. Share Appreciation Rights shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 9. Restricted Shares, Restricted Stock Units Shares and Performance Shares.

(a) General. Restricted Shares, Restricted Stock Units or Performance Shares may be issued either alone or in addition to other awards granted under the Plan. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, Restricted Shares, Restricted Stock Units or Performance Shares shall be made; the number of Shares to be awarded; the price, if any, to be paid by the Participant for the acquisition of Restricted Shares, Restricted Stock Units or Performance Shares; the period of time prior to which such shares become vested and free of restrictions on Transfer (the “Restricted Period”), if any, applicable to

B-13

Restricted Shares, Restricted Stock Units or Performance Shares; the performance objectives (if any) applicable to Restricted Shares, Restricted Stock Units or Performance Shares; and all other conditions of the Restricted Shares, Restricted Stock Units and Performance Shares. If the restrictions, performance objectives and/or conditions established by the Administrator are not attained, a Participant shall forfeit his or her Restricted Shares, Restricted Stock Units or Performance Shares, in accordance with the terms of the grant. The provisions of the Restricted Shares, Restricted Stock Units or Performance Shares need not be the same with respect to each Participant.

(b) Awards and Certificates.

(1) The prospective recipient of Restricted Shares, Restricted Stock Units or Performance Shares shall not have any rights with respect to any such award, unless and until such recipient has executed an Award Agreement and delivered a fully executed copy thereof to the Company, within a period of thirty (30) days (or such other period as the Administrator may specify) after the award date. Except as otherwise provided below in Section 9(c), (i) each Participant who is granted an award of Restricted Shares may, in the Company’s sole discretion, be issued a share certificate in respect of such Restricted Shares; and (ii) any such certificate so issued shall be registered in the name of the Participant, and shall bear an appropriate legend referring to the terms, conditions and restrictions applicable to any such Award.

(2) The Company may require that the share certificates, if any, evidencing Restricted Shares granted hereunder be held in the custody of the Company until the restrictions thereon shall have lapsed, and that, as a condition of any award of Restricted Shares, the Participant shall have delivered a share transfer form, endorsed in blank, relating to the Shares covered by such award.

(3) Notwithstanding anything in the Plan to the contrary, any Shares issued in respect of Restricted Shares, Restricted Stock Units (at the expiration of the Restricted Period) or Performance Shares (whether before or after any vesting conditions have been satisfied) may, in the Company’s sole discretion, be issued in uncertificated form pursuant to the customary arrangements for issuing shares in such form.

(4) Further, notwithstanding anything in the Plan to the contrary, with respect to Restricted Stock Units, at the expiration of the Restricted Period, Shares shall promptly be issued (either in certificated or uncertificated form) to the Participant, unless otherwise deferred in accordance with procedures established by the Company in accordance with Section 409A of the Code, and such issuance shall in any event be made within such period as is required to avoid the imposition of a tax under Section 409A of the Code.

(c) Restrictions and Conditions. The Restricted Shares, Restricted Stock Units and Performance Shares granted pursuant to this Section 9 shall be subject to the following restrictions and conditions and any additional restrictions or conditions as determined by the Administrator at the time of grant or, subject to Section 409A of the Code, thereafter:

(1) Except as provided in the applicable Award Agreement, the Participant shall generally have the rights of a stockholder of the Company with respect to Restricted Shares during the Restricted Period; provided, however, that dividends declared during the Restricted Period with respect to an Award that vests or becomes payable based upon the achievement of performance goals, shall only become payable if and to the extent the performance levels on the underlying Award is achieved . Except as provided in the applicable Award Agreement, the Participant shall

B-14

generally not have the rights of a stockholder with respect to Shares subject to Restricted Stock Units or Performance Shares during the Restricted Period; provided, however, that, subject to Section 409A of the Code, an amount equal to dividends declared during the Restricted Period with respect to the number of Shares covered by Restricted Stock Units or Performance Shares shall, unless otherwise set forth in an Award Agreement, be paid to the Participant at the time shares in respect of the related Restricted Stock Units are delivered to the Participant or the Restricted Period with respect to the Performance Shares expires. Certificates for Shares of unrestricted Common Stock may, in the Company’s sole discretion, be delivered to the Participant only after the Restricted Period has expired without forfeiture in respect of such Restricted Shares, Restricted Stock Units or Performance Shares, except as the Administrator, in its sole discretion, shall otherwise determine.

(2) The rights of Participants granted Restricted Shares, Restricted Stock Units or Performance Shares upon termination of Service for any reason during the Restricted Period shall be set forth in the Award Agreement.

Section 10. Other Share-Based Awards.

The Administrator is authorized to grant Awards to Participants in the form of Other Share-Based Awards, as deemed by the Administrator to be consistent with the purposes of the Plan and as evidenced by an Award Agreement. The Administrator shall determine the terms and conditions of such Awards, consistent with the terms of the Plan, at the date of grant or thereafter, including any Performance Goals and performance periods. Common Stock or other securities or property delivered pursuant to an Award in the nature of a purchase right granted under this Section 10 shall be purchased for such consideration, paid for at such times, by such methods, and in such forms, including, without limitation, Shares, other Awards, notes or other property, as the Administrator shall determine, subject to any required corporate action.

Section 11. Cash Awards.

The Administrator may grant awards that are denominated in, or payable to Participants solely in, cash, as deemed by the Administrator to be consistent with the purposes of the Plan, and, except as otherwise provided in this Section 11, such Cash Awards shall be subject to the terms, conditions, restrictions and limitations determined by the Administrator, in its sole discretion, from time to time. Awards granted pursuant to this Section 11 may be granted with value and payment contingent upon the achievement of Performance Goals.

Section 12. Dividends and Dividend Equivalents.

Any Award (other than an Option, SAR or Cash Award) may provide the Participant with dividends or dividend equivalents, payable in cash, Shares, other securities, other Awards or other property, on a current or deferred or vested or unvested basis, including (i) payment directly to the Participant, (ii) withholding of such amounts by the Company subject to vesting of the Award or (iii) reinvestment in additional Shares, Restricted Shares or other Awards; provided, however, that any dividends or dividend equivalents with respect to Awards subject to vesting requirements shall be accumulated in a manner determined by the Committee until such Award is earned and such dividends and dividend equivalents shall not be paid if the vesting requirements of the underlying Award are not satisfied.

Section 13. Change in Control.

B-15

Unless otherwise provided in an employment, severance or change in control agreement between the Participant and the Company, in the event of a Change in Control:

(a) With respect to each outstanding Award that is assumed or substituted in connection with the Change in Control, in the event the Participant’s Service is terminated by the Company, its successor or Affiliate thereof without Cause on or after the effective date of the Change in Control but prior to twelve (12) months following the Change in Control, then:

(1) any unvested or unexercisable portion of any Award carrying a right to exercise shall become fully vested and exercisable; and

(2) the restrictions, deferral limitations, payment conditions and forfeiture conditions applicable to an Award granted under the Plan shall lapse and such Awards shall be deemed fully vested and any outstanding performance conditions imposed with respect to such Awards shall be deemed to be fully achieved at the greater of target and actual performance levels.

(b) With respect to each outstanding Award that is not assumed or substituted in connection with a Change in Control, immediately upon the occurrence of the Change in Control, (i) such Award shall become fully vested and exercisable, (ii) the restrictions, payment conditions, and forfeiture conditions applicable to any such Award granted shall lapse, and (iii) and any performance conditions imposed with respect to such Award shall be deemed to be achieved at the greater of target and actual performance levels (as determined in the Administrator’s sole discretion as of the Change in Control).

(c) For purposes of this Section 13, an Award shall be considered assumed or substituted if, following the Change in Control, the Award is of substantially comparable value and remains subject to the same terms and conditions that were applicable to the Award immediately prior to the Change in Control except that, if the Award related to shares of Common Stock, the Award instead confers the right to receive common stock of the acquiring or ultimate parent entity.

Section 14. Deferrals and Settlements.

The Committee may require or permit Participants to elect to defer the issuance of shares or the settlement of Awards in cash under such rules and procedures as it may establish under the Plan. It may also provide that deferred settlements include the payment or crediting of interest or dividend equivalents on the deferral amounts. Any such rules or procedures shall comply with the requirements of Section 409A of the Code, including those with respect to the time when a deferral election may be made, the period of the deferral and the events that would result in the payment of the deferred amount.

Section 15. Amendment and Termination.

The Board may amend, alter or terminate the Plan, but no amendment, alteration or termination shall be made that would impair the rights of a Participant under any Award theretofore granted without such Participant’s consent. Unless the Board determines otherwise, the Board shall obtain approval of the Company’s shareholders for any amendment that would require such approval in order to satisfy the requirements of any rules of the stock exchange on which the Common Stock is traded or other applicable law. The Administrator may amend the terms of any Award theretofore granted, prospectively or retroactively, but, subject to Section 5 and Section 13 of the Plan and the immediately preceding sentence, no such amendment shall materially impair the rights of any Participant without his or her consent.

B-16

Notwithstanding anything herein to the contrary, in no event may any Option or SAR (i) be amended to decrease the Exercise Price thereof, (ii) be canceled at a time when its Exercise Price exceeds the Fair Market Value of the underlying Share in exchange for another Award, award under any other equity- compensation plan or any cash payment or (iii) be subject to any action that would be treated, for accounting purposes, as a “repricing” of such Option or SAR, unless such amendment, cancelation or action is approved by the Company’s shareholders. For the avoidance of doubt, an adjustment to the Exercise Price of an Option or SAR that is made in accordance with Section 5 or Section 13 shall not be considered a reduction in Exercise Price or “repricing” of such Option or SAR.

Section 16. Unfunded Status of Plan.

The Plan is intended to constitute an “unfunded” plan for incentive compensation. With respect to any payments not yet made to a Participant by the Company, nothing contained herein shall give any such Participant any rights that are greater than those of a general creditor of the Company.

Section 17. Withholding Taxes.

Each Participant shall, no later than the date as of which the value of an Award first becomes includible in the gross income of such Participant for federal and/or state income tax purposes, pay to the Company, or make arrangements satisfactory to the Administrator regarding payment of, any federal, state or local taxes of any kind required by law to be withheld with respect to the Award. The obligations of the Company under the Plan shall be conditional on the making of such payments or arrangements, and the Company shall, to the extent permitted by law, have the right to deduct any such taxes from any payment of any kind otherwise due to such Participant. Whenever cash is to be paid pursuant to an award granted hereunder, the Company shall have the right to deduct therefrom an amount sufficient to satisfy any federal, state and local withholding tax requirements related thereto. Whenever Shares are to be delivered pursuant to an Award, the Company shall have the right to require the Participant to remit to the Company in cash an amount sufficient to satisfy any related federal, state and local taxes to be withheld and applied to the tax obligations. With the approval of the Administrator, a Participant may satisfy the foregoing requirement by electing to have the Company withhold from delivery of Shares or by delivering already owned unrestricted Common Stock, in each case, having a value not exceeding the federal, state and local taxes to be withheld and applied to the tax obligations. Such Shares shall be valued at their Fair Market Value on the date of which the amount of tax to be withheld is determined. Fractional share amounts shall be settled in cash. Such an election may be made with respect to all or any portion of the Shares to be delivered pursuant to an award. The Company may also use any other method of obtaining the necessary payment or proceeds, as permitted by law, to satisfy its withholding obligation with respect to any Option or other Award.

Section 18. Transfer of Awards.

Until such time as the Awards are fully vested and/or exercisable in accordance with the Plan or an Award Agreement, no purported sale, assignment, mortgage, hypothecation, transfer, charge, pledge, encumbrance, gift, transfer in trust (voting or other) or other disposition of, or creation of a security interest in or lien on, any Award or any agreement or commitment to do any of the foregoing (each, a “Transfer”) by any holder thereof in violation of the provisions of

B-17

the Plan or an Award Agreement will be valid, except with the prior written consent of the Administrator, which consent may be granted or withheld in the sole discretion of the Administrator. Any purported Transfer of an Award or any economic benefit or interest therein in violation of the Plan or an Award Agreement shall be null and void ab initio and shall not create any obligation or liability of the Company, and any person purportedly acquiring any Award or any economic benefit or interest therein transferred in violation of the Plan or an Award Agreement shall not be entitled to be recognized as a holder of such Shares. Unless otherwise determined by the Administrator in accordance with the provisions of the immediately preceding sentence, an Option or a share appreciation right may be exercised, during the lifetime of the Participant, only by the Participant or, during any period during which the Participant is under a legal disability, by the Participant’s guardian or legal representative.

Section 19. Continued Employment.

Neither the adoption of the Plan nor the grant of an Award shall confer upon any Eligible Recipient any right to continued Service, as the case may be, nor shall it interfere in any way with the right of the Company or any Affiliate thereof to terminate the Service of any of its Eligible Recipients at any time.

Section 20. Conditions on Issuance.

Shares shall not be issued pursuant to the exercise of an Award unless the exercise of such Award and the issuance and delivery of such Shares shall comply with Applicable Laws and securities regulations, and shall be further subject to the approval of counsel for the Company with respect to such compliance. The inability of the Company to obtain authority from any regulatory body having jurisdiction, which authority is deemed by the Company’s counsel to be necessary to the lawful issuance and sale of any Shares hereunder, shall relieve the Company of any liability in respect of the failure to issue or sell such Shares as to which such requisite authority shall not have been obtained. As a condition to the exercise of an Award, the Administrator may in its discretion require the person exercising such Award to represent and warrant at the time of any such exercise that the Shares are being purchased only for investment and without any present intention to sell or distribute such Shares.

Section 21. Sub-Plans.

The Administrator may from time to time establish sub-plans under the Plan for purposes of satisfying securities, tax or other laws of various jurisdictions in which the Company intends to grant Awards. Any sub-plans shall contain such limitations and other terms and conditions as the Administrator determines are necessary or desirable. All sub-plans shall be deemed a part of the Plan, but each sub-plan shall apply only to the Participants in the jurisdiction for which the sub-plan was designed.

Section 22. Clawback

Notwithstanding any other provisions in this Plan, the Company may cancel any Award, require reimbursement of any Award by a Participant, and effect any other right of recoupment of equity or other compensation provided under the Plan in accordance with any Company policies that may be adopted and/or modified from time to time (“Clawback Policy”). In addition, a Participant may be required to repay to the Company previously paid compensation, whether provided pursuant to the Plan or an Award Agreement, in accordance with the Clawback

B-18

Policy. By accepting an Award, the Participant is agreeing to be bound by the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion (including, without limitation, to comply with applicable law or stock exchange listing requirements).

Section 23. Effective Date.

The effective date (the “Effective Date”) is the date on which the Plan is approved by the shareholders of the Company.

Section 24. Electronic Signature.

Participant’s electronic signature of an Award Agreement shall have the same validity and effect as a signature affixed by hand.

Section 25. Term of Plan.

No Award shall be granted pursuant to the Plan on or after the tenth anniversary of the Effective Date, but Awards theretofore granted may extend beyond that date.

Section 26. Section 409A of the Code.

The intent of the parties is that payments and benefits under the Plan comply with Section 409A of the Code to the extent subject thereto, and, accordingly, to the maximum extent permitted, the Plan shall be interpreted and be administered to be in compliance therewith. Any payments described in the Plan that are due within the “short-term deferral period” as defined in Section 409A of the Code shall not be treated as deferred compensation unless applicable law requires otherwise. Notwithstanding anything to the contrary in the Plan, to the extent required in order to avoid accelerated taxation and/or tax penalties under Section 409A of the Code, amounts that would otherwise be payable and benefits that would otherwise be provided pursuant to the Plan during the six (6) month period immediately following the Participant’s termination of employment shall instead be paid on the first business day after the date that is six (6) months following the Participant’s separation from service (or upon the Participant’s death, if earlier). In addition, for purposes of the Plan, each amount to be paid or benefit to be provided to the Participant pursuant to the Plan, which constitute deferred compensation subject to Section 409A of the Code, shall be construed as a separate identified payment for purposes of Section 409A of the Code.

Section 27. Governing Law.

The Plan shall be governed by, and construed in accordance with, the laws of the State of Delaware, without giving effect to principles of conflicts of law of such state.

B-19

Document

[FORM OF]

VARONIS SYSTEMS, INC.

2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN RESTRICTED STOCK UNIT AWARD GRANT NOTICE

Varonis Systems, Inc. (the “Company”), pursuant to the Varonis Systems, Inc. 2023 Amended and Restated Omnibus Equity Incentive Plan (including the Sub-Plan for Israeli Participants adopted by the Company) (the “Plan”), attached hereto as Exhibits B1 and B2, respectively, hereby grants to the individual listed below (the “Participant”), an Award of restricted stock units (“Restricted Stock Units” or “RSUs”). Each vested Restricted Stock Unit represents the right to receive, in accordance with the Restricted Stock Unit Award Agreement attached hereto as Exhibit A (together, the “Agreement”), one share of the Common Stock of the Company (“Share”). This Award of Restricted Stock Units is subject to all of the terms and conditions set forth herein and in the Agreement and the Plan, which are incorporated herein by reference.

Capitalized terms not specifically defined herein shall have the meanings specified in the Plan. Participant:    ###PARTICIPANT_NAME###

Grant Date:    ###GRANT_DATE###

Total Number of RSUs Subject to Grant: ###TOTAL_AWARDS###

Type of Grant: Section 102 – "Capital Gains Route"

Vesting Schedule:

###VEST_SCHEDULE_TABLE###

Termination: Except to the extent paid in accordance with the above vesting schedule, the Total Number of RSUs Subject to Grant shall terminate, become forfeited or expire without settlement in accordance with the terms of the Agreement.

By his or her signature, the Participant hereby:

(a)agrees to be bound by the terms and conditions of the Plan, the Agreement and this Notice.

(b)acknowledges receipt of a copy of the Plan and accepts the RSUs subject to all of the terms and provisions of the Plan, the Agreement and this Notice and declares that he/she has reviewed the Agreement, the Plan and this Notice in their entirety.

(c)declares that he/she has had an opportunity to obtain the advice of counsel prior to executing this Notice and fully understands all provisions of this Notice, the Agreement and the Plan.

A-1

(d)agrees to accept as binding, conclusive and final all decisions or interpretations of the Administrator upon any questions arising under the Plan, the Agreement and this Notice or relating to the Award of RSUs.

(e)declares that she/he is familiar with Section 102 and the regulations and rules promulgated thereunder, including without limitations the provisions of the applicable tax route, and

A-2

agrees to comply with such provisions, as amended from time to time, provided that if such terms are not met, Section 102 may not apply.

(f)agrees to the terms and conditions of the trust deed signed between the Trustee and attached herein as Exhibit C and the Company and/or the applicable Affiliate, including but not limited to the control of the Shares by the Trustee.

(g)acknowledges that releasing the Shares from the control or holding of the Trustee prior to the termination of the Holding Period constitutes a violation of the terms of Section 102 and agrees to bear the relevant sanctions.

(h)authorizes the Company and/or the applicable Affiliate to provide the Trustee with any information required for the purpose of administering the Plan including executing its obligations under the Ordinance, the trust deed and the trust agreement, including without limitation information about his/her Shares, income tax rates, salary bank account, contact details and identification number.

(i)declares that he/she is a resident of the State of Israel for tax purposes on the Grant Date and agrees to notify the Company upon any change in the residence address indicated above and acknowledges that if he/she ceases to be an Israeli resident or if his/her engagement with the Company or Affiliate is terminated, the Shares shall remain subject to Section 102, the trust agreement, the Plan, the Agreement and this Notice.

(j)warrants and undertakes that at the time of grant of the RSUs herein, or as a consequence of the grant, the Participant is not and will not become a holder of a “controlling interest” in the Company, as such term is defined in Section 32(9) of the Ordinance.

(k)In addition, by signing below, the Participant also agrees that the Company, in its sole discretion, may satisfy any withholding obligations in accordance with Section 2.6(b) of the Agreement by (i) withholding shares of Common Stock otherwise issuable to the Participant upon vesting of the RSUs, (ii) instructing a broker on the Participant's behalf to sell shares of Common Stock otherwise issuable to the Participant upon vesting of the RSUs and submit the proceeds of such sale to the Company, or (iii) using any other method permitted by Section 2.6(b) of the Agreement or the Plan.

VARONIS SYSTEMS, INC.

1.2
1.2
---

1

Exhibit A

RESTRICTED STOCK UNIT AWARD AGREEMENT

Pursuant to the Restricted Stock Unit Award Grant Notice (the “Notice”) to which this Restricted Stock Unit Award Agreement (together, this “Agreement”) is attached, Varonis Systems, Inc. (the “Company”) has granted to the Participant an Award of restricted stock units (“Restricted Stock Units” or “RSUs”) under the Company’s 2023 Amended and Restated Omnibus Equity Incentive Plan (including the “Sub-Plan”) for Israeli Participants adopted by the Company) (the “Plan”). Each vested Restricted Stock Unit represents the right to receive one share of Common Stock of the Company (“Share”) subject to the terms and conditions set forth in the Plan and this Agreement. Capitalized terms not specifically defined herein shall have the meanings specified in the Plan and Notice.

ARTICLE I GENERAL

1.1Incorporation of Terms of Plan. The RSUs are subject to

the terms and conditions of the Plan, which are incorporated herein by reference. In the event of any inconsistency between the Plan and this Agreement, the terms of the Plan shall control.

ARTICLE II

GRANT OF RESTRICTED STOCK UNITS

1.1Grant of RSUs. Effective as of the Grant Date set forth in the Notice, the Company hereby grants to the Participant an Award of RSUs under the Plan, upon the terms and conditions set forth in the Notice, the Plan and this Agreement.

1.2Unsecured Obligation. Unless and until the RSUs have vested in the manner set forth in Article II hereof, the Participant will have no right to receive Shares with respect to any such RSUs. Prior to the actual settlement of any vested RSUs, such RSUs will represent an unsecured obligation of the Company, payable (if at all) only from the general assets of the Company.

1.3Vesting Schedule. Subject to Sections 2.5 and 3.1 hereof, the RSUs shall vest and become nonforfeitable with respect to the applicable portion thereof according to the vesting schedule set forth in the Notice (rounded down to the nearest whole Share).

| A-5 | | --- || 1.4 | | --- |

1.4Consideration to the Company. In consideration of the grant of RSUs pursuant hereto, the Participant agrees to render faithful and efficient employment or other service to the Company or any Affiliate. Nothing in the Plan or this Agreement shall confer upon the Participant any right to continue in the employment or service of the Company or any Affiliate or shall interfere with or restrict in any way the rights of the Company and its Affiliates, which rights are hereby expressly reserved, to discharge or terminate the employment or service of the Participant at any time for any reason whatsoever, with or without Cause.

1.5Forfeiture, Termination and Cancellation Upon Termination of Employment or Service.

(a)Upon the Participant’s termination of Service with the Company and all Affiliates thereof, the RSUs shall be treated as follows, except as specifically provided otherwise herein or in a separate arrangement between the Company and the Participant:

(i)In the event that the Service of the Participant with the Company and all Affiliates shall terminate for any reason other than Cause, unvested RSUs granted to the Participant shall terminate at the close of business on the date of such termination.

(ii)In the event of the termination of the Participant’s Service for Cause, all outstanding RSUs (whether vested or not) granted to the Participant shall terminate at the commencement of business on the date of such termination.

(iii)[for CEO only] Notwithstanding the foregoing or any provision herein to the contrary, in the event of the Participant’s voluntary resignation at any time when the Participant is Retirement Eligible, then, solely for purposes of continued vesting under this Agreement, the Participants Service is deemed to continue uninterrupted so long as the Participant (x) remains in compliance with all of the Participant’s continuing obligations to the Company and its Affiliates, and (y) the Participant provides such cooperation as the Company may reasonably request relating to the transfer of the Participant’s responsibilities. As used in the preceding sentence, “Retirement Eligible” means that the Participant has obtained age 55 and the Participant has remained in continuous Service to the Company for at least ten (10) years.

(b)The Administrator or its delegate shall determine in its sole discretion the manner in which the RSUs shall be affected, both with regard to the vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of the Participant.

| A-6 | | --- || 1.4 | | --- |

(c)For purposes of the RSUs, as determined in the Administrator’s or its delegate’s exclusive discretion, the Participant’s Service will be considered terminated as of the date the Participant is no longer actively providing services to the Company or any Affiliate (regardless of the reason for such termination and whether or not later to be found invalid or in breach of Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any), and unless otherwise expressly provided in this Agreement or determined by the Administrator or its delegate, the Participant’s right to vest in the RSUs, if any, will terminate as of such date and will not be extended by any notice period (e.g., the Participant’s period of service would not include any contractual notice period or any period of “garden leave” or similar period mandated under Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any).

1.6Issuance of Shares upon Vesting.

(a)The RSUs shall represent the right to receive, on the first business day following the vesting date, the number of Shares determined in accordance with the vesting schedule set forth in the Notice to have been earned to the extent determined by the Administrator, provided that the Participant remains employed or engaged by the Company or an Affiliate through the vesting date, subject to the provisions of Section 2.5 or Section 3.1. The Company shall deliver to the Participant (or any transferee permitted under Section 4.2 hereof), no later than two and one-half (2 1/2) months from the end of the calendar year of the vesting date, a number of Shares (either by delivering one or more certificates for such Shares or by entering such Shares in book entry form, as determined by the Company in its sole discretion) equal to the number of RSUs subject to this Agreement that vest on the vesting date, unless such RSUs terminate prior to the vesting date pursuant to Section 2.5 hereof. Notwithstanding the foregoing, in the event Shares cannot be issued pursuant to Section 20 of the Plan, the Shares shall be issued pursuant to the preceding sentence as soon as administratively practicable after the Administrator determines that Shares can again be issued in accordance with such Section.

(b)As set forth in Section 17 of the Plan and Section 5.3 of this Agreement, the Participant shall satisfy all Tax-Related Items (as defined in Section 5.3 below). The Company shall not be obligated to deliver any new certificate representing Shares to the Participant or the Participant’s legal representative or enter such Shares in book entry form unless and until the Participant or the Participant’s legal representative shall have paid or otherwise satisfied in full the amount of all Tax-Related Items.

1.7Conditions to Delivery of Shares. The Shares deliverable hereunder may be either previously authorized but unissued Shares, treasury Shares or issued Shares which have then been reacquired by the Company. Such Shares shall be fully paid and nonassessable. The Company shall not be required to issue or deliver any certificates or make

| A-7 | | --- || 1.4 | | --- |

any book entries evidencing Shares deliverable hereunder prior to fulfillment of the conditions set forth in Section 20 of the Plan.

ARTICLE III

TRUST

1.1The RSUs and the underlying Shares and/or any additional rights, including without limitation any right to receive any dividends or any shares received as a result of an adjustment made under the Plan, that may be granted in connection with the RSUs (the “Additional Rights”) shall be issued to or controlled by the Trustee for the benefit of the Participant under the provisions of the Section 102 under the Capital Gains Route for at least the period stated in Section 102 and the Income Tax Rules (Tax Benefits in Share Issuance to Employees) 5763-2003 (the “Rules”). In the event the RSUs do not meet the requirements of Section 102, such RSUs and the underlying Shares shall not qualify for the favorable tax treatment under the Capital Gains Route of Section 102. The Company makes no representations or guarantees that the RSUs will qualify for favorable tax treatment and will not be liable or responsible if favorable tax treatment is not available under Section 102. Any fees associated with any sale, transfer or any act in relation to the RSUs shall be borne by the Participant and the Trustee and/or the Company and/or any Affiliate shall be entitled to withhold or deduct such fees from payments otherwise due to from the Company or an Affiliate or the Trustee. In accordance with the requirements of Section 102 and the Capital Gains Route, the Participant shall not sell nor transfer the Shares or Additional Rights from the Trustee until the end of the required Holding Period. Notwithstanding the above, if any such sale or transfer occurs before the end of the required Holding Period, the sanctions under Section 102 shall apply to and shall be borne by the Participant.

1.2Notwithstanding anything mentioned in the Plan or this Agreement and in addition thereto, as long as the RSUs or Shares issued pursuant thereto are held or controlled by the Trustee on behalf of the Participant, all rights of the Participant over the Shares are personal, cannot be transferred, assigned, pledged or mortgaged, other than by will or laws of descent and distribution.

ARTICLE IV

CHANGE IN CONTROL

1

1.1Change in Control. In the event of a Change in Control, the RSUs shall be treated in accordance with Section 13 of the Plan.

ARTICLE V OTHER PROVISIONS

2

| A-8 | | --- || 1.4 | | --- |

2.1Administration. The Administrator shall have the power and authority to interpret and construe the terms and provisions of this Agreement and to adopt such rules for the administration, interpretation and application of this Agreement as are consistent therewith and to interpret, amend or revoke any such rules. All decisions made by the Administrator shall be final, conclusive and binding on all persons, including the Participant, the Company and any other interested persons and entities.

2.2Transferability of Grant. Except as otherwise set forth in the

| A-9 | | --- || 1.4 | | --- |

Plan:

(a)The RSUs may not be sold, pledged, assigned or transferred in any manner other than by will or the laws of descent and distribution; and

| A-10 | | --- || 1.4 | | --- |

(b)Neither the RSUs nor any interest or right therein shall be liable for the debts, contracts or engagements of the Participant or his or her successors in interest or shall be subject to disposition by transfer, alienation, anticipation, pledge, hypothecation, encumbrance, assignment or any other means whether such disposition be voluntary or involuntary or by operation of law by judgment, levy, attachment, garnishment or any other legal or equitable proceedings (including bankruptcy), and any attempted disposition thereof shall be null and void and of no effect, except to the extent that such disposition is permitted by Section 5.2(a) hereof.

2.3Responsibility for Taxes. Regardless of any action the Company or, if different, the Affiliate to which the Participant provides services takes with respect to any or all income tax, social insurance, payroll tax, fringe benefits tax, payment on account or other tax related items related to the Participant’s participation in the Plan and legally applicable to the Participant (“Tax-Related Items”), the Participant acknowledges that the ultimate liability for all Tax-Related Items is and remains the Participant’s responsibility and may exceed the amount actually withheld by the Company or the Affiliate. The Participant further acknowledges that the Company and/or the Affiliate (i) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the RSUs, including, but not limited to, the grant, vesting or settlement of the RSUs, the subsequent sale of Shares acquired pursuant to such settlement and the receipt of any dividends and/or dividend equivalent; and (ii) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the RSUs to reduce or eliminate the Participant’s liability for Tax-Related Items or achieve any particular tax result. Further, if the Participant has become subject to tax in more than one jurisdiction, the Participant acknowledges that the Company and/or the Affiliate may be required to withhold or account for Tax-Related Items in more than one jurisdiction.

2.4Withholding of Taxes. Prior to any relevant taxable or tax withholding event, as applicable, the Participant agrees to make adequate arrangements satisfactory to the Company and/or Trustee and/or the Affiliate to satisfy all Tax-Related Items. In this regard, the Participant authorizes the Company and/or Trustee and/or the Affiliate, or their respective agents, at their discretion, to satisfy any applicable withholding obligations with regard to all Tax-Related Items by one or a combination of the following:

(a)withholding from the Participant’s wages or other cash compensation paid to the Participant by the Company and/or Trustee and/or the Affiliate;

(b)withholding from proceeds of the sale of Shares acquired upon settlement of the RSUs either through a voluntary sale or through a mandatory sale arranged by the Company and/or Trustee (on the Participant’s behalf pursuant to this authorization); and

(c)withholding in Shares to be issued upon settlement of the RSUs, unless the use of such withholding method is problematic under Applicable Laws, in which case the obligation for Tax-Related Items may be satisfied by one or a combination of methods (a) and (b) above.

| A-11 | | --- || 1.4 | | --- |

Depending on the withholding method, the Company and/or Trustee and/or the Affiliate may withhold or account for Tax-Related Items by considering applicable minimum statutory withholding rates or other applicable withholding rates, including maximum applicable rates, in which case the Participant may receive a refund of any over-withheld amount in cash and will have no entitlement to the Share equivalent. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, the Participant is deemed to have been issued the full number of Shares subject to the vested RSUs, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items.

In addition, the Participant agrees to pay to the Company or Trustee, or the Affiliate any amount of Tax-Related Items that the Company or Trustee, or the Affiliate may be required to withhold or account for as a result of the Participant’s participation in the Plan that cannot be satisfied by the means previously described. The Company may refuse to issue or deliver the Shares or the proceeds of the sale of Shares, if the Participant fails to comply with his or her obligations in connection with the Tax- Related Items.

Finally, the Participant acknowledges that the Company, its Affiliates and/or the employer (i) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the RSUs including, but not limited to, the grant or vesting of the RSUs, the subsequent sale or transfer of Shares acquired pursuant to the RSUs and the receipt of any dividends; and (ii) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the RSUs to reduce or eliminate Participant's liability for Tax-Related Items or achieve any particular tax result. Further, if Participant has become subject to tax in more than one jurisdiction between the Grant Date and the date of any relevant taxable or tax withholding event, as applicable, Participant acknowledges that the Company, its Affiliates, the employer (or former employer, as applicable) and/or the Trustee may be required to withhold or account for Tax-Related Items in more than one jurisdiction. If Participant is subject to Tax-Related Items in more than one jurisdiction between the Grant Date and the date of any relevant taxable or tax withholding event, as applicable, Participant acknowledges that the Company and/or the employer (or former employer, as applicable) and/or the Trustee may be required to withhold or account for Tax- Related Items in more than one jurisdiction. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, Participant is deemed to have been issued the full number of Shares subject to the RSUs, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items due as a result of any aspect of Participant's participation in the Plan. The ramifications of any future modification of applicable laws regarding the taxation of the RSUs granted to Participant shall apply to the Participant accordingly and the Participant shall bear the full cost thereof, unless such modified laws expressly provide otherwise.

2.5No Advice Regarding Taxes . The Participant represents that the Participant has consulted with any tax consultants the Participant deems advisable in connection with the grant of RSUs and the issuance of Shares with respect thereto and that the Participant is not relying on the Company for any tax advice. The Company makes no warranties or representations whatsoever to the

2.6Equitable Adjustments. The Participant acknowledges that the RSUs are subject to modification and termination in certain events as provided in this Agreement and Section 5 of the Plan.

2.7Notices. Any notice to be given under the terms of this Agreement to the Company shall be addressed to the Company in care of the Legal Department at the Company’s principal office, and any notice to be given to the Participant shall be addressed to the Participant at the Participant’s last address reflected on the Company’s records. Any notice which is required to be given to the Participant shall, if the Participant is then deceased, be given to the person entitled to the RSUs pursuant to Section 4.2(a) hereof by written notice under this Section 4.7.

2.8Participant’s Representations. If the Shares issuable hereunder have not been registered under the Securities Act or any Applicable Laws on an effective registration statement at the time of such issuance, the Participant shall, if required by the Company, concurrently with such issuance, make such written representations as are deemed necessary or appropriate by the Company and/or its counsel.

2.9Titles. Titles are provided herein for convenience only and are not to serve as a basis for interpretation or construction of this Agreement.

2.10Governing Law and Venue. The laws of the State of Delaware shall govern the interpretation, validity, administration, enforcement and performance of the terms of this Agreement regardless of the law that might be applied under principles of conflicts of laws. For purposes of litigating any dispute that arises under this grant or this Agreement, the parties hereby submit to and consent to the exclusive jurisdiction of the State of New York, agree that such litigation shall be conducted in the courts of New York County, New York, or the federal courts for the U.S. for the Southern District of New York, where this grant is made and/or to be performed.

2.11Conformity to Securities Laws. The Participant acknowledges that the Plan and this Agreement are intended to conform to the extent necessary with all provisions of the Securities Act and the Exchange Act and any and all regulations and rules promulgated by the U.S. Securities and Exchange Commission thereunder, and state and foreign securities laws and regulations. Notwithstanding anything herein to the contrary, the Plan shall be administered, and the RSUs be granted and settled, only in such a manner as to conform to such laws, rules and regulations. To the extent permitted by Applicable Laws, the Plan and this Agreement shall be deemed amended to the extent necessary to conform to such laws, rules and regulations.

2.12Clawback. The Participant hereby acknowledges the RSUs are subject to, and agrees to be bound by, the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion in accordance with Section 22 of the Plan.

2.13Amendments and Termination. To the extent permitted by the Plan, this Agreement may be wholly or partially amended, altered or terminated at any time or from time to time by the Administrator or the Board.

2.14Successors and Assigns. The Company may assign any of its rights under this Agreement to single or multiple assignees, and this Agreement shall inure to the benefit of the successors and assigns of the Company. Subject to the restrictions on transfer herein set forth in Section 4.2 hereof, this Agreement shall be binding upon the Participant and his or her heirs, executors, administrators, successors and assigns.

2.15Limitations Applicable to Section 16 Persons. Notwithstanding any other provision of the Plan or this Agreement, if the Participant is subject to Section 16 of the Exchange Act, then the Plan, the RSUs and this Agreement shall be subject to any additional limitations set forth in any applicable exemptive rule under Section 16 of the Exchange Act (including any amendment to Rule 16b-3 of the Exchange Act) that are requirements for the application of such exemptive rule. To the extent permitted by Applicable Laws, this Agreement shall be deemed amended to the extent necessary to conform to such applicable exemptive rule.

2.16Entire Agreement. The Plan, the Notice and this Agreement (including all Exhibits thereto, if any) constitute the entire agreement of the parties and supersede in their entirety all prior undertakings and agreements of the Company and the Participant with respect to the subject matter hereof.

2.17Section 409A for U.S. Taxpayers. This Award of RSUs is intended to comply with Code Section 409A to the extent subject thereto and shall be interpreted in accordance with Code Section 409A and Department of Treasury regulations and other interpretive guidance issued thereunder, including, without limitation, any such regulations or other guidance that may be issued after the Grant Date. Notwithstanding any provision in the Plan or Agreement to the contrary, no payment or distribution under this Agreement that constitutes an item of deferred compensation under Code Section 409A and becomes payable by reason of the Participant’s termination of employment or service with the Company will be made to the Participant until the Participant’s termination of employment or service constitutes a “separation from service” (as defined in Code Section 409A). For purposes of this Agreement, each amount to be paid or benefit to be provided shall be construed as a separate identified payment for purposes of Code Section 409A. If the Participant is a “specified employee” (as defined in Code Section 409A), then to the extent necessary to avoid the imposition of taxes under Code Section 409A, the Participant shall not be entitled to any payments upon a termination of his or her employment or service until the earlier of: (i) the expiration of the six (6)-month period measured from the date of the Participant’s “separation from service” or (ii) the date of the Participant’s death. Upon the expiration of the applicable waiting period set forth in the preceding sentence, all payments and benefits deferred pursuant to this Section 4.17 (whether they would have otherwise been payable in a single lump sum or in installments in the absence of such deferral) shall be paid to the Participant in a lump sum as soon as practicable, but in no event later than sixty (60) calendar days, following such expired period, and any remaining payments due under this Agreement will be paid in accordance with the normal payment dates specified for them herein. The Administrator may, in its discretion,

adopt such amendments to the Plan, this Agreement or the Notice or adopt other policies and procedures (including amendments, policies and procedures with retroactive effect), or take any other actions, as the Administrator determines are necessary or appropriate to comply with the requirements of Code Section 409A.

2.18Electronic Signature; Electronic Delivery and Acceptance. The Participant’s electronic signature of this Agreement shall have the same validity and effect as a signature affixed by hand. The Company may, in its sole discretion, decide to deliver any documents related to the Participant’s current or future participation in the Plan by electronic means. The Participant hereby consents to receive such documents by electronic delivery and agrees to participate in the Plan through an on-line or electronic system established and maintained by the Company or a third party designated by the Company.

2.19Addendum. Notwithstanding any provisions in this Agreement, the RSUs shall be subject to any special provisions set forth in the Country Addendum attached hereto for the Participant's country of residence, if any. If the Participant relocates to one of the countries included in the Country Addendum or the United States during the term of the RSUs, the special provisions for such country shall apply to Participant to the extent the Company determines that the application of such provisions is necessary or advisable for legal or administrative reasons. The Country Addendum constitutes part of this Agreement.

2.20Waiver. The Participant acknowledges that a waiver by the Company of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any other provision of this Agreement, or of any subsequent breach by the Participant or any other participants.

2.21Severability. The provisions of this Agreement are severable and if any one or more provisions are determined to be illegal or otherwise unenforceable, in whole or in part, the remaining provisions shall nevertheless be binding and enforceable.

2.22The Company has obtained an exemption from the requirement to file a prospectus in Israel with respect to the offer of securities of the Company under the Plan (including the Israeli Sub-Plan). Copies of the Plan and the Form S-8 registration statement for the Plan filed with the U.S. Securities and Exchange Commission will be made available by request from the Company’s Legal Department.

2.23Data Privacy Notice and Consents

Data Collection and Usage. The Company collects, processes and uses personal data of the Participant, including, but not limited to, his or her name, home address and telephone number, email address, date of birth, social insurance, passport or other identification number (e.g., resident registration number), salary, nationality, job title, any Shares or directorships held in the Company, details of all RSUs or any other entitlement to Shares awarded, canceled, exercised, vested, unvested or outstanding in the

Participant’s personal data would be his or her consent.

(a)Stock Plan Administration Service Providers. The Company transfers participant data to Morgan Stanley, an independent service provider based in the United States, which assists the Company with the implementation, administration and management of the Plan. In the future, the Company may select a different service provider and may share the Participant’s data with another company that serves in a similar manner. The Company’s service provider(s) will open an account for the Participant to receive and trade Shares. The Participant will be asked to agree on separate terms and data processing practices with such service provider(s), which is a condition to the Participant’s ability to participate in the Plan.

(b)Data Retention. The Company will use the Participant’s personal data only as long as is necessary to implement, administer and manage the Participant’s participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and securities laws. When the Company no longer needs the Participant’s personal data, which will generally be seven years after the Participant is granted RSUs under the Plan, the Company will remove it from its systems. If the Company keeps data longer, it would be to satisfy legal or regulatory obligations and the Company’s legal basis would be relevant laws or regulations.

(c)Voluntariness and Consequences of Consent Denial or

Withdrawal. The Participant’s participation in the Plan and the Participant’s grant of consent is purely voluntary. The Participant may deny or withdraw his or her consent at any time. If the Participant does not consent, or if the Participant withdraws his or her consent, the Participant cannot participate in

the Plan. This would not affect the Participant’s salary as an employee or his or her career; the Participant would merely forfeit the opportunities associated with the Plan.

(d)Data Subject Rights. The Participant has a number of rights under data privacy laws in his or her country. Depending on where the

Participant is based, the Participant’s rights may include the right to (a) request access or copies of personal data the Company processes, (b) rectification of incorrect data, (c) deletion of data, (d) restrictions on processing, (e) portability of data, (f) lodge complaints with competent authorities in the Participant’s country, and/or (g) request a list with the names and addresses of any potential recipients of the Participant’s personal data. To receive clarification regarding the Participant’s rights or to exercise the Participant’s rights, please contact a local human resources representative.

If the Participant agrees with the data processing practices as described in this notice, he or she should declare his or her consent by clicking “Accept” on the Morgan Stanley award acceptance page.

2.24Insider-Trading/Market-Abuse Laws. The Participant acknowledges that, depending on his or her country of residence or the country of residence of the Participant’s broker, the Participant may be subject to insider-trading restrictions and/or market-abuse laws, which may affect his or her ability to accept, acquire, sell or otherwise dispose of Shares, rights to Shares (e.g., RSUs) or rights linked to the value of Shares during such times as the Participant is considered to have “inside information” regarding the Company, as defined by the laws or regulations in the Participant’s country. Local insider trading laws and regulations may prohibit the cancellation or amendment of orders placed by the Participant before the Participant possessed inside information. Furthermore, the Participant could be prohibited from (i) disclosing the inside information to any third party (other than on a “need to know” basis) and (ii) “tipping” third parties or causing them otherwise to buy or sell securities. Note that third parties include fellow employees. Any restrictions under these laws or regulations are separate from and in addition to any restrictions that may be imposed under any applicable Company insider trading policy. The Participant acknowledges that it is his or her responsibility to be informed of and compliant with such regulations, and the Participant should speak to his or her personal legal advisor on this matter.

2.25Language. If the Participant has received this Agreement or any other document related to the Plan translated into a language other than English and if the meaning of the translated version is different than the English version, the English version will control.

2.26Imposition of Other Requirements. The Company reserves the right to impose other requirements on the Participant’s participation in the Plan, on the RSUs and on any Shares acquired under the Plan, to the extent the Company determines it is necessary or advisable for legal or administrative reasons, and to require the Participant to sign any additional agreements or undertakings that may be necessary to accomplish the foregoing.

EXHIBIT B1

VARONIS SYSTEMS, INC.

2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN

Section 1. Purpose of Plan.

The name of the Plan, as amended and restated from time to time is the Amended and Restated Varonis Systems, Inc. 2023 Omnibus Equity Incentive Plan. The purposes of the Plan are to provide an additional incentive to selected employees, directors, independent contractors and consultants of the Company or its Affiliates whose contributions are essential to the growth and success of the Company’s business, in order to strengthen the commitment of such persons to the Company and its Subsidiaries, motivate such persons to faithfully and diligently perform their responsibilities and attract and retain competent and dedicated persons whose efforts will result in the long-term growth and profitability of the Company. To accomplish such purposes, the Plan provides that the Company may grant Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Other Share-Based Awards, Cash Awards or any combination of the foregoing. Upon originally becoming effective on June 7, 2023, the Plan replaced the Varonis Systems, Inc. 2013 Omnibus Equity Incentive Plan (the “Prior Plan”) and no further awards could be made under the Prior Plan; provided, however, that the Prior Plan shall continue to govern the terms and condition of outstanding awards granted thereunder.

Section 2. Definitions.

For purposes of the Plan, the following terms shall be defined as set forth below:

(a) “Administrator” means the Board, or, if and to the extent the Board does not administer the Plan, the Committee in accordance with Section 3 hereof.

(b) “Affiliate” means a Person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the Person specified. An entity shall be deemed an Affiliate of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

(c) “Applicable Laws” means the applicable requirements under U.S. federal and state corporate laws, U.S. federal and state securities laws, including the Code, any stock exchange or quotation system on which the Common Stock is listed or quoted and the applicable laws of any other country or jurisdiction where Awards are granted under the Plan, as are in effect from time to time.

(d) “Award” means any Option, Share Appreciation Right, Restricted Share, Restricted Stock Unit, Performance Share, Other Share-Based Award or Cash Award granted under the Plan.

(e) “Award Agreement” means any written agreement, contract or other instrument or document evidencing an Award.

(f) “Beneficial Owner” (or any variant thereof) has the meaning defined in Rule 13d-3 under the Exchange Act.

(g) “Board” means the Board of Directors of the Company.

(h) “Bylaws” mean the bylaws of the Company, as may be amended and/or restated from time to time.

(i) “Cash Award” means cash awarded under Section 11 of the Plan, including cash awarded as a bonus or upon the attainment of Performance Goals or otherwise as permitted under the Plan.

(j) “Cause” shall have the meaning assigned to such term in any individual employment, change in control or severance agreement or plan or Award Agreement with the Participant or, if no such agreement exists or if such agreement does not define “Cause,” Cause shall mean (i) an act of dishonesty made by Participant in connection with Participant’s responsibilities as an employee which is materially injurious to the financial condition or business reputation of the Company or any of its Subsidiaries; (ii) Participant’s conviction of or plea of nolo contendere to, a felony or any crime involving fraud, embezzlement or any other act of moral turpitude; (iii) Participant’s gross misconduct; (iv) Participant’s willful unauthorized use or disclosure of any proprietary information or trade secrets of the Company or any of its Subsidiaries; (v) Participant’s willful and material violation of any written policies of the Company or any of its Subsidiaries (to the extent applicable); (vi) Participant’s material breach of any obligations under any material written agreement or covenant with the Company or any of its Subsidiaries; or (vii) Participant’s

continued failure to perform his or her employment duties after Participant has received a written demand for performance from the Company or any of its Subsidiaries which specifically sets forth the factual basis for the applicable Company’s or its Subsidiary’s belief that Participant has not substantially performed his or her duties.

(k) “Change in Capitalization” means any (i) merger, amalgamation, consolidation, reclassification, recapitalization, spin-off, spin-out, repurchase or other reorganization or corporate transaction or event, (ii) dividend (whether in the form of cash, Common Stock or other property), share subdivision or consolidation, (iii) combination or exchange of shares, (iv) other change in corporate structure or (v) declaration of a special dividend (including a cash dividend) or other distribution, which, in any such case, the Administrator determines, in its sole discretion, affects the Shares such that an adjustment pursuant to Section 5 hereof is appropriate.

(l) “Change in Control” shall be deemed to have occurred if an event set forth in any one of the following paragraphs shall have occurred:

(1) any Person (other than the Company, any trustee or other fiduciary holding securities under an employee benefit plan of the Company, or any company owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of Shares) is or becomes the Beneficial Owner, directly or indirectly, of securities of the Company (not including in the securities beneficially owned by such Person or any securities acquired directly from the Company or any Affiliate thereof) representing 50% or more of the combined voting power of the Company’s then outstanding securities; or

(2) the following individuals cease for any reason to constitute a majority of the number of directors then serving on the Board: individuals who, on the date hereof, constitute the Board and any new director (other than a director whose initial assumption of office is in connection with an actual or threatened election contest, including, but not limited to, a consent solicitation, relating to the election of directors of the Company) whose appointment or election by the Board or nomination for election by the Company’s shareholders was approved or recommended by a vote of at least two-thirds (2/3) of the directors then still in office who either were directors on the date hereof or whose appointment, election or nomination for election was previously so approved or recommended; or

(3) there is consummated a merger, amalgamation or consolidation of the Company or any Subsidiary thereof with any other corporation, other than a merger, amalgamation or consolidation immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the Board of the entity surviving such merger, amalgamation or consolidation or, if the Company or the entity surviving such merger is then a subsidiary, the ultimate parent thereof; or

(4) the shareholders of the Company approve a plan of complete liquidation or dissolution of the Company or there is consummated an agreement for the sale or disposition by the Company of all or substantially all of the Company’s assets, other than (A) a sale or disposition by the Company of all or substantially all of the Company’s assets to an entity, at least fifty percent (50%) of the combined voting power of the voting securities of which are owned by shareholders of the Company following the completion of such transaction in substantially the same proportions as their ownership of the Company immediately prior to such sale or (B) a sale or disposition of all or substantially all of the Company’s assets immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the board of directors of the entity to which such assets are sold or disposed or, if such entity is a subsidiary, the ultimate parent thereof.

For each Award that constitutes deferred compensation under Section 409A of the Code, a Change in Control shall be deemed to have occurred under the Plan with respect to such Award only if a change in the ownership or effective control of the Company or a change in ownership of a substantial portion of the assets of the Company shall also be deemed to have occurred under Section 409A of the Code.

Notwithstanding the foregoing, a Change in Control shall not be deemed to have occurred by virtue of the consummation of any transaction or series of integrated transactions immediately following which the holders of Common Stock immediately prior to such transaction or series of transactions continue to have

substantially the same proportionate ownership in an entity which owns all or substantially all of the assets of the Company immediately following such transaction or series of transactions.

(m) “Code” means the Internal Revenue Code of 1986, as amended from time to time, or any successor thereto.

(n) “Committee” means any committee or subcommittee the Board may appoint to administer the Plan. Subject to the discretion of the Board, the Committee shall be composed entirely of individuals who meet the qualifications of a “non-employee director” within the meaning of Rule 16b-3 under the Exchange Act and any other qualifications required by the applicable stock exchange on which the Common Stock is traded. If at any time or to any extent the Board shall not administer the Plan, then the functions of the Administrator specified in the Plan shall be exercised by the Committee. Except as otherwise provided in the Certificate of Incorporation or Bylaws of the Company, any action of the Committee with respect to the administration of the Plan shall be taken by a majority vote at a meeting at which a quorum is duly constituted or unanimous written consent of the Committee’s members.

(o) “Common Stock” means the common stock, par value $0.001 per share, of the Company.

(p) “Company” means Varonis Systems, Inc., a Delaware corporation (or any successor company, except as the term “Company” is used in the definition of “Change in Control” above).

(q) “Disability” shall have the meaning set forth in the employment, severance or change in control agreement or plan between the Participant and the Company, provided that if no such agreement or definition exists, then “Disability” shall mean, with respect to any Participant, that such Participant (i) as determined by the Administrator in its sole discretion, is unable to engage in any substantial gainful activity by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, or (ii) is, by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, receiving income replacement benefits for a period of not less than three (3) months under an accident and health plan covering employees of the Company or an Affiliate thereof.

(r) “Eligible Recipient” means an employee, director, independent contractor or consultant of the Company or any Affiliate of the Company who has been selected as an eligible participant by the Administrator; provided, however, to the extent required to avoid the imposition of additional taxes under Section 409A of the Code, an Eligible Recipient of an Option or a Share Appreciation Right means an employee, director, independent contractor or consultant of the Company or any Subsidiary of the Company who has been selected as an eligible participant by the Administrator.

(s) “Exchange Act” shall mean the Securities Exchange Act of 1934, as amended from time to time.

(t) “Exercise Price” means, with respect to any Award under which the holder may purchase Shares, the per share price at which a holder of such Award granted hereunder may purchase Shares issuable upon exercise of such Award, which in any event will not be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(u) “Fair Market Value” as of a particular date shall mean the fair market value of a share of Common Stock as determined by the Administrator in its sole discretion; provided, however, that (i) if the Common Stock is admitted to trading on a national securities exchange, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such exchange on such date or, if no sale was reported on such date, on the last day preceding such date on which a sale was reported, (ii) if the Common Stock is admitted to quotation on the National Association of Securities Dealers Automated Quotation (“NASDAQ”) system or other comparable quotation system and has been designated as a National Market System (“NMS”) security, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such system on such date or, if no sale was reported on such date, on the last date preceding such date on which a sale was reported, or (iii) if the Common Stock is admitted to quotation on NASDAQ but has not been designated as an NMS security, the fair market value of a share of Common Stock on any date shall be the average of the highest bid and lowest asked prices of such share on such system on such date or, if both bid and ask prices were not reported on such date, on the last date preceding such date on which both bid and ask prices were reported.

(v) “ISO” means an Option intended to be and designated as an incentive stock option within the meaning of Section 422 of the Code.

(w) “Nonqualified Stock Option” shall mean an Option that is not designated as an ISO.

(x) “Option” means an option to purchase Shares granted pursuant to Section 7 hereof. The term “Option” as used in the Plan includes the terms “Nonqualified Stock Option” and “ISO.”

(y) “Other Share-Based Award” means a right or other interest granted pursuant to Section 10 hereof that may be denominated or payable in, valued in whole or in part by reference to, or otherwise based on or related to, the Common Stock, including, but not limited to, unrestricted Shares, restricted share units, dividend equivalents or performance units, each of which may be subject to the attainment of Performance Goals or a period of continued employment or other terms or conditions as permitted under the Plan.

(z) “Participant” means any Eligible Recipient selected by the Administrator, pursuant to the Administrator’s authority provided for in Section 3 below, to receive grants of Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing, and, upon his or her death, his or her successors, heirs, executors and administrators, as the case may be.

(aa) “Performance Goals” means performance goals based on one or more of (but not limited to) the following criteria: (i) earnings, including one or more of operating income, earnings before or after taxes, earnings before or after interest, depreciation, amortization, adjusted EBITDA, economic earnings, or extraordinary or special items or book value per share (which may exclude nonrecurring items); (ii) pre-tax income or after-tax income; (iii) earnings per Share (basic or diluted); (iv) operating profit; (v) revenue, revenue growth or rate of revenue growth; (vi) return on assets (gross or net), return on investment, return on capital, or return on equity; (vii) returns on sales or revenues; (viii) operating expenses; (ix) share price appreciation; (x) cash flow, free cash flow, cash flow return on investment (discounted or otherwise), net cash provided by operations, or cash flow in excess of cost of capital; (xi) implementation or completion of critical projects or processes; (xii) cumulative earnings per share growth; (xiii) operating margin or profit margin; (xiv) cost targets, reductions and savings, productivity and efficiencies; (xv) strategic business criteria, consisting of one or more objectives based on meeting specified market penetration, geographic business expansion, customer satisfaction, employee satisfaction, human resources management, supervision of litigation, information technology, and goals relating to acquisitions, divestitures, joint ventures and similar transactions, and budget comparisons; (xvi) personal professional objectives, including any of the foregoing performance goals, the implementation of policies and plans, the negotiation of transactions, the development of long term business goals, formation of joint ventures, research or development collaborations, and the completion of other corporate transactions; and (xvii) any combination of, or a specified increase in, any of the foregoing. Where applicable, the Performance Goals may be expressed in terms of attaining a specified level of the particular criteria or the attainment of a percentage increase or decrease in the particular criteria, and may be applied to one or more of the Company or Affiliate thereof, or a division or strategic business unit of the Company, or may be applied to the performance of the Company relative to a market index, a group of other companies or a combination thereof, all as determined by the Committee. The Performance Goals may include a threshold level of performance below which no payment shall be made (or no vesting shall occur), levels of performance at which specified payments shall be made (or specified vesting shall occur), and a maximum level of performance above which no additional payment shall be made (or at which full vesting shall occur); provided, that the Committee shall have the authority to make equitable adjustments to the Performance Goals, including in recognition of unusual or non-recurring events affecting the Company or any Affiliate thereof or the financial statements of the Company or any Affiliate thereof, in response to changes in applicable laws or regulations, or to account for items of gain, loss or expense determined to be extraordinary or unusual in nature or infrequent in occurrence or related to an acquisition or similar transaction or the disposal of a segment of a business or related to a change in accounting principles.

(bb) “Performance Shares” means Shares or units denominated in Shares that are subject to restrictions that lapse upon the attainment of specified performance objectives and that are granted pursuant to Section 9 below.

(cc) “Person” shall have the meaning given in Section 3(a)(9) of the Exchange Act, as modified and used in Sections 13(d) and 14(d) thereof, except that such term shall not include (i) the Company or any Subsidiary thereof, (ii) a trustee or other fiduciary holding securities under an employee benefit plan of the Company or any Subsidiary thereof, (iii) an underwriter temporarily holding securities pursuant to an offering of such securities, or (iv) a corporation owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of shares of the Company.

(dd) “Plan” means this Amended and Restated 2023 Omnibus Equity Incentive Plan, including any appendixes thereto, as amended and restated herein and as may be amended from time to time.

(ee) “Restricted Shares” means Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(ff) “Restricted Stock Units” means units denominated in Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(gg) “Service” means that the Participant’s service with the Company or an Affiliate, whether as an employee, consultant or director, is not interrupted or terminated. The Participant’s Service shall not be deemed to have terminated merely because of a change in the capacity in which the Participant renders service to the Company or an Affiliate as an employee, consultant or director or a change in the entity for which the Participant renders such service, provided that the Administrator or its delegate determines, in its sole discretion, there is no interruption or termination of the Participant’s Service; provided further that if any Award is subject to Section 409A of the Code, this sentence shall only be given effect to the extent consistent with Section 409A of the Code. For example, a change in status from an employee of the Company to a director of an Affiliate will not constitute an interruption of Service. The Administrator or its delegate, in its sole discretion, may determine whether Service shall be considered interrupted in the case of any leave of absence approved by that party, including sick leave, military leave or any other personal or family leave of absence. The Administrator or its delegate, in its sole discretion, may determine whether a Company transaction, such as a sale or spin-off of a division or subsidiary that employs a Participant, shall be deemed to result in a termination of Service for purposes of affected Awards, and such decision shall be final, conclusive and binding.

(hh) “Shares” means Common Stock reserved for issuance under the Plan, as adjusted pursuant to the Plan, and any successor (pursuant to a merger, amalgamation, consolidation or other reorganization) security.

(ii) “Share Appreciation Right” or “SAR” means the right pursuant to an Award granted under Section 8 below to receive an amount equal to the excess, if any, of (i) the aggregate Fair Market Value, as of the date such Award or portion thereof is surrendered, of the Shares covered by such Award or such portion thereof, over (ii) the aggregate Exercise Price of such Award or such portion thereof.

(jj) “Subsidiary” means, with respect to any Person, as of any date of determination, any other Person as to which such first Person owns or otherwise controls, directly or indirectly, more than 50% of the voting shares or other similar interests or a sole general partner interest or managing member or similar interest of such other Person. An entity shall be deemed a Subsidiary of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

Section 3. Administration.

(a) The Plan shall be administered by the Administrator and shall be administered in accordance with the requirements of, to the extent applicable, Rule 16b-3 under the Exchange Act (“Rule 16b-3”). Within the scope of such authority, the Board or the Committee may delegate to a committee of one or more members of the Board who are not non-employee directors or who are officers of the Company the authority to grant Awards to eligible persons who are not then subject to Section 16 of the Exchange Act. The Plan is intended to comply, and shall be administered in a manner that is intended to comply, with Section 409A of the Code and shall be construed and interpreted in accordance with such intent. To the extent that an Award, issuance and/or payment is subject to Section 409A of the Code, it shall be awarded and/or issued or paid in a manner that will comply with Section 409A of the Code, including any applicable regulations or guidance issued by the Secretary of the United States Treasury Department and the Internal Revenue Service with respect thereto.

(b) Pursuant to the terms of the Plan, the Administrator, subject, in the case of any Committee, to any restrictions on the authority delegated to it by the Board, shall have the power and authority, without limitation:

(1) to select those Eligible Recipients who shall be Participants;

(2) to determine whether and to what extent Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or a combination of any of the foregoing, are to be granted hereunder to Participants;

(3) to determine the number of Shares to be covered by each Award granted hereunder;

(4) to determine the terms and conditions, not inconsistent with the terms of the Plan, of each Award granted hereunder (including, but not limited to, (i) the restrictions applicable to Restricted Shares or Restricted Stock Units and the conditions under which restrictions applicable to such Restricted Shares or Restricted Stock Units shall lapse, (ii) the performance goals and periods applicable to Performance Shares or Cash Awards, (iii) the Exercise Price of each Award, (iv) the vesting schedule applicable to each Award, (v) the number of Shares subject to each Award and (vi) subject to the requirements of Section 409A of the Code and Section 3(d) of the Plan (in each case, to the extent applicable), any amendments to the terms and conditions of outstanding Awards, including, but not limited to, extending the exercise period of such Awards and accelerating the vesting schedule of such Awards, and, if the Administrator in its discretion determines to accelerate the vesting of Options and/or Share Appreciation Rights in connection with a Change in Control, the Administrator shall also have discretion in connection with such action to provide that all Options and/or Share Appreciation Rights outstanding immediately prior to such Change in Control shall expire on the effective date of such Change in Control;

(5) to determine the terms and conditions, not inconsistent with the terms of the Plan, which shall govern all written instruments evidencing Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing granted hereunder;

(6) to determine the Fair Market Value;

(7) to determine the duration and purpose of leaves of absence which may be granted to a Participant without constituting termination of the Participant’s employment for purposes of Awards granted under the Plan;

(8) to adopt, alter and repeal such administrative rules, regulations, guidelines and practices governing the Plan as it shall from time to time deem advisable;

(9) to construe and interpret the terms and provisions of, and supply or correct omissions in, the Plan and any Award issued under the Plan (and any Award Agreement relating thereto), and to otherwise supervise the administration of the Plan and to exercise all powers and authorities either specifically granted under the Plan or necessary and advisable in the administration of the Plan; and

(10) to prescribe, amend and rescind rules and regulations relating to sub-plans established for the purpose of satisfying applicable foreign laws or for qualifying for favorable tax treatment under applicable foreign laws, which rules and regulations may be set forth in an appendix or appendixes to the Plan.

(c) All decisions made by the Administrator pursuant to the provisions of the Plan shall be final, conclusive and binding on all persons, including the Company and the Participants. The Administrator’s determinations under the Plan need not be uniform and may be made by it selectively among persons who are eligible to receive, or actually receive, Awards. Without limiting the generality of the foregoing, the Administrator shall be entitled to make non-uniform and selective determinations, amendments and adjustments (including in connection with a Change in Control or a Change in Capitalization), and to enter into non-uniform and selective Award Agreements. No member of the Board or the Committee, nor any officer or employee of the Company or any Subsidiary thereof acting on behalf of the Board or the Committee, shall be personally liable for any action, omission, determination or interpretation taken or made in good faith with respect to the Plan, and all members of the Board or the Committee and each and any officer or employee of the Company and of any Subsidiary thereof acting on their behalf shall, to the maximum extent permitted by law, be fully indemnified and protected by the Company in respect of any such action, omission, determination or interpretation.

(d) Except in the case of Substitute Awards granted pursuant to Sections 4(e), any equity or equity-based Award (including any portion thereof) shall have a minimum vesting period of one year from the date of its grant with no vesting prior to the first anniversary of the grant date. Notwithstanding the foregoing, (i) the Committee may provide in an Award Agreement or following the time of grant that the vesting of an Award shall accelerate in the event of the Participant’s death, Disability, or a termination of Service other than for cause, and (ii) the Committee may grant Awards covering up to five percent (5%) of the total number of Shares authorized under Section 4(a) of the Plan (subject to adjustment pursuant to Section 5 of the Plan) without respect to the minimum vesting requirements set forth in this Section 3(d). Notwithstanding the foregoing, with regard to Awards granted to a non-employee director, the vesting of such Awards will be deemed to satisfy the one year minimum vesting requirement to the extent that the Awards vest on the earlier of the one year anniversary of the date of grant and the next annual meeting of the Company’s shareholders that is at least 50 weeks after the immediately preceding year’s annual meeting.

Section 4. Shares Reserved for Issuance Under the Plan; Limitations.

(a) Subject to Section 5 hereof, 9,900,000 Shares are reserved and available for issuance pursuant to Awards granted under the Plan (which includes shares of Common Stock underlying Awards that are outstanding, have been issued in settlement of Awards or are no longer available for issuance hereunder, in each case, as of the Effective Date), plus the number of Shares underlying awards under the Prior Plan that on or after the Effective Date are forfeited, cancelled, exchanged or surrendered or otherwise terminate, expire or are settled without a distribution of Shares (the “Total Share Limit”).

(b) Shares issued under the Plan may, in whole or in part, be authorized but unissued Shares or Shares that shall have been or may be reacquired by the Company in the open market, in private transactions or otherwise.

(c) If any Shares subject to an Award are forfeited, cancelled, exchanged or surrendered or if an Award otherwise terminates, expires or is settled without a distribution of Shares to the Participant (including those withheld as payment of withholding taxes in respect of an Award), the Shares with respect to such Award shall, to the extent of any such forfeiture, cancellation, exchange, surrender, termination or expiration, again be available for Awards under the Plan. Notwithstanding the forgoing, shares surrendered or withheld as payment of either the Exercise Price of an Option or Share Appreciation Right or an option or share appreciation right under the Prior Plan (including Shares otherwise underlying an Award or an award under the Prior Plan of a share appreciation right that are retained by the Company to account for the grant price of such Share Appreciation Right) and/or withholding taxes in respect of an Option or Share Appreciation Right or an award under the Prior Plan shall not be available for grant under the Plan.

(d) No more than 5,500,000 Shares shall be issued pursuant to the exercise of ISOs.

(e) Awards may, in the sole discretion of the Committee, be granted under the Plan in assumption of, or in substitution for, outstanding awards previously granted by an entity acquired by the Company or with which the Company combines (“Substitute Awards”). Substitute Awards shall not be counted against the Total Share Limit; provided that Substitute Awards issued in connection with the assumption of, or in substitution for, outstanding options intended to qualify as ISO shall be counted against the ISO limit. Subject to applicable stock exchange requirements, available shares under a shareholder-approved plan of an entity directly or indirectly acquired by the Company or with which the Company combines (as appropriately adjusted to reflect such acquisition or transaction) may be used for Awards under the Plan and shall not count toward the Total Share Limit.

Section 5. Equitable Adjustments.

In the event of any Change in Capitalization, an equitable substitution or proportionate adjustment shall be made, in each case, as may be determined by the Administrator, in its sole discretion, in (i) the aggregate number of Shares reserved for issuance under the Plan pursuant to Section 4 and the maximum number of Shares that may be subject to Awards granted to any Participant in any calendar or fiscal year (including the limits set forth in Sections 4(a) and 4(d)), (ii) the kind, number and Exercise Price subject to outstanding Options and Share Appreciation Rights granted under the Plan, and (iii) the kind, number and purchase price of Shares or other securities subject to outstanding Restricted Shares, Restricted Stock Units, Performance Shares or Other Share-Based Awards granted under the Plan; provided, however, that any

fractional shares resulting from the adjustment shall be eliminated. Such other equitable substitutions or adjustments shall be made as may be determined by the Administrator, in its sole discretion. Without limiting the generality of the foregoing, in connection with a Change in Capitalization or Change in Control, the Administrator may provide, in its sole discretion, but subject in all events to the requirements of Section 409A of the Code, for the cancellation of any outstanding Award granted hereunder in exchange for payment in cash or other property having an aggregate Fair Market Value of the Shares covered by such award (with or without regard to any holdback or contingent consideration arrangement), reduced by the aggregate Exercise Price or purchase price thereof, if any (including, for the avoidance of doubt, the cancellation for no consideration of any Option or Share Appreciation Right with an Exercise Price that equals or exceeds the price paid for the underlying Shares). Further, without limiting the generality of the foregoing, with respect to Awards subject to foreign laws, adjustments made hereunder shall be made in compliance with applicable requirements. Except to the extent determined by the Administrator, any adjustments to ISOs under this Section 5 shall be made only to the extent not constituting a “modification” within the meaning of Section 424(h)(3) of the Code. The Administrator’s determinations pursuant to this Section 5 shall be final, binding and conclusive.

Section 6. Eligibility.

The Participants under the Plan shall be selected from time to time by the Administrator, in its sole discretion, from those individuals that qualify as Eligible Recipients.

Section 7. Options.

(a) General. Options granted under the Plan shall be designated as Nonqualified Stock Options or ISOs. Each Participant who is granted an Option shall enter into an Award Agreement with the Company, containing such terms and conditions as the Administrator shall determine, in its sole discretion, which Award Agreement shall set forth, among other things, the Exercise Price of the Option, the term of the Option and provisions regarding exercisability of the Option, and whether the Option is intended to be an ISO or a Nonqualified Stock Option (and in the event the Award Agreement has no such designation, the Option shall be a Nonqualified Stock Option). The provisions of each Option need not be the same with respect to each Participant. More than one Option may be granted to the same Participant and be outstanding concurrently hereunder. Options granted under the Plan shall be subject to the terms and conditions set forth in this Section 7 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable and set forth in the applicable Award Agreement.

(b) Exercise Price. The Exercise Price of Shares purchasable under an Option shall be determined by the Administrator in its sole discretion at the time of grant, but in no event shall the exercise price of an Option be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(c) Option Term. The maximum term of each Option shall be fixed by the Administrator, but no Option shall be exercisable more than ten (10) years after the date such Option is granted. Each Option’s term is subject to earlier expiration pursuant to the applicable provisions in the Plan and the Award Agreement.

(d) Exercisability. Each Option shall be exercisable at such time or times and subject to such terms and conditions, including the attainment of pre-established corporate performance goals, as shall be determined by the Administrator in the applicable Award Agreement. The Administrator may also provide that any Option shall be exercisable only in installments, and the Administrator may waive such installment exercise provisions at any time, in whole or in part, based on such factors as the Administrator may determine in its sole discretion. Notwithstanding anything to the contrary contained herein, an Option may not be exercised for a fraction of a share.

(e) Method of Exercise. Options may be exercised in whole or in part by giving written notice of exercise to the Company specifying the number of whole Shares to be purchased, accompanied by payment in full of the aggregate Exercise Price of the Shares so purchased in cash or its equivalent, as determined by the Administrator. As determined by the Administrator, in its sole discretion, with respect to any Option or category of Options, payment in whole or in part may also be made (i) by means of consideration received under any cashless exercise procedure approved by the Administrator (including the withholding of Shares otherwise issuable upon exercise), (ii) in the form of unrestricted Shares already owned by the Participant

which have a Fair Market Value on the date of surrender equal to the aggregate exercise price of the Shares as to which such Option shall be exercised, (iii) any other form of consideration approved by the Administrator and permitted by applicable law or (iv) any combination of the foregoing.

(f) ISOs. The terms and conditions of ISOs granted hereunder shall be subject to the provisions of Section 422 of the Code and the terms, conditions, limitations and administrative procedures established by the Administrator from time to time in accordance with the Plan. At the discretion of the Administrator, ISOs may be granted only to an employee of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary.

(1) ISO Grants to 10% Shareholders. Notwithstanding anything to the contrary in the Plan, if an ISO is granted to a Participant who owns shares representing more than ten percent (10%) of the voting power of all classes of shares of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary, the term of the ISO shall not exceed five (5) years from the time of grant of such ISO and the Exercise Price shall be at least one hundred and ten percent (110%) of the Fair Market Value of the Shares on the date of grant.

(2) $100,000 Per Year Limitation For ISOs. To the extent the aggregate Fair Market Value (determined on the date of grant) of the Shares for which ISOs are exercisable for the first time by any Participant during any calendar year (under all plans of the Company) exceeds $100,000, such excess ISOs shall be treated as Nonqualified Stock Options.

(3) Disqualifying Dispositions. Each Participant awarded an ISO under the Plan shall notify the Company in writing immediately after the date he or she makes a “disqualifying disposition” of any Share acquired pursuant to the exercise of such ISO. A “disqualifying disposition” is any disposition (including any sale) of such Shares before the later of (i) two years after the date of grant of the ISO and (ii) one year after the date the Participant acquired the Shares by exercising the ISO. The Company may, if determined by the Administrator and in accordance with procedures established by it, retain possession of any Shares acquired pursuant to the exercise of an ISO as agent for the applicable Participant until the end of the period described in the preceding sentence, subject to complying with any instructions from such Participant as to the sale of such shares.

(g) Rights as Stockholder. A Participant shall have no rights to dividends or distributions or any other rights of a stockholder with respect to the Shares subject to an Option until the Participant has given written notice of the exercise thereof, has paid in full for such Shares.

(h) Termination of Service. Unless otherwise provided by the Committee, either pursuant to its powers under Section 3(b) or in the applicable Award Agreement:

(1) In the event that the Service of a Participant shall terminate for any reason other than Cause, Disability, or death, (A) Options granted to such Participant, to the extent that they are exercisable at the time of such termination, shall remain exercisable until the date that is ninety (90) days after such termination, on which date they shall expire, and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. The ninety (90) day period described in this Section 7(h)(1) shall be extended to one (1) year after the date of such termination in the event of the Participant’s death during such ninety (90) day period. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(2) In the event that the Service of a Participant with the Company and all Affiliates thereof shall terminate on account of the Disability, or death of the Participant, (A) Options granted to such Participant, to the extent that they were exercisable at the time of such termination, shall remain exercisable until the date that is one (1) year after such termination, on which date they shall expire and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(3) In the event of the termination of a Participant’s Service for Cause, all outstanding Options granted to such Participant shall expire at the commencement of business on the date of such termination.

(i) Other Change in Employment Status. An Option shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence,

changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 8. Share Appreciation Rights.

(a) General. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, grants of Share Appreciation Rights shall be made, the number of Shares to be awarded, the price per Share, and all other conditions of Share Appreciation Rights. The provisions of Share Appreciation Rights need not be the same with respect to each Participant. Share Appreciation Rights granted under the Plan shall be subject to the following terms and conditions set forth in this Section 8 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable, as set forth in the applicable Award Agreement.

(b) Awards; Rights as Stockholder. Participants who are granted Share Appreciation Rights shall have no rights as shareholders of the Company with respect to the grant or exercise of such rights.

(c) Exercisability. Share Appreciation Rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(d) Payment Upon Exercise.

(1) Upon the exercise of a Share Appreciation Right, the Participant shall be entitled to receive up to, but not more than, that number of Shares equal in value to the excess of the Fair Market Value as of the date of exercise over the price per share specified in the Share Appreciation Right multiplied by the number of Shares in respect of which the Share Appreciation Right is being exercised, with the Administrator having the right to determine the form of payment.

(2) Notwithstanding the foregoing, the Administrator may determine to settle the exercise of a Share Appreciation Right in cash (or in any combination of Shares and cash).

(e) Termination of Service. Unless otherwise provided by the Committee pursuant to its powers under Section 3(b), in the event of the termination of Service of a Participant who has been granted one or more Share Appreciation Right, such rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(f) Term. The term of each Share Appreciation Right shall be fixed by the Administrator, but no Share Appreciation Right shall be exercisable more than ten (10) years after the date such right is granted.

(g) Other Change in Employment Status. Share Appreciation Rights shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 9. Restricted Shares, Restricted Stock Units Shares and Performance Shares.

(a) General. Restricted Shares, Restricted Stock Units or Performance Shares may be issued either alone or in addition to other awards granted under the Plan. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, Restricted Shares, Restricted Stock Units or Performance Shares shall be made; the number of Shares to be awarded; the price, if any, to be paid by the Participant for the acquisition of Restricted Shares, Restricted Stock Units or Performance Shares; the period of time prior to which such shares become vested and free of restrictions on Transfer (the “Restricted Period”), if any, applicable to Restricted Shares, Restricted Stock Units or Performance Shares; the performance objectives (if any) applicable to Restricted Shares, Restricted Stock Units or Performance Shares; and all other conditions of the Restricted Shares, Restricted Stock Units and Performance Shares. If the restrictions, performance objectives and/or conditions established by the Administrator are not attained, a Participant shall forfeit his or her Restricted Shares, Restricted Stock Units or Performance Shares, in accordance with the terms of the grant. The provisions of the Restricted Shares, Restricted Stock Units or Performance Shares need not be the same with respect to each Participant.

(b) Awards and Certificates.

(1) The prospective recipient of Restricted Shares, Restricted Stock Units or Performance Shares shall not have any rights with respect to any such award, unless and until such recipient has executed an Award Agreement and delivered a fully executed copy thereof to the Company, within a period of thirty (30) days (or such other period as the Administrator may specify) after the award date. Except as otherwise provided

below in Section 9(c), (i) each Participant who is granted an award of Restricted Shares may, in the Company’s sole discretion, be issued a share certificate in respect of such Restricted Shares; and (ii) any such certificate so issued shall be registered in the name of the Participant, and shall bear an appropriate legend referring to the terms, conditions and restrictions applicable to any such Award.

(2) The Company may require that the share certificates, if any, evidencing Restricted Shares granted hereunder be held in the custody of the Company until the restrictions thereon shall have lapsed, and that, as a condition of any award of Restricted Shares, the Participant shall have delivered a share transfer form, endorsed in blank, relating to the Shares covered by such award.

(3) Notwithstanding anything in the Plan to the contrary, any Shares issued in respect of Restricted Shares, Restricted Stock Units (at the expiration of the Restricted Period) or Performance Shares (whether before or after any vesting conditions have been satisfied) may, in the Company’s sole discretion, be issued in uncertificated form pursuant to the customary arrangements for issuing shares in such form.

(4) Further, notwithstanding anything in the Plan to the contrary, with respect to Restricted Stock Units, at the expiration of the Restricted Period, Shares shall promptly be issued (either in certificated or uncertificated form) to the Participant, unless otherwise deferred in accordance with procedures established by the Company in accordance with Section 409A of the Code, and such issuance shall in any event be made within such period as is required to avoid the imposition of a tax under Section 409A of the Code.

(c) Restrictions and Conditions. The Restricted Shares, Restricted Stock Units and Performance Shares granted pursuant to this Section 9 shall be subject to the following restrictions and conditions and any additional restrictions or conditions as determined by the Administrator at the time of grant or, subject to Section 409A of the Code, thereafter:

(1) Except as provided in the applicable Award Agreement, the Participant shall generally have the rights of a stockholder of the Company with respect to Restricted Shares during the Restricted Period; provided, however, that dividends declared during the Restricted Period with respect to an Award that vests or becomes payable based upon the achievement of performance goals, shall only become payable if and to the extent the performance levels on the underlying Award is achieved . Except as provided in the applicable Award Agreement, the Participant shall generally not have the rights of a stockholder with respect to Shares subject to Restricted Stock Units or Performance Shares during the Restricted Period; provided, however, that, subject to Section 409A of the Code, an amount equal to dividends declared during the Restricted Period with respect to the number of Shares covered by Restricted Stock Units or Performance Shares shall, unless otherwise set forth in an Award Agreement, be paid to the Participant at the time shares in respect of the related Restricted Stock Units are delivered to the Participant or the Restricted Period with respect to the Performance Shares expires. Certificates for Shares of unrestricted Common Stock may, in the Company’s sole discretion, be delivered to the Participant only after the Restricted Period has expired without forfeiture in respect of such Restricted Shares, Restricted Stock Units or Performance Shares, except as the Administrator, in its sole discretion, shall otherwise determine.

(2) The rights of Participants granted Restricted Shares, Restricted Stock Units or Performance Shares upon termination of Service for any reason during the Restricted Period shall be set forth in the Award Agreement.

Section 10. Other Share-Based Awards.

The Administrator is authorized to grant Awards to Participants in the form of Other Share-Based Awards, as deemed by the Administrator to be consistent with the purposes of the Plan and as evidenced by an Award Agreement. The Administrator shall determine the terms and conditions of such Awards, consistent with the terms of the Plan, at the date of grant or thereafter, including any Performance Goals and performance periods. Common Stock or other securities or property delivered pursuant to an Award in the nature of a purchase right granted under this Section 10 shall be purchased for such consideration, paid for at such times, by such methods, and in such forms, including, without limitation, Shares, other Awards, notes or other property, as the Administrator shall determine, subject to any required corporate action.

Section 11. Cash Awards.

The Administrator may grant awards that are denominated in, or payable to Participants solely in, cash, as deemed by the Administrator to be consistent with the purposes of the Plan, and, except as otherwise

provided in this Section 11, such Cash Awards shall be subject to the terms, conditions, restrictions and limitations determined by the Administrator, in its sole discretion, from time to time. Awards granted pursuant to this Section 11 may be granted with value and payment contingent upon the achievement of Performance Goals.

Section 12. Dividends and Dividend Equivalents.

Any Award (other than an Option, SAR or Cash Award) may provide the Participant with dividends or dividend equivalents, payable in cash, Shares, other securities, other Awards or other property, on a current or deferred or vested or unvested basis, including (i) payment directly to the Participant, (ii) withholding of such amounts by the Company subject to vesting of the Award or (iii) reinvestment in additional Shares, Restricted Shares or other Awards; provided, however, that any dividends or dividend equivalents with respect to Awards subject to vesting requirements shall be accumulated in a manner determined by the Committee until such Award is earned and such dividends and dividend equivalents shall not be paid if the vesting requirements of the underlying Award are not satisfied.

Section 13. Change in Control.

Unless otherwise provided in an employment, severance or change in control agreement between the Participant and the Company, in the event of a Change in Control:

(a) With respect to each outstanding Award that is assumed or substituted in connection with the Change in Control, in the event the Participant’s Service is terminated by the Company, its successor or Affiliate thereof without Cause on or after the effective date of the Change in Control but prior to twelve (12) months following the Change in Control, then:

(1) any unvested or unexercisable portion of any Award carrying a right to exercise shall become fully vested and exercisable; and

(2) the restrictions, deferral limitations, payment conditions and forfeiture conditions applicable to an Award granted under the Plan shall lapse and such Awards shall be deemed fully vested and any outstanding performance conditions imposed with respect to such Awards shall be deemed to be fully achieved at the greater of target and actual performance levels.

(b) With respect to each outstanding Award that is not assumed or substituted in connection with a Change in Control, immediately upon the occurrence of the Change in Control, (i) such Award shall become fully vested and exercisable, (ii) the restrictions, payment conditions, and forfeiture conditions applicable to any such Award granted shall lapse, and (iii) and any performance conditions imposed with respect to such Award shall be deemed to be achieved at the greater of target and actual performance levels (as determined in the Administrator’s sole discretion as of the Change in Control).

(c) For purposes of this Section 13, an Award shall be considered assumed or substituted if, following the Change in Control, the Award is of substantially comparable value and remains subject to the same terms and conditions that were applicable to the Award immediately prior to the Change in Control except that, if the Award related to shares of Common Stock, the Award instead confers the right to receive common stock of the acquiring or ultimate parent entity.

Section 14. Deferrals and Settlements.

The Committee may require or permit Participants to elect to defer the issuance of shares or the settlement of Awards in cash under such rules and procedures as it may establish under the Plan. It may also provide that deferred settlements include the payment or crediting of interest or dividend equivalents on the deferral amounts. Any such rules or procedures shall comply with the requirements of Section 409A of the Code, including those with respect to the time when a deferral election may be made, the period of the deferral and the events that would result in the payment of the deferred amount.

Section 15. Amendment and Termination.

The Board may amend, alter or terminate the Plan, but no amendment, alteration or termination shall be made that would impair the rights of a Participant under any Award theretofore granted without such Participant’s consent. Unless the Board determines otherwise, the Board shall obtain approval of the Company’s shareholders for any amendment that would require such approval in order to satisfy the requirements of any rules of the stock exchange on which the Common Stock is traded or other applicable law. The Administrator may amend the terms of any Award theretofore granted, prospectively or

retroactively, but, subject to Section 5 and Section 13 of the Plan and the immediately preceding sentence, no such amendment shall materially impair the rights of any Participant without his or her consent.

Notwithstanding anything herein to the contrary, in no event may any Option or SAR (i) be amended to decrease the Exercise Price thereof, (ii) be canceled at a time when its Exercise Price exceeds the Fair Market Value of the underlying Share in exchange for another Award, award under any other equity- compensation plan or any cash payment or (iii) be subject to any action that would be treated, for accounting purposes, as a “repricing” of such Option or SAR, unless such amendment, cancelation or action is approved by the Company’s shareholders. For the avoidance of doubt, an adjustment to the Exercise Price of an Option or SAR that is made in accordance with Section 5 or Section 13 shall not be considered a reduction in Exercise Price or “repricing” of such Option or SAR.

Section 16. Unfunded Status of Plan.

The Plan is intended to constitute an “unfunded” plan for incentive compensation. With respect to any payments not yet made to a Participant by the Company, nothing contained herein shall give any such Participant any rights that are greater than those of a general creditor of the Company.

Section 17. Withholding Taxes.

Each Participant shall, no later than the date as of which the value of an Award first becomes includible in the gross income of such Participant for federal and/or state income tax purposes, pay to the Company, or make arrangements satisfactory to the Administrator regarding payment of, any federal, state or local taxes of any kind required by law to be withheld with respect to the Award. The obligations of the Company under the Plan shall be conditional on the making of such payments or arrangements, and the Company shall, to the extent permitted by law, have the right to deduct any such taxes from any payment of any kind otherwise due to such Participant. Whenever cash is to be paid pursuant to an award granted hereunder, the Company shall have the right to deduct therefrom an amount sufficient to satisfy any federal, state and local withholding tax requirements related thereto. Whenever Shares are to be delivered pursuant to an Award, the Company shall have the right to require the Participant to remit to the Company in cash an amount sufficient to satisfy any related federal, state and local taxes to be withheld and applied to the tax obligations. With the approval of the Administrator, a Participant may satisfy the foregoing requirement by electing to have the Company withhold from delivery of Shares or by delivering already owned unrestricted Common Stock, in each case, having a value not exceeding the federal, state and local taxes to be withheld and applied to the tax obligations. Such Shares shall be valued at their Fair Market Value on the date of which the amount of tax to be withheld is determined. Fractional share amounts shall be settled in cash. Such an election may be made with respect to all or any portion of the Shares to be delivered pursuant to an award. The Company may also use any other method of obtaining the necessary payment or proceeds, as permitted by law, to satisfy its withholding obligation with respect to any Option or other Award.

Section 18. Transfer of Awards.

Until such time as the Awards are fully vested and/or exercisable in accordance with the Plan or an Award Agreement, no purported sale, assignment, mortgage, hypothecation, transfer, charge, pledge, encumbrance, gift, transfer in trust (voting or other) or other disposition of, or creation of a security interest in or lien on, any Award or any agreement or commitment to do any of the foregoing (each, a “Transfer”) by any holder thereof in violation of the provisions of the Plan or an Award Agreement will be valid, except with the prior written consent of the Administrator, which consent may be granted or withheld in the sole discretion of the Administrator. Any purported Transfer of an Award or any economic benefit or interest therein in violation of the Plan or an Award Agreement shall be null and void ab initio and shall not create any obligation or liability of the Company, and any person purportedly acquiring any Award or any economic benefit or interest therein transferred in violation of the Plan or an Award Agreement shall not be entitled to be recognized as a holder of such Shares. Unless otherwise determined by the Administrator in accordance with the provisions of the immediately preceding sentence, an Option or a share appreciation right may be exercised, during the lifetime of the Participant, only by the Participant or, during any period during which the Participant is under a legal disability, by the Participant’s guardian or legal representative.

Section 19. Continued Employment.

Neither the adoption of the Plan nor the grant of an Award shall confer upon any Eligible Recipient any right to continued Service, as the case may be, nor shall it interfere in any way with the right of the Company or any Affiliate thereof to terminate the Service of any of its Eligible Recipients at any time.

Section 20. Conditions on Issuance.

Shares shall not be issued pursuant to the exercise of an Award unless the exercise of such Award and the issuance and delivery of such Shares shall comply with Applicable Laws and securities regulations, and shall be further subject to the approval of counsel for the Company with respect to such compliance. The inability of the Company to obtain authority from any regulatory body having jurisdiction, which authority is deemed by the Company’s counsel to be necessary to the lawful issuance and sale of any Shares hereunder, shall relieve the Company of any liability in respect of the failure to issue or sell such Shares as to which such requisite authority shall not have been obtained. As a condition to the exercise of an Award, the Administrator may in its discretion require the person exercising such Award to represent and warrant at the time of any such exercise that the Shares are being purchased only for investment and without any present intention to sell or distribute such Shares.

Section 21. Sub-Plans.

The Administrator may from time to time establish sub-plans under the Plan for purposes of satisfying securities, tax or other laws of various jurisdictions in which the Company intends to grant Awards. Any sub-plans shall contain such limitations and other terms and conditions as the Administrator determines are necessary or desirable. All sub-plans shall be deemed a part of the Plan, but each sub-plan shall apply only to the Participants in the jurisdiction for which the sub-plan was designed.

Section 22. Clawback

Notwithstanding any other provisions in this Plan, the Company may cancel any Award, require reimbursement of any Award by a Participant, and effect any other right of recoupment of equity or other compensation provided under the Plan in accordance with any Company policies that may be adopted and/or modified from time to time (“Clawback Policy”). In addition, a Participant may be required to repay to the Company previously paid compensation, whether provided pursuant to the Plan or an Award Agreement, in accordance with the Clawback Policy. By accepting an Award, the Participant is agreeing to be bound by the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion (including, without limitation, to comply with applicable law or stock exchange listing requirements).

Section 23. Effective Date.

The effective date (the “Effective Date”) is the date on which the Plan is approved by the shareholders of the Company.

Section 24. Electronic Signature.

Participant’s electronic signature of an Award Agreement shall have the same validity and effect as a signature affixed by hand.

Section 25. Term of Plan.

No Award shall be granted pursuant to the Plan on or after the tenth anniversary of the Effective Date, but Awards theretofore granted may extend beyond that date.

Section 26. Section 409A of the Code.

The intent of the parties is that payments and benefits under the Plan comply with Section 409A of the Code to the extent subject thereto, and, accordingly, to the maximum extent permitted, the Plan shall be interpreted and be administered to be in compliance therewith. Any payments described in the Plan that are due within the “short-term deferral period” as defined in Section 409A of the Code shall not be treated as deferred compensation unless applicable law requires otherwise. Notwithstanding anything to the contrary in the Plan, to the extent required in order to avoid accelerated taxation and/or tax penalties under Section 409A of the Code, amounts that would otherwise be payable and benefits that would otherwise be provided pursuant to the Plan during the six (6) month period immediately following the Participant’s termination of employment shall instead be paid on the first business day after the date that is six (6) months following the Participant’s separation from service (or upon the Participant’s death, if earlier). In addition, for purposes of

the Plan, each amount to be paid or benefit to be provided to the Participant pursuant to the Plan, which constitute deferred compensation subject to Section 409A of the Code, shall be construed as a separate identified payment for purposes of Section 409A of the Code.

Section 27. Governing Law.

The Plan shall be governed by, and construed in accordance with, the laws of the State of Delaware, without giving effect to principles of conflicts of law of such state.

EXHIBIT B2

THE ISRAELI SUB-PLAN

Varonis Systems, Inc. 2023 Amended and Restated Omnibus

Equity Incentive Plan

Sub-Plan for Israeli Participants

1.    GENERAL

1.1    This sub-plan (the “Sub-Plan”) shall apply only to Participants who are residents of the State of Israel upon the date of grant of the Award, as defined below in Section 2, or who are deemed Israeli

tax residents and are engaged by an Israeli resident Affiliate of the Company (collectively, “Israeli Participants”). The provisions specified hereunder shall form an integral part of the Varonis Systems, Inc. 2023 Amended and Restated Omnibus Equity Incentive Plan (hereinafter the “Plan”).

1.2    This Sub-Plan is being adopted pursuant to Section 21 of the Plan and is to be read as a continuation of the Plan and modifies Awards granted to Israeli Participants only to the extent necessary to comply with the requirements set by the Israeli law in general, and in particular, with the provisions of the Israeli Income Tax Ordinance [New Version] 5721-1961, as may be amended or replaced from time to time. This Sub-Plan does not add to or modify the Plan in respect of any other category of Participants.

1.3    The Plan and this Sub-Plan are complementary to each other and shall be deemed as one. In the event of any conflict, whether explicit or implied, between the provisions of this Sub-Plan and the Plan, the provisions set out in the Sub-Plan shall prevail.

1.4    Any capitalized term not specifically defined in this Sub-Plan shall be construed according to the interpretation given to it in the Plan.

2.    DEFINITIONS

2.1    “102 Award” means any Award granted to an Approved Israeli Participant pursuant to Section 102 of the Ordinance.

2.2    “Approved Israeli Participant” means an Israeli Participant who is an employee, director or an officer of any Israeli resident Affiliate of the Company, excluding any Controlling Shareholder of the Company, provided that the Affiliate is an Israeli resident company or otherwise meets the definition of an Employer under Section 102.

2.3    “Award” solely for the purpose of this Sub-Plan means any Award granted by the Company to an Israeli Participant, in accordance with the provisions of the Plan provided that they are converted only into Shares.

2.4    “Capital Gain Award” or “CGA” means a Trustee 102 Award elected and designated by the Company to qualify under the capital gain tax treatment in accordance with the provisions of Section 102(b)(2) of the Ordinance.

2.5    “Controlling Shareholder” shall have the meaning ascribed to it in Section 32(9) of the Ordinance.

2.6    “Israeli Stock Award Agreement”    means the Award Agreement between the Company and an Israeli Participant that sets out the terms and conditions of an Award.

2.7    “ITA” means the Israeli Tax Authority.

2.8    “Non-Trustee 102 Award” means a 102 Award granted pursuant to Section 102(c) of the Ordinance and not held in trust by a Trustee.

2.9    “Ordinance” means the Israeli Income Tax Ordinance [New Version] 5721-1961, as now in effect or as hereafter amended.

2.10    “Ordinary Income Award” or “OIA” means a Trustee 102 Award elected and designated by the Company to qualify under the ordinary income tax treatment in accordance with the provisions of Section 102(b)(1) of the Ordinance.

2.11    “Section 102” means Section 102 of the Ordinance and any regulations, rules, orders or procedures promulgated thereunder as now in effect or as hereafter amended.

2.12    “Tax” means any applicable tax and other compulsory payments such as social security and health tax contributions under any applicable law.

2.13    “Trustee” means any person or entity appointed by the Company or its Israeli resident Affiliates to serve as a trustee of the Plan and approved by the ITA, all in accordance with the provisions of Section 102(a) of the Ordinance, as may be replaced from time to time.

2.14    “Trustee 102 Award” means a 102 Award granted to an Approved Israeli Participant pursuant to Section 102(b) of the Ordinance and held in trust by a Trustee for the benefit of an Approved Israeli Participant.

2.15    “Unapproved Israeli Participant” means an Israeli Participant who is not an Approved Israeli Participant, including a consultant or a Controlling Shareholder of the Company.

3.    ISSUANCE OF AWARDS

3.1    The persons eligible for participation in the Plan as Israeli Participants shall include Approved Israeli Participants and Unapproved Israeli Participants, provided, however, that only Approved Israeli Participants may be granted 102 Awards.

3.2    The Company may designate Awards granted to Approved Israeli Participants pursuant to Section 102 as Trustee 102 Awards or Non-Trustee 102 Awards.

3.3        Unless a special ruling is received from the ITA, the grant of Trustee 102 Awards shall not be made until 30 days from the date the Plan has been submitted for approval by the ITA and shall be conditioned upon the approval of the Plan and this Sub-Plan by the ITA.

3.4    Trustee 102 Awards may either be classified as Capital Gain Awards (CGAs) or Ordinary Income Awards (OIAs).

3.5    No Trustee 102 Award may be granted under this Sub-Plan to any Approved Israeli Participant, unless and until the Company has filed with the ITA its election regarding the type of Trustee 102 Awards, whether CGAs or OIAs, that will be granted under the Plan and this Sub-Plan (the “Election”). Such Election shall become effective beginning the first date of grant of a Trustee 102 Award under this Sub-Plan and shall remain in effect at least until the end of the year following the year during which the Company first granted Trustee 102 Awards. The Election shall obligate the Company to grant only the type of Trustee 102 Award it has elected, and shall apply to all Israeli Participants who are granted Trustee 102 Awards during the period indicated herein, all in accordance with the provisions of Section 102(g) of the Ordinance. The Election shall not prevent the Company from granting Non-Trustee 102 Awards simultaneously.

3.6    All Trustee 102 Awards must be held in trust by, or subject to the approval of the ITA, under the control or supervision of a Trustee, as described in Section 4 below.

3.7    The designation of Non-Trustee 102 Awards and Trustee 102 Awards shall be subject to the terms and conditions set forth in Section 102.

3.8    Awards granted to Unapproved Israeli Participants shall be subject to tax according to the provisions of the Ordinance and shall not be subject to the Trustee arrangement detailed herein.

4.    TRUSTEE

4.1    Trustee 102 Awards which shall be granted under this Sub-Plan and/or any Share allocated or issued upon grant, exercise or vesting of a Trustee 102 Award and/or other Shares received following any realization of rights under the Plan, shall be allocated or issued to the Trustee or controlled by the Trustee, for the benefit of the Approved Israeli Participants, in accordance with the provisions of Section 102 and any tax ruling issued by the ITA. In the event that the requirements for Trustee 102 Awards are not met, the Trustee 102 Awards may be regarded as Non-Trustee 102 Awards or as Awards which are not subject to Section 102, all in accordance with the provisions of Section 102.

4.2    With respect to any Trustee 102 Award, subject to the provisions of Section 102, an Approved Israeli Participant shall not sell or release from trust any Share received upon the grant, exercise or vesting of a Trustee 102 Award and/or any Share received following any realization of rights, including, without limitation, stock dividends, under the Plan at least until the lapse of the period of time required under Section 102 or any shorter period of time determined by the ITA (the “Holding Period”). Notwithstanding the above, if any such sale or release occurs during the Holding Period, the sanctions under Section 102 shall apply to and shall be borne by such Approved Israeli Participant.

4.3    Notwithstanding anything to the contrary, the Trustee shall not release or sell any Shares allocated or issued upon grant, exercise or vesting of a Trustee 102 Award unless the Company, its relevant Israeli Affiliate and the Trustee are satisfied that the full amounts of Tax due have been paid or will be paid.

1.4Upon receipt of any Trustee 102 Award, the Approved Israeli Participant will consent to the grant of the Award under Section 102 and undertake to comply with the terms of Section 102 and the trust arrangement between the Company and the Trustee.

4.5    Any Award classified as a Capital Gain Award is meant to comply in full with the terms and conditions of Section 102 and the requirements of the ITA, therefore it is clarified that at all times the Plan and this Sub-Plan are to be read such that they comply with the requirements of Section 102 and as a consequence, should any provision in the Plan or Sub-Plan disqualify the Plan and/or the Awards granted thereunder from beneficial tax treatment pursuant to the provisions of Section 102 of the Ordinance (other than under Sections 3(d) and 13 of the Plan), such provision shall not apply to the Trustee 102 Awards either permanently or until the ITA provides approval of compliance with Section 102.

5.    THE AWARDS

The terms and conditions upon which the Awards shall be issued and exercised or vest, as applicable, shall be specified in the Israeli Stock Award Agreement to be executed pursuant to the Plan and to this Sub-Plan. Each Israeli Stock Award Agreement shall state, inter alia, the number of Shares to which the Award relates, the type of Award granted thereunder (i.e., a CGA, OIA or Non-Trustee 102 Award), and any applicable

vesting provisions and exercise price that may be payable. For the avoidance of doubt, it is clarified that there is no obligation for uniformity of treatment of Israeli Participants and that the terms and conditions of Award need not be the same with respect to each Israeli Participant (whether or not such Israeli Participants are similarly situated).

6.    EXERCISE AND VESTING OF AWARDS

Vesting and exercise of Awards granted to Israeli Participants shall be subject to the terms and conditions and, with respect to exercise, the method, as may be determined by the Company (including the provisions of the Plan) and, when applicable, by the Trustee, in accordance with the requirements of Section 102.

7.    ASSIGNABILITY, DESIGNATION AND SALE OF AWARDS

7.1.    Notwithstanding any other provision of the Plan, no Trustee 102 Award or any right with respect thereto, or purchasable hereunder, whether fully paid or not, shall be assignable, transferable or given as collateral, or any right with respect to any Trustee 102 Award given to any third party whatsoever, and during the lifetime of the Israeli Participant, each and all of such Israeli Participant’s rights with respect to a Trustee 102 Award shall belong only to the Israeli Participant. Any such action made directly or indirectly, for an immediate or future validation, shall be void.

7.2    As long as Awards or Shares issued or purchased hereunder are held by the Trustee on behalf of the Israeli Participant, all rights of the Israeli Participant over the Shares cannot be transferred, assigned, pledged or mortgaged, other than by will or laws of descent and distribution.

8.    INTEGRATION OF SECTION 102 AND TAX ASSESSING OFFICER’S APPROVAL

8.1.    With regard to Trustee 102 Awards, the provisions of the Plan and/or the Sub-Plan and/or the Israeli Stock Award Agreement shall be subject to the provisions of Section 102 and any approval issued by the ITA and the said provisions shall be deemed an integral part of the Plan, the Sub-Plan and the Israeli Stock Award Agreement.

8.2.    Any provision of Section 102 and/or said approval issued by the ITA which must be complied with in order to receive and/or to maintain any tax Award pursuant to Section 102, which is not expressly specified in the Plan, the Sub-Plan or the Israeli Stock Award Agreement, shall be considered binding upon the Company, the relevant Israeli Affiliate of the Company and the Israeli Participants.

9.    DIVIDEND AND DIVIDEND EQUIVALENTS

Subject to the provisions of the Plan, with respect to all Shares allocated or issued subsequent to the exercise or vesting of Awards granted to the Israeli Participant and held by the Israeli Participant or by the Trustee, as the case may be, the Israeli Participant shall be entitled to receive dividends, if any, in accordance with the quantity of such Shares, subject to the provisions of the Company’s Articles of Incorporation (and all amendments thereto) and subject to any applicable taxation on distribution of dividends, and when applicable subject to the provisions of Section 102 and the rules, regulations or orders promulgated thereunder.

Dividend equivalents credited in Shares may be treated as separate Awards for Israeli tax purposes. Dividend equivalent credited in cash will be treated as a cash bonus for tax purposes.

10.    TAX CONSEQUENCES

10.1    Any tax consequences arising from the grant, exercise, vesting or sale of any Award, from the payment for and/or sale of Shares covered thereby or from any other event or act (of the Company, and/or its Affiliates, and the Trustee or the Israeli Participant), hereunder, shall be borne solely by the Israeli Participant. The Company and/or its Affiliates and/or the Trustee shall withhold Tax according to the requirements under the applicable laws, rules, and regulations, including withholding taxes at source. Furthermore, the Israeli Participant agrees to indemnify the Company and/or its Affiliates and/or the Trustee and hold them harmless against and from any and all liability for any such Tax or interest or penalty thereon, including without limitation, liabilities relating to the necessity to withhold, or to have withheld, any such Tax from any payment made to the Israeli Participant.

10.2    The Company and/or, when applicable, the Trustee shall not be required to release any Award or Share to an Israeli Participant until all required Tax payments have been fully made.10.3    102 Awards that do not comply with the requirements of Section 102 shall be considered Non-Approved 102 Awards or Awards subject to tax under Section 3(i) or 2 of the Ordinance.

10.4 With respect to Non-Trustee 102 Awards, if the Israeli Participant ceases to be employed by the Company or any of its Affiliates, or otherwise if so requested by the Company or any of its Affiliates, the Israeli Participant shall extend to the Company and/ or any of its Affiliates a security or guarantee for the payment of Tax due at the time of sale of Shares, in accordance with the provisions of Section 102.

10.5    For avoidance of doubt it is clarified that the tax treatment of any Award granted under this Sub-Plan is not guaranteed and although Awards may be granted under a certain tax route, they may become subject to a different tax route in the future. The Company and its Affiliates bear no responsibility regarding the tax treatment of any Award.

11.    TERM OF PLAN AND SUB-PLAN

Notwithstanding anything to the contrary in the Plan and in addition thereto, the Company shall obtain all approvals for the adoption of this Sub-Plan or for any amendment to this Sub-Plan as are necessary to comply with any law applicable to Awards granted to Israeli Participants under this Sub-Plan or with the Company’s incorporation documents.

12.    ONE TIME AWARD

The Awards and underlying Shares are extraordinary, one-time Awards granted to the Participants, and are not and shall not be deemed a salary component for any purpose whatsoever, including in connection with calculating severance compensation under applicable law.

13.    GOVERNING LAW

Solely for the purpose of Israeli tax, this Sub-Plan shall be governed by, construed and enforced in accordance with the laws of the State of Israel, without reference to conflicts of law principles.

* * *

Document

[FORM OF]

VARONIS SYSTEMS, INC. 2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN

PERFORMANCE-BASED RESTRICTED STOCK UNIT AWARD GRANT NOTICE

Varonis Systems, Inc. (the “Company”), pursuant to its 2023 Amended and Restated Omnibus Equity Incentive Plan (including the Sub- Plan for Israeli Participants adopted by the Company) (the ”Plan”), attached hereto as Exhibits C1 and C2, respectively, hereby grants to the individual listed below (the “Participant”) an Award of performance-based restricted stock units (“PSUs”). Each earned and vested PSU represents the right to receive, in accordance with the PSU Award Agreement attached hereto as Exhibit B (the “Agreement”), one share of the Common Stock of the Company (each, a “Share”). This Award of PSUs is subject to all of the terms and conditions set forth herein and in the Agreement and the Plan, which are incorporated herein by reference.

Capitalized terms not specifically defined herein shall have the meanings specified in the Plan.

Participant [●]
Grant Date: [●]
Performance Period: [●]
Target Number of PSUs Subject to Grant: [●]
Type of Grant: Section 102 – "capital gains route"

Vesting Schedule: The number of PSUs earned with respect to each Performance Period shall be determined in accordance with the performance metrics attached as Exhibit A to this Notice (the “Performance Metrics”), as determined by the Administrator in its sole discretion. Each PSU earned in accordance with the Performance Metrics (an “Earned PSU”). PSUs deemed by the Administrator not to have been earned in accordance with the Performance Metrics shall immediately terminate.

Any and all vesting of Earned PSUs is subject to the Participant’s continued employment or service with the Company or an Affiliate thereof through such vesting date.

Termination: Except to the extent paid in accordance with the above vesting schedule, the PSUs shall terminate, become forfeited or expire without settlement in accordance with the terms of the Agreement.

Any Shares issued in excess of the target number of shares granted to you as PSUs will be treated as a new grant for purposes of Section 102 and their Grant Date for all intents and purposes will be the vesting date.

By his or her signature, the Participant hereby:

(a)agrees to be bound by the terms and conditions of the Plan, the Agreement and this Notice.

(b)acknowledges receipt of a copy of the Plan and accepts the PSUs subject to all of the terms and provisions of the Plan, the Agreement and this Notice and declares that he/she has reviewed the Agreement, the Plan and this Notice in their entirety.

(c)declares that he/she has had an opportunity to obtain the advice of counsel prior to executing this Notice and fully understands all provisions of this Notice, the Agreement and the Plan.

(d)agrees to accept as binding, conclusive and final all decisions or interpretations of the Administrator upon any questions arising under the Plan, the Agreement and this Notice or relating to the award of PSUs.

(e)declares that she/he is familiar with Section 102 and the regulations and rules promulgated thereunder, including without limitations the provisions of the applicable tax route, and agrees to comply with such provisions, as amended from time to time, provided that if such terms are not met, Section 102 may not apply.

(f)agrees to the terms and conditions of the trust deed signed between the Trustee and attached herein as Exhibit D and the Company and/or the applicable Affiliate, including but not limited to the control of the Shares by the Trustee.

(g)acknowledges that releasing the Shares from the control or holding of the Trustee prior to the termination of the Holding Period constitutes a violation of the terms of Section 102 and agrees to bear the relevant sanctions.

(h)authorizes the Company and/or the applicable Affiliate to provide the Trustee with any information required for the purpose of administering the Plan including executing its obligations under the Ordinance, the trust deed and the trust agreement, including without limitation information about his/her Shares, income tax rates, salary bank account, contact details and identification number.

(i)declares that he/she is a resident of the State of Israel for tax purposes on the Grant Date and agrees to notify the Company upon any change in the residence address indicated above and acknowledges that if he/she ceases to be an Israeli resident or if his/her engagement with the

Company or Affiliate is terminated, the Shares shall remain subject to Section 102, the trust agreement, the Plan, the Agreement and this Notice.

(j)warrants and undertakes that at the time of grant of the PSUs herein, or as a consequence of the grant, the Participant is not and will not become a holder of a “controlling interest” in the Company, as such term is defined in Section 32(9) of the Ordinance.

VARONIS SYSTEMS, INC. PARTICIPANT

Exhibit A

PERFORMANCE METRICS

Exhibit B

PERFORMANCE-BASED RESTRICTED STOCK UNIT AWARD AGREEMENT

Pursuant to the Performance-Based Restricted Stock Unit Award Grant Notice (the “Notice”) to which this Performance-Based Restricted Stock Unit Award Agreement (this “Agreement”) is attached, Varonis Systems, Inc. (the “Company”) has granted to the Participant an Award of performance-based restricted stock units (“PSUs”) under the Company's 2023 Amended and Restated Omnibus Equity Incentive Plan including the sub-Plan for the Israeli Participants (the “Plan”). Each earned and vested PSU represents the right to receive one share of Common Stock of the Company (each a “Share”). Capitalized terms not specifically defined herein shall have the meanings specified in the Plan and Notice.

ARTICLE I

GENERAL

1.Incorporation of Terms of Plan. The PSUs are subject to the terms and conditions of the Plan, which are incorporated herein by reference. In the event of any inconsistency between the Plan and this Agreement, the terms of the Plan shall control.

ARTICLE II

GRANT OF PSUS

1.Grant of PSUs. In consideration of the Participant's employment or service to the Company or any Affiliate and other good and valuable consideration, effective as of the Grant Date set forth in the Notice, the Company hereby grants to the Participant an Award of PSUs under the Plan, upon the terms and conditions set forth in the Notice, the Plan and this Agreement.

2.Unsecured Obligation. Unless and until the PSUs have been earned and vested in the manner set forth in Article 2 hereof, the Participant will have no right to receive Shares with respect to any such PSUs. Prior to actual payment of any earned and vested PSUs, such PSUs will represent an unsecured obligation of the Company, payable (if at all) only from the general assets of the Company.

3.Vesting Schedule. Subject to Sections 2.5 and 3.1 hereof, the PSUs shall be earned and shall thereafter vest and become nonforfeitable with respect to the applicable portion thereof according to the Vesting Schedule set forth in the Notice (rounding down to the nearest whole Share).

4.Consideration to the Company. In consideration of the grant of PSUs pursuant hereto, the Participant agrees to render faithful and efficient employment or other service to the Company or any Affiliate. Nothing in the Plan or this Agreement shall confer upon the Participant any right to continue in the employment or service of the Company or any Affiliate or shall interfere with or restrict in any way the rights of the Company and its Affiliates, which rights are hereby expressly reserved, to discharge or terminate the employment or service of the Participant at any time for any reason whatsoever, with or without Cause.

5.Forfeiture, Termination and Cancellation Upon Termination of Employment or Service.

(a)Upon the Participant's termination of employment or service with the Company and all Affiliates thereof, the PSUs shall be treated as follows, except as specifically provided otherwise herein or in a separate arrangement between the Company and the Participant:

(i)In the event that the employment or service of the Participant with the Company and all Affiliates thereof) shall terminate for any reason other than for Cause, unvested PSUs granted to the Participant shall terminate at the close of business on the date of such termination.

(ii)In the event of the termination of the Participant's employment or service for Cause, all outstanding PSUs (whether vested or not and whether an Earned PSU or not) granted to the Participant shall terminate at the commencement of business on the date of such termination.

(iii)[for CEO only] Notwithstanding the foregoing or any provision herein to the contrary, in the event of the Participant’s voluntary resignation at any time when the Participant is Retirement Eligible, then, solely for purposes of continued vesting under this Agreement, the Participants Service is deemed to continue uninterrupted so long as the Participant (x) remains in compliance with all of the Participant’s continuing obligations to the Company and its Affiliates, and (y) the Participant provides such cooperation as the Company may reasonably request relating to the transfer of the Participant’s responsibilities. As used in the preceding sentence, “Retirement Eligible” means that the Participant has obtained age 55 and the Participant has remained in continuous Service to the Company for at least ten (10) years.

(b)The Administrator or its delegate shall determine in its sole discretion the manner in which the PSUs shall be affected, both with regard to the vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of the Participant.

(c)For purposes of the PSUs, as determined in the Administrator’s or its delegate’s exclusive discretion, the Participant’s Service will be considered terminated as of the date the Participant is no longer actively providing services to the Company or any Affiliate (regardless of the reason for such termination and whether or not later to be found invalid or in breach of Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any), and unless otherwise expressly provided in this Agreement or determined by the Administrator or its delegate, the Participant’s right to vest in the PSUs, if any, will terminate as of such date and will not be extended by any notice period (e.g., the Participant’s period of service would not include any contractual notice period or any period of “garden leave” or similar period mandated under Applicable Laws in the jurisdiction where the Participant is employed or retained or the terms of the Participant’s employment or service agreement, if any).

6.Issuance of Shares upon Vesting.

(a)Earned PSUs to the extent determined by the Compensation Committee after the applicable year-end audit shall represent the right to receive, on the first business day following the applicable vesting date, the number of Shares determined in accordance with the Vesting Schedule set forth in the Notice and provided that the Participant remains employed by the Company or an Affiliate through the applicable vesting date, subject to the provisions of Section 2.5 or Section 3.1. Notwithstanding the above, Shares earned with respect to vested Earned PSUs shall be treated as delivered on the first business day following the applicable vesting date (the “Delivery Date”) provided that they are delivered on a date following the Delivery Date that is in the same calendar year as the vesting date. On the Delivery Date, the Company shall deliver to the Trustee for the benefit of the Participant or to an account controlled by the Trustee (or any transferee permitted under Section 4.2 hereof) a number of Shares (either by delivering one or more certificates for such Shares or by entering such Shares in book entry form, as determined by the Company in its sole discretion) equal to the number of Earned PSUs that vest on the applicable vesting date, unless such Earned PSUs terminate prior to the applicable vesting date pursuant to Section 2.5 hereof. Notwithstanding the foregoing, in the event Shares cannot be issued pursuant to Section 20 of the Plan, the Shares shall be issued pursuant to the preceding sentence as soon as administratively practicable after the Administrator determines that Shares can again be issued in accordance with such Section.

(b) As set forth in Section 17 of the Plan and Section 5.3 of this Agreement, the Participant satisfy all Tax-Related Items (as defined in Section 5.3 below) in connection with the PSUs. The Company shall not be obligated to deliver any new certificate representing Shares to the Participant or the Participant’s legal representative or enter such Shares in book entry form unless and until the Participant or the Participant’s legal representative shall have paid or otherwise satisfied in full the amount of all Tax-Related Items.

7.Conditions to Delivery of Shares. The Shares deliverable hereunder may be either previously authorized but unissued Shares, treasury Shares or issued Shares which have then been reacquired by the Company. Such Shares shall be fully paid and nonassessable. The Company shall not be required to issue or deliver any certificates or make any book entries evidencing Shares deliverable hereunder prior to fulfillment of the conditions set forth in Section 20 of the Plan.

ARTICLE III

TRUST

The PSUs and the underlying Shares and/or any additional rights, including without limitation any right to receive any dividends or any shares received as a result of an adjustment made under the Plan, that may be granted in connection with the PSUs (the “Additional Rights”) shall be issued to or controlled by the Trustee for the benefit of the Participant under the provisions of the Section 102 under the Capital Gains Route for at least the period stated in Section 102 and the Income Tax Rules (Tax Benefits in Share Issuance to Employees) 5763-2003 (the “Rules”). In the event the PSUs do not meet the requirements of Section 102 of the Ordinance, such PSUs and the underlying Shares shall not qualify for the favorable tax treatment under the Section 102. The Company makes no representations or guarantees that the PSUs will qualify for favorable tax treatment and will not be liable or responsible if favorable tax treatment is not available under Section 102. Any fees associated with any sale, transfer or any act in relation to the PSUs shall be borne by the Participant and the Trustee and/or the Company and/or any Affiliate shall be entitled to withhold or deduct such fees from payments otherwise due to from the Company or an Affiliate or the Trustee. In accordance with the requirements of Section 102 and the Capital Gains Route, the Participant shall not sell nor transfer the Shares or Additional Rights from the Trustee until the end of the required Holding Period. Notwithstanding the above, if any such sale or transfer occurs before the end of the required Holding Period, the sanctions under Section 102 shall apply to and shall be borne by the Participant.

CHANGE IN CONTROL

Change in Control. In the event of a Change in Control, the PSUs shall be treated in accordance with Section 13 of the Plan.

ARTICLE V

OTHER PROVISIONS

1.1.Administration. The Administrator shall have the power and authority to interpret and construe the terms and provisions of this Agreement and to adopt such rules for the administration, interpretation and application of this Agreement as are consistent therewith and to interpret, amend or revoke any such rules. All decisions made by the Administrator shall be final, conclusive and binding on all persons, including the Participant, the Company and any other interested persons and entities.

1.2.Transferability of Grant

Except as otherwise set forth in the Plan:

(a)The PSUs may not be sold, pledged, assigned or transferred in any manner other than by will or the laws of descent and distribution;

(b)Neither the PSUs nor any interest or right therein shall be liable for the debts, contracts or engagements of the Participant or his or her successors in interest or shall be subject to disposition by transfer, alienation, anticipation, pledge, encumbrance, assignment or

any other means whether such disposition be voluntary or involuntary or by operation of law by judgment, levy, attachment, garnishment or any other legal or equitable proceedings (including bankruptcy), and any attempted disposition thereof shall be null and void and of no effect, except to the extent that such disposition is permitted by Section 4.2(a).

1.3.Responsibility for Taxes. Regardless of any action the Company or, if different, the Affiliate to which the Participant provides services takes with respect to any or all income tax, social insurance, payroll tax, fringe benefits tax, payment on account or other tax related items related to the Participant’s participation in the Plan and legally applicable to the Participant (“Tax-Related Items”), the Participant acknowledges that the ultimate liability for all Tax-Related Items is and remains the Participant’s responsibility and may exceed the amount actually withheld by the Company or the Affiliate. The Participant further acknowledges that the Company and/or the Affiliate (i) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the PSUs, including, but not limited to, the grant, vesting or settlement of the PSUs, the subsequent sale of Shares acquired pursuant to such settlement and the receipt of any dividends and/or dividend equivalent; and (ii) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the PSUs to reduce or eliminate the Participant’s liability for Tax-Related Items or achieve any particular tax result. Further, if the Participant has become subject to tax in more than one jurisdiction, the Participant acknowledges that the Company and/or the Affiliate may be required to withhold or account for Tax-Related Items in more than one jurisdiction.

1.4.Withholding of Taxes. Prior to any relevant taxable or tax withholding event, as applicable, the Participant agrees to make adequate arrangements satisfactory to the Company and/or Trustee and/or the Affiliate to satisfy all Tax-Related Items. In this regard, the Participant authorizes the Company and/or the Trustee and/or the Affiliate, or their respective agents, at their discretion, to satisfy any applicable withholding obligations with regard to all Tax-Related Items by one or a combination of the following:

(a)withholding from the Participant’s wages or other cash compensation paid to the Participant by the Company and/or the Trustee and/or the Affiliate;

(b)withholding from proceeds of the sale of Shares acquired upon settlement of the PSUs either through a voluntary sale or through a mandatory sale arranged by the Company and/or Trustee (on the Participant’s behalf pursuant to this authorization); and

(c)withholding in Shares to be issued upon settlement of the PSUs, unless the use of such withholding method is problematic under Applicable Laws, in which case the obligation for Tax-Related Items may be satisfied by one or a combination of methods (a) and (b) above.

Depending on the withholding method, the Company and/or the Trustee and/or the Affiliate may withhold or account for Tax-Related Items by considering applicable minimum statutory withholding rates or other applicable withholding rates, including maximum applicable

rates, in which case the Participant may receive a refund of any over-withheld amount in cash and will have no entitlement to the Share equivalent. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, the Participant is deemed to have been issued the full number of Shares subject to the vested PSUs, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items.

In addition, the Participant agrees to pay to the Company or the Trustee or the Affiliate any amount of Tax-Related Items that the Company or the Trustee or the Affiliate may be required to withhold or account for as a result of the Participant’s participation in the Plan that cannot be satisfied by the means previously described. The Company may refuse to issue or deliver the Shares or the proceeds of the sale of Shares, if the Participant fails to comply with his or her obligations in connection with the Tax-Related Items.

Finally, the Participant acknowledges that the Company, its Affiliates and/or the employer (i) make no representations or undertakings regarding the treatment of any Tax-Related Items in connection with any aspect of the PSUs including, but not limited to, the grant or vesting of the PSUs, the subsequent sale or transfer of Shares acquired pursuant to the PSUs and the receipt of any dividends; and (ii) do not commit to and are under no obligation to structure the terms of the grant or any aspect of the PSUs to reduce or eliminate Participant's liability for Tax-Related Items or achieve any particular tax result. Further, if Participant has become subject to tax in more than one jurisdiction between the Grant Date and the date of any relevant taxable or tax withholding event, as applicable, Participant acknowledges that the Company, its Affiliates, the employer (or former employer, as applicable) and/or the Trustee may be required to withhold or account for Tax-Related Items in more than one jurisdiction. If Participant is subject to Tax-Related Items in more than one jurisdiction between the Grant Date and the date of any relevant taxable or tax withholding event, as applicable, Participant acknowledges that the Company and/or the employer (or former employer, as applicable) and/or the Trustee may be required to withhold or account for Tax- Related Items in more than one jurisdiction. If the obligation for Tax-Related Items is satisfied by withholding in Shares, for tax purposes, Participant is deemed to have been issued the full number of Shares subject to the PSUs, notwithstanding that a number of the Shares are held back solely for the purpose of paying the Tax-Related Items due as a result of any aspect of Participant's participation in the Plan. The ramifications of any future modification of applicable laws regarding the taxation of the PSUs granted to Participant shall apply to the Participant accordingly and the Participant shall bear the full cost thereof, unless such modified laws expressly provide otherwise.

1.5.Notices. Any notice to be given under the terms of this Agreement to the Company shall be addressed to the Company in care of the Legal Department at the Company's principal office, and any notice to be given to the Participant shall be addressed to the Participant at the Participant's last address reflected on the Company's records. Any notice which is required to be given to the Participant shall, if the Participant is then deceased, be

given to the person entitled to the PSUs pursuant to Section 4.2(a) hereof by written notice under this Section 4.7.

1.6.Participant’s Representations. If the Shares issuable hereunder have not been registered under the Securities Act or any applicable state laws on an effective registration statement at the time of such issuance, the Participant shall, if required by the Company, concurrently with such issuance, make such written representations as are deemed necessary or appropriate by the Company and/or its counsel.

1.7.Titles. Titles are provided herein for convenience only and are not to serve as a basis for interpretation or construction of this Agreement.

1.8.Governing Law and Venue. The laws of the State of Delaware shall govern the interpretation, validity, administration, enforcement and performance of the terms of this Agreement regardless of the law that might be applied under principles of conflicts of laws. For purposes of litigating any dispute that arises under this grant or this Agreement, the parties hereby submit to and consent to the exclusive jurisdiction of the State of New York, agree that such litigation shall be conducted in the courts of New York County, New York, or the federal courts for the U.S. for the Southern District of New York, where this grant is made and/or to be performed.

1.9.Conformity to Securities Laws. The Participant acknowledges that the Plan and this Agreement are intended to conform to the extent necessary with all provisions of the Securities Act and the Exchange Act and any and all regulations and rules promulgated by the Securities and Exchange Commission thereunder, and state securities laws and regulations. Notwithstanding anything herein to the contrary, the Plan shall be administered, and the PSUs are granted and settled, only in such a manner as to conform to such laws, rules and regulations. To the extent permitted by applicable law, the Plan and this Agreement shall be deemed amended to the extent necessary to conform to such laws, rules and regulations.

1.10.Clawback. The Participant hereby acknowledges the PSUs are subject to, and agrees to be bound by, the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion in accordance with Section 22 of the Plan.

1.11.Amendments and Termination. To the extent permitted by the Plan, this Agreement may be wholly or partially amended, altered or terminated at any time or from time to time by the Administrator or the Board.

1.12.Successors and Assigns. The Company may assign any of its rights under this Agreement to single or multiple assignees, and this Agreement shall inure to the benefit of the successors and assigns of the Company. Subject to the restrictions on transfer herein set forth in Section 4.2 hereof, this Agreement shall be binding upon the Participant and his or her heirs, executors, administrators, successors and assigns.

1.13.Limitations Applicable to Section 16 Persons. Notwithstanding any other provision of the Plan or this Agreement, if the Participant is subject to Section 16 of the Exchange Act, then the Plan, the PSUs and this Agreement shall be subject to any additional limitations set forth in any applicable exemptive rule under Section 16 of the Exchange Act

(including any amendment to Rule 16b-3 of the Exchange Act) that are requirements for the application of such exemptive rule. To the extent permitted by applicable law, this Agreement shall be deemed amended to the extent necessary to conform to such applicable exemptive rule.

1.14.Entire Agreement. The Plan, the Notice and this Agreement (including all Exhibits thereto, if any) constitute the entire agreement of the parties and supersede in their entirety all prior undertakings and agreements of the Company and the Participant with respect to the subject matter hereof.

1.15.Section 409A. This PSU Award is intended to comply with Code Section 409A to the extent subject thereto and shall be interpreted in accordance with Code Section 409A and Department of Treasury regulations and other interpretive guidance issued thereunder, including without limitation any such regulations or other guidance that may be issued after the Grant Date. Notwithstanding any provision in the Plan or Agreement to the contrary, no payment or distribution under this Agreement that constitutes an item of deferred compensation under Code Section 409A and becomes payable by reason of the Participant's termination of employment or service with the Company will be made to the Participant until the Participant's termination of employment or service constitutes a “separation from service” (as defined in Code Section 409A). For purposes of this Agreement, each amount to be paid or benefit to be provided shall be construed as a separate identified payment for purposes of Code Section 409A. If the Participant is a “specified employee” (as defined in Code Section 409A), then to the extent necessary to avoid the imposition of taxes under Code Section 409A, the Participant shall not be entitled to any payments upon a termination of his or her employment or service until the earlier of: (i) the expiration of the six (6)-month period measured from the date of such Participant's “separation from service” or (ii) the date of the Participant's death. Upon the expiration of the applicable waiting period set forth in the preceding sentence, all payments and benefits deferred pursuant to this Section 4.17 (whether they would have otherwise been payable in a single lump sum or in installments in the absence of such deferral) shall be paid to the Participant in a lump sum as soon as practicable, but in no event later than sixty (60) calendar days, following such expired period, and any remaining payments due under this Agreement will be paid in accordance with the normal payment dates specified for them herein. The Administrator may, in its discretion, adopt such amendments to the Plan, this Agreement or the Notice or adopt other policies and procedures (including amendments, policies and procedures with retroactive effect), or take any other actions, as the Administrator determines are necessary or appropriate to comply with the requirements of Code Section 409A.

1.16.Electronic Signature; Electronic Delivery and Acceptance. The Participant's electronic signature of this Agreement shall have the same validity and effect as a signature affixed by hand. The Company may, in its sole discretion, decide to deliver any documents related to the Participant’s current or future participation in the Plan by electronic means. The Participant hereby consents to receive such documents by electronic delivery and agrees to participate in the Plan through an on-line or electronic system established and maintained by the Company or a third party designated by the Company.

1.17.Waiver. The Participant acknowledges that a waiver by the Company of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any other provision of this Agreement, or of any subsequent breach by the Participant.

1.18.Severability. The provisions of this Agreement are severable and if any one or more provisions are determined to be illegal or otherwise unenforceable, in whole or in part, the remaining provisions shall nevertheless be binding and enforceable.

1.19.The Company has obtained an exemption from the requirement to file a prospectus in Israel with respect to the offer of securities of the Company under the Plan (including the Israeli Sub-Plan). Copies of the Plan and the Form S-8 registration statement for the Plan filed with the U.S. Securities and Exchange Commission will be made available by request from the Company’s Legal Department.

1.20.Data Privacy Notice and Consents.

(a)What personal data we collect and for which purpose? The Company collects, processes and uses personal data of the Participant, including, but not limited to, his or her name, home address and telephone number, email address, date of birth, social insurance, passport or other identification number (e.g., resident registration number), nationality, job title, any Shares or directorships held in the Company, details of all PSUs or any other entitlement to Shares awarded, canceled, exercised, vested, unvested or outstanding in the Participant’s favor. If the Company offers the Participant a grant of PSUs under the Plan, then the Company will collect the Participant’s personal data for purposes of allocating stock and implementing, administering and managing the Plan.

(b)Legal basis for processing of personal data. The Company’s legal basis for the processing of the Participant’s personal data would be his or her consent, and where applicable, the performance of the Company's legal duties as an employer and/or issuer of PSUs.

(c)To whom do we disclose such personal data? The Company transfers participant data to Stock Plan Administration Service Providers such as Morgan Stanley, an independent service provider based in the United States, which assists the Company with the implementation, administration and management of the Plan. In the future, the Company may select a different service provider and may share the Participant’s data with another company that serves in a similar manner. The Company’s service provider(s) will open an account for the Participant to receive and trade Shares.

(d)What safeguards are applied to your personal data? We apply and contractually enforce on any service provider or recipient with which we share personal data, separate terms and data processing agreements, to protect the personal data, including by applying various technical and organizational safeguards. Where required we also rely on additional data transfer mechanisms, as further described in the 'International Data Transfers' section below.

(e)Data Retention. The Company will use the Participant’s personal data only as long as is necessary to implement, administer and manage the Participant’s participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and securities laws. When the Company no longer needs the Participant’s personal data, which will generally be seven years after the Participant is granted PSUs under the Plan, the Company will remove it from its systems. If the Company keeps data longer, it would be to satisfy legal or regulatory obligations and the Company’s legal basis would be relevant laws or regulations.

(f)Voluntariness and Consequences of Consent Denial or Withdrawal. The Participant’s participation in the Plan and the Participant’s grant of consent is purely voluntary. The Participant may deny or withdraw his or her consent at any time. If the Participant does not consent, or if the Participant withdraws his or her consent, the Participant cannot participate in the Plan. This would not affect the Participant’s salary as an employee or his or her career; the Participant would merely forfeit the opportunities associated with the Plan.

(g)Data Protection Officer - The Company has appointed a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. If you have any questions about this Policy, please contact our Data Protection Officer via privacy@varonis.com.

For further information, please refer to our Employees and Contractors Privacy Policy.

1.21.Insider-Trading/Market-Abuse Laws. The Participant acknowledges that, depending on his or her country of residence or the country of residence of the Participant’s broker, the Participant may be subject to insider-trading restrictions and/or market-abuse laws, which may affect his or her ability to accept, acquire, sell or otherwise dispose of Shares, rights to Shares (e.g., PSUs) or rights linked to the value of Shares during such times as the Participant is considered to have “inside information” regarding the Company, as defined by the laws or regulations in the Participant’s country. Local insider trading laws and

regulations may prohibit the cancellation or amendment of orders placed by the Participant before the Participant possessed inside information. Furthermore, the Participant could be prohibited from (i) disclosing the inside information to any third party (other than on a “need to know” basis) and (ii) “tipping” third parties or causing them otherwise to buy or sell securities. Note that third parties include fellow employees. Any restrictions under these laws or regulations are separate from and in addition to any restrictions that may be imposed under any applicable Company insider trading policy. The Participant acknowledges that it is his or her responsibility to be informed of and compliant with such regulations, and the Participant should speak to his or her personal legal advisor on this matter.

1.22.Language. If the Participant has received this Agreement or any other document related to the Plan translated into a language other than English and if the meaning of the translated version is different than the English version, the English version will control.

1.23.Imposition of Other Requirements. The Company reserves the right to impose other requirements on the Participant’s participation in the Plan, on the PSUs and on any Shares acquired under the Plan, to the extent the Company determines it is necessary or advisable for legal or administrative reasons, and to require the Participant to sign any additional agreements or undertakings that may be necessary to accomplish the foregoing.

EXHIBIT C1 VARONIS SYSTEMS, INC.

2023 AMENDED AND RESTATED OMNIBUS EQUITY INCENTIVE PLAN

Section 1. Purpose of Plan.

The name of the Plan, as amended and restated from time to time is the Amended and Restated Varonis Systems, Inc. 2023 Omnibus Equity Incentive Plan. The purposes of the Plan are to provide an additional incentive to selected employees, directors, independent contractors and consultants of the Company or its Affiliates whose contributions are essential to the growth and success of the Company’s business, in order to strengthen the commitment of such persons to the Company and its Subsidiaries, motivate such persons to faithfully and diligently perform their responsibilities and attract and retain competent and dedicated persons whose efforts will result in the long-term growth and profitability of the Company. To accomplish such purposes, the Plan provides that the Company may grant Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Other Share-Based Awards, Cash Awards or any combination of the foregoing. Upon originally becoming effective on June 7, 2023, the Plan replaced the Varonis Systems, Inc. 2013 Omnibus Equity Incentive Plan (the “Prior Plan”) and no further awards could be made under the Prior Plan; provided, however, that the Prior Plan shall continue to govern the terms and condition of outstanding awards granted thereunder.

Section 2. Definitions.

For purposes of the Plan, the following terms shall be defined as set forth below:

(a) “Administrator” means the Board, or, if and to the extent the Board does not administer the Plan, the Committee in accordance with Section 3 hereof.

(b) “Affiliate” means a Person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the Person specified. An entity shall be deemed an Affiliate of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

(c) “Applicable Laws” means the applicable requirements under U.S. federal and state corporate laws, U.S. federal and state securities laws, including the Code, any stock exchange or quotation system on which the Common Stock is listed or quoted and the applicable laws of any other country or jurisdiction where Awards are granted under the Plan, as are in effect from time to time.

(d) “Award” means any Option, Share Appreciation Right, Restricted Share, Restricted Stock Unit, Performance Share, Other Share-Based Award or Cash Award granted under the Plan.

(e) “Award Agreement” means any written agreement, contract or other instrument or document evidencing an Award.

(f) “Beneficial Owner” (or any variant thereof) has the meaning defined in Rule 13d-3 under the Exchange Act.

(g) “Board” means the Board of Directors of the Company.

(h) “Bylaws” mean the bylaws of the Company, as may be amended and/or restated from time to time.

(i) “Cash Award” means cash awarded under Section 11 of the Plan, including cash awarded as a bonus or upon the attainment of Performance Goals or otherwise as permitted under the Plan.

(j) “Cause” shall have the meaning assigned to such term in any individual employment, change in control or severance agreement or plan or Award Agreement with the Participant or, if no such agreement exists or if such agreement does not define “Cause,” Cause shall mean (i) an act of dishonesty made by Participant in connection with Participant’s responsibilities as an employee which is materially injurious to the financial condition or business reputation of the Company or any of its Subsidiaries; (ii) Participant’s conviction of or plea of nolo contendere to, a felony or any crime involving fraud, embezzlement or any other act of moral turpitude; (iii) Participant’s gross misconduct; (iv) Participant’s willful unauthorized use or disclosure of any proprietary information or trade secrets of the Company or any of its Subsidiaries; (v) Participant’s willful and material violation of any written policies of the Company or any of its Subsidiaries (to the extent applicable); (vi) Participant’s material breach of any obligations under any material written agreement or covenant with the Company or any of its Subsidiaries; or (vii) Participant’s continued failure to perform his or her employment duties after Participant has received a written demand for performance from the Company or any of its Subsidiaries which specifically sets forth the factual basis for the applicable Company’s or its Subsidiary’s belief that Participant has not substantially performed his or her duties.

(k) “Change in Capitalization” means any (i) merger, amalgamation, consolidation, reclassification, recapitalization, spin-off, spin-out, repurchase or other reorganization or corporate transaction or event, (ii) dividend (whether in the form of cash, Common Stock or other property), share subdivision or consolidation, (iii) combination or exchange of shares, (iv) other change in corporate structure or (v) declaration of a special dividend (including a cash dividend) or other distribution, which, in any such case, the Administrator determines, in its sole discretion, affects the Shares such that an adjustment pursuant to Section 5 hereof is appropriate.

(l) “Change in Control” shall be deemed to have occurred if an event set forth in any one of the following paragraphs shall have occurred:

(1) any Person (other than the Company, any trustee or other fiduciary holding securities under an employee benefit plan of the Company, or any company owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of Shares) is or becomes the Beneficial Owner, directly or indirectly, of securities of the Company (not including in the securities beneficially owned by such Person or any securities acquired directly from the Company or any Affiliate thereof) representing 50% or more of the combined voting power of the Company’s then outstanding securities; or

(2) the following individuals cease for any reason to constitute a majority of the number of directors then serving on the Board: individuals who, on the date hereof, constitute the Board and any new director (other than a director whose initial assumption of office is in connection with an actual or threatened election contest, including, but not limited to, a consent solicitation, relating to the election of directors of the Company) whose appointment or election by the Board or nomination for election by the Company’s shareholders was approved or recommended by a

vote of at least two-thirds (2/3) of the directors then still in office who either were directors on the date hereof or whose appointment, election or nomination for election was previously so approved or recommended; or

(3) there is consummated a merger, amalgamation or consolidation of the Company or any Subsidiary thereof with any other corporation, other than a merger, amalgamation or consolidation immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the Board of the entity surviving such merger, amalgamation or consolidation or, if the Company or the entity surviving such merger is then a subsidiary, the ultimate parent thereof; or

(4) the shareholders of the Company approve a plan of complete liquidation or dissolution of the Company or there is consummated an agreement for the sale or disposition by the Company of all or substantially all of the Company’s assets, other than (A) a sale or disposition by the Company of all or substantially all of the Company’s assets to an entity, at least fifty percent (50%) of the combined voting power of the voting securities of which are owned by shareholders of the Company following the completion of such transaction in substantially the same proportions as their ownership of the Company immediately prior to such sale or (B) a sale or disposition of all or substantially all of the Company’s assets immediately following which the individuals who comprise the Board immediately prior thereto constitute at least a majority of the board of directors of the entity to which such assets are sold or disposed or, if such entity is a subsidiary, the ultimate parent thereof.

For each Award that constitutes deferred compensation under Section 409A of the Code, a Change in Control shall be deemed to have occurred under the Plan with respect to such Award only if a change in the ownership or effective control of the Company or a change in ownership of a substantial portion of the assets of the Company shall also be deemed to have occurred under Section 409A of the Code.

Notwithstanding the foregoing, a Change in Control shall not be deemed to have occurred by virtue of the consummation of any transaction or series of integrated transactions immediately following which the holders of Common Stock immediately prior to such transaction or series of transactions continue to have substantially the same proportionate ownership in an entity which owns all or substantially all of the assets of the Company immediately following such transaction or series of transactions.

(m) “Code” means the Internal Revenue Code of 1986, as amended from time to time, or any successor thereto.

(n) “Committee” means any committee or subcommittee the Board may appoint to administer the Plan. Subject to the discretion of the Board, the Committee shall be composed entirely of individuals who meet the qualifications of a “non-employee director” within the meaning of Rule 16b-3 under the Exchange Act and any other qualifications required by the applicable stock exchange on which the Common Stock is traded. If at any time or to any extent the Board shall not administer the Plan, then the functions of the Administrator specified in the Plan shall be exercised by the Committee. Except as otherwise provided in the Certificate of Incorporation or Bylaws of the Company, any action of the Committee with respect to the

administration of the Plan shall be taken by a majority vote at a meeting at which a quorum is duly constituted or unanimous written consent of the Committee’s members.

(o) “Common Stock” means the common stock, par value $0.001 per share, of the Company.

(p) “Company” means Varonis Systems, Inc., a Delaware corporation (or any successor company, except as the term “Company” is used in the definition of “Change in Control” above).

(q) “Disability” shall have the meaning set forth in the employment, severance or change in control agreement or plan between the Participant and the Company, provided that if no such agreement or definition exists, then “Disability” shall mean, with respect to any Participant, that such Participant (i) as determined by the Administrator in its sole discretion, is unable to engage in any substantial gainful activity by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, or (ii) is, by reason of any medically determinable physical or mental impairment which can be expected to result in death or can be expected to last for a continuous period of not less than twelve (12) months, receiving income replacement benefits for a period of not less than three (3) months under an accident and health plan covering employees of the Company or an Affiliate thereof.

(r) “Eligible Recipient” means an employee, director, independent contractor or consultant of the Company or any Affiliate of the Company who has been selected as an eligible participant by the Administrator; provided, however, to the extent required to avoid the imposition of additional taxes under Section 409A of the Code, an Eligible Recipient of an Option or a Share Appreciation Right means an employee, director, independent contractor or consultant of the Company or any Subsidiary of the Company who has been selected as an eligible participant by the Administrator.

(s) “Exchange Act” shall mean the Securities Exchange Act of 1934, as amended from time to time.

(t) “Exercise Price” means, with respect to any Award under which the holder may purchase Shares, the per share price at which a holder of such Award granted hereunder may purchase Shares issuable upon exercise of such Award, which in any event will not be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(u) “Fair Market Value” as of a particular date shall mean the fair market value of a share of Common Stock as determined by the Administrator in its sole discretion; provided, however, that (i) if the Common Stock is admitted to trading on a national securities exchange, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such exchange on such date or, if no sale was reported on such date, on the last day preceding such date on which a sale was reported, (ii) if the Common Stock is admitted to quotation on the National Association of Securities Dealers Automated Quotation (“NASDAQ”) system or other comparable quotation system and has been designated as a National Market System (“NMS”) security, the fair market value of a share of Common Stock on any date shall be the closing sale price reported for such share on such system on such date or, if no sale was reported on such date, on the last date preceding such date on which a sale was reported, or (iii) if the Common Stock is admitted to quotation on NASDAQ but has not been designated as an NMS security, the fair market value of a share of Common Stock on any date shall be the

average of the highest bid and lowest asked prices of such share on such system on such date or, if both bid and ask prices were not reported on such date, on the last date preceding such date on which both bid and ask prices were reported.

(v) “ISO” means an Option intended to be and designated as an incentive stock option within the meaning of Section 422 of the Code.

(w) “Nonqualified Stock Option” shall mean an Option that is not designated as an ISO.

(x) “Option” means an option to purchase Shares granted pursuant to Section 7 hereof. The term “Option” as used in the Plan includes the terms “Nonqualified Stock Option” and “ISO.”

(y) “Other Share-Based Award” means a right or other interest granted pursuant to Section 10 hereof that may be denominated or payable in, valued in whole or in part by reference to, or otherwise based on or related to, the Common Stock, including, but not limited to, unrestricted Shares, restricted share units, dividend equivalents or performance units, each of which may be subject to the attainment of Performance Goals or a period of continued employment or other terms or conditions as permitted under the Plan.

(z) “Participant” means any Eligible Recipient selected by the Administrator, pursuant to the Administrator’s authority provided for in Section 3 below, to receive grants of Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing, and, upon his or her death, his or her successors, heirs, executors and administrators, as the case may be.

(aa) “Performance Goals” means performance goals based on one or more of (but not limited to) the following criteria: (i) earnings, including one or more of operating income, earnings before or after taxes, earnings before or after interest, depreciation, amortization, adjusted EBITDA, economic earnings, or extraordinary or special items or book value per share (which may exclude nonrecurring items); (ii) pre-tax income or after-tax income; (iii) earnings per Share (basic or diluted); (iv) operating profit; (v) revenue, revenue growth or rate of revenue growth; (vi) return on assets (gross or net), return on investment, return on capital, or return on equity; (vii) returns on sales or revenues; (viii) operating expenses; (ix) share price appreciation; (x) cash flow, free cash flow, cash flow return on investment (discounted or otherwise), net cash provided by operations, or cash flow in excess of cost of capital; (xi) implementation or completion of critical projects or processes; (xii) cumulative earnings per share growth; (xiii) operating margin or profit margin; (xiv) cost targets, reductions and savings, productivity and efficiencies; (xv) strategic business criteria, consisting of one or more objectives based on meeting specified market penetration, geographic business expansion, customer satisfaction, employee satisfaction, human resources management, supervision of litigation, information technology, and goals relating to acquisitions, divestitures, joint ventures and similar transactions, and budget comparisons; (xvi) personal professional objectives, including any of the foregoing performance goals, the implementation of policies and plans, the negotiation of transactions, the development of long term business goals, formation of joint ventures, research or development collaborations, and the completion of other corporate transactions; and (xvii) any combination of, or a specified increase in, any of the foregoing. Where applicable, the Performance Goals may be expressed in terms of attaining a specified level of the particular criteria or the attainment of a percentage increase or decrease in the particular criteria, and may be applied to one or more of the Company

or Affiliate thereof, or a division or strategic business unit of the Company, or may be applied to the performance of the Company relative to a market index, a group of other companies or a combination thereof, all as determined by the Committee. The Performance Goals may include a threshold level of performance below which no payment shall be made (or no vesting shall occur), levels of performance at which specified payments shall be made (or specified vesting shall occur), and a maximum level of performance above which no additional payment shall be made (or at which full vesting shall occur); provided, that the Committee shall have the authority to make equitable adjustments to the Performance Goals, including in recognition of unusual or non-recurring events affecting the Company or any Affiliate thereof or the financial statements of the Company or any Affiliate thereof, in response to changes in applicable laws or regulations, or to account for items of gain, loss or expense determined to be extraordinary or unusual in nature or infrequent in occurrence or related to an acquisition or similar transaction or the disposal of a segment of a business or related to a change in accounting principles.

(bb) “Performance Shares” means Shares or units denominated in Shares that are subject to restrictions that lapse upon the attainment of specified performance objectives and that are granted pursuant to Section 9 below.

(cc) “Person” shall have the meaning given in Section 3(a)(9) of the Exchange Act, as modified and used in Sections 13(d) and 14(d) thereof, except that such term shall not include (i) the Company or any Subsidiary thereof, (ii) a trustee or other fiduciary holding securities under an employee benefit plan of the Company or any Subsidiary thereof, (iii) an underwriter temporarily holding securities pursuant to an offering of such securities, or (iv) a corporation owned, directly or indirectly, by the shareholders of the Company in substantially the same proportions as their ownership of shares of the Company.

(dd) “Plan” means this Amended and Restated 2023 Omnibus Equity Incentive Plan, including any appendixes thereto, as amended and restated herein and as may be amended from time to time.

(ee) “Restricted Shares” means Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(ff) “Restricted Stock Units” means units denominated in Shares granted pursuant to Section 9 below subject to certain restrictions that lapse at the end of a specified period or periods.

(gg) “Service” means that the Participant’s service with the Company or an Affiliate, whether as an employee, consultant or director, is not interrupted or terminated. The Participant’s Service shall not be deemed to have terminated merely because of a change in the capacity in which the Participant renders service to the Company or an Affiliate as an employee, consultant or director or a change in the entity for which the Participant renders such service, provided that the Administrator or its delegate determines, in its sole discretion, there is no interruption or termination of the Participant’s Service; provided further that if any Award is subject to Section 409A of the Code, this sentence shall only be given effect to the extent consistent with Section 409A of the Code. For example, a change in status from an employee of the Company to a director of an Affiliate will not constitute an interruption of Service. The Administrator or its delegate, in its sole discretion, may determine whether Service shall be considered interrupted in the case of any leave of absence approved by that party, including sick leave, military leave or

any other personal or family leave of absence. The Administrator or its delegate, in its sole discretion, may determine whether a Company transaction, such as a sale or spin-off of a division or subsidiary that employs a Participant, shall be deemed to result in a termination of Service for purposes of affected Awards, and such decision shall be final, conclusive and binding.

(hh) “Shares” means Common Stock reserved for issuance under the Plan, as adjusted pursuant to the Plan, and any successor (pursuant to a merger, amalgamation, consolidation or other reorganization) security.

(ii) “Share Appreciation Right” or “SAR” means the right pursuant to an Award granted under Section 8 below to receive an amount equal to the excess, if any, of (i) the aggregate Fair Market Value, as of the date such Award or portion thereof is surrendered, of the Shares covered by such Award or such portion thereof, over (ii) the aggregate Exercise Price of such Award or such portion thereof.

(jj) “Subsidiary” means, with respect to any Person, as of any date of determination, any other Person as to which such first Person owns or otherwise controls, directly or indirectly, more than 50% of the voting shares or other similar interests or a sole general partner interest or managing member or similar interest of such other Person. An entity shall be deemed a Subsidiary of the Company for purposes of this definition only for such periods as the requisite ownership or control relationship is maintained.

Section 3. Administration.

(a) The Plan shall be administered by the Administrator and shall be administered in accordance with the requirements of, to the extent applicable, Rule 16b-3 under the Exchange Act (“Rule 16b-3”). Within the scope of such authority, the Board or the Committee may delegate to a committee of one or more members of the Board who are not non-employee directors or who are officers of the Company the authority to grant Awards to eligible persons who are not then subject to Section 16 of the Exchange Act. The Plan is intended to comply, and shall be administered in a manner that is intended to comply, with Section 409A of the Code and shall be construed and interpreted in accordance with such intent. To the extent that an Award, issuance and/or payment is subject to Section 409A of the Code, it shall be awarded and/or issued or paid in a manner that will comply with Section 409A of the Code, including any applicable regulations or guidance issued by the Secretary of the United States Treasury Department and the Internal Revenue Service with respect thereto.

(b) Pursuant to the terms of the Plan, the Administrator, subject, in the case of any Committee, to any restrictions on the authority delegated to it by the Board, shall have the power and authority, without limitation:

(1) to select those Eligible Recipients who shall be Participants;

(2) to determine whether and to what extent Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or a combination of any of the foregoing, are to be granted hereunder to Participants;

(3) to determine the number of Shares to be covered by each Award granted hereunder;

(4) to determine the terms and conditions, not inconsistent with the terms of the Plan, of each Award granted hereunder (including, but not limited to, (i) the restrictions applicable to Restricted Shares or Restricted Stock Units and the conditions under which restrictions

applicable to such Restricted Shares or Restricted Stock Units shall lapse, (ii) the performance goals and periods applicable to Performance Shares or Cash Awards, (iii) the Exercise Price of each Award, (iv) the vesting schedule applicable to each Award, (v) the number of Shares subject to each Award and (vi) subject to the requirements of Section 409A of the Code and Section 3(d) of the Plan (in each case, to the extent applicable), any amendments to the terms and conditions of outstanding Awards, including, but not limited to, extending the exercise period of such Awards and accelerating the vesting schedule of such Awards, and, if the Administrator in its discretion determines to accelerate the vesting of Options and/or Share Appreciation Rights in connection with a Change in Control, the Administrator shall also have discretion in connection with such action to provide that all Options and/or Share Appreciation Rights outstanding immediately prior to such Change in Control shall expire on the effective date of such Change in Control;

(5) to determine the terms and conditions, not inconsistent with the terms of the Plan, which shall govern all written instruments evidencing Options, Share Appreciation Rights, Restricted Shares, Restricted Stock Units, Performance Shares, Cash Awards, Other Share-Based Awards or any combination of the foregoing granted hereunder;

(6) to determine the Fair Market Value;

(7) to determine the duration and purpose of leaves of absence which may be granted to a Participant without constituting termination of the Participant’s employment for purposes of Awards granted under the Plan;

(8) to adopt, alter and repeal such administrative rules, regulations, guidelines and practices governing the Plan as it shall from time to time deem advisable;

(9) to construe and interpret the terms and provisions of, and supply or correct omissions in, the Plan and any Award issued under the Plan (and any Award Agreement relating thereto), and to otherwise supervise the administration of the Plan and to exercise all powers and authorities either specifically granted under the Plan or necessary and advisable in the administration of the Plan; and

(10) to prescribe, amend and rescind rules and regulations relating to sub-plans established for the purpose of satisfying applicable foreign laws or for qualifying for favorable tax treatment under applicable foreign laws, which rules and regulations may be set forth in an appendix or appendixes to the Plan.

(c) All decisions made by the Administrator pursuant to the provisions of the Plan shall be final, conclusive and binding on all persons, including the Company and the Participants. The Administrator’s determinations under the Plan need not be uniform and may be made by it selectively among persons who are eligible to receive, or actually receive, Awards. Without limiting the generality of the foregoing, the Administrator shall be entitled to make non-uniform and selective determinations, amendments and adjustments (including in connection with a Change in Control or a Change in Capitalization), and to enter into non-uniform and selective Award Agreements. No member of the Board or the Committee, nor any officer or employee of the Company or any Subsidiary thereof acting on behalf of the Board or the Committee, shall be personally liable for any action, omission, determination or interpretation taken or made in good faith with respect to the Plan, and all members of the Board or the Committee and each and any

officer or employee of the Company and of any Subsidiary thereof acting on their behalf shall, to the maximum extent permitted by law, be fully indemnified and protected by the Company in respect of any such action, omission, determination or interpretation.

(d) Except in the case of Substitute Awards granted pursuant to Sections 4(e), any equity or equity-based Award (including any portion thereof) shall have a minimum vesting period of one year from the date of its grant with no vesting prior to the first anniversary of the grant date. Notwithstanding the foregoing, (i) the Committee may provide in an Award Agreement or following the time of grant that the vesting of an Award shall accelerate in the event of the Participant’s death, Disability, or a termination of Service other than for cause, and (ii) the Committee may grant Awards covering up to five percent (5%) of the total number of Shares authorized under Section 4(a) of the Plan (subject to adjustment pursuant to Section 5 of the Plan) without respect to the minimum vesting requirements set forth in this Section 3(d). Notwithstanding the foregoing, with regard to Awards granted to a non-employee director, the vesting of such Awards will be deemed to satisfy the one year minimum vesting requirement to the extent that the Awards vest on the earlier of the one year anniversary of the date of grant and the next annual meeting of the Company’s shareholders that is at least 50 weeks after the immediately preceding year’s annual meeting.

Section 4. Shares Reserved for Issuance Under the Plan; Limitations.

(a) Subject to Section 5 hereof, 9,900,000 Shares are reserved and available for issuance pursuant to Awards granted under the Plan (which includes shares of Common Stock underlying Awards that are outstanding, have been issued in settlement of Awards or are no longer available for issuance hereunder, in each case, as of the Effective Date), plus the number of Shares underlying awards under the Prior Plan that on or after the Effective Date are forfeited, cancelled, exchanged or surrendered or otherwise terminate, expire or are settled without a distribution of Shares (the “Total Share Limit”).

(b) Shares issued under the Plan may, in whole or in part, be authorized but unissued Shares or Shares that shall have been or may be reacquired by the Company in the open market, in private transactions or otherwise.

(c) If any Shares subject to an Award are forfeited, cancelled, exchanged or surrendered or if an Award otherwise terminates, expires or is settled without a distribution of Shares to the Participant (including those withheld as payment of withholding taxes in respect of an Award), the Shares with respect to such Award shall, to the extent of any such forfeiture, cancellation, exchange, surrender, termination or expiration, again be available for Awards under the Plan. Notwithstanding the forgoing, shares surrendered or withheld as payment of either the Exercise Price of an Option or Share Appreciation Right or an option or share appreciation right under the Prior Plan (including Shares otherwise underlying an Award or an award under the Prior Plan of a share appreciation right that are retained by the Company to account for the grant price of such Share Appreciation Right) and/or withholding taxes in respect of an Option or Share Appreciation Right or an award under the Prior Plan shall not be available for grant under the Plan.

(d) No more than 5,500,000 Shares shall be issued pursuant to the exercise of ISOs.

(e) Awards may, in the sole discretion of the Committee, be granted under the Plan in assumption of, or in substitution for, outstanding awards previously granted by an entity acquired by the Company or with which the Company combines (“Substitute Awards”). Substitute Awards shall not be counted against the Total Share Limit; provided that Substitute Awards issued in connection with the assumption of, or in substitution for, outstanding options intended to qualify as ISO shall be counted against the ISO limit. Subject to applicable stock exchange requirements, available shares under a shareholder-approved plan of an entity directly or indirectly acquired by the Company or with which the Company combines (as appropriately adjusted to reflect such acquisition or transaction) may be used for Awards under the Plan and shall not count toward the Total Share Limit.

Section 5. Equitable Adjustments.

In the event of any Change in Capitalization, an equitable substitution or proportionate adjustment shall be made, in each case, as may be determined by the Administrator, in its sole discretion, in (i) the aggregate number of Shares reserved for issuance under the Plan pursuant to Section 4 and the maximum number of Shares that may be subject to Awards granted to any Participant in any calendar or fiscal year (including the limits set forth in Sections 4(a) and 4(d)), (ii) the kind, number and Exercise Price subject to outstanding Options and Share Appreciation Rights granted under the Plan, and (iii) the kind, number and purchase price of Shares or other securities subject to outstanding Restricted Shares, Restricted Stock Units, Performance Shares or Other Share-Based Awards granted under the Plan; provided, however, that any fractional shares resulting from the adjustment shall be eliminated. Such other equitable substitutions or adjustments shall be made as may be determined by the Administrator, in its sole discretion. Without limiting the generality of the foregoing, in connection with a Change in Capitalization or Change in Control, the Administrator may provide, in its sole discretion, but subject in all events to the requirements of Section 409A of the Code, for the cancellation of any outstanding Award granted hereunder in exchange for payment in cash or other property having an aggregate Fair Market Value of the Shares covered by such award (with or without regard to any holdback or contingent consideration arrangement), reduced by the aggregate Exercise Price or purchase price thereof, if any (including, for the avoidance of doubt, the cancellation for no consideration of any Option or Share Appreciation Right with an Exercise Price that equals or exceeds the price paid for the underlying Shares). Further, without limiting the generality of the foregoing, with respect to Awards subject to foreign laws, adjustments made hereunder shall be made in compliance with applicable requirements. Except to the extent determined by the Administrator, any adjustments to ISOs under this Section 5 shall be made only to the extent not constituting a “modification” within the meaning of Section 424(h)(3) of the Code. The Administrator’s determinations pursuant to this Section 5 shall be final, binding and conclusive.

Section 6. Eligibility.

The Participants under the Plan shall be selected from time to time by the Administrator, in its sole discretion, from those individuals that qualify as Eligible Recipients.

Section 7. Options.

(a) General. Options granted under the Plan shall be designated as Nonqualified Stock Options or ISOs. Each Participant who is granted an Option shall enter into an Award Agreement

with the Company, containing such terms and conditions as the Administrator shall determine, in its sole discretion, which Award Agreement shall set forth, among other things, the Exercise Price of the Option, the term of the Option and provisions regarding exercisability of the Option, and whether the Option is intended to be an ISO or a Nonqualified Stock Option (and in the event the Award Agreement has no such designation, the Option shall be a Nonqualified Stock Option). The provisions of each Option need not be the same with respect to each Participant. More than one Option may be granted to the same Participant and be outstanding concurrently hereunder. Options granted under the Plan shall be subject to the terms and conditions set forth in this Section 7 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable and set forth in the applicable Award Agreement.

(b) Exercise Price. The Exercise Price of Shares purchasable under an Option shall be determined by the Administrator in its sole discretion at the time of grant, but in no event shall the exercise price of an Option be less than one hundred percent (100%) of the Fair Market Value of the Common Stock on the date of grant.

(c) Option Term. The maximum term of each Option shall be fixed by the Administrator, but no Option shall be exercisable more than ten (10) years after the date such Option is granted. Each Option’s term is subject to earlier expiration pursuant to the applicable provisions in the Plan and the Award Agreement.

(d) Exercisability. Each Option shall be exercisable at such time or times and subject to such terms and conditions, including the attainment of pre-established corporate performance goals, as shall be determined by the Administrator in the applicable Award Agreement. The Administrator may also provide that any Option shall be exercisable only in installments, and the Administrator may waive such installment exercise provisions at any time, in whole or in part, based on such factors as the Administrator may determine in its sole discretion. Notwithstanding anything to the contrary contained herein, an Option may not be exercised for a fraction of a share.

(e) Method of Exercise. Options may be exercised in whole or in part by giving written notice of exercise to the Company specifying the number of whole Shares to be purchased, accompanied by payment in full of the aggregate Exercise Price of the Shares so purchased in cash or its equivalent, as determined by the Administrator. As determined by the Administrator, in its sole discretion, with respect to any Option or category of Options, payment in whole or in part may also be made (i) by means of consideration received under any cashless exercise procedure approved by the Administrator (including the withholding of Shares otherwise issuable upon exercise), (ii) in the form of unrestricted Shares already owned by the Participant which have a Fair Market Value on the date of surrender equal to the aggregate exercise price of the Shares as to which such Option shall be exercised, (iii) any other form of consideration approved by the Administrator and permitted by applicable law or (iv) any combination of the foregoing.

(f) ISOs. The terms and conditions of ISOs granted hereunder shall be subject to the provisions of Section 422 of the Code and the terms, conditions, limitations and administrative procedures established by the Administrator from time to time in accordance with the Plan. At

the discretion of the Administrator, ISOs may be granted only to an employee of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary.

(1) ISO Grants to 10% Shareholders. Notwithstanding anything to the contrary in the Plan, if an ISO is granted to a Participant who owns shares representing more than ten percent (10%) of the voting power of all classes of shares of the Company, its “parent corporation” (as such term is defined in Section 424(e) of the Code) or a Subsidiary, the term of the ISO shall not exceed five (5) years from the time of grant of such ISO and the Exercise Price shall be at least one hundred and ten percent (110%) of the Fair Market Value of the Shares on the date of grant.

(2) $100,000 Per Year Limitation For ISOs. To the extent the aggregate Fair Market Value (determined on the date of grant) of the Shares for which ISOs are exercisable for the first time by any Participant during any calendar year (under all plans of the Company) exceeds $100,000, such excess ISOs shall be treated as Nonqualified Stock Options.

(3) Disqualifying Dispositions. Each Participant awarded an ISO under the Plan shall notify the Company in writing immediately after the date he or she makes a “disqualifying disposition” of any Share acquired pursuant to the exercise of such ISO. A “disqualifying disposition” is any disposition (including any sale) of such Shares before the later of (i) two years after the date of grant of the ISO and (ii) one year after the date the Participant acquired the Shares by exercising the ISO. The Company may, if determined by the Administrator and in accordance with procedures established by it, retain possession of any Shares acquired pursuant to the exercise of an ISO as agent for the applicable Participant until the end of the period described in the preceding sentence, subject to complying with any instructions from such Participant as to the sale of such shares.

(g) Rights as Stockholder. A Participant shall have no rights to dividends or distributions or any other rights of a stockholder with respect to the Shares subject to an Option until the Participant has given written notice of the exercise thereof, has paid in full for such Shares.

(h) Termination of Service. Unless otherwise provided by the Committee, either pursuant to its powers under Section 3(b) or in the applicable Award Agreement:

(1) In the event that the Service of a Participant shall terminate for any reason other than Cause, Disability, or death, (A) Options granted to such Participant, to the extent that they are exercisable at the time of such termination, shall remain exercisable until the date that is ninety (90) days after such termination, on which date they shall expire, and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of such termination. The ninety (90) day period described in this Section 7(h)(1) shall be extended to one (1) year after the date of such termination in the event of the Participant’s death during such ninety (90) day period. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(2) In the event that the Service of a Participant with the Company and all Affiliates thereof shall terminate on account of the Disability, or death of the Participant, (A) Options granted to such Participant, to the extent that they were exercisable at the time of such termination, shall remain exercisable until the date that is one (1) year after such termination, on which date they shall expire and (B) Options granted to such Participant, to the extent that they were not exercisable at the time of such termination, shall expire at the close of business on the date of

such termination. Notwithstanding the foregoing, no Option shall be exercisable after the expiration of its term.

(3) In the event of the termination of a Participant’s Service for Cause, all outstanding Options granted to such Participant shall expire at the commencement of business on the date of such termination.

(i) Other Change in Employment Status. An Option shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 8. Share Appreciation Rights.

(a) General. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, grants of Share Appreciation Rights shall be made, the number of Shares to be awarded, the price per Share, and all other conditions of Share Appreciation Rights. The provisions of Share Appreciation Rights need not be the same with respect to each Participant. Share Appreciation Rights granted under the Plan shall be subject to the following terms and conditions set forth in this Section 8 and shall contain such additional terms and conditions, not inconsistent with the terms of the Plan, as the Administrator shall deem desirable, as set forth in the applicable Award Agreement.

(b) Awards; Rights as Stockholder. Participants who are granted Share Appreciation Rights shall have no rights as shareholders of the Company with respect to the grant or exercise of such rights.

(c) Exercisability. Share Appreciation Rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(d) Payment Upon Exercise.

(1) Upon the exercise of a Share Appreciation Right, the Participant shall be entitled to receive up to, but not more than, that number of Shares equal in value to the excess of the Fair Market Value as of the date of exercise over the price per share specified in the Share Appreciation Right multiplied by the number of Shares in respect of which the Share Appreciation Right is being exercised, with the Administrator having the right to determine the form of payment.

(2) Notwithstanding the foregoing, the Administrator may determine to settle the exercise of a Share Appreciation Right in cash (or in any combination of Shares and cash).

(e) Termination of Service. Unless otherwise provided by the Committee pursuant to its powers under Section 3(b), in the event of the termination of Service of a Participant who has been granted one or more Share Appreciation Right, such rights shall be exercisable at such time or times and subject to such terms and conditions as shall be determined by the Administrator in the applicable Award Agreement.

(f) Term. The term of each Share Appreciation Right shall be fixed by the Administrator, but no Share Appreciation Right shall be exercisable more than ten (10) years after the date such right is granted.

(g) Other Change in Employment Status. Share Appreciation Rights shall be affected, both with regard to vesting schedule and termination, by leaves of absence, including unpaid and un-protected leaves of absence, changes from full-time to part-time employment, partial disability or other changes in the employment status of a Participant, in the discretion of the Administrator.

Section 9. Restricted Shares, Restricted Stock Units Shares and Performance Shares.

(a) General. Restricted Shares, Restricted Stock Units or Performance Shares may be issued either alone or in addition to other awards granted under the Plan. The Administrator shall determine the Eligible Recipients to whom, and the time or times at which, Restricted Shares, Restricted Stock Units or Performance Shares shall be made; the number of Shares to be awarded; the price, if any, to be paid by the Participant for the acquisition of Restricted Shares, Restricted Stock Units or Performance Shares; the period of time prior to which such shares become vested and free of restrictions on Transfer (the “Restricted Period”), if any, applicable to Restricted Shares, Restricted Stock Units or Performance Shares; the performance objectives (if any) applicable to Restricted Shares, Restricted Stock Units or Performance Shares; and all other conditions of the Restricted Shares, Restricted Stock Units and Performance Shares. If the restrictions, performance objectives and/or conditions established by the Administrator are not attained, a Participant shall forfeit his or her Restricted Shares, Restricted Stock Units or Performance Shares, in accordance with the terms of the grant. The provisions of the Restricted Shares, Restricted Stock Units or Performance Shares need not be the same with respect to each Participant.

(b) Awards and Certificates.

(1) The prospective recipient of Restricted Shares, Restricted Stock Units or Performance Shares shall not have any rights with respect to any such award, unless and until such recipient has executed an Award Agreement and delivered a fully executed copy thereof to the Company, within a period of thirty (30) days (or such other period as the Administrator may specify) after the award date. Except as otherwise provided below in Section 9(c), (i) each Participant who is granted an award of Restricted Shares may, in the Company’s sole discretion, be issued a share certificate in respect of such Restricted Shares; and (ii) any such certificate so issued shall be registered in the name of the Participant, and shall bear an appropriate legend referring to the terms, conditions and restrictions applicable to any such Award.

(2) The Company may require that the share certificates, if any, evidencing Restricted Shares granted hereunder be held in the custody of the Company until the restrictions thereon shall have lapsed, and that, as a condition of any award of Restricted Shares, the Participant shall have delivered a share transfer form, endorsed in blank, relating to the Shares covered by such award.

(3) Notwithstanding anything in the Plan to the contrary, any Shares issued in respect of Restricted Shares, Restricted Stock Units (at the expiration of the Restricted Period) or Performance Shares (whether before or after any vesting conditions have been satisfied) may, in the Company’s sole discretion, be issued in uncertificated form pursuant to the customary arrangements for issuing shares in such form.

(4) Further, notwithstanding anything in the Plan to the contrary, with respect to Restricted Stock Units, at the expiration of the Restricted Period, Shares shall promptly be issued (either in certificated or uncertificated form) to the Participant, unless otherwise deferred in accordance

with procedures established by the Company in accordance with Section 409A of the Code, and such issuance shall in any event be made within such period as is required to avoid the imposition of a tax under Section 409A of the Code.

(c) Restrictions and Conditions. The Restricted Shares, Restricted Stock Units and Performance Shares granted pursuant to this Section 9 shall be subject to the following restrictions and conditions and any additional restrictions or conditions as determined by the Administrator at the time of grant or, subject to Section 409A of the Code, thereafter:

(1) Except as provided in the applicable Award Agreement, the Participant shall generally have the rights of a stockholder of the Company with respect to Restricted Shares during the Restricted Period; provided, however, that dividends declared during the Restricted Period with respect to an Award that vests or becomes payable based upon the achievement of performance goals, shall only become payable if and to the extent the performance levels on the underlying Award is achieved . Except as provided in the applicable Award Agreement, the Participant shall generally not have the rights of a stockholder with respect to Shares subject to Restricted Stock Units or Performance Shares during the Restricted Period; provided, however, that, subject to Section 409A of the Code, an amount equal to dividends declared during the Restricted Period with respect to the number of Shares covered by Restricted Stock Units or Performance Shares shall, unless otherwise set forth in an Award Agreement, be paid to the Participant at the time shares in respect of the related Restricted Stock Units are delivered to the Participant or the Restricted Period with respect to the Performance Shares expires. Certificates for Shares of unrestricted Common Stock may, in the Company’s sole discretion, be delivered to the Participant only after the Restricted Period has expired without forfeiture in respect of such Restricted Shares, Restricted Stock Units or Performance Shares, except as the Administrator, in its sole discretion, shall otherwise determine.

(2) The rights of Participants granted Restricted Shares, Restricted Stock Units or Performance Shares upon termination of Service for any reason during the Restricted Period shall be set forth in the Award Agreement.

Section 10. Other Share-Based Awards.

The Administrator is authorized to grant Awards to Participants in the form of Other Share-Based Awards, as deemed by the Administrator to be consistent with the purposes of the Plan and as evidenced by an Award Agreement. The Administrator shall determine the terms and conditions of such Awards, consistent with the terms of the Plan, at the date of grant or thereafter, including any Performance Goals and performance periods. Common Stock or other securities or property delivered pursuant to an Award in the nature of a purchase right granted under this Section 10 shall be purchased for such consideration, paid for at such times, by such methods, and in such forms, including, without limitation, Shares, other Awards, notes or other property, as the Administrator shall determine, subject to any required corporate action.

Section 11. Cash Awards.

The Administrator may grant awards that are denominated in, or payable to Participants solely in, cash, as deemed by the Administrator to be consistent with the purposes of the Plan, and, except as otherwise provided in this Section 11, such Cash Awards shall be subject to the terms, conditions, restrictions and limitations determined by the Administrator, in its sole

discretion, from time to time. Awards granted pursuant to this Section 11 may be granted with value and payment contingent upon the achievement of Performance Goals.

Section 12. Dividends and Dividend Equivalents.

Any Award (other than an Option, SAR or Cash Award) may provide the Participant with dividends or dividend equivalents, payable in cash, Shares, other securities, other Awards or other property, on a current or deferred or vested or unvested basis, including (i) payment directly to the Participant, (ii) withholding of such amounts by the Company subject to vesting of the Award or (iii) reinvestment in additional Shares, Restricted Shares or other Awards; provided, however, that any dividends or dividend equivalents with respect to Awards subject to vesting requirements shall be accumulated in a manner determined by the Committee until such Award is earned and such dividends and dividend equivalents shall not be paid if the vesting requirements of the underlying Award are not satisfied.

Section 13. Change in Control.

Unless otherwise provided in an employment, severance or change in control agreement between the Participant and the Company, in the event of a Change in Control:

(a) With respect to each outstanding Award that is assumed or substituted in connection with the Change in Control, in the event the Participant’s Service is terminated by the Company, its successor or Affiliate thereof without Cause on or after the effective date of the Change in Control but prior to twelve (12) months following the Change in Control, then:

(1) any unvested or unexercisable portion of any Award carrying a right to exercise shall become fully vested and exercisable; and

(2) the restrictions, deferral limitations, payment conditions and forfeiture conditions applicable to an Award granted under the Plan shall lapse and such Awards shall be deemed fully vested and any outstanding performance conditions imposed with respect to such Awards shall be deemed to be fully achieved at the greater of target and actual performance levels.

(b) With respect to each outstanding Award that is not assumed or substituted in connection with a Change in Control, immediately upon the occurrence of the Change in Control, (i) such Award shall become fully vested and exercisable, (ii) the restrictions, payment conditions, and forfeiture conditions applicable to any such Award granted shall lapse, and (iii) and any performance conditions imposed with respect to such Award shall be deemed to be achieved at the greater of target and actual performance levels (as determined in the Administrator’s sole discretion as of the Change in Control).

(c) For purposes of this Section 13, an Award shall be considered assumed or substituted if, following the Change in Control, the Award is of substantially comparable value and remains subject to the same terms and conditions that were applicable to the Award immediately prior to the Change in Control except that, if the Award related to shares of Common Stock, the Award instead confers the right to receive common stock of the acquiring or ultimate parent entity.

Section 14. Deferrals and Settlements.

The Committee may require or permit Participants to elect to defer the issuance of shares or the settlement of Awards in cash under such rules and procedures as it may establish under the Plan. It may also provide that deferred settlements include the payment or crediting of interest or

dividend equivalents on the deferral amounts. Any such rules or procedures shall comply with the requirements of Section 409A of the Code, including those with respect to the time when a deferral election may be made, the period of the deferral and the events that would result in the payment of the deferred amount.

Section 15. Amendment and Termination.

The Board may amend, alter or terminate the Plan, but no amendment, alteration or termination shall be made that would impair the rights of a Participant under any Award theretofore granted without such Participant’s consent. Unless the Board determines otherwise, the Board shall obtain approval of the Company’s shareholders for any amendment that would require such approval in order to satisfy the requirements of any rules of the stock exchange on which the Common Stock is traded or other applicable law. The Administrator may amend the terms of any Award theretofore granted, prospectively or retroactively, but, subject to Section 5 and Section 13 of the Plan and the immediately preceding sentence, no such amendment shall materially impair the rights of any Participant without his or her consent.

Notwithstanding anything herein to the contrary, in no event may any Option or SAR (i) be amended to decrease the Exercise Price thereof, (ii) be canceled at a time when its Exercise Price exceeds the Fair Market Value of the underlying Share in exchange for another Award, award under any other equity- compensation plan or any cash payment or (iii) be subject to any action that would be treated, for accounting purposes, as a “repricing” of such Option or SAR, unless such amendment, cancelation or action is approved by the Company’s shareholders. For the avoidance of doubt, an adjustment to the Exercise Price of an Option or SAR that is made in accordance with Section 5 or Section 13 shall not be considered a reduction in Exercise Price or “repricing” of such Option or SAR.

Section 16. Unfunded Status of Plan.

The Plan is intended to constitute an “unfunded” plan for incentive compensation. With respect to any payments not yet made to a Participant by the Company, nothing contained herein shall give any such Participant any rights that are greater than those of a general creditor of the Company.

Section 17. Withholding Taxes.

Each Participant shall, no later than the date as of which the value of an Award first becomes includible in the gross income of such Participant for federal and/or state income tax purposes, pay to the Company, or make arrangements satisfactory to the Administrator regarding payment of, any federal, state or local taxes of any kind required by law to be withheld with respect to the Award. The obligations of the Company under the Plan shall be conditional on the making of such payments or arrangements, and the Company shall, to the extent permitted by law, have the right to deduct any such taxes from any payment of any kind otherwise due to such Participant. Whenever cash is to be paid pursuant to an award granted hereunder, the Company shall have the right to deduct therefrom an amount sufficient to satisfy any federal, state and local withholding tax requirements related thereto. Whenever Shares are to be delivered pursuant to an Award, the Company shall have the right to require the Participant to remit to the Company in cash an amount sufficient to satisfy any related federal, state and local taxes to be withheld and applied to the tax obligations. With the approval of the Administrator, a Participant may satisfy the

foregoing requirement by electing to have the Company withhold from delivery of Shares or by delivering already owned unrestricted Common Stock, in each case, having a value not exceeding the federal, state and local taxes to be withheld and applied to the tax obligations. Such Shares shall be valued at their Fair Market Value on the date of which the amount of tax to be withheld is determined. Fractional share amounts shall be settled in cash. Such an election may be made with respect to all or any portion of the Shares to be delivered pursuant to an award. The Company may also use any other method of obtaining the necessary payment or proceeds, as permitted by law, to satisfy its withholding obligation with respect to any Option or other Award.

Section 18. Transfer of Awards.

Until such time as the Awards are fully vested and/or exercisable in accordance with the Plan or an Award Agreement, no purported sale, assignment, mortgage, hypothecation, transfer, charge, pledge, encumbrance, gift, transfer in trust (voting or other) or other disposition of, or creation of a security interest in or lien on, any Award or any agreement or commitment to do any of the foregoing (each, a “Transfer”) by any holder thereof in violation of the provisions of the Plan or an Award Agreement will be valid, except with the prior written consent of the Administrator, which consent may be granted or withheld in the sole discretion of the Administrator. Any purported Transfer of an Award or any economic benefit or interest therein in violation of the Plan or an Award Agreement shall be null and void ab initio and shall not create any obligation or liability of the Company, and any person purportedly acquiring any Award or any economic benefit or interest therein transferred in violation of the Plan or an Award Agreement shall not be entitled to be recognized as a holder of such Shares. Unless otherwise determined by the Administrator in accordance with the provisions of the immediately preceding sentence, an Option or a share appreciation right may be exercised, during the lifetime of the Participant, only by the Participant or, during any period during which the Participant is under a legal disability, by the Participant’s guardian or legal representative.

Section 19. Continued Employment.

Neither the adoption of the Plan nor the grant of an Award shall confer upon any Eligible Recipient any right to continued Service, as the case may be, nor shall it interfere in any way with the right of the Company or any Affiliate thereof to terminate the Service of any of its Eligible Recipients at any time.

Section 20. Conditions on Issuance.

Shares shall not be issued pursuant to the exercise of an Award unless the exercise of such Award and the issuance and delivery of such Shares shall comply with Applicable Laws and securities regulations, and shall be further subject to the approval of counsel for the Company with respect to such compliance. The inability of the Company to obtain authority from any regulatory body having jurisdiction, which authority is deemed by the Company’s counsel to be necessary to the lawful issuance and sale of any Shares hereunder, shall relieve the Company of any liability in respect of the failure to issue or sell such Shares as to which such requisite authority shall not have been obtained. As a condition to the exercise of an Award, the Administrator may in its discretion require the person exercising such Award to represent and

warrant at the time of any such exercise that the Shares are being purchased only for investment and without any present intention to sell or distribute such Shares.

Section 21. Sub-Plans.

The Administrator may from time to time establish sub-plans under the Plan for purposes of satisfying securities, tax or other laws of various jurisdictions in which the Company intends to grant Awards. Any sub-plans shall contain such limitations and other terms and conditions as the Administrator determines are necessary or desirable. All sub-plans shall be deemed a part of the Plan, but each sub-plan shall apply only to the Participants in the jurisdiction for which the sub-plan was designed.

Section 22. Clawback

Notwithstanding any other provisions in this Plan, the Company may cancel any Award, require reimbursement of any Award by a Participant, and effect any other right of recoupment of equity or other compensation provided under the Plan in accordance with any Company policies that may be adopted and/or modified from time to time (“Clawback Policy”). In addition, a Participant may be required to repay to the Company previously paid compensation, whether provided pursuant to the Plan or an Award Agreement, in accordance with the Clawback Policy. By accepting an Award, the Participant is agreeing to be bound by the Clawback Policy, as in effect or as may be adopted and/or modified from time to time by the Company in its discretion (including, without limitation, to comply with applicable law or stock exchange listing requirements).

Section 23. Effective Date.

The effective date (the “Effective Date”) is the date on which the Plan is approved by the shareholders of the Company.

Section 24. Electronic Signature.

Participant’s electronic signature of an Award Agreement shall have the same validity and effect as a signature affixed by hand.

Section 25. Term of Plan.

No Award shall be granted pursuant to the Plan on or after the tenth anniversary of the Effective Date, but Awards theretofore granted may extend beyond that date.

Section 26. Section 409A of the Code.

The intent of the parties is that payments and benefits under the Plan comply with Section 409A of the Code to the extent subject thereto, and, accordingly, to the maximum extent permitted, the Plan shall be interpreted and be administered to be in compliance therewith. Any payments described in the Plan that are due within the “short-term deferral period” as defined in Section 409A of the Code shall not be treated as deferred compensation unless applicable law requires otherwise. Notwithstanding anything to the contrary in the Plan, to the extent required in order to avoid accelerated taxation and/or tax penalties under Section 409A of the Code, amounts that would otherwise be payable and benefits that would otherwise be provided pursuant to the Plan during the six (6) month period immediately following the Participant’s termination of employment shall instead be paid on the first business day after the date that is six (6) months following the Participant’s separation from service (or upon the Participant’s death, if earlier). In

addition, for purposes of the Plan, each amount to be paid or benefit to be provided to the Participant pursuant to the Plan, which constitute deferred compensation subject to Section 409A of the Code, shall be construed as a separate identified payment for purposes of Section 409A of the Code.

Section 27. Governing Law.

The Plan shall be governed by, and construed in accordance with, the laws of the State of Delaware, without giving effect to principles of conflicts of law of such state.

EXHIBIT C2

Varonis Systems, Inc. 2023 Amended and Restated Omnibus Equity Incentive Plan

Sub-Plan for Israeli Participants

1.    GENERAL

1.1    This sub-plan (the “Sub-Plan”) shall apply only to Participants who are residents of the State of Israel upon the date of grant of the Award, as defined below in Section 2, or who are deemed Israeli tax residents and are engaged by an Israeli resident Affiliate of the Company (collectively, “Israeli Participants”). The provisions specified hereunder shall form an integral part of the Varonis Systems, Inc. 2023 Amended and Restated Omnibus Equity Incentive Plan (hereinafter the “Plan”).

1.2    This Sub-Plan is being adopted pursuant to Section 21 of the Plan and is to be read as a continuation of the Plan and modifies Awards granted to Israeli Participants only to the extent necessary to comply with the requirements set by the Israeli law in general, and in particular, with the provisions of the Israeli Income Tax Ordinance [New Version] 5721-1961, as may be amended or replaced from time to time. This Sub-Plan does not add to or modify the Plan in respect of any other category of Participants.

1.3    The Plan and this Sub-Plan are complementary to each other and shall be deemed as one. In the event of any conflict, whether explicit or implied, between the provisions of this Sub-Plan and the Plan, the provisions set out in the Sub-Plan shall prevail.

1.4    Any capitalized term not specifically defined in this Sub-Plan shall be construed according to the interpretation given to it in the Plan.

2.    DEFINITIONS

2.1    “102 Award” means any Award granted to an Approved Israeli Participant pursuant to Section 102 of the Ordinance.

2.2    “Approved Israeli Participant” means an Israeli Participant who is an employee, director or an officer of any Israeli resident Affiliate of the Company, excluding any Controlling Shareholder of the Company, provided that the Affiliate is an Israeli resident company or otherwise meets the definition of an Employer under Section 102.

2.3    “Award” solely for the purpose of this Sub-Plan means any Award granted by the Company to an Israeli Participant, in accordance with the provisions of the Plan provided that they are converted only into Shares.

2.4    “Capital Gain Award” or “CGA” means a Trustee 102 Award elected and designated by the Company to qualify under the capital gain tax treatment in accordance with the provisions of Section 102(b)(2) of the Ordinance.

2.5    “Controlling Shareholder” shall have the meaning ascribed to it in Section 32(9) of the Ordinance.

2.6    “Israeli Stock Award Agreement”    means the Award Agreement between the Company and an Israeli Participant that sets out the terms and conditions of an Award.

2.7    “ITA” means the Israeli Tax Authority.

2.8    “Non-Trustee 102 Award” means a 102 Award granted pursuant to Section 102(c) of the Ordinance and not held in trust by a Trustee.

2.9    “Ordinance” means the Israeli Income Tax Ordinance [New Version] 5721-1961, as now in effect or as hereafter amended.

2.10    “Ordinary Income Award” or “OIA” means a Trustee 102 Award elected and designated by the Company to qualify under the ordinary income tax treatment in accordance with the provisions of Section 102(b)(1) of the Ordinance.

2.11    “Section 102” means Section 102 of the Ordinance and any regulations, rules, orders or procedures promulgated thereunder as now in effect or as hereafter amended.

2.12    “Tax” means any applicable tax and other compulsory payments such as social security and health tax contributions under any applicable law.

2.13    “Trustee” means any person or entity appointed by the Company or its Israeli resident Affiliates to serve as a trustee of the Plan and approved by the ITA, all in accordance with the provisions of Section 102(a) of the Ordinance, as may be replaced from time to time.

2.14    “Trustee 102 Award” means a 102 Award granted to an Approved Israeli Participant pursuant to Section 102(b) of the Ordinance and held in trust by a Trustee for the benefit of an Approved Israeli Participant.

2.15    “Unapproved Israeli Participant” means an Israeli Participant who is not an Approved Israeli Participant, including a consultant or a Controlling Shareholder of the Company.

3.    ISSUANCE OF AWARDS

3.1    The persons eligible for participation in the Plan as Israeli Participants shall include Approved Israeli Participants and Unapproved Israeli Participants, provided, however, that only Approved Israeli Participants may be granted 102 Awards.

3.2    The Company may designate Awards granted to Approved Israeli Participants pursuant to Section 102 as Trustee 102 Awards or Non-Trustee 102 Awards.

3.3        Unless a special ruling is received from the ITA, the grant of Trustee 102 Awards shall not be made until 30 days from the date the Plan has been submitted for approval by the ITA and shall be conditioned upon the approval of the Plan and this Sub-Plan by the ITA.

3.4    Trustee 102 Awards may either be classified as Capital Gain Awards (CGAs) or Ordinary Income Awards (OIAs).

3.5    No Trustee 102 Award may be granted under this Sub-Plan to any Approved Israeli Participant, unless and until the Company has filed with the ITA its election regarding the type of Trustee 102 Awards, whether CGAs or OIAs, that will be granted under the Plan and this Sub-Plan (the “Election”). Such Election shall become effective beginning the first date of grant of a Trustee 102 Award under this Sub-Plan and shall remain in effect at least until the end of the year following the year during which the Company first granted Trustee 102 Awards. The Election shall obligate the Company to grant only the type of Trustee 102 Award it has elected, and shall apply to all Israeli Participants who are granted Trustee 102 Awards during the period indicated herein, all in accordance with the provisions of Section 102(g) of the Ordinance. The Election shall not prevent the Company from granting Non-Trustee 102 Awards simultaneously.

3.6    All Trustee 102 Awards must be held in trust by, or subject to the approval of the ITA, under the control or supervision of a Trustee, as described in Section 4 below.

3.7    The designation of Non-Trustee 102 Awards and Trustee 102 Awards shall be subject to the terms and conditions set forth in Section 102.

3.8    Awards granted to Unapproved Israeli Participants shall be subject to tax according to the provisions of the Ordinance and shall not be subject to the Trustee arrangement detailed herein.

4.    TRUSTEE

4.1    Trustee 102 Awards which shall be granted under this Sub-Plan and/or any Share allocated or issued upon grant, exercise or vesting of a Trustee 102 Award and/or other Shares received following any realization of rights under the Plan, shall be allocated or issued to the Trustee or controlled by the Trustee, for the benefit of the Approved Israeli Participants, in accordance with the provisions of Section 102 and any tax ruling issued by the ITA. In the event that the requirements for Trustee 102 Awards are not met, the Trustee 102 Awards may be regarded as Non-Trustee 102 Awards or as Awards which are not subject to Section 102, all in accordance with the provisions of Section 102.

4.2    With respect to any Trustee 102 Award, subject to the provisions of Section 102, an Approved Israeli Participant shall not sell or release from trust any Share received upon the grant, exercise or vesting of a Trustee 102 Award and/or any Share received following any realization of rights, including, without limitation, stock dividends, under the Plan at least until the lapse of the period

of time required under Section 102 or any shorter period of time determined by the ITA (the “Holding Period”). Notwithstanding the above, if any such sale or release occurs during the Holding Period, the sanctions under Section 102 shall apply to and shall be borne by such Approved Israeli Participant.

4.3    Notwithstanding anything to the contrary, the Trustee shall not release or sell any Shares allocated or issued upon grant, exercise or vesting of a Trustee 102 Award unless the Company, its relevant Israeli Affiliate and the Trustee are satisfied that the full amounts of Tax due have been paid or will be paid.

1.4Upon receipt of any Trustee 102 Award, the Approved Israeli Participant will consent to the grant of the Award under Section 102 and undertake to comply with the terms of Section 102 and the trust arrangement between the Company and the Trustee.

4.5    Any Award classified as a Capital Gain Award is meant to comply in full with the terms and conditions of Section 102 and the requirements of the ITA, therefore it is clarified that at all times the Plan and this Sub-Plan are to be read such that they comply with the requirements of Section 102 and as a consequence, should any provision in the Plan or Sub-Plan disqualify the Plan and/or the Awards granted thereunder from beneficial tax treatment pursuant to the provisions of Section 102 of the Ordinance (other than under Sections 3(d) and 13 of the Plan), such provision shall not apply to the Trustee 102 Awards either permanently or until the ITA provides approval of compliance with Section 102.

5.    THE AWARDS

The terms and conditions upon which the Awards shall be issued and exercised or vest, as applicable, shall be specified in the Israeli Stock Award Agreement to be executed pursuant to the Plan and to this Sub-Plan. Each Israeli Stock Award Agreement shall state, inter alia, the number of Shares to which the Award relates, the type of Award granted thereunder (i.e., a CGA, OIA or Non-Trustee 102 Award), and any applicable vesting provisions and exercise price that may be payable. For the avoidance of doubt, it is clarified that there is no obligation for uniformity of treatment of Israeli Participants and that the terms and conditions of Award need not be the same with respect to each Israeli Participant (whether or not such Israeli Participants are similarly situated).

6.    EXERCISE AND VESTING OF AWARDS

Vesting and exercise of Awards granted to Israeli Participants shall be subject to the terms and conditions and, with respect to exercise, the method, as may be determined by the Company (including the provisions of the Plan) and, when applicable, by the Trustee, in accordance with the requirements of Section 102.

7.    ASSIGNABILITY, DESIGNATION AND SALE OF AWARDS

7.1.    Notwithstanding any other provision of the Plan, no Trustee 102 Award or any right with respect thereto, or purchasable hereunder, whether fully paid or not, shall be assignable, transferable or given as collateral, or any right with respect to any Trustee 102 Award given to any third party whatsoever, and during the lifetime of the Israeli Participant, each and all of such Israeli Participant’s rights with respect to a Trustee 102 Award shall belong only to the Israeli Participant. Any such action made directly or indirectly, for an immediate or future validation, shall be void.

7.2    As long as Awards or Shares issued or purchased hereunder are held by the Trustee on behalf of the Israeli Participant, all rights of the Israeli Participant over the Shares cannot be transferred, assigned, pledged or mortgaged, other than by will or laws of descent and distribution.

8.    INTEGRATION OF SECTION 102 AND TAX ASSESSING OFFICER’S APPROVAL

8.1.    With regard to Trustee 102 Awards, the provisions of the Plan and/or the Sub-Plan and/or the Israeli Stock Award Agreement shall be subject to the provisions of Section 102 and any approval issued by the ITA and the said provisions shall be deemed an integral part of the Plan, the Sub-Plan and the Israeli Stock Award Agreement.

8.2.    Any provision of Section 102 and/or said approval issued by the ITA which must be complied with in order to receive and/or to maintain any tax Award pursuant to Section 102, which is not expressly specified in the Plan, the Sub-Plan or the Israeli Stock Award Agreement, shall be considered binding upon the Company, the relevant Israeli Affiliate of the Company and the Israeli Participants.

9.    DIVIDEND AND DIVIDEND EQUIVALENTS

Subject to the provisions of the Plan, with respect to all Shares allocated or issued subsequent to the exercise or vesting of Awards granted to the Israeli Participant and held by the Israeli Participant or by the Trustee, as the case may be, the Israeli Participant shall be entitled to receive dividends, if any, in accordance with the quantity of such Shares, subject to the provisions of the Company’s Articles of Incorporation (and all amendments thereto) and subject to any applicable taxation on distribution of dividends, and when applicable subject to the provisions of Section 102 and the rules, regulations or orders promulgated thereunder.

Dividend equivalents credited in Shares may be treated as separate Awards for Israeli tax purposes. Dividend equivalent credited in cash will be treated as a cash bonus for tax purposes.

10.    TAX CONSEQUENCES

10.1    Any tax consequences arising from the grant, exercise, vesting or sale of any Award, from the payment for and/or sale of Shares covered thereby or from any other event or act (of the Company, and/or its Affiliates, and the Trustee or the Israeli Participant), hereunder, shall be borne solely by the Israeli Participant. The Company and/or its Affiliates and/or the Trustee shall withhold Tax according to the requirements under the applicable laws, rules, and regulations, including withholding taxes at source. Furthermore, the Israeli Participant agrees to indemnify the Company and/or its Affiliates and/or the Trustee and hold them harmless against and from any and all liability for any such Tax or interest or penalty thereon, including without limitation, liabilities relating to the necessity to withhold, or to have withheld, any such Tax from any payment made to the Israeli Participant.

10.2    The Company and/or, when applicable, the Trustee shall not be required to release any Award or Share to an Israeli Participant until all required Tax payments have been fully made.10.3    102 Awards that do not comply with the requirements of Section 102 shall be considered Non-Approved 102 Awards or Awards subject to tax under Section 3(i) or 2 of the Ordinance.

10.4 With respect to Non-Trustee 102 Awards, if the Israeli Participant ceases to be employed by the Company or any of its Affiliates, or otherwise if so requested by the Company or any of its Affiliates, the Israeli Participant shall extend to the Company and/ or any of its Affiliates a security or guarantee for the payment of Tax due at the time of sale of Shares, in accordance with the provisions of Section 102.

10.5    For avoidance of doubt it is clarified that the tax treatment of any Award granted under this Sub-Plan is not guaranteed and although Awards may be granted under a certain tax route, they may become subject to a different tax route in the future. The Company and its Affiliates bear no responsibility regarding the tax treatment of any Award.

11.    TERM OF PLAN AND SUB-PLAN

Notwithstanding anything to the contrary in the Plan and in addition thereto, the Company shall obtain all approvals for the adoption of this Sub-Plan or for any amendment to this Sub-Plan as are necessary to comply with any law applicable to Awards granted to Israeli Participants under this Sub-Plan or with the Company’s incorporation documents.

12.    ONE TIME AWARD

The Awards and underlying Shares are extraordinary, one-time Awards granted to the Participants, and are not and shall not be deemed a salary component for any purpose whatsoever, including in connection with calculating severance compensation under applicable law.

13.    GOVERNING LAW

Solely for the purpose of Israeli tax, this Sub-Plan shall be governed by, construed and enforced in accordance with the laws of the State of Israel, without reference to conflicts of law principles.

* * *

Document

VARONIS SYSTEMS, INC.

INSIDER TRADING POLICY

(Effective as of July 26, 2023)

INTRODUCTION

Federal and state laws prohibit purchasing or selling securities on the basis of material non-public information about the applicable company. These laws also prohibit persons in possession of material non-public information from disclosing this information to others who trade.

In light of these prohibitions, Varonis Systems, Inc., together with its subsidiaries (collectively, “Varonis” or the “Company”), has adopted the following policy (this “Policy”) regarding trading in securities by its directors, officers, employees and service providers. This Policy also applies to anyone who lives in your household (other than household employees), family members who do not live in your household but whose transactions in securities are directed by you or are subject to your influence or control, and entities under your control or for which you make or are authorized to make investment decisions (collectively, “Restricted Affiliates”). The Company may also determine that other persons are subject to this Policy from time to time, such as consultants and agents who have access to material non-public information.

We designed this Policy to promote compliance with the federal securities laws and to protect Varonis and you from the serious liabilities and penalties that can result from violations of these laws. You, however, are responsible for ensuring that you do not violate federal or state securities laws or this Policy. Keep in mind that the Securities and Exchange Commission (“SEC”) and federal prosecutors may presume that trading by family members is based on information you supplied and may treat any such trades as if you had traded yourself.

If you have any questions about this Policy or its application to a particular transaction, you should contact the Company's General Counsel (the "General Counsel") or an attorney in the Company's Legal Department (the "Legal Department").

INSIDER TRADING PENALTIES

The penalties for violating insider trading laws and this Policy are severe. If you violate the federal insider trading laws, you may have to pay civil fines of up to three times (×3) the profit gained or loss avoided by such trading, as well as criminal fines of up to $5,000,000 for individuals and of up to $25,000,000 for non-natural persons. You also may have to serve a jail sentence of up to 20 years.

In addition, Varonis could be subject to paying a civil fine of up to three times (×3) the profit gained or loss avoided as a result of your insider trading violations, and a criminal penalty of up to $25,000,000. Insider trading could also compel Varonis to disclose non-public information before it would have done so otherwise, which could damage Varonis’ competitive position, jeopardize strategic or other important plans and threaten or eliminate opportunities such as acquisitions or financings.

In addition to penalties, firms or persons sanctioned for violations of securities laws may be limited from engaging in other types of business in the future, e.g., many regulated industries will not permit such firms or persons to engage in regulated activity. Further, for a Varonis director, officer or employee to even be accused of securities law violations would have very damaging effects on the Company’s reputation.

Because a violation of these laws or this Policy poses significant risks to Varonis, any violation of this Policy may result in immediate disciplinary measures being taken against you, including potential termination of employment or service with Varonis.

The SEC, the NASDAQ Stock Market, Inc. (“NASDAQ”) and state regulators (as well as the N.Y. Attorney General and the Department of Justice) use sophisticated surveillance techniques to uncover insider trading and are very effective at detecting and pursuing insider trading cases. The SEC has successfully prosecuted cases against employees trading through foreign accounts, trading by family members and friends, and trading involving only a small number of shares. The size of the transaction or the amount of profit received does not have to be large to result in prosecution. Therefore, it is important that you understand the breadth of activities that constitute illegal insider trading.

You must carefully read this Policy and follow its directives at all times. You are responsible for ensuring the compliance of any family member whose transactions in securities are subject to your influence or control, household member or entity whose transactions are subject to this Policy. Accordingly, you should make your family and household members aware of the need to confer with you before they purchase or sell Company securities or the securities of any Restricted Company (as defined below). Failure to adhere to this Policy or certify as to the matters contained in the acknowledgment form attached as Exhibit A to this Policy may result in immediate disciplinary measures being taken against you including, where appropriate, termination of employment or service with Varonis.

If you become aware of a possible insider trading violation, you should immediately report the potential violation to the General Counsel or the Legal Department.

POLICIES AND PROCEDURES

A.Insider Trading Policy

This Policy prohibits: (1) purchasing or selling securities when you have material non-public information, (2) “tipping” (as explained below), and (3) speculative trading. Please be aware that the first two such restrictions will continue to apply to you after the termination of your employment or service with Varonis for so long as you are in possession of material non-public information about Varonis or any other company obtained during your employment or service with Varonis.

1.Trading When You Are Aware of Material Non-Public Information is Prohibited

You may not purchase or sell stock or other securities of any company, including Varonis, when you are aware of material non-public information about that company or you have

material non-public information as a result of your role with Varonis that could affect the share price of that company. This Policy against “insider trading” applies to purchases and sales (at the times described in this Policy) of Varonis securities, as well as to purchases and sales of securities of any other company. “Varonis securities” may include common stock, options for common stock, restricted common stock, restricted common stock units, debt securities and any other securities of Varonis, such as preferred stock, warrants and convertible debentures, as well as derivative securities relating to Varonis securities, including securities convertible or exchangeable into, or whose value is derived by the value of, Varonis securities, whether or not issued by Varonis.

“Purchase” and “sale” are defined broadly under the Securities Exchange Act of 1934, as amended (the “Exchange Act”):

■“Purchase” includes not only the actual purchase of a security, but any contract to purchase or otherwise acquire a security.

■“Sale” includes not only the actual sale of a security, but any contract to sell or otherwise dispose of a security.

In light of the broad range of transactions that these definitions pick up, it is important to understand that the restrictions in this Policy apply, among other things, to the following types of “purchases” and “sales”:

■conventional cash-for-stock transactions;

■making gifts of Varonis’ securities (including charitable donations);

■using Varonis’ securities to secure a loan, in some circumstances (see Section A.3. below – “Speculative Trading is Prohibited”);

■broker-assisted cashless exercises of stock options (as defined below);

■engaging in short sales and other hedging transactions (which are prohibited under this Policy);

■a sale of Varonis’ securities obtained through the exercise of employee stock options granted by Varonis; and

■purchases and sales of derivative securities (e.g., options, warrants, convertible securities, stock appreciation rights or any similar security with a value derived from the value of an equity security), including exchange traded options and other convertible securities.

The restrictions in this Policy do not, however, apply to (i) the exercise of Varonis stock options pursuant to the Varonis stock plans, whether for cash or on a “net exercise” basis (as defined below), as long as none of the underlying option shares are subsequently sold on the open market, (ii) the vesting of Varonis stock options, restricted stock or restricted stock units or (iii) the withholding of shares to satisfy a tax withholding obligation upon the vesting of

restricted stock or restricted stock units where your award provides you the right to elect to do so. Therefore, you may freely exercise your stock options for cash, engage in “net exercises” and have Varonis withhold shares to satisfy your tax obligations without violating this Policy. Note that a “net exercise” (which is permitted without restriction) is the use of the underlying shares to pay the Company the exercise price and/or tax withholding obligation, without any open market transaction, whereas a broker-assisted cashless exercise (which is subject to the restrictions in this Policy), involves the broker selling some or all of the shares underlying the option on the open market.

2.“Tipping” is Prohibited

You may not disclose to anyone, including, without limitation, family members and co-workers (except as may be required by your job position), any material non-public information about Varonis or its securities or any other company or its securities. This includes not only refraining from making purchase, sell or hold recommendations to anyone about Varonis or any other company while in possession of material non-public information, but also refraining from making comments concerning material non-public information that may significantly alter the mix of information concerning Varonis that is available to the recipient. Consider this restriction in regard to even innocently-intended disclosures about the Company’s business or your individual work situation where those comments could be construed as giving insight into the Company’s performance or practice. This practice, known as “tipping,” also violates the federal securities laws and can result in the same civil and criminal penalties that apply if you engage in insider trading directly, even if you do not receive any money or derive any benefit from the purchase or sale made by persons to whom you passed material non-public information. This Policy does not restrict legitimate business communications on a “need to know” basis, where you have a basis to expect that the other person will not purchase or sell while in possession of the information.

3.Speculative Trading is Prohibited

You are encouraged to consider a purchase of Varonis securities as a long-term investment and, through ownership, to develop an alignment of interest with the performance and prospects of Varonis. Consistent with that philosophy, you are prohibited from engaging in any speculative trading involving Varonis securities, including, without limitation:

■purchasing or selling ‘put’ option, ‘call’ options or other publicly-traded options on Varonis securities; or

■engaging in short sales of Varonis securities.

4.Hedging Transactions

Certain forms of hedging or monetization transactions, such as prepaid variable forward contracts, equity swaps, collars, and exchange funds, allow an officer, director or employee to lock in much of the value of his or her stock holdings, often in exchange for all or part of the potential for upside appreciation in the stock. These transactions allow the officer, director or employee to continue to own the covered securities, but without the full risks and rewards of ownership. When that occurs, the officer, director or employee may no longer have the same

objectives as the Company’s other stockholders. For this reason, officers, directors and employees may not enter into such transactions.

5.Margin Accounts and Pledges

Securities held in a margin account may be sold by the broker without the customer’s consent if the customer fails to meet a margin call. Similarly, securities pledged (or hypothecated) as collateral for a loan may be sold in foreclosure if the borrower defaults on the loan. Because a margin sale or foreclosure sale may occur at a time when the pledgor is aware of material non-public information or otherwise is not permitted to purchase or sell Company securities, directors, officers and other employees are prohibited from holding Company securities in a margin account or pledging Company securities as collateral for a loan.

6.Standing and Limit Orders

You may not place standing or limit orders on Company securities except pursuant to the procedures described in the section below entitled “Policies and Procedures – When and How to Trade Varonis Securities – Rule 10b5-1 Trading Plans.” Standing and limit orders create heightened risks for insider trading violations because there is no control over the timing of purchases or sales that result from standing instructions to a broker, and as a result the broker could execute a transaction when a director, officer or other employee or service provider is in possession of material non-public information.

B. Unauthorized Disclosure

1.Use or Disclosure of Material Non-Public Information is Prohibited

You must maintain the confidentiality of Varonis information for competitive, security and other business reasons, as well as to comply with securities laws. All information you learn about Varonis or its business plans should be considered confidential and proprietary to Varonis until we disclose it pursuant to our official channels. You may not disclose it to others, such as family members, other relatives or business or social acquaintances. You also may not discuss the Company or its business in any “chat room” or similar internet-based forum, including anonymously or by use of an alias.

Also, legal rules govern the timing and nature of our disclosure of material information to outsiders and the public. Violation of these rules could result in substantial liability for you, Varonis and its management. For this reason, we permit only specifically designated representatives of Varonis, as identified below, to discuss Varonis with the news media, securities analysts and investors.

2.Third Party Inquiries

If you receive any inquiries about Varonis from third parties such as industry analysts or members of the financial or business media, you should direct them to Varonis’ Chief Financial Officer, General Counsel or Chief Marketing Officer.

C. What is “Material Non-Public Information”?

1.Material Information

Information is generally considered material if there is a likelihood that a reasonable investor would consider it important in making an investment decision to purchase, sell or hold securities. It includes any information that could reasonably affect the price of a security and may be either positive or negative information.

Although the materiality of information may vary depending on the circumstances of each case, be assured it will be scrutinized by federal, state and NASDAQ investigators with “20/20 hindsight.” Consequently, any appearance of impropriety should be avoided, and the particular facts of each such situation should be carefully reviewed. You should always err on the side of deciding that the information is material and not purchase or sell securities. The following pieces of information about a company are likely to be considered material:

■earnings, revenues, expenses, dividends, cash-flows from operations, liquidity and other non-public financial information;

■financial projections, including affirmations of prior earnings guidance and whether a company will or will not meet earnings expectations;

■unexpected financial results and unexpected events affecting such results;

■mergers, acquisitions, tender offers, joint ventures, divestitures or other changes in assets or business;

■launch of new products or new versions of existing products, accomplishment of significant milestones in product or intellectual property development (such as registration or grant of patents), achievement of scientific or engineering breakthroughs or other developments from research efforts;

■bank borrowings or financing transactions, including proposed new financing, refinancing or capital market transactions and actual or potential liquidity problems;

■events regarding a company’s securities (including, without limitation, defaults on debt securities, redemptions of securities, repurchase plans, changes in dividends or dividend policy, stock splits, changes in rights of security holders, and public or private sales of additional securities);

■major incidents;

■changes in or curtailment of operations or of significant facilities;

■developments regarding our joint venture partners, agents, distributors, customers or acquisition/investment targets (including the entry into, amendment or loss of an important contract or other arrangement with any of the foregoing);

■information concerning changes in senior management, key personnel or the composition of the Board of Directors, including information concerning the business and personal lives of the foregoing;

■developments in distribution channels;

■changes in compensation policy;

■a change in auditors or an auditor notification that a company may no longer rely on an audit report;

■threatened or pending litigation, and developments in ongoing material litigation and other contingencies;

■knowledge of any significant disruption in or breach or unauthorized access of the Company’s information technology infrastructure of cybersecurity or privacy incident or event;

■regulatory proceedings and governmental investigations; and

■bankruptcy, corporate restructuring or receivership.

This list is not exhaustive, and, depending upon the circumstances, other information may be material. In short, if you would consider the information relevant in making an investment decision, you should assume it is material. Even if you would not consider the information relevant in making an investment decision, but believe that a third party might consider it relevant, you should assume it is material. Remember that both positive and negative information may be material information. You should always treat information as material if you have any reason to believe that it may be important.

If you are unsure about the materiality of certain information or a specific transaction, please call the General Counsel or the Legal Department for advice.

2.Non-Public Information

Non-public information is information that is not generally known or available to the public. We consider information to be available to the public only when:

■it has been released to the public by a company through appropriate channels (e.g., by means of a Company press release distributed through a widely disseminated news or wire service or in a publicly available filing made by the Company with the SEC); and

■enough time has elapsed to permit the market to absorb the information.

Although there is no fixed period for how long it takes the market to absorb information, out of prudence a person in possession of material non-public information should refrain from any trading activity for two (2) trading days following its release. If you are unsure or have questions, please call the General Counsel or the Legal Department for advice.

D. When and How to Trade Varonis’ Securities

1.Overview

All directors, officers, employees, service providers and Restricted Affiliates of Varonis must comply with the applicable restrictions detailed below. No such person may purchase or sell Varonis’ securities when such person is aware of material non-public information as described above or if the purchase or sale falls outside the Trading Window (as defined below), except as specifically permitted herein. Further, no officer, employee at the Vice President level or above, employee in the Finance or Legal Departments or other person who has been informed by the General Counsel or a delegate that such person is subject to the pre-clearance policy (collectively “Restricted Insiders”) and no director or executive may purchase or sell Varonis’ securities, or permit any of such person’s Restricted Affiliates to purchase or sell Varonis’ securities, unless the purchase or sale was pre-cleared under Varonis’ pre-clearance policy as detailed below.

In addition, directors, officers, employees, service providers and Restricted Affiliates may only purchase or sell securities of a public company in or with which Varonis has a material interest or relationship, or in or with which Varonis is contemplating having a material interest or relationship (namely, a material interest or relationship (actual or contemplated) in any of Varonis’ business partners, agents, distributors, customers and acquisition/investment targets, which we collectively refer to herein as “Restricted Companies”) while not aware of material non-public information relating to the Restricted Company and, if such person’s Varonis duties involve or relate to such Restricted Company, the purchase or sale was also pre-cleared under Varonis’ pre-clearance policy as detailed below. If you have any doubt regarding whether you are subject to pre-clearance in respect of a Restricted Company, please call the General Counsel or the Legal Department for advice.

Before you purchase or sell Varonis’ securities or securities of any Restricted Company, you should bear in mind a potential liquidity trap that you could face: you could receive permission to purchase a security or have your interest in a security vest, but later be refused permission to sell it (or exercise and then sell it) (at least temporarily) because the Trading Window is closed at that time or you do not receive pre-clearance from the General Counsel. These situations are frequently beyond the control of Varonis and could lock you into an unwanted investment for a considerable period of time. This risk is an inherent, and necessary, part of Varonis’ policy with respect to purchasing or selling Varonis’ securities and securities of Restricted Companies.

2.Trading Window

You and your Restricted Affiliates may only purchase or sell Varonis’ securities during a certain period during each quarter (the “Trading Window”). The Trading Window begins two (2) full trading days after Varonis’ public announcement of its annual or quarterly earnings and ends fifteen (15) calendar days prior to the end of the then current quarter (or if such day is not a trading day, on the close of trading on the immediately preceding trading day).

However, even if the Trading Window is open, you and your Restricted Affiliates may not purchase or sell Varonis’ securities or securities of any Restricted Company if you are aware of material non-public information about Varonis or such Restricted Company. In addition, if applicable, you must pre-clear all purchases and sales with the General Counsel even if you initiate them when the Trading Window is open.

From time to time, Varonis may close the Trading Window due to material non-public information developments. In such an event, the General Counsel or the Legal Department may notify particular individuals or the Company as a whole that they should not engage in any purchase or sale of Varonis securities (trading restrictions may also be imposed on securities of one or more Restricted Companies if the material non-public information pertains to such Restricted Companies), and such individuals should not disclose to others the fact that the Trading Window has been closed. If you are in doubt whether a Trading Window is open, consult the General Counsel or the Legal Department.

Even if the Trading Window is closed, you may exercise Varonis stock options if no shares are to be sold (or exercise a “net exercise” right or tax withholding right pursuant to which you elect to have Varonis withhold shares subject to an option to satisfy tax withholding obligations); you may not, however, effect sales of the underlying stock issued upon the exercise of stock options (including same-day sales and “cashless exercises”). Generally, all pending market purchase/sale orders regarding Varonis securities must be executed within the Trading Window or otherwise cancelled when the window closes.

In addition, even if the Trading Window is closed, you may purchase and sell Varonis’ securities pursuant to a Qualified Rule 10b5-1 Plan, as discussed below. If you expect a need to sell Varonis securities at a specific time in the future, you may wish to consider entering into such a plan.

3.Pre-Clearance Procedures

Varonis requires all persons specified pursuant to Section D.1 above – “Overview” who wish to engage (or have a Restricted Affiliate who wishes to engage) in any purchase or sale involving Varonis securities or securities of Restricted Companies (including any broker-assisted option exercise, stock purchase, stock sale, gift, loan, contribution to a trust, or any other transfer or acquisition), to first obtain pre-clearance of the transaction from the General Counsel, unless the transaction is pursuant to a Qualified Rule 10b5-1 Plan, as discussed below.

A request for pre-clearance should be submitted to the General Counsel at least two (2) business days in advance of the proposed purchase or sale, unless the General Counsel agrees to a shorter period. The General Counsel will then determine whether the purchase or sale may proceed and will promptly notify you of this determination. When making a pre-clearance request, you need to be certain to include all relevant information concerning the proposed purchase or sale and how best to be reached.

The General Counsel may withhold clearance for the proposed purchase or sale, in his/her discretion, for various reasons including the following:

■you may possess material non-public information;

■the Trading Window is not open;

■the purchase or sale does not comply with Rule 144 of the Securities Act of 1933, as amended, and other legal requirements;

■the purchase or sale could result in adverse publicity or have a material adverse impact on trading in Varonis’ securities or Varonis;

■you are subject to Section 16(a) of the Exchange Act and sufficient advance notice had not been given to allow time to prepare and review a Form 4; or

■other relevant considerations cause the purchase or sale to be inappropriate.

Please be aware that, if the clearance of a proposed purchase or sale is withheld by the General Counsel, the decision cannot be “overruled” by any member of management. The General Counsel may obtain the advice of outside legal counsel with respect to a pre-clearance request. You may not in any event engage in the proposed purchase or sale until a request has been pre-cleared in writing.

If a purchase or sale is approved under the pre-clearance policy, the purchase or sale must be executed within three (3) business days after the approval is obtained. Notwithstanding the General Counsel’s approval of a purchase or sale, your purchase or sale may not be executed if (i) you acquire material non-public information concerning the company whose securities you wish to purchase or sell during that time, (ii) the General Counsel subsequently revokes his/her approval, or (iii) the Trading Window is subsequently closed. If a purchase or sale is not completed within the period described above (or if the General Counsel revokes his/her approval and/or closes the Trading Window), the purchase or sale must be cleared again with the General Counsel before it may be executed.

If a proposed purchase or sale is not approved under the pre-clearance policy, you should refrain from initiating any purchase or sale of Varonis securities, and you should not inform anyone within or outside of Varonis of the restriction.

4.Rule 10b5-1 Trading Plans

Rule 10b5-1 adopted by the SEC provides an affirmative defense to insider trading that is available to a person making a purchase or sale of securities who demonstrates that the purchase or sale was effected pursuant to a pre-arranged “trading plan” that meets certain conditions. Notwithstanding the other provisions of this Policy, you may purchase or sell Varonis securities and securities of Restricted Companies regardless of whether you may be aware of material non-public information at the time of trading or whether the Trading Window is closed, provided that the purchase or sale is made pursuant to a plan validly established in compliance with the provisions of Rule 10b5-1 (a “Qualified Rule 10b5-1 Plan”) and the following criteria are satisfied:

■you must enter into the plan (including any amendments or terminations thereof) in good faith and only during an open Trading Window and at a time when you are not aware of material non-public information;

■you must act in good faith with respect to the plan (including any amendments or terminations thereof);

■the plan must be a written plan or binding contract (i.e., the plan may not consist of an oral arrangement or order to purchase or sell Varonis securities in the future) that does not allow you to exercise any subsequent influence over how, when or whether to effect the purchase or sale;

■the plan must specify the amount, price and date of purchases or sales, or include a written formula, algorithm or computer program for their determination. Alternatively, you could delegate trading decisions to a third party who, at the time of trading did not have, and was not influenced by anyone who had, material non-public information;

■if you are a director or officer subject to Section 16 of the Exchange Act, the plan must include representations from you certifying that, on the date of adoption of the plan (a) you are not aware of any material non-public information about the subject securities or the Company and (b) you are adopting the plan in good faith and not as part of a plan or scheme to evade the prohibitions of Section 10(b) of the Exchange Act or Rule 10b-5 thereunder;

■if you are a director or officer subject to Section 16 of the Exchange Act, no purchases or sales under the plan may occur until the expiration of a cooling-off period consisting of the later of (a) 90 days after the adoption of the plan or (b) two business days following the filing of the Company’s Current Report on Form 10-Q or Annual Report on Form 10-K for the completed fiscal quarter in which the plan was adopted (subject to a maximum of 120 days after adoption of the plan) (such cooling-off period, the “Section 16 Cooling-off Period”);

■if you are not a director or officer Subject to Section 16 of the Exchange Act, no purchases or sales under the plan may occur until the expiration of a cooling-off period that is 30 days after the adoption of the plan (such cooling-off period, the “Non-Section 16 Cooling-off Period”);

■you do not have an outstanding Qualified Rule 10b5-1 Plan, subject to the limited exceptions provided in Rule 10b5-1(c)(1)(ii)(D); and

■the plan is pre-cleared in advanced by the General Counsel as described below.

In addition, if you have, during the prior 12-month period, entered into a Qualified 10b5-1 Plan that was designed to effect the open-market purchase or sale of all of the securities covered by such plan in a single transaction (such a plan, a “Single-Trade Plan”) and did not provide for an “eligible sell-to-cover transaction” (as described in Rule 10b5-1(c)(i)(ii)(D)(3)), you may not enter into a Single Trade Plan. A Qualified Rule 10b5-1 Plan must also comply

with all other applicable disclosure and other requirements under federal and state securities laws. Varonis may also require that all Qualified Rule 10b5-1 Plans include additional safeguards for the benefit of Varonis (e.g., customary lockup commitments associated with underwritings of Varonis securities).

Purchases and sales effected pursuant to a Qualified Rule 10b5-1 Plan will not require further pre-clearance at the time of the purchase or sale if the plan complies with the requirements set forth above. You may not alter or deviate from the terms of a Qualified Rule 10b5-1 Plan and you may not engage in any corresponding or hedging transactions.

If you wish to implement, amend or terminate a Qualified Rule 10b5-1 Plan, you must first have the plan (or any amendment or proposal to terminate) pre-cleared by the General Counsel. If you amend the amount, price or timing of a Qualified Rule 10b5-1 Plan, purchases or sales under the amended plan may not commence until the expiration of the Section 16 Cooling-off Period or Non-Section 16 Cooling-off Period, as applicable, calculated from the date of the amendment. Again, a Qualified Rule 10b5-1 Plan may only be entered into, amended or terminated in good faith during an open Trading Window and at a time when you are not aware of material non-public information. In pre-clearing the implementation, amendment or termination of a Qualified Rule 10b5-1 Plan, the General Counsel shall not be responsible for determining whether such plan is in compliance with the provisions of Rule 10b5-1. Compliance with Rule 10b5-1 is solely your responsibility, and we recommend you consult with your advisors regarding compliance. Consider in particular that the sequential termination of one plan and adoption of a new plan, or amendments of a plan, may cast doubt on whether the plan was entered into in good faith in the first place or whether you acted in good faith with respect to plan, potentially rendering unavailable the affirmative defense of Rule 10b5-1 for transactions that occur under the plan.

5.Post-Termination Transactions

If you are in possession of material non-public information, you may not purchase or sell Varonis securities, even if you are no longer employed or engaged with the Company, until the second trading day after the earlier of (i) that information becoming public or (ii) that information becoming no longer material.

Further, (i) directors and executive officers must continue to comply with the “Trading Window” and pre-clearance rules for six (6) month period following the termination of their engagement/employment with the Company or its subsidiaries, as applicable; and (ii) Restricted Insiders must continue to comply with the “Trading Window” and pre-clearance rules until the commencement of the Trading Window following the public release of earnings for the fiscal quarter in which the Restricted Insider’s employment with the Company or its subsidiaries, as applicable, occurs.

6.Broker Requirements for Directors and Officers Subject to Section 16 under the Exchange Act

The timely reporting of transactions requires tight interface with brokers handling transactions for directors and officers subject to Section 16 under the Exchange Act. A knowledgeable, alert broker can also serve as a gatekeeper, helping to ensure compliance with

our pre-clearance procedures and helping prevent inadvertent violations. Therefore, in order to facilitate timely compliance by the directors and executive officers of the Company with the requirements of Section 16 of the Exchange Act, brokers of directors and officers subject to Section 16 under the Exchange Act need to comply with the following requirements:

■not to enter any order (except for orders under pre-approved Rule 10b5-1 plans) without first verifying with the Company that your transaction was pre-cleared and complying with the brokerage firm’s compliance procedures (e.g., Rule 144); and

■to report before the close of business on the day of the execution of the transaction to the Company by telephone and in writing via e-mail to the General Counsel or his or her designee, the complete (i.e., date, type of transaction, number of shares and price) details of every transaction involving the Company’s equity securities, including gifts, transfers and all 10b5-1 transactions.

Because it is the legal obligation of the purchasing or selling person to cause any filings on Form 3, Form 4, Form 5 or Form 144 (or as may otherwise be required), to be made, you are strongly encouraged to confirm following any transaction that your broker has immediately telephoned and e-mailed the required information to the Company.

SEEKING ADVICE/REPORTING VIOLATIONS

If you are unsure of the application of this Policy to any transaction that you or your Restricted Affiliates propose to undertake, or if you retrospectively realize that you or your Restricted Affiliates violated or may have violated this Policy, or for assistance with any of the matters discussed in the Policy, contact the General Counsel or the Legal Department as promptly as practicable. You should also refer suspected violations of this Policy to the General Counsel and the Legal Department. You may also report it through the Company's confidential Whistleblower Hotline (via web submission at https://www.openboard.info/VRNS/index.cfm or by calling (866) 860-8085).

EXHIBIT A

ACKNOWLEDGEMENT FORM

The undersigned, a director, officer, employee, service provider and/or consultant of Varonis Systems, Inc. or one of its subsidiaries (collectively, “Varonis”), as applicable, hereby certifies and represents to Varonis that he/she has received, read and understands the Varonis Insider Trading Policy (the “Policy”) and agrees to comply, and has complied, with the Policy in its entirety:

Executed on ________________, 20__

Name: __________________________

Title: __________________________

Document

Exhibit 21.1

VARONIS SYSTEMS, INC. SUBSIDIARIES

Subsidiary State/Country of Incorporation/Formation
Varonis Systems Ltd. Israel
Varonis (UK) Limited England
Varonis Systems (Deutschland) GmbH Germany
Varonis France SAS France
Varonis Systems Corp. Canada (British Columbia)
Varonis Systems (Ireland) Limited Ireland
Varonis Systems (Australia) Pty Ltd Australia
Varonis Systems (Netherlands) B.V. Netherlands
Varonis U.S. Public Sector LLC United States (Delaware)
Varonis Systems (Luxemburg) S.à r.l. Luxembourg
Varonis Singapore PTE. LTD. Singapore
Cyral, LLC United States (Delaware)
Varonis Systems (India) Private Limited India
Varonis Systems Japan K.K. Japan
SlashNext, LLC United States (Delaware)
Varonis Systems (Poland) LLC Poland

Document

Exhibit 23.1

CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

We consent to the incorporation by reference in the Registration Statements (Form S-8 Nos. 333-289098, 333-289097, 333-284718, 333-281103, 333-276899, 333-273579, 333-269629, 333-262593, 333-252223, 333-249837, 333-235997, 333-229321, 333-222646, 333-215617, 333-209312, 333-205582 and 333-194657) pertaining to the Amended and Restated 2023 Omnibus Equity Incentive Plan of Varonis Systems, Inc., the 2015 Employee Stock Purchase Plan of Varonis Systems, Inc., the 2013 Omnibus Equity Incentive Plan of Varonis Systems, Inc., the Polyrize Security Ltd. 2019 Share Incentive Plan, as amended, and 2005 Stock Plan of our reports dated February 4, 2026, with respect to the consolidated financial statements of Varonis Systems, Inc. and the effectiveness of internal control over financial reporting of Varonis Systems, Inc. included in this Annual Report (Form 10-K) of Varonis Systems, Inc. for the year ended December 31, 2025.

/s/ KOST FORER GABBAY & KASIERER

A Member of EY Global

Tel-Aviv, Israel

February 4, 2026

Document

Exhibit 31.1

CERTIFICATION OF CHIEF EXECUTIVE OFFICER PURSUANT TO

SECURITIES EXCHANGE ACT RULES 13a-14(a) AND 15(d)-14(a), AS ADOPTED PURSUANT TO

SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002

I, Yakov Faitelson, certify that:

1.I have reviewed this Annual Report on Form 10-K of Varonis Systems, Inc.;

2.Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;

3.Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;

4.The registrant's other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:

(a)Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;

(b)Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;

(c)Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and

(d)Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and

5.The registrant's other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions):

(a)All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and

(b)Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.

Date: February 4, 2026 By: /s/ Yakov Faitelson
Yakov Faitelson
Chief Executive Officer and President

Document

Exhibit 31.2

CERTIFICATION OF CHIEF EXECUTIVE OFFICER PURSUANT TO

SECURITIES EXCHANGE ACT RULES 13a-14(a) AND 15(d)-14(a), AS ADOPTED PURSUANT TO

SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002

I, Guy Melamed, certify that:

1.I have reviewed this Annual Report on Form 10-K of Varonis Systems, Inc.;

2.Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;

3.Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;

4.The registrant's other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:

(a)Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;

(b)Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;

(c)Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and

(d)Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and

5.The registrant's other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions):

(a)All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and

(b)Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.

Date: February 4, 2026 By: /s/ Guy Melamed
Guy Melamed
Chief Financial Officer and Chief Operating Officer (Principal Financial Officer and Principal Accounting Officer)

Document

Exhibit 32.1

CERTIFICATION OF CEO PURSUANT TO

18 U.S.C. SECTION 1350,

AS ADOPTED PURSUANT TO

SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002

In connection with the Annual Report on Form 10-K of Varonis Systems, Inc. (the "Company") for the year ended December 31, 2025 as filed with the Securities and Exchange Commission on the date hereof (the "Report"), Yakov Faitelson, as Chief Executive Officer and President of the Company, hereby certifies, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that, to the best of his knowledge:

(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and

(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.

By: /s/ Yakov Faitelson
Yakov Faitelson
Chief Executive Officer and President

Date: February 4, 2026

This certification accompanies the Report pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 and shall not, except to the extent required by the Sarbanes-Oxley Act of 2002, be deemed filed by the Company for purposes of Section 18 of the Securities Exchange Act of 1934, as amended.

Document

Exhibit 32.2

CERTIFICATION OF CFO PURSUANT TO

18 U.S.C. SECTION 1350,

AS ADOPTED PURSUANT TO

SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002

In connection with the Annual Report on Form 10-K of Varonis Systems, Inc. (the "Company") for the year ended December 31, 2025 as filed with the Securities and Exchange Commission on the date hereof (the "Report"), Guy Melamed, as Chief Financial Officer and Chief Operating Officer of the Company, hereby certifies, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that, to the best of his knowledge:

(1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and

(2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company.

By: /s/ Guy Melamed
Guy Melamed
Chief Financial Officer and Chief Operating Officer (Principal Financial Officer and Principal Accounting Officer)

Date: February 4, 2026

This certification accompanies the Report pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 and shall not, except to the extent required by the Sarbanes-Oxley Act of 2002, be deemed filed by the Company for purposes of Section 18 of the Securities Exchange Act of 1934, as amended.

Document

VARONIS SYSTEMS, INC.

POLICY FOR THE

RECOVERY OF ERRONEOUSLY AWARDED COMPENSATION

A.    OVERVIEW

In accordance with the applicable rules of The Nasdaq Stock Market (the “Nasdaq Rules”), Section 10D of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and Rule 10D-1 under the Exchange Act (“Rule 10D-1”), the Board of Directors (the “Board”) of Varonis Systems, Inc. (the “Company”) has adopted this Policy (the “Policy”) to provide for the recovery of erroneously awarded Incentive-based Compensation from Executive Officers. All capitalized terms used and not otherwise defined herein shall have the meanings set forth in Section H, below.

B.    RECOVERY OF ERRONEOUSLY AWARDED COMPENSATION

(1)In the event of an Accounting Restatement, the Company will reasonably promptly recover the Erroneously Awarded Compensation Received in accordance with Nasdaq Rules and Rule 10D-1 as follows:

(i)After an Accounting Restatement, the Compensation Committee (if composed entirely of independent directors, or in the absence of such a committee, a majority of independent directors serving on the Board) (the “Committee”) shall determine the amount of    any Erroneously Awarded Compensation Received by each Executive Officer and shall promptly notify each Executive Officer with a written notice containing the amount of any Erroneously Awarded Compensation and a demand for repayment or return of such compensation, as applicable.

(a)For Incentive-based Compensation based on (or derived from) the Company’s stock price or total shareholder return, where the amount of Erroneously Awarded Compensation is not subject to mathematical recalculation directly from the information in the applicable Accounting Restatement:

i.The amount to be repaid or returned shall be determined by the Committee based on a reasonable estimate of the effect of the Accounting Restatement on the Company’s stock price or total shareholder return upon which the Incentive-based Compensation was Received; and

ii.The Company shall maintain documentation of the determination of such reasonable estimate and provide the relevant documentation as required to the Nasdaq.

(ii)The Committee shall have discretion to determine the appropriate manner, timing and means of recovering Erroneously Awarded Compensation based on the particular facts and circumstances. Notwithstanding the foregoing, except as set forth in Section B(2) below, in no event may the Company accept an amount that is less than the amount of Erroneously Awarded Compensation in satisfaction of an Executive Officer’s obligations hereunder.

(iii)To the extent that the Executive Officer has already reimbursed the Company for any Erroneously Awarded Compensation Received under any other recovery obligations established by the Company or applicable law, it shall be appropriate for any such reimbursed amount to be credited to the amount of Erroneously Awarded Compensation that is subject to recovery under this Policy.

(iv)To the extent that an Executive Officer fails to repay all Erroneously Awarded Compensation to the Company when due, the Company shall take all actions reasonable and appropriate to recover such Erroneously Awarded Compensation from the applicable Executive Officer.

(2)Notwithstanding anything herein to the contrary, the Company shall not be required to take the actions contemplated by Section B(1) above if the Committee (which, as specified above, is composed entirely of independent directors or in the absence of such a committee, a majority of the independent directors serving on the Board) determines that recovery would be impracticable and any of the following two conditions are met:

(i)The Committee has determined that the direct expenses paid to a third party to assist in enforcing the Policy would exceed the amount to be recovered. Before making this determination, the Company must make a reasonable attempt to recover the Erroneously Awarded Compensation, documented such attempt(s) and provided such documentation to the Nasdaq;

or

(ii)Recovery would likely cause an otherwise tax-qualified retirement plan, under which benefits are broadly available to employees of the Company, to fail to meet the requirements of Section 401(a)(13) or Section 411(a) of the Internal Revenue Code of 1986, as amended, and regulations thereunder.

(3) Notwithstanding anything to the contrary herein, the Company has no obligation pursuant to this Policy to seek recovery of amounts received by a Executive Officer which are awarded, paid, granted, vested or earned based solely upon the occurrence or non-occurrence of nonfinancial events. Such exempt compensation includes, without limitation, base salaries; bonuses paid solely at the discretion of the Committee or Board that are not paid from a “bonus pool” that is determined by satisfying a Financial Reporting Measure; bonuses paid solely upon satisfying one or more subjective standards; non-equity incentive plan awards earned solely upon satisfying one or more strategic measures or operational measures; equity awards for which the grant is not contingent upon achieving any Financial Reporting Measure performance goal and vesting is contingent solely upon completion of a specified employment period and/or attaining one or more nonfinancial reporting measures; or any other compensation awarded on the basis of the achievement of metrics that are not Financial Reporting Measures.

C.    DISCLOSURE REQUIREMENTS

The Company shall file all disclosures with respect to this Policy required by applicable U.S. Securities and Exchange Commission (“SEC”) filings and rules.

D.    PROHIBITION OF INDEMNIFICATION

The Company shall not be permitted to insure or indemnify any Executive Officer against (i) the loss of any Erroneously Awarded Compensation that is repaid, returned or recovered pursuant to the terms of this Policy, or (ii) any claims relating to the Company’s enforcement of its rights under this Policy. Further, the Company shall not enter into any agreement that exempts any Incentive-based Compensation that is granted, paid or awarded to an Executive Officer from the application of this Policy or that waives the Company’s right to recovery of any Erroneously Awarded Compensation, and this Policy shall supersede any such agreement (whether entered into before, on or after the Effective Date of this Policy).

E.    ADMINISTRATION AND INTERPRETATION

This Policy shall be administered by the Committee, and any determinations made by the Committee shall be final and binding on all affected individuals.

The Committee is authorized to interpret and construe this Policy and to make all determinations necessary, appropriate, or advisable for the administration of this Policy and for the Company’s compliance with Nasdaq Rules, Section 10D, Rule 10D-1 and any other applicable law, regulation, rule or interpretation of the SEC or Nasdaq promulgated or issued in connection therewith.

F.    AMENDMENT; TERMINATION

The Committee may amend this Policy from time to time in its discretion and shall amend this Policy as it deems necessary.

G.    OTHER RECOVERY RIGHTS

This Policy shall be binding and enforceable against all Executive Officers and, to the extent required by applicable law or guidance from the SEC or Nasdaq, their beneficiaries, heirs, executors, administrators or other legal representatives. The Committee intends that this Policy will be applied to the fullest extent required by applicable law. Any employment agreement, equity award agreement, compensatory plan or any other agreement or arrangement with an Executive Officer shall be deemed to include, as a condition to the grant of any benefit thereunder, an agreement by the Executive Officer to abide by the terms of this Policy. Any right of recovery under this Policy is in addition to, and not in lieu of, any other remedies or rights of recovery that may be available to the

Company under applicable law, regulation or rule or pursuant to the terms of any policy of the Company or any provision in any employment agreement, equity award agreement, compensatory plan, agreement or other arrangement.

H.    DEFINITIONS

For purposes of this Policy, the following capitalized terms shall have the meanings set forth below.

(1)“Accounting Restatement” means an accounting restatement due to the material noncompliance of the Company with any financial reporting requirement under the securities laws, including any required accounting restatement to correct an error in previously issued financial statements that is material to the previously issued financial statements (a “Big R” restatement), or that would result in a material misstatement if the error were corrected in the current period or left uncorrected in the current period (a “little r” restatement).

(2)“Clawback Eligible Incentive Compensation” means all Incentive-based Compensation Received by an Executive Officer (i) on or after the effective date of the applicable Nasdaq rules, (ii) after beginning service as an Executive Officer, (iii) who served as an Executive Officer at any time during the applicable performance period relating to any Incentive-based Compensation (whether or not such Executive Officer is serving at the time the Erroneously Awarded Compensation is required to be repaid to the Company), (iv) while the Company has a class of securities listed on a national securities exchange or a national securities association, and (v) during the applicable Clawback Period (as defined below).

(3)“Clawback Period” means, with respect to any Accounting Restatement, the three completed fiscal years of the Company immediately preceding the Restatement Date (as defined below), and if the Company changes its fiscal year, any transition period of less than nine months within or immediately following those three completed fiscal years.

(4) “Erroneously Awarded Compensation” means, with respect to each Executive Officer in connection with an Accounting Restatement, the amount of Clawback Eligible Incentive Compensation that exceeds the amount of Incentive-based Compensation that otherwise would have been Received had it been determined based on the restated amounts, computed without regard to any taxes paid.

(5)“Executive Officer” means each individual who is currently or was previously designated as an “officer” of the Company as defined in Rule 16a-1(f) under the Exchange Act. For the avoidance of doubt, the identification of an executive officer for purposes of this Policy shall include each executive officer who is or was identified pursuant to Item 401(b) of Regulation S-K, as well as the principal financial officer and principal accounting officer (or, if there is no principal accounting officer, the controller).

(6)“Financial Reporting Measures” means measures that are determined and presented in accordance with the accounting principles used in preparing the Company’s financial statements, and all other measures that are derived wholly or in part from such measures. Stock price and total shareholder return (and any measures that are derived wholly or in part from stock price or total shareholder return) shall, for purposes of this Policy, be considered Financial Reporting Measures. For the avoidance of doubt, a Financial Reporting Measure need not be presented in the Company’s financial statements or included in a filing with the SEC.

(7)“Incentive-based Compensation” means any compensation that is granted, earned or vested based wholly or in part upon the attainment of a Financial Reporting Measure.

(8)“Nasdaq” means The Nasdaq Stock Market.

(9)“Received” means, with respect to any Incentive-based Compensation, actual or deemed receipt, and Incentive-based Compensation shall be deemed received in the Company’s fiscal period during which the Financial Reporting Measure specified in the Incentive-based Compensation award is attained, even if the payment or grant of the Incentive-based Compensation to the Executive Officer occurs after the end of that period.

(10)“Restatement Date” means the earlier to occur of (i) the date the Board, a committee of the Board or the officers of the Company authorized to take such action if Board action is not required, concludes, or reasonably should have concluded, that the Company is required to prepare an Accounting Restatement, or (ii) the date a court, regulator or other legally authorized body directs the Company to prepare an Accounting Restatement.

Effective as of December 1, 2023.

Exhibit A

ATTESTATION AND ACKNOWLEDGEMENT OF POLICY FOR THE RECOVERY OF ERRONEOUSLY AWARDED COMPENSATION

By my signature below, I acknowledge and agree that:

•I have received and read the attached Policy for the Recovery of Erroneously Awarded Compensation (this “Policy”) of Varonis Systems, Inc. (the “Company”).

•I hereby agree to abide by all of the terms of this Policy both during and after my employment with the Company, including, without limitation, by promptly repaying or returning any Erroneously Awarded Compensation to the Company as determined in accordance with this Policy.

Signature:

Printed Name:

Date:

Report a Problem

Category
Description
Email (optional, for follow-up)