Fair Pay & Worker Respect

In 2023, CyberArk reported a CEO-to-employee pay ratio of 250:1.

The company also achieved a 0% gender pay gap in 2023. The employee turnover rate for 2023 was 8.5%.

Honest & Fair Business

CyberArk has a formal 'Speak Up Policy (Whistleblower Policy)' with a confidential hotline, last updated in November 2023.

The policy covers various violations including bribery, corruption, and financial irregularities, and states that external experts like law firms may be engaged for investigations. The company aims to acknowledge reports within 7 days and provide an update within 3 months, with the outcome communicated once a case is closed. The Anti-Corruption Policy, updated in October 2023, applies to all directors, officers, and employees, and has a zero-tolerance stance on bribery, explicitly prohibiting facilitation payments globally. Expectations for vendors are detailed in a Vendor Code of Conduct. For third-party verification, CyberArk achieved SOC 2 Type 2 and SOC 3 certifications for its Identity Security Platform, verified by independent auditing firm A-LIGN ASSURANCE.

Kind to Animals

CyberArk Software Ltd. is a service-oriented company providing identity security software and services. The provided articles explicitly state that information directly related to animal welfare, animal testing, or related certifications is not applicable to its business operations.

Therefore, there is no evidence of animal testing, animal-derived products, animal husbandry, or direct impact on wildlife habitats.

No War, No Weapons

CyberArk's products and services are restricted from export, re-export, or access from Cuba, Iran, Lebanon, North Korea, Sudan, Syria, the Crimea region of Ukraine, and the Donetsk and Luhansk People's Republics of Ukraine.

Export to Iraq, Libya, and the Palestinian Authority Territories requires prior approval from the Israeli Ministry of Defense. Additionally, export to Russia and Belarus requires case-by-case review and approval, and access from the People's Republic of China is restricted by default, with potential permission following review and approval.

Planet-Friendly Business

CyberArk reported total Scope 1 and 2 greenhouse gas emissions (market-based) of 2,107.42 mtCO2e for 2023.

Scope 3 emissions are planned for future measurement, but no data is provided. The company conducted a climate scenario analysis in 2022, which indicated low near-term climate risk. This analysis was aligned with TCFD recommendations. CyberArk has a forest planting program.

Respect for Cultures & Communities

The provided articles, including CyberArk's ESG reports, do not contain specific quantitative data or concrete facts related to any of the KPIs under the 'Respect for Cultures & Communities' value. While the reports mention general commitments to community engagement and ESG principles, they explicitly state 'No figures' or 'No data' for all relevant metrics, such as formal partnerships, local reinvestment, cultural incidents, impact protocols, local employment, grievance mechanisms, FPIC, community governance, cultural preservation, local procurement, indigenous suppliers, cultural site protection, social license, cultural charitable giving, community fund allocation, language inclusivity, cultural incident response, or cultural sensitivity training.

Therefore, no KPIs can be scored based on the evidence provided.

Safe & Smart Tech

CyberArk has a Responsible AI Policy and conducts AI Impact Assessments for AI features to avoid bias and ensure transparency, fairness, accountability, and privacy/security by design.

It also launched FuzzyAI, an open-source tool to help safeguard against AI model jailbreaks. CyberArk Workforce Identity achieved FIDO2 certification from the FIDO Alliance. CyberArk personnel undergo onboarding and refresher training on information security and GDPR compliance. The company's privacy notice describes user rights (access, rectification, erasure) under various privacy regulations like GDPR and CCPA. Customer data, including backups, is deleted no later than 60 days after service termination, and customers can request data deletion at any time. CyberArk's solutions address compliance requirements for GDPR, NERC CIP, MAS TRM, Sarbanes-Oxley, and PCI standards. AI Impact Assessments are designed to avoid biases and unethical use. AI Impact Assessments are designed to address privacy and security by design. CyberArk will inform users when AI is used to produce results or recommendations, in-product and in documentation. Access to customer data is restricted to authorized personnel, authenticated via multi-factor authentication, with permissions aligned to roles. CyberArk services are secured according to industry security practices (OWASP, NIST, CAIQ).

Zero Waste & Sustainable Products

The provided articles, which include ESG reports and environmental statements from CyberArk, do not contain any specific quantitative data or detailed information relevant to the 'Zero Waste & Sustainable Products' ethical value. The documents primarily focus on general ESG initiatives, cybersecurity, human capital management, and greenhouse gas emissions (Scope 1 and 2).

There is no mention of waste diversion rates, product recyclability, packaging sustainability, recycled content, single-use plastic reduction, take-back programs, circular design principles, waste reduction initiatives, hazardous waste management, product durability, repairability scores, waste audit frequency, zero waste certifications, waste disposal violations, material efficiency, packaging-to-product ratios, waste reduction targets, supplier waste requirements, or customer waste education programs.