INDEX / DIRECTORY / CYBERARK / V-POL

Cyberark V-POL

POLITICAL AUDIT UPDATED 2026-06-11
V-POL Score 4.50 /10 B Cyberark — BDS-1000 635
V-POL 4.50

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-POL Audit: CyberArk

V-POL Audit: CyberArk

Corporate Communications & Public Stance

CEO Matt Cohen published a corporate blog post titled “Our Hearts Are Broken, But We Will Prevail” on October 13, 2023, six days after the Hamas-led attacks of October 7 1. The post described the attacks as “barbaric,” expressed “solidarity” with Israel, disclosed that employees had been called to IDF reserve duty, stated that “some employees have bravely volunteered,” and concluded with the declaration “We will prevail” 1. The post was confirmed and amplified by trade press reporting 2. The resilience narrative was reinforced by founder and Executive Chairman Udi Mokady in the company’s 25th-anniversary blog post and in investor-facing communications 3. These statements constitute documented, senior-executive-level public advocacy for one side of an active armed conflict, distinguishing the Israel-Gaza messaging from any other geopolitical conflict the company has publicly addressed 123.

CyberArk’s public response to the February 2022 Russian invasion of Ukraine was confined to a technical advisory blog post titled “CISA on Ukraine Cyber Attacks: Are You at Risk?” — a document focused narrowly on wiper malware threats and CISA/FBI guidance, containing no declarations of solidarity, no mention of employee mobilization, and no analogous “will prevail” framing 4. Quarterly financial results from 2022 referenced the Russia-Ukraine conflict solely as a macroeconomic headwind or geopolitical risk factor 5. No CyberArk corporate statement expressing solidarity with Ukraine, Ukrainian civilians, or Ukrainian resistance efforts has been identified in public sources 45. The contrast between clinical risk-management language for Ukraine and emotionally nationalist language for Israel is documentable across these two published sets of corporate communications 45.

CyberArk’s FY2023 Form 20-F named the “Swords of Iron” conflict as a formal risk factor while simultaneously emphasizing operational continuity and resilience — a framing consistent with the public communications described above 6. Annual reports describe Israel-based operations as standard commercial R&D, acknowledge dual-use and export-control exposure, and confirm headquarters location in Petah Tikva, Israel, with a U.S. headquarters in Newton, Massachusetts 76.

Operations in Occupied or Contested Territories

CyberArk’s primary Israeli presence is its headquarters in Petah Tikva, a city within the internationally recognized 1948 Green Line borders of Israel — not within the West Bank, occupied East Jerusalem, or Gaza 76. No evidence has been identified placing CyberArk offices, data centers, service contracts, or subsidiary activities within Israeli settlements in the West Bank or occupied territories 8. CyberArk’s products are distributed globally through a channel-partner model; no specific channel-partner agreements or contracts limited to settlement-based entities have been identified in public sources.

CyberArk’s own documentation states that export to “The Palestinian Authority Territories” requires prior approval from the Israeli Ministry of Defense 9. This policy applies to the West Bank and Gaza 9. CyberArk’s SEC filings acknowledge that its products qualify as “dual-use goods and technology” under Israeli export control law, and that defense-related applications of its software would invoke the Israeli Defense Export Control Law 7610. The filings state that current civilian commercial exports have not required defense export licenses 7610.

CyberArk is not listed in the UN Human Rights Council database (OHCHR) of businesses with activities in Israeli settlements (the “UN Business Database,” most recently updated September 2025; contains 158 entities) 8. The company does not appear in any identified UN resolution, EU regulatory action, or OECD National Contact Point complaint related to occupied-territory operations 8.

Glasgow Caledonian University (GCU), 2024: The GCU Students’ Association publicly called for the university to end its contract with CyberArk for Multi-Factor Authentication (MFA) services 1112. The stated grounds were CEO Matt Cohen’s October 2023 statement praising employees who “bravely volunteered” for IDF reserve duty, which the student union characterized as support for “ongoing genocide” 1112. The GCU Students’ Association’s own publication confirms the university agreed to end the relationship 11. The contract was worth £1,436,210.32 for three years (2023–2026) 11.

University of Aberdeen, November 2024: The University of Aberdeen’s student newspaper reported that activists protested a reported £1.4 million contract between the university and CyberArk 13. Activists cited CyberArk’s leadership ties to Unit 8200 and the CEO’s wartime statement as grounds for the campaign 13. The contract was signed January 30, 2024 13.

Student Loans Company (UK government-owned non-profit), 2025: The Hind Rajab Foundation filed a legal complaint with the Dutch Public Prosecutor against CyberArk VP Lavi Lazarovitz for alleged role in Gaza genocide 14. The Student Loans Company has a £1.4M contract with CyberArk via the G Cloud 13 procurement framework (expires 2026) 1516.

No formal BDS National Committee campaign naming CyberArk as a primary designated target has been verified in public sources.

Internal Governance, Content & Retail Policies

The CEO’s October 13, 2023 blog post explicitly praised employees called to IDF reserve duty and those who “bravely volunteered,” and expressed corporate “pride” in their service 1. This constitutes a documented corporate HR communication endorsing one side of an active armed conflict 1. The company confirmed it continued to pay and support employees on military deployment, representing a form of in-kind labor-cost absorption associated with IDF reserve service 12. A December 2024 report by the Racism and Technology Center titled “Tech Workers Face Retaliation for Palestine Solidarity” documented a sector-wide pattern of professional consequences for tech workers expressing pro-Palestinian views 17. CyberArk is not named as a specific case study in that report 17. No public evidence identified of specific disciplinary actions, HR complaints, NLRB filings, or documented employee terminations at CyberArk related to Palestine solidarity expression 17.

CyberArk is a B2B enterprise software company operating in the Privileged Access Management (PAM) and Identity Security market segments 7. It does not operate a consumer-facing content platform, social media service, or editorial publication that would generate algorithmic content moderation concerns 7. This category is structurally inapplicable to CyberArk’s business model. No public evidence identified of independent reports or regulatory inquiries regarding content suppression by CyberArk related to the conflict.

CyberArk’s products are software licenses and subscription-based services, not physical goods 7. No supply chain involving physical product labeling or country-of-origin requirements applicable to settlement-goods regulations exists. This category is structurally inapplicable. No public evidence identified of regulatory actions or public reports regarding retail labeling or territory-of-origin classification of CyberArk products.

Brand Heritage & State Partnerships

CyberArk’s marketing and public positioning explicitly foreground the military-intelligence background of its founder 18. SC Media’s “Influencer” profile of Udi Mokady directly references his Unit 8200 service as foundational to his vision for privileged access management 18. Unit 8200 is the IDF’s primary signals intelligence and cyber unit 19. The company confirms Udi Mokady served in Unit 8200, the Israeli Military Intelligence Directorate’s signals intelligence division 2021. The company’s 25th-anniversary communications reference Mokady’s intelligence background and frame the company’s origins in the Israeli military-technology ecosystem as a competitive differentiator 3. This positioning aligns with the “Start-Up Nation” brand framework, which markets Israeli military service as the origin of commercial innovation 322. Additional executive military background: Lavi Lazarovitz, VP of Cyber Research at CyberArk, is a former Israeli Air Force pilot and intelligence officer with 11 years of service 23. Omer Grossman, CyberArk CIO, served 25 years in the IDF 13.

CyberArk has been identified as a sponsor and participant in the CyberTech Global conference series, including the Tel Aviv and Dubai editions 2425. CyberTech Global Tel Aviv is co-organized with the Israeli government and regularly features the Prime Minister, Minister of Defense, and heads of Israeli intelligence agencies as speakers 24. The 2024 Tel Aviv conference — held during the Gaza war — featured Israeli President Isaac Herzog among its prominent speakers 24. CyberArk is documented as a member of the American-Israel Chamber of Commerce (AmCham Israel) and participates in its AI Ecosystem Development Working Group 26. AmCham Israel functions as a bilateral trade and advocacy organization and has historically engaged in advocacy against BDS-related legislative efforts 26.

Jerusalem Venture Partners (JVP), CyberArk’s original venture capital backer and the firm of Lead Independent Director Gadi Tirosh, has co-developed Israeli government cybersecurity export initiatives and maintains formal ties to the Israeli Innovation Authority 2728. Gadi Tirosh has served as Lead Independent Director on the CyberArk board since 2016 27.

Lobbying, Advocacy, Financing & Logistics

CyberArk Software Canada Inc. is registered as a consultant lobbyist in Canada, with David Angus of The Capital Hill Group Inc. registered as the consultant since 2017 29. The registration covers government procurement, defense, and national security matters 29. As a foreign private issuer incorporated in Israel and listed on NASDAQ, CyberArk would be subject to U.S. Lobbying Disclosure Act (LDA) requirements if it retains U.S. lobbyists or engages in direct congressional contact 29. No CyberArk LDA registrations have been identified in available sources 29. No public evidence identified of CyberArk appearing on the UK statutory lobbying register.

CyberArk’s ESG and Community page references participation in Israeli national cybersecurity education programs, constituting a confirmed form of community investment in the Israeli technology pipeline 30. No direct corporate donation from CyberArk to the Friends of the IDF (FIDF) has been identified in public records, FIDF Form 990 filings, or press coverage. No public evidence identified of direct CyberArk financial contributions to the Jewish National Fund (JNF), settlement organizations, or affiliated parastatal bodies.

The October 2023 CEO statement confirmed that CyberArk continued to pay and support employees called to IDF reserve duty 12. This constitutes a documented form of in-kind labor-cost support to the military: the company absorbed the employment costs of workers engaged in active IDF service during wartime operations 12. No evidence has been identified of CyberArk directing cloud computing credits, free software licenses, logistics support, or infrastructure specifically to Israeli military or state-aligned NGO operations during the conflict, beyond the employee-support commitment described above.

Corporate Structure & Primary Mission

CyberArk Software Ltd. is incorporated under the laws of the State of Israel and listed on NASDAQ (ticker: CYBR) 76. The Israeli government holds no equity stake in CyberArk, and no golden shares, state ownership interest, or government-mandated directorial appointments have been identified in public filings 76. The founding mission articulated in CyberArk’s 2014 IPO Form F-1 registration is commercial: to provide Privileged Account Security software to enterprise customers 7. No language in the F-1 or subsequent 20-F annual reports ties the corporate charter to advancing Israeli state geopolitical goals 76. Major institutional shareholders as of the most recent available filings include asset managers BlackRock, FMR (Fidelity), and private equity firm Thoma Bravo 6. Jerusalem Venture Partners (JVP), the original VC backer, reduced its stake following the IPO 28. Gadi Tirosh, Managing Partner at JVP, has served as Lead Independent Director on the CyberArk board since 2016 27. JVP maintains formal ties to the Israeli Innovation Authority and has co-developed government cybersecurity export initiatives but holds no identified special governance right in CyberArk’s corporate structure 2728.

In July 2025, Palo Alto Networks announced an agreement to acquire CyberArk in a transaction described in Israeli financial press as the second-largest exit in Israeli business history at approximately $25 billion 31. CyberArk shareholders approved the acquisition on November 13, 2025, with 99.8% in favor 32. Palo Alto Networks completed the acquisition on February 11, 2026; CyberArk shares were delisted from Nasdaq 33.

CyberArk’s SEC filings, spanning from the 2014 F-1 through the FY2019 and FY2023 20-Fs, consistently acknowledge that its software qualifies as dual-use goods and technology under Israeli law and that defense-sector customers would trigger the Israeli Defense Export Control Law 7610. The filings assert that current commercial exports have not required defense licensing 7610. No direct CyberArk contract with the Israeli Ministry of Defense has been identified in public procurement records, press reporting, or filings.

Executive & Leadership Footprint

Mokady served as CyberArk’s CEO from the company’s founding until April 2023, when he transitioned to the role of Executive Chairman 334. Prior to founding CyberArk, he served in the IDF’s Unit 8200, the primary Israeli military signals intelligence and cyber unit 202118. SC Media’s “Influencer” profile of Mokady explicitly links this military service to his commercial vision for privileged access management 18. He has reinforced the “Start-Up Nation” resilience narrative across investor communications and public interviews 23. Mokady holds a board advisory position at the Brandeis International Business School 34. No records of personal donations by Mokady to the FIDF, JNF, or named settlement organizations have been identified in press coverage, foundation Form 990 disclosures, or Israeli charity registry records.

Cohen became CEO in April 2023 3. His most consequential documented public statement is the October 13, 2023 blog post “Our Hearts Are Broken, But We Will Prevail,” which remains publicly accessible on the CyberArk domain 1. No subsequent public retraction or modification of this statement has been identified 1. No personal philanthropy records for Cohen have been identified in public sources.

Gadi Tirosh, Managing Partner at Jerusalem Venture Partners (JVP), has served as Lead Independent Director on the CyberArk board since 2016 27. JVP, founded by Erel Margalit (former Knesset member, Labor Party, 2015–2019), participates in Israel Innovation Authority programs and has co-developed government cybersecurity export initiatives 28. No CyberArk founder or C-suite executive has been identified holding a named board or leadership position in AIPAC, the Conference of Presidents of Major American Jewish Organizations, or equivalent registered geopolitical advocacy or lobbying organizations based on available sources.

End Notes

Footnotes

  1. https://www.cyberark.com/resources/blog/our-hearts-are-broken-but-we-will-prevail 2 3 4 5 6 7 8 9 10

  2. https://www.crn.com/news/security/cyberark-s-operations-are-resilient-amid-israel-hamas-war-ceo 2 3 4 5 6

  3. https://www.cyberark.com/resources/blog/cyberark-at-25-udi-mokady-on-milestones-identity-security-and-humility 2 3 4 5 6 7

  4. https://www.cyberark.com/resources/blog/cisa-on-ukraine-cyber-attacks-are-you-at-risk 2 3

  5. https://www.cyberark.com/press/cyberark-announces-strong-fourth-quarter-and-full-year-2022-results/ 2 3

  6. https://www.sec.gov/Archives/edgar/data/1598110/000117891325000811/zk2532806.htm 2 3 4 5 6 7 8 9 10 11

  7. https://www.sec.gov/Archives/edgar/data/1598110/000119312514247215/d692893df1.htm 2 3 4 5 6 7 8 9 10 11 12 13

  8. https://www.ohchr.org/en/business/bhr-database 2 3

  9. https://docs.cyberark.com/welcome/latest/en/content/resources/frontmatter/cc_restrictedaccess.htm 2

  10. https://www.sec.gov/Archives/edgar/data/1598110/000117891320000737/cybr20f2019.htm 2 3 4

  11. https://www.gcustudents.co.uk/thestudentvoice/gcu-to-end-relationship-and-contract-with-cyberark 2 3 4

  12. https://www.gcustudents.co.uk/thestudentvoice/gcu-should-not-renew-the-contract-with-cyberark 2

  13. https://www.gaudie.co.uk/wpress/index.php/news/2024/11/20/uoa-faces-backlash-over-cyber-ssecurity-contract-with-idf-linked-firm 2 3 4

  14. https://www.hindrajabfoundation.org/perpetrators/israeli-air-force-officer-lavi-lazarovitz-in-the-netherlands-hrf-files-legal-complaint-for-role-in-gaza-genocide

  15. https://www.thenational.scot/news/25402673.student-loans-company-slammed-public-contract-idf-linked-firm

  16. https://www.thenational.scot/news/25402673.student-loans-company-slammed-public-contract-idf-linked-firm

  17. https://racismandtechnology.center/2024/12/16/tech-workers-face-retaliation-for-palestine-solidarity/ 2 3

  18. https://www.scworld.com/feature/influencer-udi-mokady 2 3 4

  19. https://en.wikipedia.org/wiki/Unit_8200

  20. https://en.wikipedia.org/wiki/Udi_Mokady 2

  21. https://www.dropsitenews.com/p/israel-technology-palo-alto-networks-microsoft-unit-8200 2

  22. https://www.securityweek.com/from-idf-to-inc-the-israeli-cybersecurity-startup-conveyor-belt/

  23. https://infocondb.org/presenter/lavi-lazarovitz

  24. https://www.jns.org/middle-east-2-0-cybertech-global-tel-aviv-2024/ 2 3

  25. https://dubai.cybertechconference.com/partners

  26. https://amcham.co.il/103-committees/539-ai-forum-working-groups-meetings 2

  27. https://investors.cyberark.com/news/news-details/2016/CyberArk-Announces-Changes-to-Board-of-Directors/default.aspx 2 3 4 5

  28. https://en.wikipedia.org/wiki/Jerusalem_Venture_Partners 2 3 4

  29. https://lobbycanada.gc.ca/app/secure/ocl/lrs/do/vwRg?cno=360189&regId=894536 2 3 4

  30. https://www.cyberark.com/company/esg/community/

  31. https://www.paloaltonetworks.com/company/press/2025/palo-alto-networks-announces-agreement-to-acquire-cyberark–the-identity-security-leader

  32. https://investors.cyberark.com/news/news-details/2025/CyberArk-Shareholders-Approve-the-Companys-Acquisition-by-Palo-Alto-Networks/default.aspx

  33. https://investors.paloaltonetworks.com/news-releases/news-release-details/palo-alto-networks-completes-acquisition-cyberark-secure—ai-era

  34. https://www.cyberark.com/company/leadership/udi-mokady/ 2