London-based Decagon Asset Management established a new position in CyberArk Software (SEC filing dated Nov. 14), acquiring 74,990 shares valued at about $36.23 million as of Sept. 30, 2025 — making CyberArk the fund's largest 13F-reported holding (roughly 18.29% of its $198.06M reportable U.S. equity positions). CyberArk reported strong Q3 results with revenue of $342.8M (up 43% YoY), ARR of $1.34B (up 45%), and subscription ARR up 57% to ~86% of total ARR; GAAP profitability remains negative (operating loss $50.1M), but non-GAAP operating margin expanded to ~19% and the company had nearly $2B in cash and marketable securities. Shares traded at $451.86 (up ~41% over the past year), and Decagon’s concentrated bet signals conviction in CyberArk’s recurring-revenue growth and enterprise identity-security positioning.
Market structure: Decagon’s large new CYBR stake amplifies the narrative that privileged access management (PAM) is a winner as enterprises shift spend from point products to subscription identity security. Direct beneficiaries: CyberArk (CYBR), cloud security integrators and MSSPs; losers: legacy on‑prem PAM vendors and small point-solution IAM vendors facing pricing pressure. This concentration signal can accelerate M&A interest and re‑rating for scaled SaaS platforms, tightening demand vs. supply for high-quality recurring revenues. Risk assessment: Key tail risks are an enterprise security breach or a major OEM/cloud partner outage (high impact, low probability), aggressive deal financing that dilutes equity, and a macro IT spend pullback that slows ARR growth. Immediate (days-weeks) risk is momentum reversal after a 41% YTD move; short-term (1–3 quarters) hinges on ARR/renewal beats and margin leverage; long-term (2–4 years) depends on cross-sell, churn <7% and sustainable non‑GAAP margins >20%. Hidden dependencies include concentrated customer deals, integration risk from acquisitions, and channel revenue timing. Trade implications: Direct play: accumulate CYBR with disciplined sizing — initial 1–2% long position of portfolio value, scale to 3–4% only on confirmed ARR beats or cash flow breakeven; add on pullbacks to $410–$430 (≈10%–9% down). Pair trade: long CYBR vs short a stretched IAM peer (e.g., OKTA) to express privileged access outperformance; size net delta to 0. Options: buy a 6–9 month CYBR 450/550 call spread sized to risk 0.5–1.0% portfolio, or buy a 9–12 month 420–450 protective put if holding outright. Rotate 1–3% weight into cybersecurity ETFs and reduce legacy on‑prem infra by same amount. Contrarian angles: Consensus may be underestimating concentration risk — a small fund making CYBR ~18% of reported US AUM could create volatility if they rebalance. The market may have priced much of ARR re-rating; a miss in renewal rates or margin guidance could produce >20% drawdowns. Historical parallels: re‑ratings after cloud transition (e.g., Splunk) that later corrected on margin execution issues. Unintended consequence: aggressive positioning by boutique funds can amplify both upside and forced selling on redemptions — size positions accordingly and insist on liquidity thresholds (>50% free float traded within 1 week).
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately positive
Sentiment Score
0.48
Ticker Sentiment
