Artificial Intelligence & Machine Learning,
Cloud Security,
Network Firewalls, Network Access Control
An In-Depth Analysis of the 2nd Largest Cyber Acquisition Deal and Its Last-Minute Challenges
The second-largest acquisition in the history of cybersecurity commenced with initial discussions in 2023. At one point, the seller contemplated withdrawing, and the firms rushed to make their deal public following media leaks.
See Also: On Demand | From Patch to Prevention: Modernizing Remediation Across Hybrid Environments
In May 2023, Palo Alto Networks CEO Nikesh Arora initiated dialogue with CyberArk’s founder and chairman, Udi Mokady, regarding a potential acquisition. However, Mokady expressed that CyberArk preferred to maintain its independence. Recently, CyberArk elaborated on how Palo Alto’s proposed $25 billion acquisition unfolded ahead of the upcoming shareholder vote on November 13.
After a two-year pause, Arora approached Mokady again on June 4, 2025, expressing interest in acquiring CyberArk and requesting an in-person meeting, which took place on June 17. On June 25, both parties signed a mutual nondisclosure agreement, followed by Palo Alto’s submission of anon-binding letter of interest on July 1, proposing an all-stock acquisition of CyberArk at a price of $457.99 per share.
The CyberArk board recognized the unique strategic benefits of a potential transaction with Palo Alto Networks, appreciating the alignment between their operations and the prospect of rapidly advancing CyberArk’s identity security platform on a global scale. This strategic rationale was articulated in their official communications, emphasizing the advantages they saw in partnering with Palo Alto as opposed to other suitors.
Negotiations Intensify Over Pricing and Terms
On July 4, the CyberArk board concluded that reaching out to other potential buyers was not in the best interest of the company or its shareholders due to the risks posed by potential media leaks. On July 6, Mokady presented a counterproposal pricing CyberArk shares at $525, coupled with a $2 billion termination fee if the deal failed to obtain regulatory approval.
In a response on July 7, Arora adjusted Palo Alto’s offer to $480 per share without a termination fee, believing that the collaborative nature of both companies would minimize regulatory concerns. Mokady countered on July 9 with an offer of $510 per share and reinstated the $2 billion termination fee, prompting Arora to propose $495 per share with a reduced termination fee of $500 million.
Following further discussions, on July 10, Mokady indicated that CyberArk would not proceed without increasing the termination fee. As negotiations continued, Palo Alto agreed to elevate the termination fee to $1 billion while holding the other terms steady. On July 12, both companies signed an exclusivity agreement, obligating CyberArk to negotiate solely with Palo Alto until August 6.
Critical Moments in the Deal’s Final Stages
Following this setback, Palo Alto’s financial advisors reached out to convey a willingness to negotiate a revised offer at $489.45 per share. However, CyberArk’s leadership indicated reluctance to proceed under these terms. Ultimately, on July 30, an agreement was reached when CyberArk’s board unanimously approved the deal.
In their communication, CyberArk emphasized the final offer as the best available proposal for their shareholders. Following the board meeting, both companies executed the formal acquisition agreement and issued a joint press release, detailing the transaction ahead of market opening.
As with any significant cyber deal, professionals should consider the potential tactics that may have been employed during this acquisition, including initial access, negotiation manipulation, and influencing tactics which align with the MITRE ATT&CK framework. These strategies may serve as a lesson in understanding the complexities and vulnerabilities inherent in high-stakes corporate transactions.
