Being compliant is not good enough to fully protect organisations' systems, according to Udi Mokady, speaking at the vendor's Impact 2016 event in Barcelona today.
In his keynote speech, Mokady said he worries about how secure companies are when they strive only to comply with security standards set by regulatory organisations.
"My role as CEO of a cybersecurity company is to worry. It is to worry and think with the rest of the CyberArk team about how we protect our customers and give them measurable security," he said.
"We don't just have to worry about the next big attack, we also have to worry about our customers that settle for being compliant. Compliance is not secure."
Mokady referenced an unnamed customer to explain his point: the customer was fully compliant with regulations but was still hacked, and its data stolen.
This event is CyberArk's eighth annual customer gathering, which over the past few years has morphed into a partner event as well.
The NASDAQ-listed company – which earlier this year was rumoured to have been in potential takeover talks with Check Point – hit $161m (£122m) revenue in 2015, a 56 per cent growth year on year.
Mokady claimed that CyberArk has "grown into a resilient company".
He said this was down to customers understanding the importance of privileged account security in protecting organisations from attacks.
"People here on the ground understand the notion that security comes from the inside. Our vision is to think that the attacker is already on the inside, and provide security to combat that," he explained.
A summary of what you get if you subscribe to our premium market intelligence service
Matthew Polly says CrowdStrike is looking to branch out from the UK and into mainland Europe
Southampton-based VAR states that further acquisitions are in the pipeline
With UKFast launching a public cloud consultancy, Tom Wright asks if this is the way forward for all local hosting providers