Cyera

The rising complexity of IT environments is reshaping data security, creating major challenges for organizations. Enterprises now face substantial difficulty maintaining control over sensitive data across various platforms such as cloud services, SaaS applications, and hybrid environments. This lack of visibility is a crucial pain point as data becomes more decentralized across on-site data centers and third-party cloud platforms, which is further complicated by stringent regulatory requirements such as the General Data Protection Regulation (GDPR). From 2021 to 2023 there was a reported 72% increase in data breaches with an average cost of $4.9 million per breach in 2024.

The need for more complex data security tools has necessitated a move away from traditional Data Loss Prevention (DLP) techniques which primarily focus on monitoring data movement within a company's internal network. Meanwhile, enterprises are adopting more cloud-based services, with Gartner predicting that more than 50% of businesses will have industry cloud platforms by 2028 as data no longer resides within the four walls of a company. Companies are now shifting to a more comprehensive strategy called Data Security Posture Management (DSPM) that essentially provides visibility into where sensitive data resides, how it is used, and the security policies governing it. This tool enables organizations to identify potential unsecured data, classify it based on risk, and monitor access, which is vital for maintaining compliance and reducing errors in the data security/management process.

Cyera is a data security company that uses DSPM to provide an agentless, AI/ML blended platform, which facilitates quick deployment and instant data discovery across hybrid environments. Cyera uses AI for data classification and contextual analysis to assist enterprises seeking alternatives to traditional, slower-to-deploy methods in managing large datasets while adhering to regulatory frameworks. The company's focus is on automating data governance and improving operational resilience in SaaS, PaaS, and IaaS ecosystems. Cyera’s approach underscores the growing demand for solutions that operate at the scale of modern cloud infrastructure in support of its mission for “every business to realize the full potential of data.”

Source: VentureBeat

Cyera was founded in 2021 by Yotam Segev (CEO) and Tamar Bar-Ilan (CTO), both veterans of Israel’s Unit 8200. The specialized unit has produced some of the most well-respected cybersecurity companies in the world, including Palo Alto Networks and Check Point Software. Segev and Bar-Ilan built the unit's cloud division together, gaining experience in addressing the growing complexities of data security.

During his time as Senior Class Commander in the Tailpot Leadership Program, Segev had firsthand experience leading teams in deploying advanced cybersecurity technologies. He noticed a recurring challenge: while identity management was a significant focus in the industry, data — and specifically data visibility and protection — wasn’t getting the same attention. He realized that businesses were struggling to ensure critical, sensitive data remained secure while still making it accessible to stakeholders.

Bar-Ilan, with his understanding of both data and identity, shared Segev’s vision. He explained that “identity and data are two sides of the same coin. They are also the two fastest growing attack surfaces.” Bar-Ilan’s insight shaped Cyera’s approach: security breaches often start with one question — what data has been impacted? This immediately led to the next — who has access to it? The two co-founders decided to tackle a pressing issue they had encountered throughout their careers: the lack of focus on data visibility, protection, and compliance in the rapidly evolving digital landscape.

Segev and Bar-Ilan sought early backing, eventually becoming connected with another Unit 8200 alum, venture capitalist Gili Raanan. Raanan, known for his early investment in Wiz through his firm Cyberstarts, became Cyera’s first investor. Raanan later introduced Cyera to Doug Leone, a senior partner at Sequoia and now a member of Cyera's board of directors. Leone has also invested in four companies led by ex-Unit 8200 soldiers.

Segev and Bar-Ilan expanded their team by bringing on Jason Clark as Chief Strategy Officer, leveraging his experience in scaling companies, such as his work on Optiv where he helped grow the company from $200 million to $2 billion in under three years. Clark’s expertise in cybersecurity strategy, combined with his leadership at companies like Netskope and Forcepoint, made him fit to help drive Cyera’s growth. He also co-founded the Security Advisor Alliance in 2013, an organization dedicated to fostering the next generation of cybersecurity professionals.

Lamont Orange, Cyera’s Chief Information Security Officer, added another layer of depth to the team. With nearly 30 years in the industry, Orange said he's seen it all — except for one thing. “In my nearly 30 years working in the industry, I’ve never seen the focus on data security,” he said, highlighting the position Cyera holds in today’s digital world. “We are at an inflection point where we all need to become better digital citizens in an increasingly fragile, digitally-reliant society.”

Cyera offers a cloud-based DSPM platform designed to help organizations discover, manage, and secure their sensitive data across on-premise, IaaS, PaaS, and SaaS environments. The platform is powered by a combination of AI and ML to automate data discovery, classification, and security posture evaluation, with a specific focus on cloud-native environments.

Data Security Posture Management (DSPM)

Source: Cyera

Cyera’s DSPM platform helps organizations discover, classify, and secure data across cloud and on-premise environments. It automatically identifies sensitive data, such as PII or intellectual property, and classifies it using AI-powered tools to ensure precise data management.

The platform includes insights into an organization’s data estate, identifying security risks, and ensuring compliance with minimal manual effort. This strengthens data security by addressing vulnerabilities and optimizing data storage management. One key aspect of Cyera’s DSPM is its data discovery and cataloging capabilities.

Automatic Data Store Discovery: Cyera’s deployment system enables automatic and continuous detection of all data storage locations, including those that are known, overlooked, or newly created, essentially helping organizations stay updated on data sprawl and address potential security risks or compliance issues.

Without the need for custom-built software or manual configurations, the platform catalogs cloud-based storage (IaaS and PaaS), on-premise databases, databases in virtual environments such as servers or containers, and files stored in online software platforms (SaaS). This centralized management provides a comprehensive overview of an organization’s data storage without requiring complex integration.

Source: Cyera

Sensitive Data Inventory & Classification: Cyera’s system automatically identifies and categorizes sensitive data, continuously scanning an organization’s environment to detect newly created or modified data that may contain personally identifiable information (PII), protected health information (PHI), payment card industry (PCI) data, intellectual property (IP), or other confidential information.

While simple data like credit card numbers are easy to classify, more complex customer, employee, or corporate data can be harder to detect. Cyera’s classification engine assigns identity to data using hundreds of predefined categories, and its machine learning algorithms refine these classifications based on the organization’s unique data patterns.

Source: Cyera

Identity Access

Source: Cyera

Cyera enforces data access policies to ensure only the necessary individuals and systems have access to sensitive information, following the principle of least privilege. The platform identifies when access to data—whether structured (like databases) or unstructured (like documents)—is overly broad or risky. It evaluates the potential impact of this access by considering the sensitivity of the data and relevant compliance frameworks. Cyera provides insights into both human and automated users accessing data stores, the type of sensitive information they can reach, and any activities that increase the risk of data breaches, loss, or exposure to ransomware. This allows security teams to tighten controls proactively and prevent potential threats.

Data Detection & Response (DDR)

Cyera provides security teams with the visibility they need to manage risks around how data is stored, used, and moved. It identifies when sensitive data is in the wrong place, accessed in unusual ways, or exposed through changes to databases or configurations. This allows teams to apply the right security measures and prevent data breaches or misuse.

The platform analyzes logs and APIs from data sources to detect risks in real time. It offers pre-built policies and a custom policy builder, allowing organizations to set controls that fit their needs. Cyera integrates with tools like DLP, Cloud-Native Application Protection (CNAPP), and Security Information and Event Management (SIEM) to automatically enforce protections based on the type of data, how it’s accessed, and where it’s stored—ensuring security meets both business goals and regulatory standards.

Source: Cyera

Data Privacy

Cyera's Data Privacy platform is designed to help organizations identify, manage, and protect personal data across various environments, ensuring compliance with global privacy regulations. The platform automatically discovers and inventories personal data, providing visibility into where it resides, who has access to it, and the safeguards in place. This enables organizations to detect and prioritize critical privacy risks using predefined policies.

Source: Cyera

Data Loss Prevention (DLP)

Cyera's Data Loss Prevention (DLP) platform is designed to detect, monitor, and protect critical data in motion, preventing unauthorized access and data breaches. Traditional DLP solutions often struggle with the complexities of modern data environments, leading to false positives and fragmented protection. Cyera addresses these challenges by combining AI-powered data classification with data loss prevention, enabling organizations to discover, monitor, and prevent critical data risks.

The platform offers visibility and control across the entire DLP landscape through API connections with existing data protection tools. This integration allows for the assessment of data loss risks by channel, severity, and data categories, providing an overall view of an organization's DLP security posture. Additionally, Cyera's AI-powered alert analysis examines flagged actions, summarizes incidents, and surfaces related alerts to enhance investigation processes. The platform prioritizes alerts based on factors such as the riskiness of users and destinations, enabling security teams to focus on the most significant threats.

Source: Cyera

Data Risk Assessment (DRA)

Cyera's Data Risk Assessment (DRA) service is a solution designed to evaluate an organization's data strategy and cybersecurity maturity. By leveraging over 30 critical controls, along with Cyera's data security platform, open-source intelligence (OSINT), and Dark Web intelligence assets, the service provides insights tailored to the organization's specific needs. Cyera maintains an inventory of IaaS and PaaS storage buckets, native databases, and databases running in compute, virtual machine, or container environments, as well as the folders and files in SaaS applications—all from a single platform.

Cyera’s DRA provides organizations with full visibility into their data landscape, enabling them to identify and remediate security gaps proactively. By discovering and classifying data, the service helps organizations secure sensitive information—such as Personally Identifiable Information (PII), Protected Health Information (PHI), and Payment Card Industry (PCI) data—from exposure and vulnerabilities.

Data Breach Readiness (DBR)

Cyera's Data Breach Readiness service provides organizations with an assessment of their data security posture and incident response capabilities with 66% of security leaders failing to identify security exposures. The service includes the discovery and classification of data stores to identify known and unknown assets, monitoring for changes, and analyzing access permissions to sensitive information. It also facilitates tabletop exercises with technical and executive stakeholders to evaluate incident response and crisis management processes. The assessment results in a report outlining key findings and recommendations for improving data security measures and breach response strategies.

Source: Cyera

Key Use Cases

Cyera's product offerings provide a range of use cases for organizations across various industries. The company's solutions enhance data protection and ensure critical data is securely backed up for disaster recovery, reducing an organization's attack surface through the identification and management of "ghost" or forgotten data repositories. Additionally, Cyera's real-time identification of unsecured personal data enables teams to incorporate it into their recovery plans, reducing vulnerability to ransomware attacks.

Cyera's tools also help organizations meet major privacy regulations, such as GDPR, HIPAA, and CCPA, by identifying and securing personal data. The solution flags data that crosses geographic boundaries, maintaining data sovereignty and preventing compliance violations. For example, a U.S. mortgage lender used Cyera's automated classification and risk management tools to manage its cloud data and achieve compliance with the Gramm-Leach-Bliley Act (GLBA).

In terms of cost optimization, Cyera's solutions identify duplicate or redundant data across cloud environments, helping businesses reduce their storage costs. The platform also differentiates between critical data that must be backed up and non-essential data, optimizing cloud usage.

Industry Applications

Cyera's industry-specific applications demonstrate the value of its offerings. In the financial services sector, the solution automates the discovery and classification of sensitive customer data, enabling organizations to manage compliance and reduce cyber risks. A mortgage lender, for instance, used Cyera to manage cloud data, comply with GDPR and CCPA, and prevent exposure to threats through automated risk remediation.

Similarly, in the healthcare industry, Cyera protects patient records and other sensitive health data to meet HIPAA requirements. The solution provides data inventories and controls to govern access, addressing insider threats, which caused 39% of healthcare breaches in 2022. Given the high cost of data breaches in healthcare, which averaged $10.3 million in 2023, Cyera's offerings are relevant for this sector.

Cyera's solutions also benefit the manufacturing industry by simplifying audit processes and helping protect against attacks, 19% of which resulted in data theft in 2023. For retail and travel businesses, the platform manages customer preferences and payment information, with 50% of incidents involving data extortion in 2023. Cyera's automated risk remediation capabilities safeguard sensitive data beyond the storefront.

Customer

Cyera specializes in serving large enterprises that manage significant volumes of sensitive data across multi-cloud environments like AWS, Azure, and Google Cloud. These organizations face the ongoing challenge of securing data at all stages—whether at rest, in transit, or in use—across diverse platforms. To address this, Cyera offers solutions by integrating directly with key cloud providers.

For example, as an AWS Advanced Technology Partner and member of the AWS ISV Accelerate program, Cyera delivers security for AWS environments. It extends this capability through integrations with Azure Data Explorer, OpenAI, and Google Cloud services, providing both data protection and deeper insights into data usage. Additionally, its integration with Snowflake reinforces its ability to secure data across increasingly complex infrastructures.

As of February 2025, some of Cyera’s customers included AT&T, Docusign, Paramount, Peloton, UIPath, Chipotle, and Skechers.

Market Size

The global cybersecurity market, valued at $222.7 billion in 2023, is projected to reach $500.7 billion by 2030, growing at a compound annual growth rate (CAGR) of 12.3%. This expansion is fueled by the increasing digital interconnectivity of the global economy, along with heightened awareness of data risks and the rising prevalence of cyberattacks. Data breaches, such as those in the U.S., where incidents cost an average of $9.4 million in 2023, are one of the key drivers for more advanced cybersecurity solutions.

Within this market, the Cloud Security Posture Management (CSPM) segment was valued at $4.7 billion in 2022 and is expected to grow at a CAGR of 10.4% through 2030. The DSPM segment is also poised for significant growth, driven by the adoption of cloud computing and regulatory compliance requirements like HIPAA, GDPR, and PCI DSS. The increased use of mobile devices, reliance on Big Data, and the proliferation of AI, machine learning, and IoT further expand demand.

Despite a 58% drop in global cybersecurity venture funding since its peak in 2021, recent trends indicate a resurgence in investment, with a 144% year-on-year increase in funding as of Q1 2023. This bifurcation trend highlights smaller exits for early-stage companies struggling to secure additional funding, alongside large growth rounds for startups aiming to become multi-billion-dollar giants.

Source: Crunchbase News

Competitive Landscape

Source: Gartner

Cyera operates within the evolving DSPM market, which is characterized by a mix of established cybersecurity companies and newer, specialized startups. The market is fragmented, with no single player dominating, largely because DSPM is a relatively new category in data security. Established companies like Palo Alto Networks, with its recent acquisition of Dig Security, have started expanding into DSPM, while other firms such as Sentra, Varonis, and Securiti are directly competing for market share by offering cloud-native data security solutions.

In addition, like most categories in cybersecurity, there are a number of companies that see DSPM as yet another segment of the security market they want to have a presence in, in order to increase their relevance to existing customers. For example, broader data discovery vendors, like OneTrust and BigID, have a foothold in DSPM primarily through their capabilities around data discovery and classification. Similarly, data resilience platform Rubrik has extended into DSPM because it already supports data backups to avoid losses. In August 2023, Rubrik announced the acquisition of Laminar to deepen its capabilities in DSPM. Adding capabilities around understanding data exposure and exfiltration are logical extensions.

Startups in the DSPM space tend to focus on specific niches within cloud data security, such as real-time data protection, while larger players like Palo Alto Networks utilize their broad resources and existing relationships with large enterprises. Cyera is positioned among these newer entrants, aiming to differentiate itself through its comprehensive approach to managing the entire data lifecycle—discovery, classification, governance, and protection—within cloud-native environments. However, the market is seeing rapid innovation, and the capabilities of competitors are evolving quickly as they leverage AI and ML to enhance their offerings.

Given the fragmented nature of the DSPM market, competition is expected to intensify as both large incumbents and agile startups continue to innovate. While Cyera is focused on delivering AI-driven data protection and governance solutions, competitors are increasingly offering similar features.

Competition

Varonis: Founded in 2005, Varonis is a data security platform focused on data discovery, classification, and exposure management. Varonis has raised $430.5 million in total funding as of February 2025. Varonis focuses on data security and analytics, emphasizing the protection of enterprise data through monitoring and analysis. This approach contrasts with Cyera's data-centric security strategy, which provides deep context on data across the entire landscape.

Securiti: Securiti, founded in 2019, is a data security company with $156 million in total funding. The company raised a $75 million Series C in October 2022 led by Owl Rock Capital, followed by additional funding in March 2023 from Capital One Ventures and Citi Ventures. The company offers a broad platform through its Data Command Center, which provides unified data intelligence, controls, and orchestration across hybrid multicloud environments. Securiti differentiates itself by focusing heavily on privacy operations (PrivacyOps) and governance, targeting organizations that require comprehensive data privacy alongside security. While Cyera focuses on cloud-native data security, Securiti's broader platform may appeal to enterprises seeking a one-stop solution for privacy, security, and governance.

Sentra: Founded in 2021 with $53 million in funding as of February 2025, Sentra offers cloud data security solutions that focus on automating data discovery, classification, and real-time protection. Like Cyera, Sentra’s leadership hails from Israel’s Unit 8200, and the company targets cloud-native companies and fast-growing startups. While Cyera offers a more comprehensive approach to the entire data lifecycle, Sentra differentiates itself with an emphasis on real-time data protection and quick implementation, appealing to businesses that prioritize immediate security measures over full lifecycle governance.

Palo Alto Networks & Dig Security: Dig Security was founded in 2021, and raised $45 million in funding before being acquired by Palo Alto Networks in 2023 for $350 million. Like Cyera, Dig focuses on DSPM and offers end-to-end cloud data security solutions. The company’s use of AI for risk prioritization and real-time security monitoring closely mirrors Cyera’s offerings. However, becoming part of Palo Alto Networks’ broader product suite gives Dig a significant advantage in terms of resources and market access, making it a strong competitor in the space.

Rubrik & Laminar: Founded in 2014, Rubrik offers Zero Trust Data Security to help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. The company raised $554.3 million in total funding as of February 2025. In August 2023, Rubrik acquired Laminar, one of the leaders in the DSPM industry and an expert in protecting data stored and processed on major public cloud platforms such as AWS, Azure, Google Cloud, and Snowflake. With both services available to consumers, Rubrik is a direct competitor to Cyera’s offering of the DPSM platform.

OneTrust: Founded in 2016, OneTrust offers a Privacy & Data Governance Cloud that enables the responsible use of data and AI. The platform simplifies data collection with consent and preferences and automates data governance with integrated risk management across privacy, security, IT/tech, and third-party risk. The company raised $1.1 billion in total funding as of February 2025. OneTrust primarily sells to legal, compliance, and privacy teams, whereas Cyera’s key buyers are security and IT teams focused on preventing data breaches. However, with Cyera’s approach to data privacy, they offer similar services to their customers.

Cyera operates a Software-as-a-Service (SaaS) business model, generating revenue primarily through subscription fees based on the number of data stores its platform secures. Pricing typically ranges between $100K and $150K per year, though specifics may vary depending on the scope of the deployment. The company doesn’t disclose pricing publicly, instead inviting potential customers to request a custom quote.

Cyera further solidified its market position in October 2024 by acquiring Trail Security for $162 million. The deal allows Cyera to expand its service offerings, aiming to address customer needs for solutions beyond posture management and provide a broader suite of services. As of February 2025, the company employed 468 people, primarily in sales and engineering. One unverified estimate of Cyera’s revenue indicated that, in 2024, the company generated ~$70 million.

In November 2024, Cyera raised a $300 million Series D at a $3 billion valuation, led by Accel and Sapphire Ventures. This came after a $300 million Series C in April 2024 led by Coatue at a valuation of $1.4 billion, which had already tripled its worth in less than a year. Other investors in the company include Spark Capital, Georgian, AT&T Ventures, Sequoia, Accel, and Redpoint. Overall, the company had raised a total of $764 million in funding as of February 2025.

Cyera's acquisition of Trail Security positions the company to compete more aggressively in the cybersecurity space more broadly against established players. Publicly-traded competitors, such as Palo Alto Networks, Rubrik, and Varonis operate at a variety of scales. These companies trade at a range of LTM revenue multiples from 8.6x to 16x as of February 2025. If the unverified estimate for Cyera’s 2024 revenue of ~$70 million is accurate, its November 2024 valuation of $3 billion would represent a 42.8x LTM revenue multiple.

Source: Koyfin

Expanding Data Privacy Regulations

The global momentum around data privacy, illustrated by regulations such as the GDPR and CCPA, presents a pivotal opportunity for Cyera. As privacy laws become more stringent and widespread, companies are increasingly vulnerable to hefty fines—GDPR violations alone exceeded €2 billion in 2023. Cyera's AI-driven solutions, which streamline compliance with data sovereignty clauses and automate data access requests, position the company to capitalize on this regulatory wave. With governments and organizations tightening their data governance practices, Cyera’s data discovery and classification capabilities are suited to address the growing demand for compliance solutions.

Rise in Cloud Adoption

The rapid growth of cloud adoption, with global spending reaching $675 billion, underscores a burgeoning need for secure data governance across cloud environments. As businesses modernize through GenAI and application migration, 83% of data migration projects fail, often due to poor data governance and security breaches. Cyera’s DSPM solution, which assesses risks based on where data is stored and how it’s accessed, meets this critical need. By offering integration with existing IT infrastructures, Cyera reduces the friction often associated with adopting new security measures, thereby positioning itself as a partner for organizations seeking to manage their cloud data securely without disrupting their operations.

Technological Outpacing

Cyera faces the risk of being outpaced by rapid advancements in data management and security technology. As AI and machine learning continue to evolve, competitors could develop more sophisticated solutions that surpass Cyera’s capabilities. If Cyera’s algorithms fail to keep up with emerging data privacy challenges or evolving cybersecurity threats, its offerings may quickly become outdated, eroding its competitive edge. Additionally, while Cyera claims to leverage cutting-edge AI capabilities, the scalability and effectiveness of its solutions have yet to be validated in large-scale, complex environments, creating uncertainty about its ability to deliver on its promises in diverse contexts.

Competitive Landscape

The data security landscape is fiercely competitive, with well-established players like Palo Alto Networks and Splunk consistently innovating and expanding their portfolios. Cyera must differentiate itself in an industry increasingly driven by AI, where new entrants with disruptive technologies can rapidly shift market dynamics. A 2024 rebound in the cybersecurity market, fueled by AI innovation, has attracted fresh investment and increased competition. Without a clear differentiating factor, Cyera risks being overshadowed by larger or more innovative competitors, jeopardizing its ability to capture market share and maintain long-term growth in a fast-evolving sector.

Cyera operates in the data security management sector, focusing on DSPM as organizations increasingly prioritize data protection and compliance. The company offers solutions that automate the discovery, classification, and risk assessment of sensitive data across various environments. Cyera targets a broad range of customers, from startups to large enterprises, and aims to address the growing need for data visibility and governance. While the DSPM market is expanding due to regulatory pressures and rising data privacy concerns, Cyera must effectively differentiate itself from established competitors and demonstrate the effectiveness of its offerings to capture market share.