Sacra estimates that Cyera hit $150M in annual recurring revenue (ARR) in May 2026.

Recent growth has come from both new enterprise logo wins and expansion within existing accounts. Cyera's move from a pure DSPM product into adjacent categories increased the number of budgets it could sell into within the same accounts, pushing average contract values higher over time.

The customer mix skews toward large enterprises with complex, hybrid data environments, where mid-six-figure to low-seven-figure annual contracts are plausible given the scope of deployment.

Cyera's most recent disclosed valuation is $9 billion, set at its Series F in January 2026. The round raised $400 million and was led by Blackstone.

Before the Series F, Cyera raised a $540 million Series E in June 2025 at a $6 billion valuation. Earlier, a $300 million Series D in November 2024 valued the company at $3 billion, and a $300 million Series C in April 2024 valued it at $1.4 billion.

Earlier rounds include a $100 million Series B in June 2023, plus a seed and Series A. Investors across the funding history include Accel, Coatue, Cyberstarts, Georgian, Greenoaks, Lightspeed Venture Partners, Redpoint, Sapphire Ventures, Sequoia Capital, and Spark Capital, along with Series F lead Blackstone.

Total funding raised stands at over $1.7 billion. As of June 2026, TechCrunch reported that Cyera was in discussions for a new financing round that would value the company at approximately $12 billion, implying a multiple of roughly 80x ARR.

Cyera is an enterprise data security platform built around four questions for security and compliance teams: what sensitive data exists, where it lives, who or what can access it, and how to stop risky use of it, including by AI systems.

Deployment is agentless. A security team grants read-only access at the cloud organization or account level, or uses lightweight connectors for on-premises environments, and Cyera scans out-of-band without deploying agents or hardware. The platform supports AWS, Azure, and GCP, SaaS environments, databases, and legacy on-premises file stores, and it claims the ability to scan hundreds of petabytes continuously.

The core workflow starts with discovery and classification. Cyera's AI-native classifier inventories data stores and objects across structured and unstructured data, identifies sensitive content such as PII, financial records, and IP, and adds context that regex-based tools often miss, including business purpose, ownership, redundancy, encryption status, and exposure conditions. That classification layer feeds a DSPM dashboard where security teams see ranked risk findings and trigger remediation actions such as revoking access, masking data, disabling public exposure, or routing issues into Jira, ServiceNow, or Slack.

Cyera extends that same data context into three adjacent layers. Omni DLP connects via API to existing DLP tools such as Zscaler, Netskope, Palo Alto, and Microsoft Purview, ingests their alerts, and uses Cyera's data context to reduce false positives and auto-tune policies. Access Trail captures and enriches every human, system, and AI interaction with sensitive data, stores a full year of audit records, and supports investigations that trace not just who accessed what, but the downstream blast radius if data was copied or transformed. AI Guardian covers AI-specific controls: AI-SPM inventories every AI tool, copilot, and agent in the enterprise and maps each to the sensitive data it can reach, while Browser Shield inspects employee prompts to public AI tools in real time and AI Firewall provides an API-level control point for internally built AI applications.

The product architecture centers on a shared classification and context engine. The sensitivity graph built during discovery becomes the intelligence layer for DLP triage, access investigations, AI policy decisions, and runtime blocking, giving Cyera a path from visibility into enforcement.

Cyera sells to large enterprises and regulated organizations on a subscription model. Pricing is based on deployment scope and modules rather than per-seat counts, with two core plans covering DSPM and DLP, plus add-ons including a managed monitoring service called DataWatcher and Data Subject Request Automation.

Its go-to-market motion is top-down enterprise sales aimed at CISOs, security architects, compliance leaders, and data governance teams. Sales cycles are long and include security reviews and integration validation, but procurement channels such as the AWS Security Hub Extended Plan and availability in the Microsoft Security Store can reduce friction by letting large enterprises buy through existing vendor relationships.

Expansion is module-led. A customer that lands on DSPM for data visibility generates a classification graph that makes DLP tuning, access monitoring, AI-SPM, and runtime enforcement easier to adopt. Each new module uses context generated by the prior one, raising switching costs and opening additional budget pools across security operations, AI governance, compliance, and cyber resilience, without requiring Cyera to rebuild its data foundation for each use case.

Cyera also avoids requiring customers to rip and replace existing security stacks. Omni DLP plugs into incumbent tools via API, and integrations with Microsoft Entra, Sentinel, Okta, CrowdStrike, Collibra, Alation, Cohesity, and Snowflake let Cyera's data context flow into systems enterprises already use for identity governance, alert triage, and remediation. That makes the product additive to prior security spend rather than a direct replacement in every deployment.

The cost structure matches an enterprise security business selling a high-touch platform: significant field sales and solution engineering, ongoing connector and integration maintenance, compliance work for regulated sectors, and substantial R&D across a broader product surface. The agentless, API-driven architecture reduces deployment overhead relative to agent-based competitors, but the model still carries the cost profile of enterprise software sold through long, integration-heavy cycles.

The competitive landscape for Cyera spans legacy data security incumbents, cloud-native DSPM peers, and large platform vendors that use adjacent control planes to bundle data security into broader enterprise deals. The main fault lines are buyer entry point, deployment model, and whether data security is sold as a standalone control or as part of a broader platform.

Varonis is the clearest incumbent threat in evaluations centered on end-to-end data security. It brings deep heritage in permissions analytics, behavioral monitoring, and Microsoft 365 and on-premises file-share coverage, and it achieved FedRAMP Moderate authorization in June 2025 as it transitions its legacy self-hosted product to SaaS.

Cyera's counter is deployment speed and cloud-native architecture, with agentless setup, AI-native classification, and faster time-to-value across cloud and hybrid estates. Varonis tends to win in accounts that prioritize deep behavioral monitoring and mature remediation workflows in Microsoft-heavy environments.

BigID competes from the governance and privacy direction, with a platform spanning DSPM, risk remediation, DLP, access, privacy, labeling, and deletion across hundreds of connectors. BigID is strongest when the buying decision is driven by privacy operations, DSAR, and compliance transformation rather than pure security posture, meaning the overlap with Cyera is large, but the internal champion and budget source often differ.

Microsoft Purview is one of the most important competitive forces because it can compete and cooperate with Cyera at the same time. Purview's DSPM for AI is integrated with Microsoft 365 Copilot, Entra, DLP, eDiscovery, and auditing, and its general availability in May 2026 means many enterprises will first ask whether Microsoft's native tooling is sufficient.

Cyera's relationship with Microsoft is classic coopetition: it feeds multicloud classification context into Purview DSPM while incorporating Entra agent identities into AI-SPM. That dynamic favors Cyera when buyers need richer cross-cloud and external-datastore visibility than Microsoft alone provides.

Wiz approaches from the CNAPP direction, having expanded into DSPM and AI-SPM by tying sensitive training-data exposure into its broader cloud security graph. Wiz is a threat in cloud-security-led accounts where teams want infrastructure context and data sensitivity in one platform, while Cyera tends to win in data-governance-led deals where classification depth and DLP integration matter more than cloud posture breadth.

Veeam's December 2025 acquisition of Securiti is one of the largest shifts in the landscape. Securiti was already a strong DSPM, privacy, and AI-trust competitor; inside Veeam, it gains access to a data resilience installed base serving more than 550,000 customers and 82% of the Fortune 500.

The effect is that Veeam/Securiti can approach the market through resilience and recovery budgets rather than only security budgets. Rubrik poses a similar threat, marketing DSPM as something existing customers can activate from Rubrik Security Cloud and tying data security directly to cyber resilience and recovery workflows.

Cyera has responded by deepening its partnership with Cohesity, linking discovery and classification to backup and recovery prioritization, but that remains partnership-based rather than vertically integrated, which is a structural disadvantage in accounts already standardized on Veeam or Rubrik.

Cyera's expansion logic is that the same sensitive-data graph it builds for DSPM becomes the foundation for adjacent security, governance, and AI workflows, each opening a new budget owner inside the same enterprise account.

The fastest-growing expansion vector is AI security. As enterprises move from AI experimentation to production deployment of copilots and autonomous agents, scrutiny of what sensitive data those systems can access, copy, and transform has become more urgent.

Cyera's AI Guardian suite, covering AI-SPM, Browser Shield, AI Firewall, and Access Trail, addresses that directly. The March 2026 launch of Cyera MCP extends the platform by letting customers build their own security agents on top of Cyera's data context. The June 2026 Snowflake expansion, which ties Cyera's discovery directly to native masking and governance for Cortex AI agents, shows how that data layer can attach to AI governance workflows already in production.

This shifts Cyera's TAM from data security into enterprise AI risk management, adding CIO and AI platform budgets alongside the CISO spend that anchors the core business.

The March 2026 launch of Cyera Privacy uses the same discovery and classification engine for privacy operations, including Records of Processing Activities, Data Subject Request automation, privacy assessments, consent management, and AI-related privacy risk.

That creates a path to sell into privacy offices, legal teams, and GRC functions, not only security teams, without requiring Cyera to build a separate data foundation. The logic mirrors BigID and OneTrust: once a vendor knows where personal data lives and how it flows into AI tools, that system of record can be sold across compliance use cases at incremental margin.

Cyera's April 2026 FedRAMP High In Process designation and the launch of Cyera for Government open a near-term expansion opportunity in federal agencies handling FISMA high-impact data and AI workloads aligned to OMB M-25-21.

Beyond direct federal revenue, FedRAMP High-level readiness can strengthen Cyera's credibility with financial services, healthcare, and critical infrastructure buyers that increasingly require high-assurance controls for AI governance and data security. Varonis already holds FedRAMP Moderate authorization, which gives it a current execution edge in U.S. federal accounts, but Cyera's In Process status signals a push to close that gap.

Cyera has completed four acquisitions in five years, each aimed at a specific adjacency. Trail added modern DLP and enabled the unified-platform reframe. Otterize added non-human identity and data-flow security. Ryft extends the platform into governed data infrastructure for AI agents, pushing Cyera beyond security tooling toward the data-access plane for agentic workflows.

The pattern suggests Cyera may continue using M&A to enter areas such as model and data lineage, machine identity, and AI agent governance rather than building each product organically. That approach compresses time-to-market in a category where integration breadth and platform scope matter more over time.

Platform disintermediation: Cyera's growth increasingly runs through Microsoft, AWS, and Snowflake, but those same partners are expanding their own native classification, masking, access governance, and AI-security surfaces, which could push Cyera toward a narrower enrichment-layer role with weaker pricing power in accounts where the hyperscaler's native tooling is good enough.

Execution sprawl: Cyera has launched Browser Shield, Data Lineage, Cyera MCP, Cyera Privacy, and Cyera for Government while integrating three acquisitions, Trail, Otterize, and Ryft, creating a risk that the platform becomes harder to deploy, explain, and support as a coherent system, which would erode the fast time-to-value that differentiates it from heavier legacy competitors like Varonis and BigID.

Authorization drag: FedRAMP High In Process status as of April 2026 means a meaningful share of the federal and highly regulated enterprise opportunity still depends on completing a lengthy external certification process, during which Varonis's existing FedRAMP Moderate authorization and Microsoft's entrenched public-sector relationships give competitors a durable procurement advantage.