Cyera CEO On Raising $300M To Become The ‘End-To-End’ Data Security Platform

As the data security startup announced more funding and a $3 billion valuation, CEO Yotam Segev tells CRN that Cyera plans to continue consolidating more data and AI security tools onto its platform, ultimately providing customers with a ‘unified view of risk.’

Cyera plans to deploy its new $300 million round — the data security startup’s second fundraise of that amount this year — to continue expanding its data and AI security capabilities with the aim of becoming the most comprehensive platform in a red-hot market, Cyera Co-Founder and CEO Yotam Segev told CRN.

The three-year-old company announced the Series D round of funding Wednesday, which brings the startup’s valuation to $3 billion. That’s up from its $1.4 billion valuation achieved in April, when New York-based Cyera raised its prior $300 million round.

In an interview with CRN, Segev said that the company’s data security posture management (DSPM) offering has seen massive demand from customers and partners amid the widespread enterprise push to adopt generative AI.

Cyera’s tool specializes in rapidly providing visibility into the status of an organization’s data and identity access — something that has seen surging interest as a means to enable usage of GenAI applications such as Microsoft 365 Copilot.

This need for securing data against exposure in a GenAI world has proven highly complex, however, in part because data is held in so many different places and the access to that data is often misconfigured.

Cyera’s DSPM technology aims to simplify matters with an agentless approach and through its ability to work across cloud environments, SaaS, data lakes and on-premises environments. The result is a “unified view of risk,” which enterprises have always wanted but have never been able to achieve, Segev said.

Cyera has not been content to stick with its core area of DSPM, though, and has recently expanded into its second major category with a move into data loss prevention (DLP). In October, the company acquired Trail Security for $162 million, which Segev said has brought a unique AI-powered approach to DLP onto the Cyera platform.

When combined with Cyera’s DSPM capabilities, customers now “can actually go and build a data security program” that is truly effective, he said.

“Suddenly, you’re able to actually make DLP work — because you know what you're trying to protect, and because you know what the crown jewels are and where they reside,” Segev said.

With the help of the new funding, Cyera plans to continue enhancing its DSPM tool as well as adding further capabilities within the DLP sphere, he said.

From there, the company expects to continue introducing new functionality — including in areas such as privacy as well as in governance, risk and compliance (GRC) — so that it can cover as many data security needs as possible for customers, according to Segev.

The ultimate aim is “to consolidate the space and bring simplicity to a space that's very siloed and complex,” he said.

And Cyera is planning to keep moving fast — to the point that “a year from now, I'd like to see enterprises that are running their data security program on Cyera, from DSPM to DLP to AI security to governance, risk and compliance, to privacy operations, to identity data access governance,” Segev said. “I want to see enterprises, big enterprises, that are running their program end-to-end on Cyera.”

During the interview with CRN, Segev also discussed Cyera’s channel strategy for 2025. Current partners of Cyera include GuidePoint Security, World Wide Technology and Trace3.

The new funding was led by Accel and Sapphire Ventures, while other participating investors in the round were Sequoia, Redpoint, Georgian and Coatue. Cyera has now raised a total of $760 million since it was launched in 2021.

What follows is an edited portion of CRN’s interview with Segev.

What has 2024 been about for Cyera?

We've had a very, very good year. The promise of AI changing, transforming and upgrading the enterprise has been a huge catalyst for us. Because when you think about AI, it fundamentally runs on two things — it runs on GPUs and it runs on data. And I think the lack of visibility, the lack of control, the lack of management of data in the enterprise, has really been exposed through this AI transformation.

To give an example that everybody can relate to — you work in a big enterprise, maybe you have access to data you're not supposed to have access to in SharePoint or Office 365. That's been a long-standing problem, but how would you ever get to it? How would you find it? And suddenly with [Microsoft] Copilot, you can query Copilot, “Who's got HR violations in that company, and exactly what are they?” And if you have access to that information, you're going to get an answer in five seconds with the exact details you wanted to find out. So the game has changed on data security.

What is your biggest differentiator from competitors when it comes to providing visibility into data?

Technologically, there's two things that we've done that are unique and powerful in the market. The first one is the AI-powered classification. So essentially, it’s being able to learn the customers’ unique data types and contextualize those data types. Because it doesn't end with, “what is the data?” There's another set of questions you want to ask that, if the AI can answer them for you, you're in a much better place and you can take much more action. Whose data is it? Is it synthetic data or is it real data? Does it belong to a European citizen or a German citizen or a Canadian citizen? And the AI can do much of that for us.

The second is the agentless, cloud-native connectors, which allow us to connect once to the underlying cloud provider — and from that single point of integration, unlock all of the different databases, buckets and warehouses that you have inside. Whereas in the past, you had to connect one by one over the network. That was extremely complex. A network-based approach that's not agentless and not cloud-native just isn't able to access the data in the different accounts. You have to be able to connect over the API into the accounts. Otherwise, it's just not going to work. So this is a huge differentiator in the market.

So when an organization is thinking about all the things they need to do to keep their cloud secure, Cyera would be a piece of that?

I think that's right — especially when you tie it into identity, like we have. [Before] the move to the cloud, from a consumption model perspective, [organizations] used to own all the layers of the stack. Then we gave the infrastructure away, and we gave the network away. We gave away more and more layers of the stack. And at the edge of it, we ended up with SaaS. And what do we control in SaaS? What data we put in it, and what access we grant to that data. And those layers are consistent across the entire shared responsibility model with the cloud providers — data and access to data. And that's where Cyera is adding a ton of value to customers. We have customers today that have us connected to over 10 different environments — so their AWS, GCP, Azure, Snowflake, MongoDB, Databricks and their Office 365 and some Google Drive they got through acquisition. And some on-prem databases and fileshares that are left from the olden days. And Box and Salesforce. And so if you get a unified view of risk, and you're able to build workflows across all of these systems, the impact of that is outstanding.

I remember when we started, I spoke with the head of security operations for Wells Fargo. He told me, “Yotam, you know what I hate about these SaaS security vendors? They show me the risk in Salesforce, and they show me the risk in Office 365, and they show me the risk in Atlassian. What do they think — that I have a security person for Salesforce and I have a security person for Office 365? Just show me the top 10 risks across all of my environment. And show me how to solve them.” And that's exactly what Cyera is doing. When you look at cloud security, of course, you have the infrastructure and vulnerability aspect. But then you have the data and access aspect — what data lives where and who has access to it. And that's such a big part of protecting these new ecosystems.

How is the Trail acquisition and your introduction of DLP expanding the opportunity for Cyera?

When I look at Cyera’s purpose in the industry, we want to be the one-stop shop for data security. We want to be the household name for data security. DSPM is such an amazing core to this. Because DSPM provides you with what we never had before — which is a full, comprehensive, automatic inventory of all the data, and specifically all the sensitive data, across the enterprise. With that, you can actually go and build a data security program. And suddenly, you’re able to actually make DLP work — because you know what you're trying to protect, and because you know what the crown jewels are and where they reside. And you can build policies to either keep them there or to prevent them from going places where they're not supposed to go, or to monitor how they're moving in the environment. That was the biggest challenge with DLP. We were always able to do DLP for the most simplistic data types, and even that with a pretty high false positive rate. But what about the complicated data types? How do we deal with them? Whether it's documents of different sorts, intellectual property, PII. How can we really build policies around those types of data — where they can reside, where they can go, who's allowed to access them? And that's where the Trail acquisition has really enabled us to go from DSPM to what we're calling a data security platform — and not just show you where the data is and help you remediate it at rest, but also track it in motion, detect any violations in motion, and be able to put the preventative controls in place to make sure that you're not subject to these types of incidents.

Is that opening some new doors for you?

Absolutely. Last week we had our first user conference, and the biggest piece of feedback that every practitioner was telling us is, “I can't wait to go back to my CFO and tell him that it's not just DSPM. It's DSPM plus DLP.” It’s taking care of both of these problems in one unified platform.

This is just the beginning. This product portfolio is going to continue to grow. In conversations [with customers], the one thing you always hear is how many different use cases they need to deal with. And today, they have to stitch together 30-plus products in order to really build the program. That's impossible to do. That has to be simplified, it has to be unified. And that's where we're leveraging the venture capital investment in order to consolidate the space and bring simplicity to a space that's very siloed and complex.

What are some of the other goals for the funding?

This funding is allowing us to really invest in the product — not just in DSPM, which is our core and we're doubling down on, but also to go into DLP through this acquisition, and to go into the identity space and answer the questions around data access governance. [We’ll] continue to make moves into adjacent spaces where the customers are asking us to consolidate these use cases and these requirements into one platform. And to have the resources to actually do that is amazing.

Are there other categories or tools that you're interested in consolidating on the platform?

First of all, I think that in the DLP space, there's a lot of depth. It’s not just one product or one solution. The Trail team is going to grow within Cyera to build multiple product lines in the DLP space. At the same time, we're seeing a lot of requests from our customers to answer many of the other core data use cases — whether that's the privacy requirements around their data, whether it's GRC and compliance requirements around data, evidencing to auditors, compliance checks, compliance health. [These are] a lot of things that today are not part of what Cyera is putting out in the market, but that will quickly become [the case].

And of course, the biggest topic today is AI security. How do we protect an LLM that's been built in the enterprise, and we want to put real data into it? And how do we control what happens to that data that the LLM spews out?

What is your channel strategy for 2025?

We're taking a focused approach with our key partners. We want to make sure that we're fully enabling their teams and getting into the market together with a high-touch approach. That's where we are for next year in this regard. And I think that as we continue to mature that program and mature those relationships, we’ll be able to open up to more partners and really widen our scope of interaction to the wider channel community.

The channel, the value-added resellers, are amazing at supporting these implementations, adding value on top of these implementations — and really making sure that the customers are not just getting a product, but getting a solution to the problem they set out to solve. And we're very fortunate to be working with [our current] partners.

Overall what do you see as the big theme for Cyera in 2025?

I think for us, DSPM is obviously very, very hot right now, and every enterprise is looking at a DSPM initiative. And that is the core of our business. That is where we're spending the majority of our time and that's where the majority of the development is.

Around that, the exciting avenues for us are obviously growing into the DLP space and challenging some of the incumbent vendors in that space with their offerings, and bringing to the table DLP that is AI-powered. And that is game-changing, and that's exactly what Trail is about. We also have the ability to provide agentless DLP, which has a completely different time to value than the traditional DLP that the market is used to. Everybody wants DLP to be easier, and this is exactly that. This is the magic sauce that turns DLP into a very successful program quickly.

Around that, we have our identity focus and we have our AI security focus. Being able to answer the question — “who can access what data in the enterprise?” — it's mind blowing. Practitioners have never seen a platform that is able to actually answer that question for them.

And on the AI security front, I think that every CISO is being challenged to support this huge transformation that's happening. And the ability to really partner with the business, enable the business to move fast with AI, to run ahead — but to do it in a way that's governed, secure, compliant — that's also extremely meaningful to our customer base. And we're very proud to be at the forefront of this challenge.

Looking out a year from now, what is your hope for Cyera and what things will be like at that point?

A year from now, I'd like to see enterprises that are running their data security program on Cyera from DSPM to DLP to AI security to governance, risk and compliance, to privacy operations, to identity data access governance. I want to see enterprises, big enterprises, that are running their program end-to-end on Cyera. That would be very, very exciting for me.