Notifications
Clear all
Topic starter
07/06/2026 8:13 pm
TL;DR: 90% of the world’s data was created in the last two years and the total is set to reach 181 zettabytes in 2025, increasing pressure to find and protect sensitive data without expanding blind spots, according to Cyera’s 2024 DSPM Adoption Report based on a survey of 637 IT and cybersecurity professionals. The governance problem is no longer data growth alone, but the gap between discovery, classification, and control.
NHIMG editorial — based on content published by Cyera: The 2024 DSPM Adoption Report
By the numbers:
- 90% of the world’s data has been created in the last two years.
- The report is based on a survey of 637 IT and cybersecurity professionals.
Questions worth separating out
Q: How should security teams use DSPM to reduce sensitive data exposure?
A: Security teams should use DSPM to discover sensitive data continuously, classify it consistently, and connect it to the identities that can reach it.
Q: Why does data visibility matter for IAM and PAM programmes?
A: Data visibility matters because identity controls are only as precise as the context behind them.
Q: What breaks when organisations cannot classify data at scale?
A: When classification cannot keep up, governance becomes reactive.
Practitioner guidance
- Inventory sensitive data continuously Establish continuous discovery across cloud, SaaS, collaboration, and storage layers so the data estate is never treated as static.
- Tie data classification to identity entitlements Map high-value datasets to the human and non-human identities that can access them, then use that mapping to target access reviews and privilege reductions.
- Prioritise remediation by exposure and sensitivity Rank fix queues by the combination of data sensitivity, access breadth, and business criticality.
What's in the full report
Cyera's full report covers the survey detail this post intentionally leaves for the source:
- The full 637-person survey breakdown by role and organisation type, useful for benchmarking maturity.
- Question-level findings on how teams are approaching DSPM adoption, effectiveness, and next-step planning.
- The report’s own framing of the most common challenges in identifying, monitoring, and protecting sensitive data.
- Additional context on how organisations are prioritising data security capabilities over the next 12 months.
👉 Read Cyera's 2024 DSPM Adoption Report on data visibility and security blind spots →
DSPM adoption and data blind spots: what security teams should know?
Explore further
07/06/2026 10:02 pm
DSPM is becoming an identity governance dependency, not just a data-security category. Once sensitive data is spread across cloud, SaaS, and collaboration layers, the question is no longer only whether data is classified. The question is whether identity controls can actually use that classification to constrain access. Practitioners should treat data visibility as input to governance, not as a separate reporting exercise.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: How can teams tell whether DSPM is actually improving security?
A: Teams should look for fewer unknown sensitive-data locations, faster classification of new repositories, and a tighter link between exposure findings and entitlement changes. If discovery is improving but no access decisions change, DSPM is producing visibility without governance impact.
👉 Read our full editorial: DSPM adoption is rising as data visibility gaps widen
