Notifications
Clear all
Topic starter
07/06/2026 8:14 pm
TL;DR: Frost & Sullivan estimated DSPM revenue will reach $415.1 million in 2024, up 64.9% year over year, and its Frost Radar evaluates vendors on continuous innovation and growth execution, according to Cyera's cited report. The signal is that data security posture management is becoming a governance layer, not just a discovery tool.
NHIMG editorial — based on content published by Cyera: Frost Radar™ Report: Data Security Posture Management, 2024
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should teams use DSPM findings in identity governance reviews?
A: Teams should use DSPM findings as evidence for access review, not as a separate reporting stream.
Q: Why do service accounts matter in DSPM programmes?
A: Service accounts matter because they often connect data stores, applications, and automation paths that human users never see.
Q: When should organisations treat data posture as an identity problem?
A: Organisations should treat data posture as an identity problem whenever sensitive information is reachable through tokens, API keys, workloads, or third-party integrations.
Practitioner guidance
- Map sensitive data to the identities that can reach it Join DSPM findings with service-account, API key, token, and workload identity inventories so every high-value dataset is tied to the non-human identities that can access it.
- Prioritise data stores with machine access paths Start remediation with repositories used by automation, integrations, and AI systems because these paths are often invisible in human-centric reviews.
- Use posture findings to drive access recertification Convert sensitive-data exposure reports into recertification tasks for over-privileged service accounts and third-party connections.
What's in the full report
Cyera's full report covers the market and vendor details this post intentionally leaves for the source:
- Frost Radar scoring criteria for continuous innovation and growth execution across DSPM vendors
- Market landscape analysis showing how DSPM categories are being positioned for buyers and stakeholders
- Best-practice and growth-opportunity framing that can support procurement and category evaluation
- The report's vendor-specific placement results, including why Cyera was recognized in the Radar
👉 Read Cyera's Frost Radar report on the DSPM market →
DSPM market growth: what does it mean for data governance teams?
Explore further
07/06/2026 10:03 pm
DSPM is becoming an identity control problem, not just a data discovery category. The market conversation still frames DSPM around finding sensitive data, but the operational pain point is who or what can reach that data once it is found. As cloud estates, service accounts, and AI-connected tools multiply, posture management must be interpreted through access paths, not only storage locations. Practitioners should treat DSPM findings as identity governance inputs, not standalone reports.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 79% of organisations have experienced secrets leaks, and 77% of those incidents resulted in tangible damage.
A question worth separating out:
Q: What should security teams do if DSPM repeatedly flags the same exposed data?
A: Repeated exposure usually means the control gap sits in identity or process, not in the discovery tool. Teams should check whether the same service accounts, shares, or integrations keep recreating the exposure, then tie remediation to entitlement changes, lifecycle governance, and monitoring that persists after the first fix.
👉 Read our full editorial: DSPM market growth signals a wider data governance reset
