Research

Part 1 · 280 Citations · Zero Vendor Sponsors · Methodology

State of Cyber Security Markets 2026.

An operator's read of the cyber security markets. Eight fronts, two parts, 2026.

By Yohay Etsion. Full research-author bio →

Head of Product (Fractional), AXIA · Creator of Product Org OS · Author of Leading the Charge (2023) and Vision to Value (coming 2026).

Three ways to read this report

  • For PE analysts and expert-network sourcing start with the synthesis chapters. Each part of the report ends with an investable-theses chapter where the cross-front pattern claims land, every claim grounded on a falsifiable test you can re-derive in 2027 from publicly observable signals.
  • For CISOs and operators tracking the market read the four chapters in order. Each ends with a falsifiable test for 2027 that you can re-check against your own deal flow.
  • For founders and operators the DSPM Absorption Chain, the Proofpoint platform trajectory, and the agentic AI shift are not noise. They are the buying conditions your enterprise customers will use in 2026 procurement. Read DSPM chapter →

Before you start: read how we source and how to verify any claim → · see the full collateral map →

The Four Chapters

Part 1: The Data Battlegrounds.

Chapter One · IRM

The Insider Risk Management Front

Microsoft Risky Agents is the bet that bends the IRM market. 60 citations across the platform-vendor moves, the agentic-AI extension, and the consolidation arc.

Read chapter → · 🎧 Listen on NotebookLM · PDF

Chapter Two · DLP

The Data Loss Prevention Front

AI-native DLP is the rebuild; legacy DLP is the deprecation. 103 citations covering the four-way vendor split, Cyberhaven's lineage thesis, and the Thoma Bravo data-security stack.

Read chapter → · 🎧 Listen on NotebookLM · PDF

Chapter Three · DSPM

The Data Security Posture Management Front

Six platform absorbs in fourteen months. Cyera's $9B Series F is the counter-thesis. 95 citations across the absorption chain, the gravity vendors, and the attention vendors.

Read chapter → · 🎧 Listen on NotebookLM · PDF

Chapter Four · Convergence

The Convergence Synthesis

DSPM is the absorption substrate. Thoma Bravo is the stack thesis. Agentic AI pulls enforcement back to the data source. Two cross-front Pattern Claims with named falsifiability.

Read chapter → · 🎧 Listen on NotebookLM · PDF

Part 2 · Coming June 2026

Four more fronts plus a cross-front Platform Wars Synthesis. Ships June 2026. Same publishing standard, same methodology, same chrome.

Front 5

SOC Platform War

EDR / XDR / SIEM unification. The platform-consolidation question on the operations side.

Planned June 2026

Front 6

SSE / Edge Theater

SASE and ZTNA. The architectural answer to where the enterprise perimeter actually lives now.

Planned June 2026

Front 7

AI Security

Application Security, SecOps, and Governance for AI systems. The category that did not exist twenty-four months ago.

Planned 2026 (1.5× research budget)

Front 8

Identity & PAM

Identity providers and privileged-access management. Contingent on Wave 1 outcomes.

Contingent

Synthesis

Platform Wars Synthesis

Cross-front capstone analogous to Part 1's Convergence Synthesis. Authored after Fronts 5 through 8.

Planned June 2026

Pre-Call Briefing Pack: Three Pattern Claims, Three Choices →

A 60-minute pre-read for analyst and operator calls with Yohay Etsion. Three Pattern Claims (DSPM Absorption Chain, Thoma Bravo Data Security Stack, Agentic AI Pulls Enforcement to the Data Source), three buyer choices, the falsifiable tests to interrogate them, and four prompts to sharpen the hour. Download as PDF →

Want the longer reading-notes version? Read the Report Digest → (chapter-by-chapter recap with embedded diagrams). PDF →

How to verify any claim in this report → Sourcing rules. Verifiable Proxy Rule. Disclosure framework. Refresh cadence.

Master citations file: 280 unique citations, 47 cross-chapter. View citations.md →