PAM (Privileged Access Management) tools like CyberArk and BeyondTrust govern privileged accounts — IT administrators, system engineers, and other users with elevated access rights. They are excellent for the privileged user population and typically cover 5–10% of an organisation's users.

The credential gap that causes 81% of breaches is not primarily a privileged account problem. M&S was breached via a third-party contractor credential. Colonial Pipeline via an inactive standard user account. SolarWinds via a vendor build credential. None of these were privileged accounts under PAM scope.

MyCena governs the remaining 90–95% of users — the general workforce, contractors, BPO agents, and AI agents that PAM was never designed to cover. The two tools operate at different user tiers and are deployed in parallel. Organisations with PAM for privileged users and MyCena for the full workforce have credential governance coverage at every layer.