The startup is targeting a problem many companies feel but rarely insure against, which is cloud outages that shut down operations, stall payments and damage trust within minutes. 

Mantas says downtime is no longer a technical issue. It is a clear financial risk, and it should be treated as one.

The seed round drew backing from Nuwa Capital, Suhail Ventures, Plus VC, OQAL Angel Syndicate and a group of strategic angel investors. 

The funds will be used to build out its product, strengthen risk models and begin early deployments across the Middle East, North Africa and North America.

Cloud infrastructure now underpins everything from payments to flight bookings. When it fails, the impact is swift. But most companies still rely on service-level agreements, legal clauses or internal fixes that do little to cover actual losses. 

That gap is seen in how businesses respond after an outage, confusion first, financial pain later.

Mantas is taking a different route. Its policies are based on parametric insurance. That means payouts are triggered automatically once verified outage conditions are met, without drawn-out claims or negotiations. If the cloud goes down and the agreed threshold is crossed, the payment follows.

“Cloud downtime is now one of the largest unpriced liabilities in the digital economy, as outages at AWS and Azure in late 2025 demonstrated,” said Basil Mimi, CEO and co-founder of Mantas. 

“Businesses have engineered their systems for scale and speed, but the financial layer has not kept up. Parametric insurance allows us to turn cloud outages into a measurable and insurable risk, giving companies certainty at the exact moment they need it most.”

The company focuses on digital-first sectors where constant uptime is necessary. These include fintech, airlines, e-commerce platforms, software providers and regulated enterprises. 

Alongside coverage, Mantas provides real-time monitoring that shows firms how exposed they are and where weaknesses sit, before something breaks.

The idea behind the company came from a moment. Mimi was trying to order food when an outage rippled across systems. What looked minor quickly turned into reputational damage and financial loss for the business involved. 

From his background as a software engineer, what l stood out was that the outage could be measured, but the loss was not insured.

That mismatch is growing. Cloud usage is becoming more concentrated, especially around a few large providers. In North America, outages are increasingly wide-ranging rather than isolated. 

In the Middle East, governments and companies are moving fast into cloud-first setups. In both cases, financial protection has lagged behind dependence.

Investors say this link between real-world infrastructure behaviour and insurance is what sets Mantas apart.

“Downtime is often treated as a technical issue, but for digital businesses it’s increasingly a financial one. Mantas’ approach stood out to us because it ties insurance coverage directly to how infrastructure behaves in the real world, rather than how it’s described on paper. 

“That’s an important step forward for this type of risk.” said Arnav Danthi, principal at Nuwa Capital.

Plus VC also pointed to the team’s execution and focus.

“At Plus VC, we back exceptional founders building category-defining companies, and Mantas is a strong reflection of that conviction. The company is redefining cyber insurance through its technology-driven MGA model, combining tailored coverage with predictive analytics to address one of today’s most critical risks, cloud downtime. 

“What impressed us most is the team’s deep domain expertise, strong execution mindset, and their ability to translate complex risk data into actionable insights that help businesses proactively mitigate exposure. 

“We are excited to support Basil, Abdallah, and the Mantas team as they scale this differentiated platform regionally and beyond,” said Hasan Haider, founder and managing partner at Plus VC.

Ayat Alsabbagh, Principal of Suhail Ventures also said: “We are proud to be partnering with Mantas in leading the shift towards data-driven business protection. 

“The combination of Mantas real-time analytics with parametric insurance will significantly help companies minimise losses from cyber threats and cloud outages in a rapidly growing market. We believe Mantas is setting a new standard for securing enterprise continuity through innovative insurance solutions.”

Mantas plans to expand its insurance coverage as cloud systems become more connected and failures spread faster across services. The goal is to help businesses that lean into complex digital infrastructure, so they are not left exposed when that infrastructure fails.

That works out to roughly $22.6 million lost every minute, every day, across governments, businesses and individuals. The cost of defending against those attacks is growing almost as fast. 

Global spending on cybersecurity is expected to approach $345 billion in 2026, and forecasts reveal total annual spending could reach $1 trillion by the early 2030s.

The average cost of a data breach in 2025 stood at $4.44 million globally, climbing to $10.22 million in the United States. Ransomware featured in around 44% of recorded breaches, even as fewer victims chose to pay. 

Cyber attacks increase continually year on year, driven by automation, better targeting and the simple fact that digital systems now underpin almost everything.

The attack surface is expanding faster than most organisations can secure it. 

What follows are the biggest cybersecurity threats businesses will face in 2026, based on patterns already visible today.

1. AI-Powered and Highly Targeted Cyber Attacks

Cyber attacks are becoming cheaper to launch and easier to scale. Criminal groups no longer need great technical skill to produce convincing phishing messages, fake voice calls or tailored malware. Attack campaigns are now personalised, fast and relentless.

Attackers are now using generative Al to create convincing phishing emails, deepfake audio/video, and automated malware. 

We are seeing more cases where attackers imitate senior executives, suppliers or regulators with unsettling accuracy. Finance teams, procurement units and public officials are frequent targets. 

The danger is not just deception, but speed. When a message looks real and arrives at the right moment, people act before they question it.

One of the cybersecurity threats in 2026 is volume combined with precision. These attacks do not rely on one success. They rely on thousands of attempts until one slips through.

2. Supply Chain and Third-Party Exposure

Major breaches over the past few years have shown a trend where attackers avoid heavily protected organisations and go after their suppliers instead. Software vendors, cloud platforms, managed service providers and open-source projects are all attractive targets.

One compromised update or exposed interface can grant access to hundreds or thousands of downstream organisations. In 2026, this risk grows as companies rely even more on external software, shared services and automated integrations.

Trust has become a vulnerability. Many organisations still assume that partners are secure simply because they are established or well known. Attackers know better.

3. Ransomware Without Limits

Ransomware has changed. Encryption alone is no longer the main weapon. Today’s attacks focus on data theft, public exposure and operational disruption. Systems may be damaged even if no ransom is paid.

In healthcare, finance and government, attackers now aim to interrupt services rather than lock files. Stolen data is used as leverage, sometimes months after the initial breach. Payment rates have fallen to roughly a quarter of victims, but disruption costs continually increase.

By 2026, ransomware will not be about files but about leverage. The damage is reputational, legal and operational.

4. Cloud Misconfiguration and Identity Abuse

The cloud has simplified technology and complicated security. Most breaches no longer begin with malware. They begin with stolen credentials, excessive access rights or exposed services.

Storage systems left open to the internet, poorly protected interfaces and unmanaged applications are common. Once attackers gain a foothold, they move silently using legitimate accounts, usually undetected for weeks.

The risk in 2026 is not cloud adoption itself, but poor management over who can access what. Identity has become the new perimeter, and many organisations are still treating it as an afterthought.

5. Insider Threats and Strategic Data Leaks

Not all threats come from outside. Employees, contractors and partners can also cause serious breaches, sometimes through carelessness, sometimes deliberately.

With data becoming more valuable, internal access becomes more dangerous. Sensitive customer records, proprietary software, internal research and training data are now high-value assets. In some cases, they are stolen not for immediate profit, but for long-term advantage.

In 2026, insider risk is harder to spot because work is more distributed and access is wider. Trust is necessary, but unchecked trust is risky.

6. Connected Devices and Smart Infrastructure

From factories to hospitals to city streets, connected devices are everywhere. Many of them were designed for function, not security. Weak passwords, outdated software and limited monitoring are common.

Smart grids, traffic systems, medical equipment and industrial controls are now part of the digital ecosystem. A single exposed device can become an entry point into much larger systems.

Disruption to these environments can affect safety, not just data. With smart infrastructure expanding, so does its appeal to attackers.

7. Attacks on Energy and Critical Infrastructure

Energy systems, data centres and communication networks are indispensable to economic stability. They are also highly targeted.

Power grids, fuel distribution, water systems and large-scale computing facilities represent high-impact targets. Attacks do not need to cause physical damage to be effective. Temporary disruption can be enough to cause financial loss, public concern or political issues.

By 2026, these systems will get higher attention from both criminal and state-linked actors. Defence in this area is beyond a technical issue. It is a national one.

8. Geopolitical Cyber Conflict

Cyber operations have become a standard tool in global disputes. Election interference, sabotage, data theft and disinformation campaigns are now routine features of geopolitical tension.

The line between crime and conflict is usually blurred. Some attacks are tolerated, others encouraged, knowingly or unknowingly. Attribution is difficult, and response options are limited.

In 2026, organisations operating across borders will face more exposure, whether they are directly targeted or caught in the middle.

9. Long-Term Encryption Risk

While advanced computing threats are not yet mainstream, attackers are already preparing for them. Sensitive data is being stolen and stored with the expectation that future advances will make today’s encryption easier to break.

This is not a problem for tomorrow. It is a problem created today. Intellectual property, state secrets and personal records stolen now may remain valuable for decades.

Organisations handling long-life data need to consider this risk now, not after standards change.

10. Regulation, Liability and Cost of Failure

Cybersecurity has moved into the legal and regulatory arena. Data protection laws, infrastructure regulations and sector-specific standards are getting more attention.

A breach is no longer just an incident but a compliance issue, a legal risk and a reputational crisis. Fines, lawsuits and operational restrictions are becoming more common.

In 2026, the cost of getting security wrong will extend well beyond technical recovery.

What This Means for 2026

The case is not that technology is failing but that complexity is winning. Systems are growing faster than proper management, and attackers are exploiting the gaps.

Security in 2026 will not depend on buying new tools, we need to know what systems exist, who can access them, and how quickly incidents can be contained.

The organisations that cope best will not be those with the biggest budgets, but those that understand their risks solidly and act early. Cyber threats are not an abstract danger but a constant cost of doing business, and in some cases, of keeping the lights on.