Cybersecurity Has Always Had a Fundamental Gap. Mitigata Just Raised $15 Million to Close It.

Here is the problem with how the enterprise security industry has been structured for most of its existence.

On one side: cybersecurity companies. Their job is to prevent attacks, detect threats, and respond to incidents. They sell technology — firewalls, endpoint protection, SIEM platforms, threat intelligence feeds. Their success is measured by what they stop.

On the other side: cyber insurance companies. Their job is to pay out when the attack succeeds. They sell financial protection — indemnity against the costs of a breach, ransomware event, or business interruption. Their underwriting is based on risk assessments that are often disconnected from the actual security posture of the company being insured.

The gap between these two worlds is the gap that enterprises live in. The cybersecurity stack tells you what threats are present. The insurance policy tells you what you will receive when you fail. But neither tells you how your security posture translates to your actual financial risk — and neither connects the prevention side to the transfer side in a way that makes the whole system more rational.

Mitigata was built to close that gap. And on June 23, 2026, the company announced it had raised $15 million in a Series B round led by Bessemer Venture Partners, with participation from existing investors Nexus Venture Partners, Titan Capital, and WEH Ventures.

What Mitigata Actually Built — Platform by Product

Mitigata was founded in 2023 by Mohit Anand, Sarthak Dubey, Mayank Morya, and Akshit Kaushik. In the three years since, it has assembled what it calls a full-stack cyber resilience platform — a single operating framework built on the principle of insure, detect, defend, and recover.

The platform has five components, each addressing a different layer of the cyber risk problem.

Gordon AI is Mitigata's in-house cybersecurity co-pilot — an AI model that automates threat detection and incident response. It is the engine of Mitigata's Security Operations Centre, which triaged over one million security incidents in the past year and which the company intends to scale into India's largest SOC using the Series B capital. Gordon AI integrates directly with major enterprise security platforms — Palo Alto Networks, CrowdStrike, SentinelOne — allowing Mitigata to work within existing customer security stacks rather than requiring a rip-and-replace deployment.

RELIQ is Mitigata's proprietary cyber risk quantification engine — the link between the security posture data Gordon AI collects and the financial risk number that the insurance side needs to underwrite accurately. This is the product that most directly addresses the structural gap between cybersecurity and cyber insurance: a company that knows its risk score in RELIQ can make more informed decisions about how much coverage it needs, and Mitigata's insurers can underwrite that coverage with real-time security posture data rather than annual questionnaires.

Dranta is the privacy governance and consent management platform — addressing the compliance dimension of cyber risk that has become increasingly consequential as data protection regulation has tightened across India (DPDP Act), Europe (GDPR), and the Middle East markets Mitigata is entering.

Scan by Mitigata is a consumer-facing data exposure monitoring solution — extending the platform's reach beyond enterprise buyers to individuals who want to know whether their personal data has been compromised in known breaches.

Cyber Insurance is the fifth component and the one that makes Mitigata structurally unique in the Indian market. Mitigata is India's first IRDAI-regulated insurance broker focused exclusively on cyber insurance. This regulatory designation is not a footnote — it is the feature that allows Mitigata to close the loop between the security data it collects and the risk transfer product it offers. A traditional cybersecurity company cannot sell insurance. A traditional insurer cannot operate a real-time SOC. Mitigata's IRDAI licence means it can do both, under one platform, with the security posture data informing the underwriting in real time.

image.png

The Numbers — What Three Years of Building Produced

The growth metrics that accompany the Series B announcement are the fastest verification available that the platform is solving a real problem for real buyers.

12x year-on-year growth. Over 800 organisations served across BFSI, healthcare, manufacturing, automotive, and e-commerce. Over one million security incidents triaged through the AI-powered SOC in a single year. Total funding across Series A and Series B: approximately $21 million. Three years old. Bessemer on the cap table.

The 12x growth figure is worth pausing on. In enterprise SaaS and cybersecurity, where sales cycles are long, procurement committees are extensive, and compliance requirements create significant onboarding friction, 12x year-on-year growth is a signal that the market pull is real rather than manufactured by aggressive sales spend. Enterprise buyers do not move 12x in a year because of marketing campaigns. They move because the product solves a problem they were not solving before.

The sector mix — BFSI, healthcare, manufacturing — tells its own story. These are the sectors with the highest regulatory data protection requirements, the highest frequency of targeted cyberattacks, and the most acute need for the combination of technical protection and financial risk transfer that Mitigata offers. They are also the sectors where cyber insurance adoption in India has historically been lowest — partly because the products available have not been specifically designed for Indian enterprises, and partly because the underwriting has been based on global models that do not reflect the specific threat landscape Indian companies face.

The 95 per cent India revenue concentration at this stage is a strength, not a limitation. It means Mitigata has built its platform on the messy, complex, regulatory-diverse reality of Indian enterprise security — and that the platform works in the environment with the most demanding requirements before it attempts to export.

Why Bessemer — and What the Lead Investor Signals

Bessemer Venture Partners is not a generalist fund. It is one of the world's most focused enterprise software and cybersecurity investors — the firm that backed Proofpoint, Twitch, LinkedIn, and a cohort of cybersecurity infrastructure companies that have become category standards. When Bessemer leads a cybersecurity round, the thesis is usually about category creation rather than category participation.

The Mitigata thesis that Bessemer is betting on is precisely that: the category of integrated cyber resilience — security operations, risk quantification, compliance management, and cyber insurance in a single platform — does not yet exist at scale globally, and the company that builds it first has the potential to define the category for the next decade.

The India starting point is the counterintuitive element that makes the thesis interesting. Most global cybersecurity companies start in the United States, where per-seat pricing is highest, regulatory tailwinds are strongest, and the enterprise security budget is largest. Mitigata started in India, where the constraints are more severe, the budget per seat is lower, and the regulatory environment is more complex. Building a full-stack platform that works in India's environment is, in effect, stress-testing it against conditions that will exist in every emerging market Mitigata enters next.

MENA, Southeast Asia, and the US are the stated international expansion targets. The MENA markets — Saudi Arabia, UAE — have some of the most aggressive mandatory cyber insurance regulatory frameworks currently being developed globally, making them specifically aligned with Mitigata's combined insurance-plus-security value proposition. Southeast Asia offers a similar emerging regulatory dynamic with large, underinsured enterprise markets. The US is the long-term revenue prize, but the entry timeline reflects the realistic complexity of competing in the world's most competitive enterprise security market.

The Quote That Explains the Investment

Mohit Anand, co-founder and CEO of Mitigata, described the company's positioning in terms that frame the entire market opportunity:

"From India for the world" is the ambition stated plainly. It is also the specific claim that the Series B capital is designed to validate — by taking a platform that has worked for 800 Indian enterprises and demonstrating that it works for enterprises in Saudi Arabia, Singapore, and eventually San Francisco.

The "national security" framing is not rhetorical flourish. As AI systems become embedded in critical infrastructure — power grids, financial systems, healthcare, transportation — the attack surface of every economy expands dramatically. The organisations managing that infrastructure are not well-equipped to manage the combined cyber risk and financial risk that comes with it. Mitigata's platform is positioned precisely at that intersection.

image.png

Why the Integration Is the Moat

The deepest competitive advantage in Mitigata's model is not any individual component. It is the integration.

A standalone AI-powered SOC is valuable. A standalone cyber insurance product is valuable. A standalone risk quantification engine is valuable. But all three together, connected, with the SOC data feeding the risk quantification, and the risk quantification informing the insurance underwriting, and the insurance policy creating financial accountability that incentivises the security investment — that is a different class of product from any of its parts.

This is the same flywheel logic that made Salesforce's CRM valuable when integrated with its marketing automation, service cloud, and data platform — not because any one feature was irreplaceable, but because the integration created switching costs and a data advantage that isolated implementations could not match.

Mitigata's data advantage accumulates with every organisation on the platform. Every security incident triaged by Gordon AI trains the AI model. Every RELIQ risk assessment calibrates the underwriting model. Every insurance claim provides feedback that improves future risk pricing. The platform that has processed one million security incidents across 800 enterprises has better models than the platform that has not — and those models improve every quarter.

Three years old. India's first and only IRDAI-regulated exclusive cyber insurance broker. One million security incidents triaged. 12x growth. Bessemer on the cap table. MENA, Southeast Asia, and the US next.

Mitigata's founders named the company after risk mitigation. The product lives up to the name — and now has $15 million to prove it can do it for the world.