Small and medium-sized enterprises accounted for 60% of the initial access offers analyzed on dark Web forums during the first four months of 2026, according to cybersecurity firm Kaspersky.
Kaspersky’s Digital Footprint Intelligence team examined hundreds of posts published by initial access brokers from January to April 2025 and during the same period in 2026.
Posts claiming to offer access to compromised small businesses represented 40% of the listings analyzed in 2026, the largest share among the organization types covered. Medium-sized businesses accounted for another 20%.
Initial access brokers sell unauthorized entry into compromised corporate systems. Their listings may identify the target company’s location, industry, revenue and the type of access available.
Buyers can use the access to deploy ransomware, steal confidential corporate data or conduct other fraudulent activities.
“Despite the fact that posts concerning small-sized companies prevail, threat actors may target medium‑sized businesses as they generate higher revenue than small businesses while they may have lower level of protection against cyberthreats than large ones,” said Ekaterina Beloborodova, an analyst at Kaspersky Digital Footprint Intelligence.
“Thus, the common belief that small‑ and medium‑sized enterprises are uninteresting to attackers is a misconception. Companies of any size need to understand the cyberthreat landscape, adhere to cybersecurity policies, use appropriate cybersecurity solutions, and continuously improve employees’ awareness,”
Kaspersky advised businesses to establish rules governing access to email accounts, shared folders and online documents, as well as guidelines for using external services.
It also recommended monitoring the dark Web for stolen credentials and leaked data, training employees on security risks and regularly backing up critical information.


