Black Kite today announced the release of its 2026 Wholesale & Retail Report: Cyber Exposure in the Age of Digital Supply Chain Attacks, which delves into the cyber risk for retail and wholesale companies that rely on many of the same essential vendors, including IT service providers, software platforms, and financial services. The report found a significant overlap in threat actors actively targeting these two sectors, confirming that they see wholesale and retail not as separate markets but rather as one large, interconnected system of targets.
The interconnectedness between wholesale and retail is aggressively exploited by threat actors that view the landscape as a single, lucrative target likely to pay out to minimize supply chain disruption. Additionally, with attackers seeing wholesale and retail as one target, they have developed universal attack tools and malware, such as Stealer Logs and MFT exploits, capable of working across both. Their goal is simply to find the easiest entry point into the system, regardless of which sector that entry point belongs to. For defenders, this tactic means their defense strategies must be unified. For instance, a successful breach into a wholesaler can create an easy entry point leveraged by the same group to be used against a major retailer that uses that particular wholesaler.
One of the report’s most critical findings is the widespread presence of compromised credentials, meaning that initial access has already been granted to a majority of the industry. In fact, over 70% of major retailers, nearly 60% of wholesalers, and 52% of the supply chain have exposed credentials.
Additional key findings include:
- 17% of retail ransomware victims had revenue over $1B, demonstrating that threat actors prioritize ‘big game hunting’ in the retail sector – a specific target for high-value extortion.
- 39% of wholesale ransomware victims had revenue in the mid-market range of $20M–$100M as attackers play a ‘volume game’ on smaller enterprises.
- 42% of critical supply chain vendors are exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities (KEV) Catalog, listing flaws currently under active attack.
- 2 vendor categories – Professional & Technical Services (793) and Information (705) – totaling 1,498 companies, dominate the supply chain, outnumbering physical categories by a significant margin.
The report’s findings are conclusive. The shared supply chain is the new threat, and credential theft is the dominant access vector. In order to protect themselves, wholesalers, retailers and their vendors must urgently prioritize patching the specific vulnerabilities listed in the CISA KEV catalog, particularly those granting Remote Code Execution (RCE), which are the exact flaws active ransomware groups are weaponizing today.
Black Kite’s report empowers cybersecurity leaders and business executives to understand today’s emerging threats and learn how to proactively manage their third-party cyber risk to protect their organizations from supply chain disruptions.
To read the report, visit https://content.blackkite.com/ebook/wholesale-retail-tprm-report-2026/.
Like this:
Like Loading...
Related
This entry was posted on January 21, 2026 at 8:19 am and is filed under Commentary with tags Black Kite. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Black Kite’s 2026 Wholesale & Retail Report Reveals Over 70% of Major Retailers, Nearly 60% of Wholesalers, and 52% of the Supply Chain Have Exposed Credentials
Black Kite today announced the release of its 2026 Wholesale & Retail Report: Cyber Exposure in the Age of Digital Supply Chain Attacks, which delves into the cyber risk for retail and wholesale companies that rely on many of the same essential vendors, including IT service providers, software platforms, and financial services. The report found a significant overlap in threat actors actively targeting these two sectors, confirming that they see wholesale and retail not as separate markets but rather as one large, interconnected system of targets.
The interconnectedness between wholesale and retail is aggressively exploited by threat actors that view the landscape as a single, lucrative target likely to pay out to minimize supply chain disruption. Additionally, with attackers seeing wholesale and retail as one target, they have developed universal attack tools and malware, such as Stealer Logs and MFT exploits, capable of working across both. Their goal is simply to find the easiest entry point into the system, regardless of which sector that entry point belongs to. For defenders, this tactic means their defense strategies must be unified. For instance, a successful breach into a wholesaler can create an easy entry point leveraged by the same group to be used against a major retailer that uses that particular wholesaler.
One of the report’s most critical findings is the widespread presence of compromised credentials, meaning that initial access has already been granted to a majority of the industry. In fact, over 70% of major retailers, nearly 60% of wholesalers, and 52% of the supply chain have exposed credentials.
Additional key findings include:
The report’s findings are conclusive. The shared supply chain is the new threat, and credential theft is the dominant access vector. In order to protect themselves, wholesalers, retailers and their vendors must urgently prioritize patching the specific vulnerabilities listed in the CISA KEV catalog, particularly those granting Remote Code Execution (RCE), which are the exact flaws active ransomware groups are weaponizing today.
Black Kite’s report empowers cybersecurity leaders and business executives to understand today’s emerging threats and learn how to proactively manage their third-party cyber risk to protect their organizations from supply chain disruptions.
To read the report, visit https://content.blackkite.com/ebook/wholesale-retail-tprm-report-2026/.
Share this:
Like this:
Related
This entry was posted on January 21, 2026 at 8:19 am and is filed under Commentary with tags Black Kite. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.