Black Kite’s 2026 Wholesale & Retail Report Reveals Over 70% of Major Retailers, Nearly 60% of Wholesalers, and 52% of the Supply Chain Have Exposed Credentials

Report finds the sectors’ shared supply chain is the greatest risk, as attackers view wholesale and retail as an interconnected target landscape

BOSTON, Jan. 21, 2026 /PRNewswire/ — Black Kite, the leader in third-party cyber risk management, today announced the release of its 2026 Wholesale & Retail Report: Cyber Exposure in the Age of Digital Supply Chain Attacks, which delves into the cyber risk for retail and wholesale companies that rely on many of the same essential vendors, including IT service providers, software platforms, and financial services. The report found a significant overlap in threat actors actively targeting these two sectors, confirming that they see wholesale and retail not as separate markets but rather as one large, interconnected system of targets.

“When we think about the supply chain, we often picture logistics and warehouses, but today the real threat is the expanded ecosystem,” said Ferhat Dikbiyik, Chief Research & Intelligence Officer, Black Kite. “The bottom line is that wholesale and retail’s greatest risk is their shared supply chain, and as we have seen time and time again, just one vulnerability in a common vendor can create systemic impact affecting both simultaneously. The era of checklist compliance is over. Third party risk management programs must evolve by securing the weak points across every partner in the ecosystem.”

The interconnectedness between wholesale and retail is aggressively exploited by threat actors that view the landscape as a single, lucrative target likely to pay out to minimize supply chain disruption. Additionally, with attackers seeing wholesale and retail as one target, they have developed universal attack tools and malware, such as Stealer Logs and MFT exploits, capable of working across both. Their goal is simply to find the easiest entry point into the system, regardless of which sector that entry point belongs to. For defenders, this tactic means their defense strategies must be unified. For instance, a successful breach into a wholesaler can create an easy entry point leveraged by the same group to be used against a major retailer that uses that particular wholesaler.

One of the report’s most critical findings is the widespread presence of compromised credentials, meaning that initial access has already been granted to a majority of the industry. In fact, over 70% of major retailers, nearly 60% of wholesalers, and 52% of the supply chain have exposed credentials.

Additional key findings include:

• 17% of retail ransomware victims had revenue over $1B, demonstrating that threat actors prioritize ‘big game hunting’ in the retail sector – a specific target for high-value extortion.
• 39% of wholesale ransomware victims had revenue in the mid-market range of $20M–$100M as attackers play a ‘volume game’ on smaller enterprises.
• 42% of critical supply chain vendors are exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities (KEV) Catalog, listing flaws currently under active attack.
• 2 vendor categories – Professional & Technical Services (793) and Information (705) –  totaling 1,498 companies, dominate the supply chain, outnumbering physical categories by a significant margin.

The report’s findings are conclusive. The shared supply chain is the new threat, and credential theft is the dominant access vector. In order to protect themselves, wholesalers, retailers and their vendors must urgently prioritize patching the specific vulnerabilities listed in the CISA KEV catalog, particularly those granting Remote Code Execution (RCE), which are the exact flaws active ransomware groups are weaponizing today.

Black Kite’s report empowers cybersecurity leaders and business executives to understand today’s emerging threats and learn how to proactively manage their third-party cyber risk to protect their organizations from supply chain disruptions.

To read the report, visit https://content.blackkite.com/ebook/wholesale-retail-tprm-report-2026/.

About Black Kite
Black Kite is the AI-native third-party cyber risk management platform trusted by over 3,000 customers to manage every supplier and every risk across their extended ecosystem. Powered by the industry’s highest-quality risk intelligence, spanning over 40 million companies, Black Kite is differentiated by the accuracy, transparency, and actionability of its data. The platform automates vendor monitoring and risk assessments, surfacing reliable insights into ransomware susceptibility, regulatory gaps, financial exposure, and more. With Black Kite, security and risk teams gain always-on visibility and trusted intelligence to act early, reduce exposure, and stay ahead of third-party threats. Black Kite has received numerous industry awards and recognition from customers. Learn more at www.blackkite.com, or on the Black Kite blog.

Media Contact:
Michelle Kearney
Hi-Touch PR
443-857-9468
[email protected]

View original content to download multimedia:https://www.prnewswire.com/news-releases/black-kites-2026-wholesale–retail-report-reveals-over-70-of-major-retailers-nearly-60-of-wholesalers-and-52-of-the-supply-chain-have-exposed-credentials-302661299.html

SOURCE Black Kite