A new report finds that over 70 percent of major retailers, nearly 60 percent of wholesalers, and 52 percent of their supply chain have exposed credentials.
The study from Black Kite looks at the cyber risk for retail and wholesale companies that rely on many of the same essential vendors, including IT service providers, software platforms, and financial services.
The report shows a significant overlap in threat actors actively targeting these sectors, confirming that they see wholesale and retail not as separate markets but rather as one large, interconnected system of targets.
“When we think about the supply chain, we often picture logistics and warehouses, but today the real threat is the expanded ecosystem,” says Ferhat Dikbiyik, chief research and intelligence officer at Black Kite. “The bottom line is that wholesale and retail’s greatest risk is their shared supply chain, and as we have seen time and time again, just one vulnerability in a common vendor can create systemic impact affecting both simultaneously. The era of checklist compliance is over. Third party risk management programs must evolve by securing the weak points across every partner in the ecosystem.”
Attackers have developed universal attack tools and malware, such as Stealer Logs and MFT exploits, capable of working across both retail and wholesale firms. Their goal is simply to find the easiest entry point into the system, regardless of which sector that entry point belongs to.
Among other findings of the report 17 percent of retail ransomware victims had revenue over $1B, demonstrating that threat actors prioritize ‘big game hunting’ in the retail sector — a specific target for high-value extortion. 39 percent of wholesale ransomware victims had revenue in the mid-market range of $20M–$100M as attackers play a ‘volume game’ on smaller enterprises.
Worryingly 42 percent of critical supply chain vendors are exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities (KEV) Catalog, listing flaws currently under active attack.
The full 2026 Wholesale & Retail Report: Cyber Exposure in the Age of Digital Supply Chain Attacks is available from the Black Kite site.
Image credit: champlifezy/depositphotos.com
![why-msps-are-the-key-to-a-better-enterprise-cloud-experience-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/05/22253-why-msps-are-the-key-to-a-better-enterprise-cloud-experience-qa.jpg)
