Cybersecurity and merger outcomes

Yizhe Dong; Haoyu Li; Yue (Lucy) Liu

Cybersecurity and merger outcomes

Research output: Contribution to conference › Paper › peer-review

Abstract

This paper explores the impact of target cybersecurity risk on merger outcomes. We find that the target data breach experience is negatively associated with the acquirer and combined entity announcement returns and long-run post-merger performance. We further show that the acquirer recognizes a greater goodwill impairment loss, takes longer to complete the transaction, and is more likely to experience a future data breach, when it purchases a data-breached firm. The value destruction effect is more pronounced in deals involving acquirers belonging to certain industries that are vulnerable to data breaches and have higher financial distress risk, but less pronounced in deals involving acquirers that hire top-tier due diligence advisors. We also find that acquirers’ strategic considerations and prior data breach experience affect the probability of acquiring a data-breached target. Overall, the evidence indicates that cybersecurity risk reduces shareholder gains from M&As, which has important implications for policy and practice.

Original language	English
Publication status	Unpublished - 2023

Keywords / Materials (for Non-textual outputs)

data breaches
cybersecurity
mergers and acquisitions
performance

Cite this

@conference{a3a4217470bf4494a27e07153d49e069,

title = "Cybersecurity and merger outcomes",

abstract = "This paper explores the impact of target cybersecurity risk on merger outcomes. We find that the target data breach experience is negatively associated with the acquirer and combined entity announcement returns and long-run post-merger performance. We further show that the acquirer recognizes a greater goodwill impairment loss, takes longer to complete the transaction, and is more likely to experience a future data breach, when it purchases a data-breached firm. The value destruction effect is more pronounced in deals involving acquirers belonging to certain industries that are vulnerable to data breaches and have higher financial distress risk, but less pronounced in deals involving acquirers that hire top-tier due diligence advisors. We also find that acquirers{\textquoteright} strategic considerations and prior data breach experience affect the probability of acquiring a data-breached target. Overall, the evidence indicates that cybersecurity risk reduces shareholder gains from M&As, which has important implications for policy and practice. ",

keywords = "data breaches, cybersecurity, mergers and acquisitions, performance",

author = "Yizhe Dong and Haoyu Li and Liu, {Yue (Lucy)}",

year = "2023",

language = "English",

}

TY - CONF

T1 - Cybersecurity and merger outcomes

AU - Dong, Yizhe

AU - Li, Haoyu

AU - Liu, Yue (Lucy)

PY - 2023

Y1 - 2023

N2 - This paper explores the impact of target cybersecurity risk on merger outcomes. We find that the target data breach experience is negatively associated with the acquirer and combined entity announcement returns and long-run post-merger performance. We further show that the acquirer recognizes a greater goodwill impairment loss, takes longer to complete the transaction, and is more likely to experience a future data breach, when it purchases a data-breached firm. The value destruction effect is more pronounced in deals involving acquirers belonging to certain industries that are vulnerable to data breaches and have higher financial distress risk, but less pronounced in deals involving acquirers that hire top-tier due diligence advisors. We also find that acquirers’ strategic considerations and prior data breach experience affect the probability of acquiring a data-breached target. Overall, the evidence indicates that cybersecurity risk reduces shareholder gains from M&As, which has important implications for policy and practice.

AB - This paper explores the impact of target cybersecurity risk on merger outcomes. We find that the target data breach experience is negatively associated with the acquirer and combined entity announcement returns and long-run post-merger performance. We further show that the acquirer recognizes a greater goodwill impairment loss, takes longer to complete the transaction, and is more likely to experience a future data breach, when it purchases a data-breached firm. The value destruction effect is more pronounced in deals involving acquirers belonging to certain industries that are vulnerable to data breaches and have higher financial distress risk, but less pronounced in deals involving acquirers that hire top-tier due diligence advisors. We also find that acquirers’ strategic considerations and prior data breach experience affect the probability of acquiring a data-breached target. Overall, the evidence indicates that cybersecurity risk reduces shareholder gains from M&As, which has important implications for policy and practice.

KW - data breaches

KW - cybersecurity

KW - mergers and acquisitions

KW - performance

M3 - Paper

ER -

Cybersecurity and merger outcomes

Abstract

Keywords / Materials (for Non-textual outputs)

Fingerprint

Cite this