Cybersecurity and merger outcomes

Research output: Contribution to conferencePaperpeer-review

Abstract / Description of output

This paper explores the impact of target cybersecurity risk on merger outcomes. We find that the target data breach experience is negatively associated with the acquirer and combined entity announcement returns and long-run post-merger performance. We further show that the acquirer recognizes a greater goodwill impairment loss, takes longer to complete the transaction, and is more likely to experience a future data breach, when it purchases a data-breached firm. The value destruction effect is more pronounced in deals involving acquirers belonging to certain industries that are vulnerable to data breaches and have higher financial distress risk, but less pronounced in deals involving acquirers that hire top-tier due diligence advisors. We also find that acquirers’ strategic considerations and prior data breach experience affect the probability of acquiring a data-breached target. Overall, the evidence indicates that cybersecurity risk reduces shareholder gains from M&As, which has important implications for policy and practice. 

Original languageEnglish
Publication statusUnpublished - 2023

Keywords / Materials (for Non-textual outputs)

  • data breaches
  • cybersecurity
  • mergers and acquisitions
  • performance


Dive into the research topics of 'Cybersecurity and merger outcomes'. Together they form a unique fingerprint.

Cite this