M&A and Cybersecurity Risk: Empirical Evidence

Abstract

We document that low cybersecurity risk firms are more likely to be involved in M&A transactions. Mergers are significantly less likely to be withdrawn if the target has a weak cybersecurity risk profile. Merger premium are higher for mergers involving low cybersecurity risk acquirers. Deals involving low cybersecurity risk firms yield superior post-merger operating performance and are less likely to trigger goodwill impairments. Announcement returns have also started to reflect cybersecurity risk in recent years. These findings offer novel evidence on the economic impact of cybersecurity risk on the market for corporate control.