Data Security and Merger Waves

Yuan SUN, Lai WEI, Wensi XIE

Research output: Other Conference ContributionsPosterpeer-review


In the current era of big data, data has become a core asset for many companies, and is increasingly acquired through M&As. The transaction of data through M&As involves a “data lemon” problem for acquirers (Chatterjee and Sokol 2019). Anecdotal evidence suggests that data breaches become more common in practice and acquirers increasingly take into account the costs of targets’ data breaches. In this paper, we provide systematic evidence on how target companies’ cybersecurity affect M&A transactions. To our knowledge, this is the first paper studying how cyber risk affects corporate acquisition decisions. 
We exploit the staggered adoption of Data Breach Notification Laws (DBN Laws) across U.S. states. Specifically, the DBN laws stipulate that when a data breach that involves a breach of sensitive personal information occurs, a company that acquires or uses the information must notify affected individuals and regulatory agencies about the breach in a timely manner. Companies that fail to comply with the notification requirements mandated by the laws are subject to penalties.
Original languageEnglish
Publication statusPublished - 3 Jan 2021
EventAmerican Finance Association 2021 Annual Meeting - Virtual Meeting
Duration: 3 Jan 20215 Jan 2021


ConferenceAmerican Finance Association 2021 Annual Meeting
Abbreviated titleAFA 2021
Internet address

Bibliographical note

2021 AFA Ph.D. Student Poster Session


Dive into the research topics of 'Data Security and Merger Waves'. Together they form a unique fingerprint.

Cite this