Abstract
In the current era of big data, data has become a core asset for many companies, and is increasingly acquired through M&As. The transaction of data through M&As involves a “data lemon” problem for acquirers (Chatterjee and Sokol 2019). Anecdotal evidence suggests that data breaches become more common in practice and acquirers increasingly take into account the costs of targets’ data breaches. In this paper, we provide systematic evidence on how target companies’ cybersecurity affect M&A transactions. To our knowledge, this is the first paper studying how cyber risk affects corporate acquisition decisions.
We exploit the staggered adoption of Data Breach Notification Laws (DBN Laws) across U.S. states. Specifically, the DBN laws stipulate that when a data breach that involves a breach of sensitive personal information occurs, a company that acquires or uses the information must notify affected individuals and regulatory agencies about the breach in a timely manner. Companies that fail to comply with the notification requirements mandated by the laws are subject to penalties.
We exploit the staggered adoption of Data Breach Notification Laws (DBN Laws) across U.S. states. Specifically, the DBN laws stipulate that when a data breach that involves a breach of sensitive personal information occurs, a company that acquires or uses the information must notify affected individuals and regulatory agencies about the breach in a timely manner. Companies that fail to comply with the notification requirements mandated by the laws are subject to penalties.
Original language | English |
---|---|
Publication status | Published - 3 Jan 2021 |
Event | American Finance Association 2021 Annual Meeting - Virtual Meeting Duration: 3 Jan 2021 → 5 Jan 2021 https://www.aeaweb.org/conference/2021/preliminary |
Conference
Conference | American Finance Association 2021 Annual Meeting |
---|---|
Abbreviated title | AFA 2021 |
Period | 3/01/21 → 5/01/21 |
Internet address |