Motivated by the increasing importance of data in recent business models, we examine whether data security is an important driver of mergers and acquisitions in the era of big data. To do this, we exploit the staggered adoption of laws that require mandatory disclosure of data breaches across U.S. states. Our empirical strategy exploits two sources of variations: (a) changes in the intensity of M&As in a state before and after the adoption of data breach laws, and (b) differences between industries operating with varying degrees of cyber risks. We find that the intensity and likelihood of M&As increase (decrease) in states of targets after DBN law was adopted, when acquirers are from a state with (without) DBN Law in place. The increase of M&As was contributed by the mitigation of data lemon problems as a result of enhanced cybersecurity. The decrease of M&As was due to higher costs associated with potential data breaches. The effects are stronger among industries that are more competitive, technology intensive, and data intensive. Overall, our findings highlight the importance of cybersecurity in the era of big data and digital economy, and provides novel evidence in identifying data security as a key determinant of corporate acquisition decisions.
|Date of Award||23 Aug 2021|
|Supervisor||Lai WEI (Supervisor)|