Half of surveyed investors would award higher valuation for companies working with security firms to reduce potential cyber risks.
- Brunswick Group investor survey finds post-close M&A valuations cut by data breaches
- Most investors say they would lower post-close valuation if either party had a breach
- Half of surveyed investors would award higher valuation for companies working with security firms to reduce potential cyber risks
Investors sharply reduce their post-close valuations of companies that have completed acquisitions when data breaches are revealed, according to a new survey of investors and analysts by Brunswick Group, a global critical issues advisory firm.
Brunswick’s third annual Data Valuation Survey also found that investors raise their post-deal valuations for companies that have demonstrated preparation for cybersecurity issues.
“Our survey tells us that investors around the world see cybersecurity as a critical component in evaluating transactions,” said Mark Seifert, co-lead and founding partner of Brunswick’s global Cybersecurity and Privacy practice. “If you are engaged in M&A and you want to maximize value, you will need to articulate a business strategy that actively incorporates cybersecurity. Heightened due diligence around the acquisition’s cybersecurity history, especially undisclosed breaches, will also help preserve deal value. Investors are holding CEOs directly responsible for understanding the importance of cybersecurity both in deals and to their businesses generally.”
The survey results, which reflect the views of 208 buy-side investors and sell-side analysts across the US, UK, Europe, and Asia, offered good news for companies taking steps to address cybersecurity issues. Half of the survey group said they would increase their valuation of companies that work with cybersecurity firms to mitigate risk.
On the other hand, 59 percent of respondents said they would cut their estimated post-deal valuation of any company that had experienced a cybersecurity breach. Half of all respondents said they would trim their post-deal valuation in situations where the target company had been breached – whether the breach was discovered before, during or after the merger.
“With one in four investors acting based on how companies protect customer data, it is clear CEO’s and board members must incorporate robust public cyber preparation and mitigation planning into their M&A strategy,” says Sparky Zivin, a partner with Brunswick Insight, the firm’s opinion research unit.
Other key findings:
- Across geographies, 78 percent of investors would blame the company if it was hacked and their personal data was stolen. Only 43 percent would blame the hackers.
- 55 percent of investors want to hear directly from the CEO during a significant breach.
- The number of investors that made an investment decision based on level of customer data security has more than doubled since 2014 and is now a concern for nearly a quarter of investors.
- Nearly two thirds of investors say how a company secures its customer data is the chief concern regarding cybersecurity and M&A.
- 70 percent of investors believe the EU’s General Data Protection Regulation will improve the investment climate because regulators and individuals will get prompt information about each data breach.
The survey was conducted, analyzed and distributed by Brunswick Insight, Brunswick’s specialist opinion research practice. For more information on Brunswick’s Data Valuation Survey, please visit
About Brunswick Group
Brunswick Group LLC is an advisory firm specializing in critical issues and corporate relations. Founded in 1987, Brunswick is an organically grown, private partnership with 23 offices around the world.
Washington, D.C. Office
Tel: +1 202-393-7337