Skip to main content

FTI Consulting Study Reveals Cybersecurity Attacks Are an Increasing Threat to M&A

Written by Customer Service on . Posted in Public Companies.

Third Installment of CISO Redefined Series Highlights Correlation between Cyber Attacks and Transactions, an Emerging Risk for Dealmakers as M&A Volumes Rebound

WASHINGTON, March 17, 2026 (GLOBE NEWSWIRE) — FTI Consulting, Inc.’s (NYSE: FCN) Cybersecurity and Data Privacy Communications practice today released the third installment of its “CISO Redefined” series, CISO Redefined III: Navigating Cybersecurity Risks in Transactions, which looks at the increasing correlation between cybersecurity incidents and corporate transactions.

According to the findings, nearly 1 in 4 executives has experienced a cyber incident during or shortly after a transaction, with nearly half of respondents (42%) experiencing significant deal value reduction. More than half (58%) said financial targets were impaired, while 20% said their deals were either delayed or paused due to a cyber incident.

“Threat actors are smart; they read the news and know companies tend to be vulnerable when they’re trying to close or right after when they’re integrating systems — and that’s when they try to break in,” said Meredith Griffanti, Global Head of the Cybersecurity and Data Privacy Communications practice at FTI Consulting. “The incident ends up costing the acquirer big time, and most often, the target and acquirer haven’t even begun to think about how to integrate their security plans, let alone how they’ll work together to respond to a cyber crisis if it occurs right after a deal closes. That lack of coordination can have serious blowback on reputation.”

According to CISO Redefined II, which was released in 2024, the vast majority of CISOs feel their role is misunderstood by company leadership, and they struggle to communicate in a non-technical way that other executives can understand. This sentiment explains the results of the latest survey, which show that the CISO’s voice and opinions — and therefore cyber risk — are not being prioritized.

Going further, 67% of heads of M&A and 76% of general counsel said the CISO is very critical during a transaction. However, 34% of CISOs said they are not heavily involved in contributing to decisions when executing transactions, and 1 in 3 CISOs do not believe they have the authority or are unsure of whether they can stop a transaction if cybersecurity risks are too high.

Other key findings:

  • One in 4 CISOs say their leaders push to close deals quickly over conducting thorough cybersecurity due diligence.
  • Only 17% of CISOs said that collaboration between cybersecurity and corporate development teams significantly increased during the transaction period. By contrast, 34% of general counsel felt collaboration significantly increased — showing a notable disconnect.
  • Only 23% of executives say they manage cybersecurity risks proactively post-close. This decline in vigilance creates a meaningful exposure point for the organization, which coincides with when attacks tend to occur.

“Deal teams need to account for cyber risk much the same way we think about leak risk. These unexpected disruptions can create confusion, shift value and slow negotiations,” said Pat Tucker, Americas Head of M&A and Activism at FTI Consulting. “It is essential that dealmakers recognize that transactions are increasingly becoming highly visible targets for threat actors. If deal value is going to be successfully realized, this risk needs to be mitigated more effectively.”

Survey Methodology
FTI Consulting surveyed 100 CISOs, 78 heads of M&A, and 100 general counsel across U.S.-based public and private organizations with at least 500 employees, representing a majority of companies with a market cap of $5 billion or more, to understand how key leaders collaborate with each other and weigh cybersecurity priorities during and after M&A deals. The survey was conducted online between August 12-26, 2025. For questions on the methodology, please contact James.Condon@fticonsulting.com.

About FTI Consulting
FTI Consulting, Inc. is a leading global expert firm for organizations facing crisis and transformation, with more than 8,100 employees located in 32 countries and territories as of December 31, 2025. In certain jurisdictions, FTI Consulting’s services are provided through distinct legal entities that are separately capitalized and independently managed. The Company generated $3.80 billion in revenues during fiscal year 2025. More information can be found at www.fticonsulting.com.

FTI Consulting, Inc.
555 12th Street NW
Washington, DC 20004
+1.202.312.9100

Investor Contact:
Mollie Hawkes
+1.617.747.1791
mollie.hawkes@fticonsulting.com

Media Contact:
Nick Emmons
+1.617.510.1676
nick.emmons@fticonsulting.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.