Two-thirds of digital & telecoms deals collapsing due to cyber risk

For years, network buildouts, towers, fiber, and hyperscale data centers looked like the safest plays in tech. They power the apps we live in, the games we stream, and the virtual worlds we’re building. Yet despite that promise, dealmakers are slamming the brakes. A recent survey of 150 investors shows nearly two-thirds have watched a digital or telecoms infrastructure transaction fall apart over the past three years—largely because non-financial risks are spiking faster than expected.

The year began with talk of a rebound in private equity and M&A. Instead, buyers and sellers are navigating a maze of new constraints: volatile geopolitics, regulatory whiplash, and cyber threats that now hit operational technology as hard as IT. Optimism hasn’t vanished, but the old rulebook clearly has.

Cyber risk is now the deal-breaker

Among investors surveyed, 60% cited cybersecurity as the top factor that derailed transactions in the sector. In the same period, more than half pointed to sustainability pressures and shifting regulations as key obstacles. Third-party exposure featured in 47% of failed deals, while geopolitical risk was flagged by 41% of respondents.

Looking ahead, cyber sits at the top of the worry list for the next three years—only 13% expect the threat to ease. That pessimism isn’t hard to justify: attackers are supercharging operations with AI, while rushed corporate deployments of machine learning models are leaving fresh attack surfaces exposed. With conflicts and security tensions unlikely to recede soon, the risk backdrop is hardening, not softening.

Why this matters for gaming and VR

Interactive entertainment and immersive tech rely on the very assets now stalling in M&A rooms: 5G, edge compute, subsea and terrestrial fiber, and low-latency data centers. If consolidation slows or capex plans are reworked post-diligence, rollouts that enable smooth cloud gaming, seamless multiplayer at scale, or high-fidelity XR streaming can slip. For studios and platforms betting on volumetric video, real-time ray tracing in the cloud, or persistent social VR spaces, the knock-on effects can be material—higher latency, regional service gaps, or delayed market entries.

There’s also a design-level implication. Infrastructure owners are being judged not just on throughput and uptime, but on cyber resilience across both IT and OT. A breach that knocks out a core routing node, compromises an edge cluster, or disrupts a neutral host venue can cascade into outages that hit esports broadcasts, live-ops events, and premium launch windows. For game publishers and XR providers striking long-term distribution or hosting agreements, counterparty cyber posture is rapidly becoming a make-or-break checkbox.

The new diligence checklist

Investors aren’t waiting for a return to “normal.” Many are layering in new controls during pre-deal and post-close phases:

• Specialist risk advisory: Over half report bringing in external expertise to assess non-financial risk during the transaction process.
• Risk transfer: Roughly four in ten have added or expanded cyber insurance coverage to cushion catastrophic scenarios.
• People and process: Around a third are boosting internal training to spot red flags and operational blind spots.
• But maturity gaps persist: The most common tactic—used by nearly two-thirds—is still limited to tweaking contract language, which rarely addresses systemic weaknesses.

For digital and telecoms infrastructure targets, and for gaming/VR businesses that depend on them, stronger moves are emerging as best practice:

• Technical deep dives that include OT: firmware hygiene, segmentation, remote access governance, and patch cadence for network equipment and industrial controls.
• AI-informed threat modeling: mapping how LLM- and automation-driven attacks might exploit identity systems, code pipelines, and edge endpoints.
• Third-party risk scrutiny: continuous monitoring of vendors and integrators, especially those touching peering, IXPs, and managed services supporting live content delivery.
• Contractual teeth: incident reporting SLAs, independent audits, escrow for remediation budgets, and clear breach notification playbooks that align with global regimes.
• Tabletop drills and red-teaming tied to go-live milestones for major network upgrades or data center expansions.
• Sustainability and regulatory mapping to pre-empt compliance drag across jurisdictions—critical for multinational rollouts of cloud gaming and XR platforms.

From hype-proof to risk-ready

Even the best fundamentals can’t outrun the current risk cycle. The assets behind AI training, low-latency streaming, and real-time simulation still represent real demand—but only operators that can demonstrate robust cyber readiness and supply chain discipline are clearing the diligence bar. For buyers, embedding security early in the investment lifecycle is now a value-creation lever, not a cost center. For sellers, proving resilience—in logs, dashboards, and recoverability metrics—can keep deals alive and pricing intact.

The takeaway for the gaming and VR ecosystem is blunt: the future still runs on bandwidth and proximity, but trust now moves the money. Those who build, buy, or rely on digital and telecoms infrastructure will need to show they can withstand the next wave of cyber shocks while navigating fluid regulation and geopolitics. Do that, and the sector can unlock the capacity curve needed for the next generation of online worlds.