Whither information security? Examining the complementarities and substitutive effects among IT and information security firms

Abstract

The last few years have seen an increase in the mergers and acquisitions (M&A) activity among information security firms and other information technology (IT) firms offering complementary technologies. Using social network analysis methods, we investigate the characteristics and underlying dynamics of these M&A activities in the United States (US) over the period 1996–2008. Our results reveal a 400% increase from 1996 to 2006 in the cohesiveness of the network linking the information security firms and IT firms considered in our analysis. This, in turn, implies a move towards industry convergence. In particular, we show that M&As involving identity and access management (IAM) firms have become twice more central to M&As by IT firms in 2003 (compared to 2002), reflecting an increasing trend among IT firms to integrate IAM technologies within their products. The results in this paper provide M&A managers of IT firms with strategic insights into which complementary information security firms ought to be acquired.