Facing mounting competition from large information technology (IT) conglomerates, information security firms have engaged in a multitude of mergers and acquisitions (M&As) to survive and remain profitable. In this paper, we uncover some characteristics that make these M&As valuable to the acquiring firms’ stock market value. Using a combination of event study and regression analyses, we analyze longitudinal panel data from 787 M&As initiated by 174 public information security firms between 1998 and 2011. We find that, on average, M&As are associated with an increase in the stock market value of information security acquirers. Moreover, our results show that whereas smaller information security acquirers gain more from domestic diversification, larger information security acquirers are better off seeking M&A targets internationally within their line of business, especially during good economic conditions. Our analysis also reveals that M&As with identity and access management (IAM) targets are perceived favorably by the stock market regardless of other M&A characteristics. This paper contributes an information security-IT complementarities framework that, along with our findings, carries valuable managerial insights.