Four Top Cybersecurity-Themed ETFs in Q3 2024



As the digital world expands at an astonishing rate, concerns over the security of cyberspace grow proportionally, with malicious attacks on computer systems, networks and devices reflecting the proliferation of potential attack vectors existing today. “Cyberattacks are on track to cause $10.5 trillion a year in damage by 2025. That’s a 300 percent increase from 2015 levels,” McKinsey & Company warned early last year. “To protect against the onslaught, organisations around the world spent around $150 billion on cybersecurity in 2021, and this sum is growing by 12.4 percent a year. But even that is probably not enough: threat volumes are predicted to rise in [the] coming years.”

Amid this ballooning risk of cybercrime, interest in cybersecurity ETFs (exchange-traded funds) among investors and fund managers is surging as they seek to gain exposure to this hugely important growth industry, which protects businesses from cyberattacks and supports their aims of growing their online footprints. Indeed, one market-research firm stated it expected the global cybersecurity market to rise at a compound annual growth rate (CAGR) of about 8.8 percent between 2024 and 2032 to reach a value of around $506.79 billion by 2032, from its $236.75-billion valuation at the end of 2023.

While the industry has experienced highly publicised challenges this year, leading to some of the biggest players in the space, such as Palo Alto Networks and CrowdStrike Holdings (CRWD), undergoing distinct struggles of their own, cybersecurity remains a compelling theme in 2024. So long as the area and sheer complexity of the attack landscape continue to grow and evolve, particularly with the advent of the generative AI (GenAI) boom, cybersecurity will continue to have growing appeal.

First Trust NASDAQ Cybersecurity ETF (CIBR)

At $6.19 billion of assets under management (AUM), CIBR is comfortably the biggest ETF in the cybersecurity space and has been in operation since 2015. And with 30 companies included in the fund, there is sufficient diversification of cybersecurity firms to consider CIBR among the best ETFs in this segment.

The fund tracks the performance of an equity index called the Nasdaq CTA Cybersecurity™ Index, which comprises companies “primarily involved in the building, implementation, and management of security protocols applied to private and public networks, computers, and mobile devices in order to provide protection of the integrity of data and network operations”, according to First Trust.

Inclusion in the index requires the company to be listed on an index-eligible global stock exchange and be classified as a cybersecurity company, as determined by the Consumer Technology Association (CTA). It must have a global market capitalisation of at least $500 million, as well as a minimum three-month average daily dollar trading volume of $1 million and a minimum free float—that is, the proportion of outstanding shares in a company that can be bought or sold by public investors—of 20 percent.

As for performance, CIBR has weathered the minor storms that have erupted in cybersecurity this year, reflected in the fund’s year-to-date (YTD) gain of 4.33 percent, as well as 1-year, 3-year and 5-year returns of 19.19 percent, 4.95 percent and 14.26 percent, respectively. The fund’s expense ratio of 0.59 percent is on the higher side, however. 

The index is also evaluated semi-annually in March and September. Should a company no longer meet the eligibility criteria outside of these windows, it is removed from the index and not replaced. The fund’s biggest five holdings are the Indian IT (information technology) firm Infosys (at a 9.9-percent weighting), the US semiconductor firm Broadcom (8.56 percent), the cybersecurity-protection and software company Palo Alto Networks (8.09 percent), the digital information and communications technology (ICT) firm Cisco Systems (7.67 percent) and the Texas-based pure-play cybersecurity firm CrowdStrike.

Amplify Cybersecurity ETF (HACK)

Launched nearly 10 years ago as the first cybersecurity ETF on the market, HACK comprises companies in the Nasdaq ISE Cyber Security Index, which tracks companies actively involved in providing cybersecurity technology and services and is reconstituted and rebalanced quarterly. Before January 29, 2024, however, the fund traded under the brand name ETFMG and tracked the Prime Cyber Defense Index.

The $1.6-billion fund also follows the ISE Cyber Security Industry Classification, which provides a framework for investment research, portfolio management and asset allocation for companies involved in the cybersecurity industry. The fund invests at least 80 percent of its net assets in cybersecurity companies according to two broad industry segments: (i) developers of cybersecurity hardware or software and (ii) providers of cybersecurity services.

To be eligible for inclusion, a company must meet minimum market capitalisation and liquidity screens. Eligible stocks must also derive at least 90 percent of their revenues from cybersecurity. The fund’s five biggest constituents are Broadcom (9.88 percent weighting), Cisco Systems (7.01 percent), Palo Alto Networks (6.26 percent) and US aerospace and defence companies Northrop Grumman (5.97 percent) and General Dynamics (5.55 percent).

As of June 30, the fund’s split of large-cap, mid-cap and small cybersecurity firms was 82.4 percent, 15.7 percent and 1.9 percent, respectively, across a total of 24 companies. The fund’s expense ratio stands at 0.60 percent, moreover, which is the most expensive on this list.

The fund has performed remarkably well despite the negative news the cybersecurity industry has faced this year. With returns of 4.8 percent over the previous three months, a YTD gain of 6.54 percent and a 1-year performance of 23.19 percent, HACK is the top performer among the funds listed here. And if any further proof of the fund’s strength is needed, a whopping 168.5-percent gain has been registered since its inception in November 2014.

iShares Cybersecurity and Tech ETF (IHAK)

A fund managed by BlackRock under the iShares brand, IHAK (with assets under management of $825 million) seeks to track the investment performance of the NYSE FactSet Global Cyber Security Index (NYFSSEC), a “rules-based equity benchmark designed to track the performance of globally listed hardware, software and services companies engaged in protecting enterprise or personal networks, applications and data from unauthorized attacks and damages”.

Companies involved in the cybersecurity industry that are listed for trading on major stock markets accessible to foreign investors are eligible for this index. The index’s constituents’ weights are rebalanced semi-annually after the close of the third Friday in June and December each year.

What sets this fund apart from many other cybersecurity ETFs is the broader exposure it offers to emerging-economy cybersecurity firms. As such, while the fund has not performed as strongly as some of its cybersecurity siblings this year, it offers potentially strong diversification benefits.

Indeed, should investors continue to be spooked by the negativity surrounding some of the biggest names in the cybersecurity sector this year, IHAK offers considerable opportunities to gain exposure to other solid performers by tracking a market-cap-selected and -weighted index of large- and mid-cap companies involved in cyber hardware and software.

This is reflected in some of the fund’s biggest holdings, such as SentinelOne (4.91 percent weighting), Varonis Systems (4.90 percent), Juniper Networks (4.41 percent), CACI International (4.39 percent) and UK cybersecurity firm Darktrace (3.66 percent). The fund comprises 34 companies in total.

While YTD results are underwhelming at -4.4 percent, its 1-year and 5-year returns at 14.88 percent and 12.12 percent, respectively, underline its strength over the long term. IHAK’s expense ratio also stands at a competitive 0.47 percent.

WisdomTree Cybersecurity Fund (WCBR)

WCBR, one of the smaller cybersecurity-themed ETFs, seeks to track the performance of the WisdomTree Team8 Cybersecurity Index, which provides exposure to the equity securities of exchange-listed global companies—primarily involved in providing cybersecurity-oriented products. The fund invests at least 80 percent of its total assets in the index’s component securities.

The fund first went live in January 2021, and today, it has just over $100 million in AUM. But don’t let its small size fool you; the fund has returned a solid 17.7 percent over the last year.

This is largely down to the diversity of companies included in WCBR, with software firm HashiCorp, cybersecurity and data-protection firm Commvault Systems, Palo Alto Networks and US-Dutch firm Elastic NV among the fund’s biggest holdings.

Company eligibility is based on selecting at least 25 companies that derive at least half of their revenue from cybersecurity activities and have also demonstrated growth of at least 7 percent over the preceding three years (5 percent for old constituents). The index then assigns a weighting for each company through two scores for each stock: Focus Scores based on the degree of involvement in the cybersecurity theme and Revenue Growth Scores based on annual revenue growth over the preceding three years. The index is also reconstituted and rebalanced semi-annually.

Comments