It seems that every other day, there’s a new hacking nightmare to deal with.
Everyone from Target (TGT) to the home-wrecking dating site AshleyMadison.com to the the New York Stock Exchange to the federal government has been penetrated. But as cybercrime rises, so does spending to deter that crime.
And as cybersecurity firms blossom, so do cybersecurity stocks.
The technology sector has continued to swoon as every new attack has prompted more and more investors to take notice. Cybersecurity stocks – such as FireEye (FEYE) or Palo Alto Networks (PANW) — exhibit some of the best year-to-date performance for stocks of any sector.
To that end, exchange-traded funds are your best bet at playing a niche like cybersecurity. And it just so happens that Wall Street has two ETFs that bet directly on cybersecurity stocks.
The real question is: Which one is better for your investment dollar?
Two Sides of the Same Coin
Analysts at tech research firm Gartner expect cybersecurity spending by private non-government entities to reach a whopping $77 billion this year. With that kind of spending coming down the pike, the cybersecurity theme is ripe for investment and Wall Street is happy to help average Joes on that endeavor.
Although HACK and CIBR track similar goals, there are some subtle nuances that might cause one ETF or the other to be a better fit for your portfolio.
The first comes down to index construction.
HACK, a more established ETF, tracks the ISE Cyber Security Index, which focuses on stocks that develop hardware and/or software for the safeguarding of access to files, websites and networks. CIBR tracks the Nasdaq CEA Cybersecurity Index, which tracks stocks involved in the building, implementation and management of security protocols of private and public networks, computers and mobile devices.
If those sound basically the the same … well, they are. A quick glance at CIBR and HACK’s holdings reflect many of the same names. The amount of holdings in each ETF are also nearly identical: 32 for HACK, 34 for CIBR. And yet, they have two very different portfolios of cybersecurity stocks. The difference in the indices comes down to liquidity and size of the underlying stocks in the indices, as well as weighting strategy.
A cybersecurity stock must have a market capitalization of at least $250 million and a minimum three-month average daily dollar trading volume of $1 million to be included in CIBR. HACK drops that minimum market cap down to $100 million and doesn’t require a minimum trading average.
That slight difference actually means that HACK is more likely to hold smaller — and potentially faster-growing — cybersecurity firms. It’s a double-edged sword, though, as it means HACK is more likely to own riskier stocks as well.
Additionally, that smaller size requirement and the lack of a daily trading requirement can actually hurt HACK as it grows. It already has $1.2 billion in assets. If ISE drops a smaller stock into the mix — down at that $100 million level — there could be chaos. Right now, HACK has about $60 million or so in each of its holdings.
As for the weightings of their underlying holdings, HACK is considered an equal-weight fund. Again, equal weighting does have benefits, but it’s not without risks. CIBR uses a more traditional market-cap weighted approach with maximum caps on the underlying cybersecurity stocks. These differences produce radically different portfolios.
Case in point: CIBR has software at 48% vs. HACK’s 60%.
Which One Is the Better Cybersecurity Play?
So should you give HACK or CIBR the nod in your portfolio? It depends on what you’re really looking for.
On the one hand, HACK makes perfect sense as a short- to medium-term play on the industry. HACK’s potential emphasis on smaller, faster-growing firms will supercharge performance in the good times. However, if things turn sour, they are going to be the ones scrambling.
CIBR, on the other hand, might make a better long-term play. Its liquidity requirements remove “some of the riff-raff” from the sector. When it comes to tech — especially high growth tech sectors — the majority of firms fall by the wayside and we’re left with a few strong stocks. Cybersecurity should be no different. That makes CIBR better suited for much longer timelines.
Also, adding to CIBR’s case is its 20% cheaper expense ratio. First Trust is one of the largest ETF sponsors around, and as such, it can play hardball with the expense ratio of its funds. CIBR charges just 0.6%, while HACK charges 0.75%.
As of today, CIBR is probably the better bet for a play on cybersecurity. The slightly larger focus, better blend of subsectors and cheaper expense ratio should help it win out over the longer haul. HACK will most likely continue to be the trader’s favorite.
At least until Direxion unleashes its triple leveraged ETFs tracking cybersecurity stocks.
As of this writing, Aaron Levitt did not hold a position in any of the aforementioned securities.