The conversations around cybersecurity are becoming increasingly popular, and while investors have been excited about the space for some time now, the constant fear and discussions around the possibility of the midterm elections being hacked like the 2016 presidential election make this is a great time to be in the space as attention (and dollars) start to flood the industry.
I’m recommending for all readers to gain exposure to the industry through holding the First Trust Nasdaq Cybersecurity ETF (CIBR).
A brave new (digital) world
Everything we do now is digital – shopping, banking, working, you name it. It truly is a brave new world and even Huxley would be surprised at what he would see. With more and more of our lives being conducted in cyberspace the greater the need we have to protect all of that data we put out there (and yes, we do put A LOT of data out there). Everything from passwords, personal information, connections to friends and family, buying habits, media preferences, and even our deepest, darkest thoughts and desires are all floating around out there in the digital universe – all just waiting for opportunity seekers to find and exploit.
New battles are no longer being fought by enemies you can see. The true war is behind the scenes, on the digital battleground. Increasingly we’re seeing threats from cyberterrorists targeting vital networks and infrastructure, or from the potential for cyberespionage either between nation to nation or company to company, or even from nefarious lone-hackers waiting to drain your life savings. All of these threats are part of the new age of cyberwarfare.
The rumbling underground of black markets for cybercrime are thriving in this new world. Anyone with a computer, an internet connection, and a pulse can purchase stolen identities or passwords, corporate secrets, harvested credentials, malware and virus software, or even hire their own personal hacker to carry out cyberattacks for them.
It’s becoming increasingly frightening to watch how numb the world gets to these types of activities and how these events are just becoming part of our everyday world. Every year billions of people’s data is stolen, thousands of companies are infiltrated, and some of the world’s most important infrastructure assets are compromised. In 2017 alone, we saw hundreds of deeply concerning hacks with unforeseen ramifications for society, and just in case you blinked, here’s a quick recap of last year’s events:
- Sensitive information and social security numbers were obtained from the Equifax (EFX) hack.
- Verizon (VZ), the now-owner of Yahoo!, announced that all 3 billion of Yahoo!’s users had their data stolen in 2013, and the company didn’t even learn about it until 3 years later.
- Some of the NSA’s most valuable cyber tools were stolen and then subsequently released to the world for everyone, including the United States’ enemies to see.
- Malware originating in Ukraine spread to global enterprises like FedEx (FDX), WPP (WPP), Rosneft (MCX: ROSN), and Maersk (CPH: MAERSK-B).
- Almost 200 million voter records were exposed after a GOP data firm misconfigured a security setting in its Amazon (AMZN) cloud storage service.
- The US Dept. of Education had to fight a cyberthreat that targeted many school districts after information of teachers, students, and parents were stolen.
- Netflix (NFLX) had an episode of one of its most successful shows, Orange is the New Black, stolen and released months before it was set to air.
- Uber’s new CEO, Dara Khosrowshahi announced that 57 million users and drivers had their personal information stolen in 2016, but the company covered it up by paying the $100,000 ransom to the hackers.
These types of events are becoming commonplace in today’s world, but that doesn’t mean the threat is any less serious. In an interview with Bloomberg News Jamie Dimon, Chairman and CEO of JP Morgan Chase (JPM), stated that
[Cybersecurity] is a critical issue, not just for financial companies but also for utilities, technology companies, electrical grids, and others… It is an arms race, and we need to do whatever we can do to protect the United States of America.
Mr. Dimon isn’t alone in his concern over cyber issues moving forward in America and the rest of the world. Many prominent figures including reporters and analysts are warning the world of the potential threats and subsequent harm that cyberattacks could have.
Increasingly, the country is becoming more aware and vigilant of critical assets that are at major risk to cyberattacks. As reported by BlueVector, an AI-driven cybersecurity firm,
The U.S. Department of Homeland Security deems 16 sectors as critical as their failure to function would jeopardize public health and economic security. These industrial sectors include chemical, physical facilities, communications networks, critical manufacturing, defense, industrial, emergency services, energy, dams, financial services, food & agriculture, government facilities, healthcare, IT, nuclear materials, transportation and water and waste system.
The huge demand for more cybersecurity professionals
With this explosion in new-age demand for more security, cybersecurity professionals and firms are in high demand. Forbes estimates that the global cybersecurity market will reach $170 billion by 2020, and other estimates are even more brow-raising. The unfortunate part of the increased demand is the current undersupply of people with the necessary skills and knowledge to do the work. Currently, there is a 25% gap between jobs available and people that can fill those jobs. Estimates state that by 2021 there will be a shortfall of over 3.5 million cybersecurity professionals in the world. Schools, businesses, and entire countries are starting to ramp up the number of professionals they produce to help meet the growing demand, but this undersupply of skilled labor will likely continue.
Why is now better than any other time to start investing in the space? Well, with the increasing speeds at which companies are transitioning to the cloud, the amount of data that businesses collect and store, and the ever-increasing digital presence we all have the cybersecurity space is ripe for the picking… but, that’s actually been true for a while. These trends aren’t new so why do I see sky-high growth in the sector in the very near future? Well, it all comes down to America’s most sacred institution, voting.
With the shocking revelation of Russian interference and hacking in the 2016 presidential election the country was ripped wide open to the possibility that not just power grids and defense companies were major targets from other nations, but so too was the very foundation on which we were built. Since the breaking news of the election hacking, media stations and other organizations haven’t stopped with the relentless coverage and fear mongering – and it’s working. Citizens are growing concerned about another interference in the upcoming midterm elections, and I believe the news coverage of the subject will continue ramping up from here. It seems like every day that a news station is either reporting on the new possibilities of election hacks or interviewing CEOs of cybersecurity firms about what they think of the situation. This is honestly terrifying, but instead of burying our heads in the sand, let’s make some money from it.
There are dozens of fantastic companies out there in the cybersecurity industry, but it’s hard to know which one stands to benefit the most. Admittedly, I’m a lazy investor so instead of doing days or months of exhaustive research into these companies and their financials, I’m betting on the whole space, and below I explain how.
The Cybersecurity ETF
From First Trust Advisors L.P. and BNY Mellon (servicing agent) comes the First Trust Nasdaq Cybersecurity ETF, ticker symbol CIBR. The Fund seeks investment results that correspond generally to the price and yield (before the Fund’s fees and expenses) of the Nasdaq CTA Cybersecurity Index. The index is designed to track the performance of companies engaged in the cybersecurity segment of the technology and industrials sectors. It includes companies primarily involved in the building, implementation, and management of security protocols applied to private and public networks, computers, and mobile devices in order to provide protection of the integrity of data and network operations. To be included in the index, a security must be listed on a major global stock exchange and classified as a cybersecurity company. Each security must have a market capitalization of at least $250 million and acceptable liquidity with an average daily trade volume of more than $1 million. The fund is rebalanced quarterly and is weighted by liquidity instead of market capitalization.
The ETF first began trading in mid-2015 at $20 per share and has since increased in value by 38.6%. The fund has an average expense ratio for this type of thematic fund with an expense ratio of 60 bps. At market close on Thursday, the fund had a NAV of roughly $734 million with approximately 26.5 million shares outstanding and trades at a slight premium to NAV of 0.22%. The fund does offer a slight distribution with an annual yield of around 0.10% and trades at 4.54x P/B which is well above the market average of around 2.7x. This shows that the companies within the fund are trading at very generous valuations, but with expectations of robust growth, I’m not turned away by the metric. Additionally, the turnover ratio for the fund is a little on the high side at 67%, so it would be wise to explore the full tax implications closely, but I’m not knowledgeable enough to dig too deep enough into that topic.
Below is a summary of the fund’s performance:
The fund and the index include 32 companies, with the majority (54%) categorized as software companies. Almost all of the holdings are in the technology sector, with the remaining few being in the industrial sector.
(Source: First Trust’s fund summary page)
The average market cap for the fund is $4.1 billion with a maximum of $202.3 billion and a minimum of $397 million. The majority of the companies are classified by Morningstar as growth style investments, which again shows why the fund has such a high P/B ratio.
The fund includes big-name companies like VMware, Cisco, Palo Alto, and many other, as well as some more obscure, smaller firms in the industry. 26.46% of the fund is attributed to just the top 5 holdings, and just a little less than half (43.12%) of the fund is comprised of the top 10 holdings. With an ETF consisting of this many holdings that kind of concentration seems to be on par with market norms with no one company making up more than 7% of the fund’s value.
The top 10 holdings of the fund are as follows:
|Palo Alto Networks, Inc.||(PANW)||5.94%|
|Cisco Systems, Inc.||(CSCO)||5.65%|
|CyberArk Software Ltd.||(CYBR)||3.27%|
|Check Point Software Technologies Ltd.||(CHKP)||3.25%|
You can view the fund’s full holdings list here.
When I do these types of ETF idea write-ups I like to briefly run through the top five holdings just to give you an idea of the largest players in the fund. At the number one spot is VMware. The company is the leading provider of server and desktop virtualization software, and also provides data center management, orchestration, and end-user provisioning tools. The company is a majority-owned subsidiary of Dell and has a market cap of $61.8 billion dollars. VMware works to modernize data centers, integrate public clouds, and transforms network security. The company has many customers to which it provides end-to-end automated security solutions. Customers include large-name corporations like Ford (F), T-Mobile (TMUS), CoreSite (COR), Marriott (MAR), and many more. The company also works with other non-enterprise customers like universities, hospitals, hometown and regional banks, charities and non-profits, and state and local governments.
At the number two spot, is Palo Alto Networks. The company is one of the leaders in developing and delivering enterprise network solutions such as next-generation firewall technologies. The company provides solutions to many industries like financials, healthcare, retail, utilities, oil and gas, and public sectors such as educational providers. Palo Alto definitely highlights why the funds P/B ratio is almost double the market average since PANW trades at an off the charts ratio of 27.81x P/B. That’s an astonishing measure, but just like with many other companies in the index, Palo Alto has continually delivered double-digit revenue growth numbers year over year.
Coming in at number three in the fund is Symantec Corp., which many of us will be familiar with as the company that provides us with Norton branded security services and LifeLock identity protection. The company also has another side to the business other than its public consumer division through its enterprise solutions segment. While the enterprise segment drives the bulk of the revenue, the major overhead to provide corporate security solutions leaves the consumer segment the dominant bread-winner for actual profits. As I see it, that’s not a bad thing because it just highlights the company’s ability to diversify revenue streams.
At number four in the fund, we have Cisco Systems. Almost every large corporation in the world uses some type of Cisco product, software, or solution. Cisco is the world’s largest hardware and software supplier within the networking solutions sector and is one of the largest companies in the fund with a market capitalization of almost $200 billion. The company provides a good anchor to the index with a lower P/B than the majority of other major holdings and a much lower forward P/E multiple.
Rounding out the top five holdings is a probably lesser-known company than the previous ones mentioned. The company is Splunk Inc. and the firm’s flagship solution is Splunk Enterprise which is used across a multitude of use cases including application management, IT operations, and security. The company primarily deploys its solutions on-premises but is quickly developing its SaaS delivery model. Opposite of Cisco, Splunk has an unbelievable valuation of 103.9x forward P/E. Investors obviously see great potential in this company and I would have to agree considering its clientele of repeat customers which includes 83 of the Forbes 100, such as Adobe (ADBE), BlackRock (BLK), Coca-Cola (KO), Micron Technology (MU), Myriad Genetics (MYGN), Nasdaq (NDAQ), Nordstrom (JWN), Symantec (which is also in the fund), Zillow (Z), and so many more.
Cybersecurity is going to continue being a rapid growth sector as the world continues its transition into the digital age. These days everything from TVs, computers, refrigerators, vacuums, speakers, doorbells, thermostats, and everything else are becoming connected via some type of networking system. With every new connection, an opportunity arises for new cyberattacks, so the world will continue increasing its need for cybersecurity, especially as battles between countries and between businesses transition away from the physical world and into the digital one.
I see a long-term growth trend in cybersecurity and the market has already priced in robust growth over the coming years to many of the players in the industry. Although valuations are already sky-high, now is not the time to sit on the sidelines as the likeliness of increased news coverage and attention comes to cybersecurity as the country marches towards the midterm elections. Every media outlet will be reiterating stories of the presidential election hack and how the midterms will also be at risk. Instead of being afraid and avoiding the issue, we should embrace it and try to make some money by investing in the space through the First Trust Nasdaq Cybersecurity ETF.
Disclosure: I am/we are long CIBR.
I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.