Table of Contents
Warren Buffett sees cybercrime as the #1 menace facing mankind–even bigger than nuclear weapons. IBM CEO Gini Rometty says the problem is the greatest threat to every company in the world.
Download a PDF version of this post as PDF.
The Cybercrime boom has now reached epic proportions and is set to trigger the biggest transfer of economic wealth in history, bar none. In 2017, we have witnessed large-scale cyber attacks taking several incarnations including DDoS (distributed denial-of-service) attacks, corporate espionage, leaks of spy tools from U.S. intelligence agencies, viral state-sponsored ransomware and full-on campaign hacking.
Just being online has nowadays become an existential threat. A recap of 2017’s biggest cyberattacks reads like a script from a horror movie–from the mysterious Shadow Brokers and the Bitcoin-loving ransomware WannaCry to the insidious NotPetya ransomware and CloudBleed hack. There has been a total of not less than eight major cybersecurity attacks in the year-to-date, and companies around the world have been feeling the heat. The massive Equifax data breach saw 143 million customer accounts compromised and has already cost the company $200-300 million in direct costs not to mention wiped off $4 billion from its market cap. That qualifies as the fourth largest cyber heist in corporate U.S. history. Meanwhile, NotPetya crippled Danish shipping company Maersk’s transport network for days, resulting in losses exceeding $300 million.
The scale of the economic costs is simply alarming–the average cost of data breaches for large U.S. enterprises now exceeds $6 million. California-based information security company, Cybersecurity Ventures, has predicted that cybercrime damages to the global economy will double to $6 trillion from 2016 to 2021. Cybercrime is now nearly as profitable as the global trade in all major illegal drugs combined.
Cybersecurity investments set to soar
When you think of the cybercrime boom you probably conjure up images of nefarious computer geeks cracking sophisticated codes and outmaneuvering state-of-the-art infosec systems. Actually, in many cases, it’s more like taking candy from a baby. Incredibly, in this age when cybercrime tactics are growing increasingly fiendish, many companies have grossly underinvested in information security systems and are consequently ill-prepared to face the ever-growing threat. Indeed, a study done early in the year found that only 30% of companies in the U.S., U.K., and Germany are adequately prepared to deal with cyber attacks. Many organizations, both large and small, are still falling prey to outdated hacking strategies.
Nevertheless, organizations are increasingly factoring cyber attacks into their business and IT risk assessments. Research outfit, Gartner, has predicted that information security spending will clock in at $86.4 billion in the current year and $93 billion in 2018. Yet, information security is merely a subset of the huge cybersecurity industry. Global spending on cybersecurity products and services is likely to hit $232 billion by 2022 from $138 billion currently, according to Markets and Markets.
Despite those impressive figures, there’s enough reason to believe that they lean more on the conservative side. If you take aggregate losses due to data breaches over the past five years and project them forward by five years, you will discover the ~7 percent CAGR spend estimate by Gartner or Markets and Markets is orders of magnitudes lower. In effect, companies will be trying to use a fly swatter to combat a problem that needs an armored tank. Moreover, several aggressive regulations are set to come into enforcement in 2018. One such is the European Union’s General Data Protection Regulation (GDPR). These laws will force companies to spend more on their information security systems to avoid being slapped with massive fines for customer data breaches.
The $1 trillion estimate by Cybersecurity Ventures could well turn out to be in the ballpark, implying cybersecurity spending is likely to grow at a more torrid clip than current projections. Either way, it represents a huge opportunity for investors.
There’s a huge array of cybersecurity companies that you can put your money in. Indeed, investors plunked nearly $4 billion into 400 cybersecurity startups in 2016 alone! For the average investor though, there are two main ways to go:
- Invest in cybersecurity ETFs or
- Invest in individual cybersecurity stocks.
Without further ado, the brass tacks.
- Investing in Cybersecurity ETFs
Investing in cybersecurity ETFs is a great way to profit from the expected fast growth for the industry without having to vet individual stocks. Cybersecurity ETFs (exchange-traded funds), though, are relatively new on the scene.
ETFMG Prime Cyber Security ETF (HACK) is the oldest of pure cybersecurity ETFs, having joined the ETF universe in November 2014. The fund was formerly known as the PureFunds ISE Cyber Security ETF until a name-change came calling in August. HACK sports a healthy year-to-date return of 18.5% vs. 16.5% by the broad-market SPDR S&P 500 ETF (SPY).
Source: CNN Money
Currently, HACK has total net assets of $1.1 billion and a total of 44 cybersecurity-related stocks holdings. It’s biggest components are Splunk (NASDAQ:SPLK), Trend Micro (4704 JP), Akamai Technologies (NASDAQ: AKAM), Qualy’s Inc. (NASDAQ: QLYS) and Cisco Systems (NASDAQ:CSCO). The best performers are Splunk and Qualy’s with YTD returns of 64% and 95%, respectively, while Akamai Technologies is the laggard of the bunch with a return of -16%.
All HACK holdings must be companies worth at least $100 million. HACK has an expense ratio of 0.6% and is actively managed. The ETF is rebalanced quarterly, meaning it’s holdings keep changing from one quarter to another.
First Trust Nasdaq Cybersecurity ETF (CIBR) was the second pure cybersecurity ETF to hit the market. It shares several key features with its bigger and more illustrious peer, including a 0.6% expense ratio and an active management that rebalances the ETF’s holdings every quarter. The ETF currently has 36 stock holdings and total net assets of $352.7 million. Top 5 holdings include VMware (NYSE:VMW) Palo Alto Networks(NYSE:PANW), Cisco Systems, NXP Semiconductors(NASDAQ:NXPI) and Symantec Corporation(NASDAQ:SYMC). CIBR holdings are required to have a market cap of at least $250 million.
CIBR sports an YTD return of 15.6%, significantly lower than HACK’s or SPY’s. This though has not always been the case, with CIBR having had the upper hand since its debut thanks in part due to its significantly lower fees compared to HACK. That, however, changed when PureFunds, the previous provider of the ETF, lowered HACK’s expense ratio from 0.75% to 0.60% in June in a bid to match that by its key competitor and also in response to the general trend of lower fees by actively managed funds.
Looking at the underlying stocks by CIBR vs. HACK, you will notice that the ETF is quite top-heavy, with top 5 holdings carrying a weighting of 30.79% compared to 25.47% for HACK. CIBR companies are also significantly bigger in terms of market cap.This difference tends to show up in the form of lower volatility by CIBR compared to HACK, especially during a market downturn.
In general, HACK provides exposure to higher growth companies while CIBR offers lower volatility. At this juncture though, no clear trends have developed that would clearly favor one over the other so it just depends on your investing style.
- Investing in Cybersecurity stocks
If you are great at picking stocks, investing in the right stocks can deliver much better returns than investing in a whole ETF. A good place to start is by simply looking at the underlying HACK and CIBR holdings since these are all companies with significant exposure to the industry. Many of the top holdings for both ETFs are solid picks. For instance, Splunk, the top HACK weighting, sports an YTD return of 64.4% while VMware, the leading CIBR pick, has rallied an impressive 58% over that timeframe. With the exception of Akamai, all the top 5 holdings for either ETF are firmly in the green with double-digit returns. That forms a good basis to perform your research and due diligence.
Learn about Cryptocurrencies from StockstoTrade.com here.