Cybersecurity ETFs Gain But Diverge

Abstract image of technology
Credit: Shutterstock

Cinthia Murphy, Managing Editor,

Cybersecurity has been a hot theme this year, suddenly taking new importance in an economy that’s had workers everywhere working from home, logging into systems outside of offices, many for the first time.

Companies involved in the business of developing online security hardware, software and services have rallied sharply higher, especially since March, when shelter-in-place orders began to take effect across the country. That momentum has yet to abate.

Cybersecurity ETFs have enjoyed the ride higher, but like everything else, their performances show disparity because of the way each of these portfolios goes about accessing this space.

Consider these ETFs from four different providers:

Year to date, the performance disparity among these four ETFs is a wide 9 percentage points, as seen below:

ETF chart

Since the March 23 market low, their performances have been even more impressive, with these funds delivering 45-52% in gains in the short period to date:


Charts courtesy of

Key Differences

While there’s a lot of overlap in the securities each of these portfolios hold, their allocation and weighting schemes have driven the disparity in their results this year. (You can compare ETFs side-by-side here).

For example, HACK, the oldest in the space, is the laggard year to date, and the only one of the four funds to face net redemptions—more than $150 million in 2020—despite the positive gains.

The fund may be the oldest among these ETFs, launched in 2014, but it has given up its first-to-market advantage, having now $1.4 billion in total assets—no longer the biggest ETF in this space.

HACK is a tiered, equal-weighted basket of cybersecurity companies and services. Crucial here is that different holdings have roughly the same impact on results. A look at the fund’s top holdings show that infrastructure- and web-security-focused Cloudflare (NET) is among the top names alongside Cisco Systems (CSCO), which is a conglomerate with a diversified line of business beyond cybersecurity. Cloudflare is up 114% year to date; Cisco is down 3.5%. (Use’s stock finder tool to find an ETF’s allocation to a certain stock.)

HACK is also only about 88% allocated to software/hardware producers and cybersecurity service providers. The fund diversifies its basket with the inclusion of companies in aerospace and defense, communications and electronic equipment.

By comparison, CIBR, too, is broadly diversified, with almost 10% tied to communications companies; 10% tied to aerospace and defense as well as semiconductors; and it also owns some equipment names. Top holdings include CrowdStrike (CRWD)Splunk (SPLK) and Cisco.

But the ETF attempts to address the challenge of navigating a segment filled with small cap companies by weighting holdings by liquidity, which results in a different mix of drivers. Launched almost a year after HACK, in 2015, for the same price tag of 0.60%, CIBR is today the biggest cybersecurity ETF, with $1.8 billion in total assets.

Among the newcomers to this segment, IHAK, which came to market in 2019, is already a $67 million fund. The fund is the cheapest ETF in cybersecurity, costing 0.47% in expense ratio, or $47 per $10,000 invested.

IHAK is also the most vanilla of them all, offering a market-cap-weighted mix of primarily software/hardware companies and IT services (94% of the portfolio) across the globe involved in cybersecurity.

Top holdings include all the main players in this segment: companies like Zscaler (ZS)Fortinet (FTNT)Okta (OKTA)Palo Alto Networks (PANW) and CrowdStrike (CRWD). But at the top you’ll also find e-signature services-focused DocuSign (DOCU); infotech consulting firm Booz Allen Hamilton (BAH) and cloud services provider Akamai Tech (AKAM).

Together, these stocks have delivered double-digit—and some triple-digit—gains this year, making IHAK a standout performer in 2020.

And finally, there’s BUG—the best-performing cybersecurity ETF this year.

BUG is not even 1 year old yet, and it’s a very small portfolio, with only 29 holdings. But this small basket is packing quite a punch this year, focusing on some of the smaller cap names in this industry, and riding higher more than 52% since March 23.

The fund screens securities by revenue, looking only for those that generate at least 50% of their cash from cybersecurity-related activities, such as product development and services. Top holdings in this portfolio include names such as Zscaler, up 144% so far this year and 111% since March 23. Also here is Okta, up 71% in 2020; Fortinet up 27% this year and 60% since March 23; and CrowdStrike, which is up 100% YTD and up 105% since the March low.

The fund has also yet to see a single day of outflows so far in 2020, picking up about $20 million this year.

When choosing an ETF to access a part of the market, portfolio structure makes a big difference on outcomes, even when similar holdings are found in competing funds.

More on

Beware: 'Zombie ETFs' Lurking

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

In This Story


Other Topics

Cybersecurity Technology

Founded in 2001, is the world's leading authority on exchange-traded funds (ETFs). We deliver clear, independent and authoritative news, analysis and education about ETFs online at and in print with ETF Report.

Learn More