March 2026

Ilaria Sangalli, Head of Index Insights, EMEA

After a broad software sell‑off in January and February that weighed on cybersecurity stocks, the sector rebounded in early March. Over the first nine days of March 2026, cybersecurity equities outperformed broader equity indices amid a recovery in investor sentiment.

This rebound has coincided with the sharp escalation of geopolitical tensions in the Middle East following the initial February 28 U.S.-Israel strikes on Iran, alongside renewed warnings from governments and leading cybersecurity firms about a heightened cyber‑risk environment.

Geopolitical Tensions Raise the Risk of Spillover Cyber Activity

In a formal alert published on March 2, 2026, the UK’s National Cyber Security Centre (NCSC) stated that while there was “no significant change in the direct cyber threat to the UK,” there is “almost certainly a heightened risk of indirect cyber threat” for organizations with operations, assets, or supply chains in the Middle East. The agency emphasized that Iranian state and Iran‑linked cyber actors retain the capability to conduct cyber activity and warned that fast‑moving geopolitical conditions could rapidly alter the threat landscape.¹

Similarly, CNBC reported that the U.S. Department of Homeland Security is working with federal intelligence and law enforcement partners to “closely monitor and thwart” potential threats, in the context of elevated Iran‑linked cyber risk.²

Private‑sector threat intelligence echoed these concerns. Zscaler’s ThreatLabz reported on March 6 that threat actors are rapidly exploiting the volatile environment through opportunistic cybercrime, including the registration of more than 8,000 new domains using keywords associated with the Middle East conflict. While many remain inactive, they are assessed as potential infrastructure for future malicious campaigns. The report details multiple conflict‑themed malware and phishing operations, including sites impersonating government or payment services to steal credentials and personal data. Zscaler emphasizes that these campaigns are financially motivated rather than ideological or state‑directed, underscoring how quickly conflict narratives are weaponized for cybercrime.³

Cisco’s threat intelligence research organization Talos reported that it had not observed “significant” cyber impacts to date but noted early activity such as defacements and small‑scale DDoS, and urged customers to reinforce basic hygiene including Multi-Factor Authentication (MFA), monitoring, and supply‑chain awareness.⁴

Palo Alto Networks’ Unit 42 similarly observed increased DDoS and hack‑and‑leak activity tied to Iran‑aligned hacktivist groups. The firm noted that, given Iran’s constrained internet connectivity, near‑term activity is likely to remain low‑ to mid‑level in sophistication, focused on disruption and signaling rather than advanced espionage.⁵ 

Cybersecurity Stocks Outperform as Geopolitical Tensions Drive a Risk‑Off Rotation

Against a backdrop of heightened cyber risk tied to rising geopolitical tensions, investors have rotated back into cybersecurity equities. In early March, the sector outperformed broader equity markets and other major tech segments, reflecting renewed interest in defense‑oriented software and infrastructure amid growing concerns around digital resilience.

From February 27 to March 9, 2026, the Nasdaq CTA Cybersecurity™ Index (NQCYBR™) and the ISE Cyber Security UCITS™ Index (HUR™) gained 5.26% and 7.63%, respectively.

By contrast, performance across the rest of the technology sector was far more uneven. Semiconductor stocks declined, with the Nasdaq PHLX Semiconductor™ Index (SOX™) down 3.52%, compared with a modest gain in the S&P Technology Select Sector Index (+0.71%).

Broader equity indices remained under pressure over the same period, with the S&P 500 (SPX) declining 1.16% and MSCI World Index (MXWO) falling by 3.05%, while Nasdaq-100® (NDX®) was flat (0.06%).⁶

Source: Bloomberg. Data from February 27 to March 9, 2026

With the notable exception of Ziff Davis, whose outsized gains were driven by company‑specific developments⁷, cybersecurity stocks posted broadly positive gains ranging from high single digits to the mid‑teens over the period.

Ziff Davis recorded total returns of 48.60%, followed by Cloudflare, CrowdStrike and Fastly, which rose 17.01%, 16.71% and 14.17%, respectively. More established security vendors such as Palo Alto Networks, Zscaler, Rubrik, and Okta posted solid high‑single‑digit to low‑double‑digit returns, broadly in the 9%-14% range.

Source: Bloomberg. Data from February 27 to March 9, 2026

Overall, the early March rebound in cybersecurity equities underscores how quickly investor attention has refocused on digital defense as geopolitical risks escalate in a highly dynamic, still-evolving situation. Just in the past few days, news reports have begun identifying a possibly significant cyberattack originating in, or tied to Iran, against a large U.S. company, Stryker⁸. Even as observed activity remains largely opportunistic and limited in sophistication, the consistent cadence of government alerts and threat‑intelligence updates has reinforced concerns around cyber resilience. Taken together, these dynamics continue to underscore the strategic importance of cybersecurity as a core layer of digital infrastructure in an increasingly complex risk environment.

The First Trust Nasdaq Cybersecurity UCITS ETF (CIBR) tracks NQCYBR. The L&G Cyber Security UCITS ETF (USPY) tracks HUR.

Disclaimer:

Nasdaq®, ISE Cyber Security UCITS™, HUR™, Nasdaq CTA Cybersecurity™, NQCYBR™, PHLX Semiconductor^TM Index (SOX^TM) Nasdaq-100®, and NDX® are trademarks of Nasdaq, Inc. The information contained above is provided for informational and educational purposes only, and nothing contained herein should be construed as investment advice, either on behalf of a particular security or an overall investment strategy. Neither Nasdaq, Inc. nor any of its affiliates makes any recommendation to buy or sell any security or any representation about the financial condition of any company. Statements regarding Nasdaq-listed companies or Nasdaq proprietary indexes are not guarantees of future performance. Actual results may differ materially from those expressed or implied. Past performance is not indicative of future results. Investors should undertake their own due diligence and carefully evaluate companies before investing. ADVICE FROM A SECURITIES PROFESSIONAL IS STRONGLY ADVISED.

© 2026. Nasdaq, Inc. All Rights Reserved.