HACK ETF: Not Quite A Perfect Buy, But Still Has Some Merit (NYSEARCA:HACK)

Introduction

The ETFMG Prime Cyber Security ETF (NYSEARCA:HACK) is a financial product that covers over 50 stocks that are actively involved in providing cybersecurity solutions via hardware, software, or services. If you’re contemplating a position in this product, here are a few important considerations.

HACK’s Characteristics Vs Its Largest Peer- CIBR

Firstly, note that HACK is the first ETF to offer focused attention to the cybersecurity space (set up in November 2014), and given the first mover advantage, one would’ve thought it would have garnered the highest AUM in this space. Unfortunately, that isn’t the case, and there appears to be a more popular kid on the block- The First Trust Nasdaq Cybersecurity ETF (CIBR), which came to the bourses around eight months after HACK’s listing debut. Even though there hasn’t been a great deal of time between the listing dates of these two products, note that CIBR has managed to garner nearly three and a half times the level of AUM that HACK managed to accumulate across its whole listing duration.

CIBR’s popularity as a trading play can also be seen from the daily dollar volumes seen in this counter, and the relatively tighter spreads. HACK’s daily volumes are only 0.2x that of CIBR’s and the average spread variance is also quite wide with an 8bps differential between the two products.

Investors who dabble with products in this space typically aren’t attracted by the income angle which is invariably quite unremarkable, but we suppose that it does help that CIBR’s current yield is almost twice as good as what HACK offers.

When it comes to efficiency and stability there’s not much to split these two products. Both ETFs come with an expense ratio of 0.6%, and both roughly churn 1 in 2 holdings every year, well ahead of the ETF median of 1 in 3.

Nonetheless, even though CIBR appears to be the more popular product, it’s worth highlighting that it has grossly underperformed HACK since its inception.

It isn’t just the wide differential in the return profile that is worth pointing out. Investors need to note that HACK is more of a mid-cap play and CIBR more of a large-cap play, and ceteris paribus, one would expect mid-caps to innately be more volatile, but surprisingly enough, note that HACK’s overall volatility profile is a tad lower. Some of this could be explained by the fact that CIBR follows a much narrower pool of securities (only 33 stocks) than HACK.

Cybersecurity Spend – Can’t Be Neglected For Too Long

Cybersecurity stocks may not necessarily be the flavor of the season as recent studies have shown that an uncertain macro environment is weighing on tech budgets, and the cybersecurity sub-segment is taking one of the biggest hits (reportedly a 65% drop for the recent budget season). Meanwhile, as highlighted in the left-sided portion of the image below, note that the pace of growth of the global cybersecurity market has continued to drift lower sequentially for the last three quarters.

Whilst this is not ideal, we believe if you broaden your perspective, there’s still a lot to get excited about.

Firstly, note that for next year, amongst all the sectors that comprise the broader markets, the tech sector is still expected to generate the most attractive revenue growth at 9.3%.

If you think that’s impressive, then what about the top cybersecurity stocks that comprise HACK’s portfolio? Well, we’ve compiled consensus revenue growth estimates for the next year, and the takeaway here is that you’re looking at even better average revenue growth of over 13%. It’s quite telling that even in a relatively down year, you’re still getting pretty decent business growth.

One shouldn’t be overly surprised to see this relatively superior growth rate when you consider that publicly reported ransomware attacks are currently growing at 50% (for the first eight months of the year). If this trend persists, enterprises can’t keep putting off investments in cybersecurity spending. Enterprises will likely also recognize that neglecting cybersecurity investments or making inadequate investments can often also prove to have greater economical consequences in the long run. There’s also the growing risk of data breaches, which is currently estimated to be worth $4.45m on average, and will almost certainly snowball in the years ahead when you consider enterprises’ recent predilection towards large-language models and the like.

Investors shouldn’t also forget that the number of IoT-connected devices will almost double by the end of this decade from current levels, and this only gives attackers a wider platform base to attack.

What investors also need to consider is that whilst the market is relatively subdued, this gives some of the top publicly listed cybersecurity stocks an ideal opportunity to engage in more M&A and also engage in bolt-ons to beef up their intellectual capital base. Reports have shown that valuations for start-ups and the like have come down quite meaningfully.

Closing Thoughts

HACK’s price imprints for much of its listing history have taken place within a certain ascending channel, and we feel comfortable using that as our guidepost. There was a period during much of 2021 when the ETF had looked overextended to the upside (area highlighted in purple), but that seems to have passed. What’s encouraging to note is that after witnessing strong selling from November 2021 to September 2022, the ETF then appeared to form a base over many months just around the lower boundary of the channel. We think that was the appropriate time to get into HACK.

Now, even though the ETF appears to be demonstrating some strength, we think the risk-reward is quite fair, given where the price is currently, in context of the two boundaries of the channel. Besides HACK is hardly a cheap ETF to own and is currently priced at an elevated P/E of 22x.