First Trust Cybersecurity ETF Offers Opportunity (NASDAQ:CIBR) | #government | #hacking | #cyberattack

Editor’s note: Seeking Alpha is proud to welcome Vera Glebova as a new contributor. It’s easy to become a Seeking Alpha contributor and earn money for your best investment ideas. Active contributors also get free access to SA Premium. Click here to find out more »

Olemedia/E+ via Getty Images

First Trust NASDAQ Cybersecurity ETF (NASDAQ:CIBR) is the largest U.S. cybersecurity ETF in terms of funds under management. I consider the fund’s shares to be an interesting buy given the current heated geopolitical situation. Since the beginning of 2022, cyberattacks have become more frequent both on corporate networks and on networks/websites/platforms of government organizations and government agencies around the world. The week of Feb. 28, 2022, through March 6, 2022, recorded a record weekly inflow of $271.8 million into the First Trust NASDAQ Cybersecurity ETF since the fund’s inception, confirming how strong investors’ interest in the cybersecurity industry is.

About The ETF

CIBR is a public exchange fund that tracks the NASDAQ CTA Cybersecurity Index. The fund includes companies that belong to the cybersecurity industry in accordance with the classification of the U.S. Consumer Technology Association. The majority of companies are cybersecurity software developers and network equipment and infrastructure providers.

As of April 23, 2022, the fund’s portfolio includes 42 companies. The top five are CrowdStrike Holdings (CRWD), Palo Alto Networks (PANW), Cisco Systems (CSCO), Zscaler (ZS), and Cloudflare (NET). The top 10 holdings make up 45.3% of the portfolio.

The criteria for including companies in the fund include a capitalization of at least $250 million and a free float of shares of at least 20%. The fund was launched on July 7, 2015, and the management company is First Trust. The management fee is 0.60%.

The fund distributes dividend payments on a quarterly basis, but cannot boast a high dividend yield. For 2021, the fund paid a total dividend of $0.3137 per share, with a dividend yield of 0.59%. In March 2022 the quarterly dividend amounted to $0.0204 per share.

Company Ticker % of assets
CrowdStrike Holdings CRWD 6.64%
Palo Alto Networks PANW 6.14%
Cisco Systems CSCO 5.54%
Zscaler ZS 5.40%

View charts featuring ETF fund flow data

CIBR Fund Flows Chart (

Industry Outlook

Enterprises need to process and store large amounts of confidential information, so they have to increase the cost of ensuring the proper level of information security. As part of the digital transformation, companies are introducing automation, moving to work in a hybrid cloud/multi-cloud environment, and introducing smart devices. The emergence of a large number of new technologies and the increase in the number of working devices within corporate networks has provided hackers with many loopholes to break into networks and devices. According to Grand View Research, the global cyber security market was valued at $184.93 billion in 2021 and is expected to expand at a CAGR of 12.0% from 2022 to 2030.

Spending on cybersecurity worldwide from 2017 to 2021

Spending on cybersecurity worldwide from 2017 to 2021 (

For many companies, cybersecurity already equals financial security – the average cost of a data breach in the U.S. has increased from $4.5M in 2010 to $10.2M in 2021.

The fact that this sector is one of the most promising areas in IT is evidenced by the labor market. According to Herjavec Group, the number of open vacancies in the field of cybersecurity worldwide has already reached 3.5 million. The number of employees in the sector in the U.S. is estimated at 715,000, with about 314,000 vacancies remaining open.

Due to the high load on corporate security systems, 70% of all security services fail to do their job. This indicates the existing need for modern high-performance solutions to ensure information security. According to research by Forrester, which is sponsored by Palo Alto, security teams in medium to large companies receive about 11,000 security alerts every day. Of that amount, about 28% are never addressed by analysts and the vast majority of the alerts are manually processed. Due to lack of time and the human factor, one-third of all warnings are ignored, and it takes an average of four days or more to investigate each incident.

The cybersecurity industry is also interesting for investments in the conditions of the heated geopolitical situation. Since the beginning of 2022, cyber attacks have become more frequent both on corporate networks and on networks/websites/platforms of government organizations and government agencies around the world – in Europe, the U.S., Asia, Russia, and Ukraine.

Here’s a list of some of the major hacks in 2021:

  • Kia Motors – hackers demanded ~$20 million
  • CD Projekt Red – employees lost access to internal resources and files; the damage was assessed as “high”
  • Acer – the company paid $50 million to hackers
  • JBS – the attack caused a disruption in the supply chain and an increase in prices for meat products; the company paid out $11 million
  • Microsoft Exchange Server – the data of millions of users and more than 60,000 private companies and nine government organizations in the U.S. were lost
  • T-Mobile – account data was stolen, including insurance numbers, driver’s license numbers, and TINs from more than 40 million customers

Largest Companies in the ETF

CrowdStrike Holdings

CrowdStrike is an IT company that provides cloud-based endpoint security and cloud workload security solutions through its Falcon platform and 19 cloud “modules.” The services are offered in the form of a SaaS model through a monthly subscription, and cover almost the entire cybersecurity market. This includes securing enterprise workloads, managing threats and IT operations, protecting personal data, etc.


The main advantage of CrowdStrike is the unique Falcon platform, which consists of two tightly integrated technologies: a lightweight agent that is installed on endpoints and the Threat Graph.

In the field of endpoint protection, there are two technologies: IoC (indicator of compromise) and IoA (indicator of attack). The first involves searching for a virus after infection based on known patterns/templates, while the second involves stopping suspicious activities immediately – i.e., before infection. CRWD specializes in the second type. IoA is a more complex technology, and here CrowdStrike has a trump card – Threat Graph, which collects data on detected threats at endpoints and processes them (otherwise called crowdsourcing). Thus, there is constant machine learning of the platform and improvement of AI models: the more connected clients there are, the more effective the program becomes. Threat Graph processes up to 6 trillion signals weekly, on the basis of which artificial intelligence is trained.

Classic antiviruses rely on known patterns to scan devices. But threats constantly change: In 2019, zero-day threats accounted for half (>540 million) of those detected in a year, while in March 2020 this number exceeded 677 million. According to several surveys, 76% of respondents who were subjected to cyberattacks noted that these were “zero-day” attacks – “outdated” antiviruses simply cannot keep up with them.

Classic programs are also ineffective against fileless attacks (in 2019 they accounted for ~38% of all threats). According to Ponemon Institute research, conventional antiviruses cover only 57% of potential dangers. CrowdStrike, on the other hand, is so confident in its technology that it offers insurance of up to $1M in case of system failure. CrowdStrike has all the benefits of the cloud:

  • The database is updated constantly and in real time, while classic antiviruses need to be updated regularly to increase the number of threats covered, which takes a lot of time.
  • Device scanning is also carried out continuously and dynamically – i.e., the intensity depends on the degree of danger of a potential anomaly or threat. It is worth remembering the classic Kaspersky or McAfee software, where a full PC scan is a lengthy and inconvenient process.
  • Cloud modules provide scalability: Users do not overpay for unnecessary functionality, but connect only the modules they need at a particular moment – which, moreover, do not take up space on the device.

Due to its unique technologies, CrowdStrike has become the absolute leader in the endpoint security segment. In SE Labs tests it showed 100% efficiency in 100% tests and received a triple-A rating. In 2021 at the SC awards, CrowdStrike’s software became the best solution in the field of cloud cybersecurity.


As of Jan. 31, 2022, CrowdStrike had 16,300 subscribers to its solutions. In the past five years, the number of clients has been growing rapidly at a CAGR of 105%. At the same time, the company’s customers actively increase the use of services, as evidenced by the customer retention rate, which has been above 120% for the past three years. As of the end of FY2022, 69% of CrowdStrike customers use four modules or more on the Falcon platform, up from 55% at the end of FY20.

Lack Of Competition

Thanks to the proprietary technology (software protected by patents), CrowdStrike has no full-fledged competitors. These are either “classic” antiviruses like McAfee, Symantec Enterprise division of Broadcom (AVGO), Microsoft (MSFT) division, etc. (the shortcomings of which have already been mentioned above), or similar in technology to SentinelOne and Trend Micro, which are much smaller in scale.

SentinelOne’s TTM revenue is $112M – nine times less than CrowdStrike’s. Trend Micro is slightly larger: its revenue is $1.7B, but the forecast growth is 4%-5% and CrowdStrike will overtake it in 2022-23.

CrowdStrike is a company with unique technology operating in a very promising market that has already established itself as one of the best. This is a clear candidate for the leaders of one of the key industries of the future, as such companies will clearly outperform competitors in the long run.

Data by YCharts

Palo Alto Networks

Palo Alto Networks is a large American company that ensures the security of organizations in cyberspace. The company has over 80,000 customers in more than 150 countries. Its services are aimed at creating comprehensive security measures, taking into account an individual approach to the client. The main product is a SaaS platform, which consists of three components: a firewall, endpoint protection, and a cloud for detecting cyber threats.

AI and Cloud Ecosystem

In 2018, the management of Palo Alto decided that the development of cloud technologies and artificial intelligence could become a new growth driver. The company conducts targeted acquisitions that help it gain a large market share. During the past year Zingbox, an IoT security company, was acquired. Palo Alto also bought Aporeto, which is engaged in the identification of computers using machine learning, and CloudGenix, which specializes in creating software-defined networks.

These acquisitions have helped Palo Alto expand its ecosystem beyond traditional firewalls with the help of cloud services and artificial intelligence technologies. This allows the company to shift from selling subscriptions to cloud services that are more resilient and easier to scale, as well as offering products that use machine learning techniques, making Palo Alto’s solutions more efficient.

Product Leadership

With the development of the world’s first machine-learning firewall, Palo Alto was recognized as the leader in firewall in 2020, overtaking Cisco, Fortinet (FTNT), and Check Point (CHKP). The implementation of the company’s new solution enabled organizations to stay ahead of emerging threats and ensure security through the collaboration of people and artificial intelligence, which helps avoid many mistakes. In addition, the company occupies a leading position in a new field for itself. The acquisition of CloudGenix, a leader in WAN edge infrastructure development, and the integration of its solutions into its Prisma Cloud product has placed Palo Alto at the forefront of this market as well. For the second year in a row, Cortex XDR has been recognized as the leader in cyberattack detection, having managed to detect a significantly larger number of attacks than solutions from CrowdStrike, FireEye, Kaspersky, and other competitors.

Financial Performance

Palo Alto constantly grows when it comes to the number of customers, which allows the company to show high revenue growth rates. It has averaged 56.7% per year over the past seven years, which is significantly higher than the IT industry at an average rate of 5.7%. The company also has a high gross margin of 70%, with a sector median of 47.9%. It is expected that revenue will continue to grow and double by 2026, showing growth of 14%-15% per year. The organization spends most of its gross profit on acquisitions and new product development – $5.1B and $1.7B over the last three years, respectively. R&D takes up 22.6% of revenue, which is well above the sector average of 10.6%. At the same time, the company’s R&D costs are constantly growing at an average of 48.7% per year.

Data by YCharts

In the long term, Palo Alto Networks’ shares look investment-worthy, driven by strong growth in the cybersecurity market, the company’s leadership position, solid growth in its customer base and revenue, and the company’s focus on developing cloud services.

Cisco Systems

Cisco Systems is the world’s largest provider of hardware and software for networking solutions. It is the undisputed leader in its sector, owning 19 research and production centers in Europe and Asia.

Cisco Cybersecurity

Cisco offers hardware, software, and services designed to protect networks from threats, including for IoT systems. Global spending on cybersecurity in 2022 is expected to reach $120B (+16% YoY), and by 2025 the market will increase to $325B at a CAGR of 28.6%. Cisco’s share of the industry is less than 4%, but the company made an important acquisition in this area. It bought Meraki, which is the undisputed leader in the field of Wi-Fi networks and routers security; its share in the address market is 39%. Its key product is a security system for the Wi-Fi 6 wireless networking standard, with a two-year sales growth of 106%.

At the moment, the above-mentioned segment brings in 7% of revenue, with a CAGR for three years of 12.3%. The development of the division is forecast to increase the company’s revenue CAGR from 4.3% to 8.2% through 2024. Profit growth will increase from 6.6% to 10%. The industry average is 5.5% and 9.7%, respectively.

Although cybersecurity accounts for only 7% of revenue, Cisco has technologies to position itself into a full organic synergic growth. So Cisco indeed benefits from growing cybersecurity market.


Software-defined networking (SDN) is a network architecture that facilitates network management and can be composed of many complex workflows and components. Thanks to SDN, it is possible to transfer the management of physical equipment to the cloud. The technology market is predicted to grow to $15.5B by 2024, with a CAGR of over 27%.

However, despite all the advantages of a software-defined network – such as security, efficiency and scalability – SDN does not allow virtualization of all equipment due to the low power of the network protocols used. To solve this problem, Cisco has developed its own infrastructure for managing equipment and data simultaneously – Application Centric Infrastructure (ACI). The main advantage is the ability to combine both physical/virtual computing and production facilities into a single network for further management. A total of ~$3B was allocated for development.

The flagship infrastructure product is the NX-OS OS and the switches built into it (devices designed to connect several nodes of a computer network together), Catalyst and Nexus-9000. Revenue from their installation has been growing on average by 28% for 3.5 years, providing high scalability (up to 24% higher than competitors from Arista (ANET) and Juniper Networks (JNPR)), power efficiency (up to 17% better), and performance.

This solution simplifies operations and reduces operating costs for power, cooling, and cabling. All of this reduces the overall cost of management by 75% compared to other SDN approaches. ACI is hugely popular among major IT giants, including Microsoft, Intel (INTC), Taiwan Semiconductor (TSM), Advanced Micro Devices (AMD), Apple (AAPL), and others.


Cisco Systems has a huge number of partnerships with major technology companies around the world. The contracts in just 2.5 years facilitated the company’s access to new technologies by several times, helped in the development of innovative products, and ensured effective marketing. The company has strategic long-term partnerships with Apple, IBM (IBM), Microsoft, Viacom (OTCPK:VIABP), Alphabet (GOOG)(GOOGL), and Alibaba (BABA), totaling over $25B. With these partnerships, Cisco has improved sales of SD-WAN solutions (protocols for network management and data transfer between the center and branches) by 28% YoY.

It is expected that in the future, together with IBM and Microsoft, the most productive data processing center (DPC) will be created, as well as the launching of projects in the field of 5G technologies. A distinctive feature to note is that all Fortune 100 companies are regular customers of Cisco.

Data by YCharts

Cisco is still the leading hardware vendor for networking solutions. The company actively creates new areas of growth. Cisco cybersecurity helps enterprises connect and monitor devices, secure and automate operations, and compute and manage data. Its partnerships, position in hardware, and cloud solutions create conditions for its further organic growth.


Zscaler is a global cloud-based information security company that enables secure digital transformation for a mobile and cloud-first world.

Combination of Products

Unlike many of its competitors, Zscaler does not focus on one type of data protection, but has a unique combination of products. The Zero Trust Exchange is a cybersecurity model based on constant monitoring of actions within the system. When a user goes to a particular page of a cloud resource, he/she needs to re-authenticate. This protects access to all data, including subsequent files and those already closed. The Zero Trust Exchange platform becomes a full-fledged VPN replacement and includes all the company’s products. This was made possible thanks to a faster and more stable network – 150 data centers redistribute the request load. The effectiveness of the platform is confirmed by the cooperation with 150 companies from the Fortune 500 list. More than 100 clients bring in more than $1m in revenue. Zscaler’s solutions enable businesses to create modern digital workspaces for employees, modernize cloud infrastructure, and secure corporate and confidential data.

Becoming Profitable

Unlike many fast-growing companies, Zscaler’s management says in press releases that the company is focused on making a profit. Despite huge advertising spending of 70.8% and R&D of 26%, the company expects to receive an operating margin in the range of 20%-23% by 2023, becoming profitable in 2024. The current operating margin is 6% compared to 9% last year. It is an unusual strategy for this sector, but it will help stabilize financial performance and increase the chance of upgrading the company with internal funds.

Revenue Retention

The company has a revenue retention rate of 127% – it is able to extract so much revenue from the existing customer base that this more than compensates for the churn of users. The figures are actually very good, because the company’s revenue is quite stable and customer loyalty is at a fairly high level. Over time, this fact can lead the business to profitability. This does not justify the company’s shortcomings, but it is a serious argument in favor of ZS.

Data by YCharts

Zscaler is yet another amazing company with the great technologies and plans for the future. Its unique combination of products, strong client base, and technological superiority of the products are the main growth drivers.


First Trust NASDAQ Cybersecurity ETF is a buy for both the long and short term, in my opinion.

CIBR can be a great short-term investment as the coming weeks are weeks of “big tech” earnings. Big tech could show high estimates and beat results because they didn’t feel the China lockdowns, supply chain disruptions, and other macroeconomic problems that investors are so worried about. (That’s true except for Apple and Amazon (AMZN), but I also expect their results to be better than expected due to high demand for their products in the quarter.) This can cause the Nasdaq to rebound, and since cybersecurity companies are highly volatile, CIBR can gain massively.

First Trust NASDAQ Cybersecurity ETF is an even greater buy for the long term, since the cybersecurity market is expected to grow rapidly. Although the four companies detailed here only account for 24% of all ETF holdings, we can see that this sector is very competitive. Every company has its own unique advantage that will be a growth driver for the next decade or so.


The largest cybersecurity ETF in terms of assets under management besides CIBR is the ETFMG Prime Cyber Security ETF (HACK).


CIBR outpaces HACK in terms of assets under management: $6.17B vs. $2B, respectively, and shares outstanding ($126M vs. $36.4M, respectively). The expense ratios are the same – 0.6%.


HACK is more concentrated with 70 holdings, while CIBR has 42. A greater number of holdings is not always a good thing, though. HACK has more small companies than CIBR. This leads to greater risks when it comes to investing in HACK.

ETFs holdings

ETFs holdings

CIBR also has greater ESG rating. It is 8.29/10, while HACK’s is only 7.11/10.

ETFs ESG ratings


The chart shows the growth of investments in CIBR and HACK. CIBR’s yield since July 8, 2015, was 162.81%, which exceeds the HACK yield of 89.40%. CIBR’s dividend yield is 0.66%, which is higher than HACK’s 0.33% (adjusted for stock splits and dividends).

CIBR VS HACK performance

CIBR has performed better over the last six years (portfolioslab)

The CIBR Sharpe ratio (i.e., investment portfolio performance indicator) is currently 0.46, which is higher than the HACK Sharpe ratio of -0.24. The chart below compares the moving 12-month Sharpe ratio of CIBR and HACK.

CIBR VS HACK sharpe ratio

CIBR sharpe ratio is much higher than HACK’s (portfolioslab)

The maximum drawdown of CIBR for the specified period was -33.05%, which is lower than HACK’s -39.76%. The drawdown chart below compares losses from any high over the entire observation period for CIBR and HACK.

CIBR vs HACK maximum drawdown


As we can see, CIBR is a more effective and less risky ETF than its closest peer, HACK, which makes it a far better investment.


The main risk for CIBR is related to monetary tightening in Europe and the U.S., which could cause increased volatility in technology stocks and put pressure on the stock market as a whole. The recent correction is related to market conditions, which affected the most valuable growth stocks in the first place.

Summing Up

In my opinion, CIBR is overall the best ETF in this sector because it has greater allocation to such wide-moat companies like CrowdStrike, Zscaler, and Palo Alto. It is much better than HACK, since it is less volatile, has the higher Sharpe ratio, and has outperformed its closest peer by more than 70%. I also believe that cybersecurity is one of the best sectors to invest in right now, since its rapid growth will have a positive impact on company revenues.

Original Source link

Leave a Reply

Your email address will not be published.

twenty seven − 24 =