Cybersecurity companies such as Fortinet Inc. (ticker: FTNT), Palo Alto Networks Inc. (PANW) and CrowdStrike Holdings Inc. (CRWD) have seen healthy double-digit earnings growth in the past few years.
The reason is fairly obvious: The need to secure networks won’t diminish anytime soon, given the frequency and sophistication of cyberattacks.
“Cybersecurity is a critical challenge for modern society. High-profile attacks in recent years have elevated it to a national security priority while emerging technologies like AI add new layers of complexity to the threat landscape,” says Tejas Dessai, director of research at New York-based Global X ETFs, whose product line includes the Global X Cybersecurity ETF (BUG).
[Sign up for stock news with our Invested newsletter.]
“We’ve seen an industry-wide uptick in spending on cybersecurity solutions and believe that the trend will continue to hold through the decade,” Dessai says.
According to tech research firm Forrester, the costs of cybercrime are expected to reach $12 trillion in 2025.
“As our lives become increasingly digital, cybersecurity has become a necessity,” says Christian Magoon, CEO of Amplify ETFs in Lisle, Illinois. The company runs the Amplify Cybersecurity ETF (HACK).
“The stakes are particularly high during the holiday shopping season, as e-commerce activity surges and online transactions require robust protection,” Magoon adds.
For investors who don’t want to pick stocks, BUG and HACK are among several exchange-traded funds offering broad exposure to the cybersecurity industry. Here’s a look at those ETFs and three other leading cybersecurity funds, along with their fees and assets under management, or AUM:
| Cybersecurity ETFs | Expense Ratio | AUM |
| First Trust Nasdaq Cybersecurity ETF (CIBR) | 0.59% | $7.3 billion |
| iShares Cybersecurity and Tech ETF (IHAK) | 0.47% | $914.7 million |
| Amplify Cybersecurity ETF (HACK) | 0.60% | $1.9 billion |
| Global X Cybersecurity ETF (BUG) | 0.50% | $803.0 million |
| WisdomTree Cybersecurity Fund (WCBR) | 0.45% | $110.4 million |
First Trust Nasdaq Cybersecurity ETF (CIBR)
Launched in 2015, this ETF tracks the Nasdaq CTA Cybersecurity Index. It comprises mainly companies involved in the development and management of network security protocols. Each stock must have a global market capitalization of $500 million, a minimum three-month average daily dollar trading volume of $1 million and at least 20% of shares available for public trading.
CIBR has $7.3 billion in assets under management, and its expense ratio is 0.59%, higher than some other funds in this category.
It primarily invests in established companies such as CrowdStrike Holdings, Cisco Systems Inc. (CSCO), Palo Alto Networks and Broadcom Inc. (AVGO).
iShares Cybersecurity and Tech ETF (IHAK)
IHAK is a smaller ETF, with $914.7 million under management. It measures the performance of an index composed of developed- and emerging-market cybersecurity companies. That differentiates this ETF from those tracking primarily large U.S. names.
For example, among the top components are SentinelOne Inc. (S) and Varonis Systems Inc. (VRNS).
This ETF is still focused on large companies, says Pawan Jain, associate professor and interim chair of the department of finance, insurance and real estate at Virginia Commonwealth University in Richmond, Virginia. That makes it “suitable for those seeking targeted exposure to well-known cybersecurity firms. It is also more geographically diversified than CIBR.”
Amplify Cybersecurity ETF (HACK)
This ETF made its debut in 2014. It was the first ETF to focus on the growing cybersecurity niche. It tracks the Nasdaq ISE Cyber Security Select Index, composed of companies providing hardware, software and services. It has $1.9 billion under management.
HACK has a large-cap tilt, as more than 81% of the fund is composed of stocks with a market capitalization of $10 billion or more. The ETF’s largest holdings are Broadcom, Cisco, CrowdStrike and Palo Alto Networks.
“The fund’s holdings reflect the critical infrastructure supporting cybersecurity for governments, businesses and individuals, addressing the massive cybercrime challenge,” Magoon says.
“For a company to be included in the index HACK tracks, it must derive 90% or more of its revenue from cybersecurity,” he adds. “These criteria help to ensure the portfolio’s thematic focus.”
Global X Cybersecurity ETF (BUG)
This is a concentrated, market-cap-weighted ETF with a focus on cybersecurity companies spanning diverse industry segments, including endpoint, messaging, data, cloud, network and identity security.
It launched in 2019 and has $803 million in assets, putting it on the smaller side of cybersecurity ETFs. Its expense ratio is 0.5%, and its dividend yield is 0.1%. It’s not unusual for tech companies to have low yields, as many re-invest profits into new projects rather than paying them out to shareholders.
To ensure purity with regard to the cyber theme, Dessai says, the strategy requires companies to generate at least 50% of their revenue from cybersecurity activities. Top holdings include Palo Alto Networks, CrowdStrike and Zscaler Inc. (ZS).
“This excludes companies whose primary business lies outside the cybersecurity sector and enhances the exposure clients get,” Dessai says.
“We believe that companies like Cisco and Broadcom, although they operate a large cybersecurity business, are not truly representative of the most innovative and highest-growing segments of the cybersecurity market, and for that reason are filtered out by the 50% revenue screen,” Dessai says.
WisdomTree Cybersecurity Fund (WCBR)
The WisdomTree Cybersecurity Fund is designed to track, before fees and expenses, the total return of the WisdomTree Team8 Cybersecurity Index. It was developed in partnership with Israeli venture capital firm Team8, which analyzes the specific cybersecurity offerings of every company that could be included. Stocks are screened on the basis of whether they will be in a position to provide cybersecurity services in the future, not what they’ve done in the past.
This ETF has a focus on software rather than areas such as consulting. “Consultants can provide services that lead to setting up cybersecurity systems. In Team8’s opinion, these are not the best examples of cybersecurity of the future,” says Christopher Gannatti, global head of research at New York-based fund manager WisdomTree.
“WisdomTree does a lot of work with thematic equity funds. While every client has their own specific situation, we would tend to see WCBR fitting into a portfolio slot that is very focused toward growth equities,” Gannatti says. He notes that the fund has low overlap with most established benchmarks, particularly the S&P 500 and the Nasdaq-100.
“So investors can easily use WCBR alongside a broader benchmark and still add something different to the portfolio,” Gannatti says.
More from U.S. News
Spot Ether ETFs Could Eclipse Bitcoin ETFs’ Impact
7 Best Cryptocurrency ETFs to Buy
5 ETFs That Outperform the S&P 500
5 Best Cybersecurity ETFs to Buy for 2025 originally appeared on usnews.com
