Deciphering Cybersecurity ETFs in Europe


Cybersecurity ratings have been shaken this year along with many disruptive technology issues; But money continues to flow into the sector, from governments and corporations to ETF investors.

It’s an industry that continues to experience exponential growth in line with the introduction of increasingly powerful and scalable hardware and software. Earlier this year, US-based technology consultancy Gartner forecast that global spending on information security and risk management will grow to $172 billion in 2022, up from $155 billion in 2021.

Meanwhile, Russian cybersecurity services provider Kaspersky has found that 85% of IT decision-makers in North America plan to increase their digital security budgets by up to 50% this year.

Underlying these forecasts is an overall worrying rise in cybercrime, with US cybersecurity firm SonicWall noting that ransomware attacks more than doubled in 2021 to 623 million incidents compared to the previous year.

As Chris Versace, CIO at Tematica Research, said ETF stream: “The dark side of our increasing connectivity and digital lifestyle is that there are simply more attack vectors for bad actors.”

Versace pointed to society’s reliance on more powerful systems that are increasingly integrated into our daily lives and personal information, such as e-commerce, home office technology, the Internet of Things, 5G and data centers.

Meanwhile, Aanand Venkatramanan, head of ETF investment strategies at Legal & General Investment Management (LGIM), warned that more cloud-centric protection is needed, including the continued growth of ID authentication software and hardware.

He added that as blockchain development becomes more widespread, more efficient encryption may be needed.

Emphasizing the ability of cyberattacks to cause congestion in ports, disruptions in railroad networks, power supplies and more, Venkatramanan continued: “What we have seen so far are cyberattacks on companies, individuals, governments and so on. What we haven’t seen are attacks that have an immediate societal impact.”

Looking ahead, the number of “attack vectors” will only increase with the differential adoption of autonomous vehicles, telemedicine, the metaverse, and later Wi-Fi 6 and 7 and even 6G.

More directly related, digital security has come into focus in recent months with the Russian invasion of Ukraine and the accompanying aggressive rise in distributed denial-of-service attacks.

Russia introduced data-wiping malware that infected “hundreds” of computers in Ukraine, Latvia and Lithuania, temporarily shutting down Ukrainian government websites and Internet access in some areas.

In response, “hacktivists”, including the notorious Anonymous group, launched attacks on the websites of the Russian military, the Kremlin and the Russian propaganda channel RT News. A subsequent Department of Homeland Security warning to US companies then signaled the start of a more proactive approach to cybersecurity risk management.

In April, the Securities and Exchange Commission announced that it was considering requiring investment managers and funds to implement cyber risk policies and report cyber incidents to current and potential clients.

Since early May, US banks have been required to notify regulators of a cyberattack within 36 hours, according to a report by cloud company VMware, which found that cybercrime against financial institutions has risen 63% over the past year.

Noting the growing regulatory pressure and fines imposed on businesses for cybersecurity incidents, Versace said, “Some of the fines are, without a doubt, penalties. It’s a major pain point for businesses.”

Echoing his thoughts, Venkatramanan argued: “Regulation should promote safety, it should raise awareness and push people towards safe solutions, but regulation should not punish the victims.”

That last point is certainly up for debate. In fact, taking adequate steps to protect customers from cyber threats is an increasingly important but underestimated part of corporate responsibility.

In support, US-based cybersecurity provider Arctic Wolf found that half of the 300 IT security decision makers surveyed believe their organization’s cybersecurity budget “is not meeting the minimum amount they need to keep their security goals on track.”

Growing technological applications and networks, as well as more sophisticated criminals, will require actors at different levels to further improve their defenses to protect the increasingly technologically integrated parts of society. This ever-growing flow of capital makes cybersecurity an issue for ETF investors to keep an eye on.

A breakdown of cybersecurity ETFs

While the structural long-term theme is clear, choosing which cybersecurity ETF to invest in is a challenge as each of the six ETFs in Europe tracks a different index.

Chart 1: Cybersecurity ETFs in Europe

Source: ETFLogic

Despite the lackluster performance so far in 2022, cybersecurity ETFs in Europe are home to nearly $5.1 billion in assets under management, with every product in the sector seeing impressive inflows.

After launching last May, the $451 million First Trust Nasdaq Cybersecurity UCITS ETF (CIBR) has nearly doubled with $203 million in inflows, according to data from ETFLogic. CIBR was only slightly outperformed by the $2.7 billion L&G Cyber ​​Security UCITS ETF (USPY) and the $1.5 billion iShares Digital Security UCITS ETF (LOCK), which were up $290 million and $326 million, respectively Raised USD in new assets.

Despite collapsing -19.7% over the past six months, CIBR has topped the sector over the period, with the equivalents of LGIM, BlackRock, WisdomTree and Rize ETF ranking centrally between 22.4% and 33.7%, according to justETF % each fell Rate hikes by banks shattered any resilience in cybersecurity ratings that had been shown earlier in the year against setbacks.

However, as the performance differential between ETFs might suggest, investors would be wise to look into the differences between the products under their cybersecurity labels.

For example, five ETFs offer exposure to 29 to 53 stocks, while BlackRock’s LOCK is an exception with its much less concentrated basket of 119 companies.

Accordingly, LOCK’s holdings have overlap ratios with other ETFs in the product class, ranging from 0.45 to 0.58, versus 0.81 for USPY and CIBR and 0.72 for USPY and the Rize Cyber ​​Security & Data Privacy UCITS ETF (CYBR).

Chart 2: Portfolio correlation and basket overlap of cybersecurity ETFs

Source: ETFLogic

Of the two longer-established ETFs, the more concentrated portfolio appears to have outperformed, with USPY returning an annualized 11.7% over the past three years, versus 8.8% for LOCK’s more diversified offering.

However, USPY has a significantly higher total expense ratio of 0.69% versus LOCK’s 0.40% – with mutually offsetting benefits in initial listing spreads and securities lending revenues.

Despite their differences, all six strategies in the cybersecurity class react to market events in a similar way. According to ETFLogic, the correlation ratios between the performance trends of the most widely used ETFs – LOCK and the WisdomTree Cybersecurity UCITS ETF (WCBR) worth 65 million ETF (ERROR).

This article first appeared in Thematics Unlocked: Signs of a Maturing ETF Market, an ETF Stream report. To access the full edition, Click here.

Related Articles

Please note: the tool is provided by ETF Logic, who will process your personal data in accordance with their privacy policy.


About Author

Comments are closed.