Governments and major corporations worldwide have sounded alarms in the past few days that they have been the victim of a global cyber-espionage campaign that hacked into multiple United States government agencies. The cyber attack involved a commonly used software product developed by the U.S. company SolarWinds
While the extend and motive behind the hacking are still unknown, software developers at the cybersecurity company FireEye
The Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that the hack had comprised many federal agencies and because of the attack's length and severity, the full extent of the attack will be hard to detect and be difficult to undo. The CISA has called all federal civilian agencies to review their networks for potential compromises and to disconnect SolarWinds Orion products immediately.
While the situation surrounding what may be the largest cybersecurity attack in history, it is expected that future governmental and corporate focus will be on enhanced cybersecurity measures to prevent malicious actors accessing sensitive data moving into the new year.
Following multiple reports of the attack, cybersecurity names like Palo Alto Networks
Just like any industry, exchange-traded funds offer investors an easier and less risky approach to sector investing by allowing for broad exposure to the entire industry. The cybersecurity industry is also newer and quickly evolving, which brings more risk to investing in individual stocks.
There are currently four cybersecurity focused ETFs that trade on U.S. markets, gathering total assets under management (AUM) of $5.9 billion:
Global X Cybersecurity ETF
BUG tracks the Indxx Cybersecurity Index, which is a modified market-cap-weighted global index that follows 28 stocks that are positioned to benefit from increasing adoption of cybersecurity technology. The fund has $82.07 million AUM at an the industry average expense ratio of 0.50%. The majority of its holdings are U.S. based software companies, with minority holdings coming from Japan, United Kingdom and South Korea. BUG is currently up over 75% for its year-to-date.
First Trust NASDAQ Cybersecurity ETF
CIBR tracks the NASDAQ CTA Cyber Security Index, which is a liquidity-weighted index that follows 41 stocks in the cybersecurity industry. Each of the fund's holdings must be classibea as a cybersecurity company by the Consumer Technology Association and have a minimum market cap of $250 million. The fund has $2.94 billion AUM and an expense ratio of 0.60%. The majority of the fund's global holdings are U.S.-based, but has minority holdings based in the U.K, Japan, France and South Korea. CIBR is currently up over 51% YTD.
iShares Cybersecurity and Tech ETF
IHAK tracks the NYSE FactSet Global Cyber Security Index, which is company of cybersecurity and technology stocks. The fund's 43 holdings include developers of cybersecurity hardware, software, products and services. The fund has $211 million AUM and an expense ratio of 0.47%. The majority of the fund's global holdings are U.S.-based companies, with other majority shares held by Japan, Taiwan and Malaysia. IHAK is up over 53% YTD.
ETFMG Prime Cyber Security ETF
HACK tracks the ISE Cyber Security Index, which is a tiered and equal-weighted index that focuses on companies involved in Cybersecurity technology and services. The fund holds $1.90 billion AUM and its expense ratio is on par with CIBR's at 0.60%. The fund's 61 global holdings include companies based in U.S., U.K, Japan, Canada, Sweden, South Korea and Finland. HACK is currently up about 42% YTD.