John M. Lund Photography/DigitalVision via Getty Images
Investment thesis
With Salesforce (CRM) reporting slowing growth in its earnings report yesterday, any stock that has anything to do with cloud software, including cybersecurity stocks, is being consigned to the trash. Garbage. While parallels can easily be drawn between the larger cloud software space and cybersecurity stocks, this is simply due to the homogeneous nature of the cybersecurity industry’s business model optics, growth metrics, industry acronyms, etc.
I believe cybersecurity stocks have a unique set of tailwinds that set this sector apart from the broader cloud software sector. Yes, the cybersecurity industry is currently experiencing some cross-currents that are confusing expectations, but the long-term growth prospects are very strong, in my opinion, given the growing threats from online adversaries which I mention below in my overall forecast.
I am bullish on cybersecurity In general, we believe that the CIBR ETF (Nasdaq: Saber) is the best way to get to know a wide range of players in the industry. I rate CIBR as a Buy.
About CIBR Fund
First Trust’s NASDAQ Cybersecurity ETF is managed by the financial services ETF based in Wheaton, Illinois. The ETF is designed to track the performance of the NASDAQ CTA Cybersecurity Index (NQCYBR). By tracking the Nasdaq Cybersecurity Index, the fund aims to provide investors with exposure to companies operating in the cybersecurity technology sector.
According to his fund documents, the companies to which his capital is allocated are: “Primarily involved in building, implementing, and managing security protocols applied to private and public networks, computers, and mobile devices in order to provide protection for the integrity of data and network operations.”
To be included in the CIBR Fund, companies must be part of the NQCYBR Underlying Index and regulated as a cybersecurity company as defined by the CTA (Consumer Technology Association). I’ve added some additional details about indicator weight below:
-
Companies must have a market capitalization of $500 million, a minimum three-month average daily trading volume of $1 million, and a minimum free float of 20%. In addition, no security can exceed more than 6% of the weight of the index. This would keep the index fairly balanced across all index components.
-
The index is evaluated semi-annually in March and September, but is rebalanced quarterly. However, if the Index security no longer meets the eligibility criteria at any time during the year, outside of the Index’s regular evaluation period, the security will be removed from the Index and not replaced.
I’ve added a chart below showing the top 15 holdings versus CIBR funds’ constitutions by categories.
Exhibit A: Top 15 holdings of First Trust’s NASDAQ Cybersecurity ETF (Attfdb)
Peer comparison
Here’s how the CIBR ETF compares to some of its peers. The list below, in Figure B, is ordered by largest to smallest fund in terms of assets under management.
Exhibit B: Comparison of AI-focused ETFs by different fund metrics (Sa)
The first observation is that most cybersecurity ETFs are usually more expensive than the average ETF. On average, expense fees are about 50 cents for every $100 invested in most cybersecurity ETFs, as shown in Exhibit B. But CIBR is the largest and one of the oldest ETFs, providing exposure to the cybersecurity industry.
The CIBR Fund is also the most active cybersecurity ETF, while offering relatively higher levels of diversification, with about half of CIBR’s assets deployed in the top 10 funds. I mentioned earlier how the underlying index manages diversification by ensuring there is no fund component. It grows beyond 6%.
Peer performance
The CIBR fund has also performed relatively better than its peers if you compare it over 3-5 years, as shown in Figure B. I’ve also included the fund’s performance versus its peers in Figure C below over three years. I looked out three years because I wanted to chart how CIBR has performed versus its peers during volatile time periods, such as those seen during 2022, where CIBR has relatively outperformed again.
Figure C: CIBR Fund’s performance versus its peers over the past three years. (Sa)
Moreover, when I compare First Trust’s Nasdaq Cybersecurity ETF to the broader markets, represented by the S&P 500 and Nasdaq 100, as well as its larger cloud software peer groups, the iShares Expanded Tech-Software Sector ETF (IGV) and First Trust’s When I Own Fund Cloud Computing ETF (SKYY), I see that CIBR continues to outperform almost all indices and its larger peers.
Exhibit D: CIBR Fund’s performance versus larger peers and indexes over the past three years. (Sa)
Despite the volatility seen a couple of years ago, the performance shown by CIBR demonstrates the strength of the underlying stocks that form part of the CIBR Fund.
Cybersecurity forecasts and assessment
The reason I think CIB differentiates itself from its peers is because of its fund composition and diversification. As I noted in Exhibit A, CIBR allocates capital to some of the industry’s strongest cybersecurity players who are innovating at the cutting edge of cybersecurity. Companies like CrowdStrike (CRWD) and Palo Alto Networks (PANW) operate in emerging cybersecurity markets such as Endpoint Security and Secure Access Service Edge.
Other companies, such as Zscaler (ZS), operate in one of the fastest growing cybersecurity markets, CASB (Cloud Access Security Broker), ZTNA (Zero Trust Network Access) while Okta (OKTA) operates in IAM (Identity Access Management). ).
A recent IDC survey showed how cloud security, identity access, and security incident management and response are top priorities for organizations today. I’ve added this to the E. Gartner whitepaper, which also points out key security areas that are becoming essential for organizations to step up their efforts. These areas such as IAM and security incident management are even more important in today’s GenAI era.
Exhibit E: IDC survey highlights key areas companies want to spend in cybersecurity. (IDC)
Another study by Gartner shows how total cybersecurity spending is expected to grow by 14.3% in FY24. But within the expected increase in spending, areas like IAM, cloud security, data privacy and security are expected to outpace overall growth in cybersecurity spending. Additionally, overall cybersecurity spending is expected to be higher than the projected 13.9% increase in software spending in FY24.
Finally, spending on cybersecurity is expected to increase rapidly, registering strong double-digit growth through 2027, compared to the projected growth of cloud software over the same period, which is expected to grow 13.8% through FY 2027. This also shows that Treat the cybersecurity aggregator of cloud stocks like a cloud stock because it has a different set of tailwinds.
Given these bright, growth-oriented double-digit outlooks that CIBR’s cybersecurity companies can collectively demonstrate, I think a fund earnings valuation multiple of 30x seems very reasonable to me.
Risks facing the bull thesis
There are two risks that may currently create headwinds to my outlook regarding CIBR.
First, macroeconomic forces may force firms to change their balance sheets, affecting the outlook for firms in the CIBR. But as I show in Figures (c) and (d), CIB should be able to outperform the markets over a longer period of time. This is only because there may be short-term fluctuations, but the long-term growth prospects remain sound in the cybersecurity space.
Secondly, since I mentioned short-term fluctuations, I should also point out that the industry is currently going through certain cross-currents, with mixed comments coming from the management teams of different players. While Palo Alto Networks management believes it is seeing some level of slowdown in cybersecurity organization spending due to… “Cybersecurity Spending Overwhelm” CrowdStrike management has taken the other side of the fence, saying there is “There are clearly no signs of slowing down or fatigue.” But note that Palo Alto Networks management said “burnout,” which to me suggests organizations are pausing due to months of spending in this area and pausing. With threats at an all-time high, I expect spending across the industry to resume at some point. a point.
Ready meals
As I noted in my research note, I believe the cybersecurity field is poised to remain resilient in the face of today’s remarkable uncertainty. As attacks by online adversaries increase dramatically, industry-leading cybersecurity companies, represented by the CIBR Fund, will stand to benefit the most.
Despite the relatively high valuation levels, I would recommend buying CIBR on any pullbacks.
