BUG: Gain Exposure To Cybersecurity Through This Concentrated ETF

Cybersecurity is one of our favourite growth themes for a medium-to-long-term investment horizon. Not only has growth in this sector been particularly resilient to the current economic slowdown, but valuations have also become attractive relative to long-term growth prospects. For investors looking for a cost-effective and convenient way to build portfolio exposure to this theme, we think that the Global X Cybersecurity ETF (NASDAQ:BUG) could be a great choice.

Growth Prospects Not Fully Appreciated By Investors

Despite the increase in frequency and cost of data security breaches across government agencies and corporate enterprises in recent years, there is still significant underinvestment in cybersecurity.

So far in 2022, there have already been multiple major cyber attack incidents that have cost U.S enterprises millions in damages. According to IBM’s Cost of a Data Breach Report 2022, the average cost of a data breach in the U.S is around US$9.4 million, which is more than twice the global average of US$4.4 million. The T-Mobile (TMUS) data breach in 2021, which affected around 80 million U.S residents, ended up costing the company US$350 million to settle a class action lawsuit. In an SEC filing following the settlement, T-Mobile stated that it would spend US$150 million this year and in 2023 on cybersecurity.

For many years, cyberattacks appear to be specifically targeting large corporations and government agencies due to the massive volumes of personal data held by these entities. However, as these entities beef up their cybersecurity, future attacks will become increasingly more difficult and risky for hackers. Small and medium enterprises with tiny cybersecurity budgets and thus weaker defenses, could increasingly become the next target of choice.

From our perspective, there is enormous scope for growth in cybersecurity spending due to persistent underinvestment over the years. This is in stark contrast to the breathtaking boom in cloud computing and blockchain technologies. Cybersecurity spending has only recently begun to emerge more prominently on the IT budgets of large companies that have come to appreciate the risks and cost of cyberattacks the hard way. As the modern world becomes increasingly more digitalized, interconnected, and data-dependent, we expect cybersecurity spending growth to accelerate.

Cybersecurity Will Be Multi-Layered And Constantly Evolving

The ever-increasing sophistication of information technology that is being applied in more areas of government services and businesses, means that there will be a greater number and variety of connections that could become vulnerable to cyberattacks. The sheer sophistication and scope of detecting and defending against all types of cyberattacks mean that cybersecurity will be multi-layered in nature, requiring uniquely different solutions for different parts of an IT infrastructure. Furthermore, as new technologies are added to existing infrastructure, cybersecurity solutions will need to constantly evolve to meet new challenges and requirements.

This multi-layered nature of cybersecurity could present a difficult problem for investors: there is unlikely to be a single cybersecurity company, not even a handful, that will end up dominating the industry. Just like how diverse the software industry has become, the same is likely to happen to cybersecurity. Therefore, the odds are stacked against the stock picker who is looking for that one big winner. Instead, we think that the optimal way to execute this bullish view on the cybersecurity theme is to invest in a concentrated basket of leading companies that are dominating in their respective areas of cybersecurity.

Global X Cybersecurity ETF

According to fund information provided by Global X, BUG seeks to invest in companies that stand to potentially benefit from the increased adoption of cybersecurity technology, such as those whose principal business is in the development and management of security protocols preventing intrusion and attacks to systems, networks, applications, computers, and mobile devices. The fund seeks to provide returns that correspond generally to the performance, before fees and expenses, of the Indxx Cybersecurity Index.

BUG is one of the most concentrated among liquid cybersecurity ETFs with more than US$50 million in assets under management, including First Trust Nasdaq CEA Cybersecurity ETF (CIBR), iShares Cybersecurity and Tech ETF (IHAK), and ETFMG Prime Cyber Security ETF (HACK).

BUG is heavily concentrated on large cybersecurity software companies with a portfolio of just 24 holdings with net assets of US$1.11 billion. As of 27 October, BUG’s top 5 largest holdings make up close to 39% of the portfolio: Check Point Software Technologies (CHKP), Fortinet, Inc. (FTNT), Palo Alto Networks, Inc. (PANW), CrowdStrike Holdings, Inc. (CRWD), and CyberArk Software (CYBR).

We like BUG’s concentration on cybersecurity software companies (57.5%) which enjoy several advantages over other categories of cybersecurity companies. Software solutions can be deployed more rapidly and are more scalable than hardware-supported solutions. More importantly, software companies offer a differentiated solution that is less likely to face direct competition.

Valuations And Expense Ratio

BUG’s portfolio valuation at 54x P/E and 9.2x P/B may seem extremely expensive, but we note that this could be misleading for investors. It is extremely challenging to value growth companies that are in the very early stages of a multi-decade boom. Not only do some of BUG’s holdings have very little earnings or even suffer losses due to the need to invest heavily in R&D, but many are also spending heavily on sales and marketing to expand market share. Thus, revenues at some of these companies could be growing at rates above 20%-30% annually with little earnings to show.

To be sure, investing in cybersecurity is certainly going to be more risky compared to investing in a mature industry. We acknowledge this risk and recommend that investors consider their own risk appetite and investment objectives in deciding if the cybersecurity theme is a suitable investment for their portfolio.

BUG’s expense ratio is moderately high at 0.5%, but this is generally in line with its peers.

Trading metrics for BUG are healthy with low and stable spreads, healthy volumes, and the fund trading close to NAV.

In Conclusion

We like BUG’s concentration on cybersecurity software companies and we see enormous scope for growth in cybersecurity spending due to persistent underinvestment over the years.

On the surface, BUG appears to be grossly overvalued based on regular measures comparing share price to earnings and book value. However, relative to the sector’s long-term growth prospects, we view the risk-reward as attractive.

We initiate coverage of BUG with a “Buy” rating.