BUG - HACK Vs. BUG: What To Look For When Comparing Thematic ETFs

2023-06-30 09:35:00 ET

Summary

• Investments in cybersecurity have risen significantly over the last decade with the acceleration and advancement of the digital economy and fueled by the Covid 19 pandemic and the widespread adoption of work-from-home policies.
• Thematic ETFs focused on cybersecurity offer an easy way for investors to participate in this growth opportunity. However, not all thematic ETFs are created equal.
• This paper compares the ETFMG Prime Cybersecurity ETF and the Global X Cybersecurity ETF, and highlights the key similarities and differences that investors should be aware of between the two ETFs.

Introduction

Investments in cybersecurity have risen significantly over the last decade with the acceleration and advancement of the digital economy. The COVID-19 pandemic also fueled investments in companies that specialize in cybersecurity, as many businesses rushed to ensure systems were sufficiently protected from rising cyberattacks that were prompted by the widespread adoption of work-from-home policies. In 2021, organizations spent $150 billion on cybersecurity, a 12.4% growth rate from 2020. ¹ Thematic ETFs focused on cybersecurity offer an easy way for investors to participate in this growth opportunity. However, not all thematic ETFs are created equal. The investment philosophy and objective of the ETF manager can lead to significant differences in how the theme is implemented in one ETF relative to another. This paper compares the ETFMG Prime Cybersecurity ETF ( HACK ) and the Global X Cybersecurity ETF ( BUG ), two of the largest cybersecurity ETFs (based on AUM), and highlights the key similarities and differences that investors should be aware of between the two ETFs.

Exhibit 1: Overview of the BUG and HACK ETFs

Source: Global X ETFs and ETF Managers Group as of March 31, 2023

Digging into the Differences

One of the first differences between the BUG and HACK ETFs that investors will notice is the number of constituents - HACK with 56 stocks and BUG with 24. As a result of having a smaller number of holdings, BUG is a more concentrated portfolio, as shown in Exhibit 2, which lists the top ten holdings for each ETF.

Exhibit 2: HACK and BUG ETFs - Top 10 Holdings

Source: Ultimus. Holdings as of March 31, 2023 Companies in bold are a top 10 holding of both ETFs.

We then used the Cybersecurity Lens and the ETF Analyzer tool in our Affinity® Platform to assess how the ETFs were constructed. By applying the Cybersecurity Lens, we identified both ETFs' product line exposure to different business lines, as shown in Exhibit 3. ²

Exhibit 3: BUG and HACK ETFs

Product Line Exposure through the Syntax Cybersecurity Lens

Source: Syntax

The results highlight fundamentally different approaches to gaining access to the cybersecurity theme. HACK takes a diversified approach to portfolio construction, holding companies primarily engaged in cybersecurity and others with secondary or tertiary involvement in the theme. After allocating constituent weight to each cybersecurity-related group at the product line level, 63.8% of HACK's weight is engaged in cybersecurity. On the other hand, BUG focuses on providing dedicated cybersecurity exposure, with 98.3% of its weight classified as cybersecurity. Exhibit 4 shows the top ten holdings of both HACK and BUG and their respective exposure to cybersecurity business lines.

Exhibit 4: HACK and BUG ETFs

Top 10 Holdings - Exposure to Cybersecurity

Source: SyntaxCompanies in bold are a top 10 holding of both ETFs. Exposure to cybersecurity indicates the percentage of revenue a company earns specifically from cybersecurity-related activities as calculated using the Syntax's Cybersecurity Lens in Affinity.

Six of HACK's top ten holdings have cyber exposure of 93% or more, while the remaining four have exposures of 39% (Akamai ( AKAM )), 7% (both BAE Systems ( BAESF , BAESY ) and Cisco Systems ( CSCO )), and 0% (Verisign ( VRSN )). Exhibit 5 illustrates the product lines of Akamai Technologies, HACK's ninth-largest holding, to provide some insights into what cyber-adjacent exposures may be found in HACK.

Akamai, an American content delivery network, cybersecurity, and cloud service company, is classified under the Information sector, with 38.6% of its revenue tied to Information Security Services for Businesses and Governments, which qualifies for the Cybersecurity Lens. In addition, 61.4% of its revenue is classified as Cloud Storage (its FIS® Level 4 classification in Exhibit 5 below).

Exhibit 5: Example Top 10 Holding - Akamai Technologies

Sector and Product Line Exposures from Affinity®

Source: Syntax Cybersecurity-related business exposure is highlighted in dark blue.

Here are what the other companies noted above bring to the HACK portfolio:

• Verisign has 100% of its revenues attributable to Cloud Services
• Cisco Systems is 57% Hardware, 17% Software and 26% IT Services
• BAE Systems has 93% of its revenues in the Industrials Sector and 7% in Cybersecurity Services

While HACK can be described as cybersecurity-focused, BUG's holdings make the ETF almost exclusively cybersecurity (98% of holdings) and specifically focused on cybersecurity software (85% of the portfolio).

Exhibit 6 below highlights the two ETFs' trailing and calendar year performance. Recent performance has favored HACK, which outperformed by 580 basis points over the past year, as the more diversified approach provided some downside protection when both ETFs posted recent losses.

Exhibit 6: BUG and HACK ETFs

Historical Performance and Volatility

Source: Bloomberg Performance calculated using daily price returns. Volatility is analyzed over the past three-year period ending March 31, 2023.

In 2021 and 2020, the more cybersecurity-focused BUG outperformed HACK by 6.2% and 29.5%, respectively, which supports its higher 3-year annual return (17.6% vs. 10.5%). Both ETFs experienced relatively high levels of volatility over the past three years, with volatility being measured as the annualized standard deviation of return. However, not surprisingly, the more diversified HACK (34.7%) was less volatile than the concentrated BUG (52.3%).

A Tale of Two Approaches

Our analysis of HACK and BUG highlights that these two thematic ETFs, which have cybersecurity in their names and similar investment objectives, can materially differ in terms of their approach for portfolio construction, performance, and portfolio characteristics. Depending upon an investor's preferences, the more diversified HACK or the more concentrated BUG could be the right choice for a portfolio. The key takeaway is that to avoid unintended consequences and risks, investors should be aware of the differences between ETFs before making their investment decisions. While there are many tools available for comparing the performance, expense ratio, and other market characteristics of ETFs, there are relatively few that enable investors to know what business lines the companies in the portfolio are actually engaged in. The Affinity Platform captures business exposures at the product line level for over 7,000 publicly listed companies, providing investors enhanced transparency into ETFs and their underlying holdings and helping them analyze portfolios to better understand what they own.

Footnotes:

¹ " New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers " McKinsey & Company, October 27, 2022

² Cybersecurity business lines are identified using Syntax's proprietary FIS industry classification system which may differ from other industry classification systems. Portfolio weight to Cybersecurity and subcategories is calculated at the product line level; the weight of each security is divided between all product lines of the company pro rata to the company's revenues from each product line, and product lines may be categorized in different groups.

Disclosure: Syntax Indices does not have a stake in the funds discussed.

Original Source: Author

Editor's Note: The summary bullets for this article were chosen by Seeking Alpha editors.

For further details see: