2023-06-12 04:29:11 ET
Summary
- I continue to be bullish on the global cybersecurity market and the leading companies that operate in that space.
- However, it is time to acknowledge that the BUG cybersecurity ETF is simply not working as a "growth" investment.
- Indeed, over the past year, the BUG ETF has significantly lagged technology sector as a whole and has even trailed the returns of the S&P 500 by a wide margin.
The investment thesis supporting the Global X Cybersecurity ETF ( BUG ) appears to be strong and relatively straight forward: cybersecurity for businesses, governments, and individual consumers is no longer optional - it is mandatory. As a result, leading cybersecurity companies that operate SaaS-based platforms are demonstrating strong growth in revenue and free-cash-flow. However, even as individual companies in the BUG ETF continue to perform very well, it is time for me to acknowledge that this ETF is simply an under-performing asset. Indeed, I had purchased BUG for inclusion in the "growth" category of my portfolio, but over the past year it has been left in the dust not only by other technology investments, but even by the S&P 500 itself:
Indeed, as the chart above clearly shows, the Vanguard S&P 500 ETF ( VOO ) has nearly doubled the returns of the BUG over the past year while both the iShares Expanded Tech-Software ETF ( IGV ) and Nasdaq-100 Trust ( QQQ ) have fully participated in the recent technology rally and trounced BUG's returns. As a result, I am downgrading BUG from a BUY to an outright SELL.
Investment Thesis
As I have explained in previous Seeking Alpha articles on the BUG ETF, the global TAM for cybersecurity is large and growing rapidly (for instance, see BUG: There Is No Stopping The Leading Cybersecurity Companies ). However, and while I continue to be bullish on the leading cybersecurity companies themselves, the fact is that the BUG ETF is simply an under-performing asset and has not met my expectations. I know it's a completely different industry, but BUG reminds me somewhat of my downgrade on gold (see Gold Isn't Working ). That is, despite what looked like strong fundamentals, the investment thesis simply did not work out as expected. That being the case, it is time to consider selling the BUG ETF and re-deploying the capital to better performing equities. But first, let's take a look at some of the leading cybersecurity companies to see how they are performing.
Top-10 Holdings
The top-10 holdings in the BUG ETF are shown below and were taken directly from the Global X webpage where you can learn more details about the fund:
As you can see, the BUG ETF is a relatively concentrated fund: the top-10 holdings equate to 57.4% of the entire portfolio. However, as I have opined in the past, this is exactly what investors should want considering the leading cybersecurity companies are arguably in a "winners take most" position within the overall market.
Indeed, the #1 holding - with a 9.0% weight - is Zscaler ( ZS ). Zscaler continues to grow like a weed and earlier this month the company's Q3 earnings demonstrated that fact:
- Q3 non-GAAP EPS came in at $0.48 - a $0.05 beat.
- Revenue of $418.8 million (up a whopping 46.0% yoy) beat consensus estimated by $7.05 million.
- Free cash flow was $73.9 million (18% of revenue). That compares to $43.7 million (15% of revenue) in Q3 of fiscal 2022.
- The midpoint of Q4 revenue guidance ($430 million) exceeded estimates ($426.85 million).
CrowdStrike ( CRWD ) is the #2 holding with a 6.7% weight. Similarly to Zscaler, CRWD's Q1 FY 24 earnings report was also very strong: revenue of $692.58 million (+42.0% Y/Y) beat by $16.35 million, ARR grew 42% yoy to reach $2.73 billion, and forward guidance for Q2 was better than expected. Free cash flow was $227.4 million compared to $157.5 million in Q1 of fiscal 2023.
The #3 holding is Palo Alto Networks ( PANW ) with a 6.5% weight. PANW recently popped higher on inclusion into the S&P 500 . PANW announced its Q3 report in late May and highlights included:
- Q3 Non-GAAP EPS of $1.10 beat estimates by $0.17.
- Revenue of $1.72 billion was +23.7% yoy.
- Billings grew 26% year over year to $2.3 billion.
- For the year, PANW expects free-cash-flow margin of ~38%.
As shown in its Analysts Day Presentation , Palo Alto's strategy is to focus on three primary categories: network security, cloud security, and security operation centers ("SOC"):
Going forward, PANW will be employing embedded AI & ML automation across the security stack.
Looking at the stock performances of these three leading cybersecurity companies over the past year is instructive:
Even though ZS and CRWD are growing revenue faster than Palo Alto, PANW is bigger and its inclusion into the S&P 500 was a positive catalyst as indexed funds raced to buy the stock. Meantime, and despite the tech rally YTD, ZS and CRWD are still negative over the past year.
The story is similar for Okta ( OKTA ), the #6 holding with a 5.2% weight. OKTA's Q1 report was a beat: revenue of $518 million (+24.8% Y/Y) beat by $7.32 million. The company generated $124 million of free-cash-flow and raised guidance. However, OKTA stock is down 25% over the past year and still trades with a forward P/E of 78x .
Risks
A primary investment catalyst behind these cybersecurity companies is that they operate SaaS-based platforms that can be easily scaled-up and are therefore expected to generate free-cash-flow growth that should, over time, exceed revenue growth.
However, this expectation is what has led to the premium valuation levels of these companies. The current forward P/E (as per Seeking Alpha) of the leading companies in the BUG ETF are shown below:
- ZS: forward P/E = 92.3x
- CRWD: forward P/E = 62.6x
- PANW: forward P/E = 51.5x
These kind of rich valuation levels, which the cybersecurity companies have enjoyed since the bull-market of 2020 began, is likely the primary reason that they - despite excellent operational and financial performance over the past year - have continued to lag the overall market. Meantime, despite the 2022 bear-market in the technology sector, the BUG ETF's overall valuation level remains elevated:
The BUG ETF's PE and price-to-book metrics (42x and 6.4x, respectively) compare to the S&P 500's PE of 24.9x and price-to-book of 4.2x (a roughly a 50% valuation premium).
Meantime, note the expense ratio of the BUG ETF (0.51%) is significantly higher than that of the QQQ ETF (0.20%) and more than 15x that of the VOO ETF (0.03%).
Upside risks include a potential decline in interest rates due to slowing macroeconomic factors. That would reduce the foreign currency headwind many of these companies have faced over the past year. Meantime, and considering the leading cybersecurity companies continue demonstrating their growth trajectories (as shown above), they could grow into their valuation levels and the stocks - as a group - could begin to move higher.
Summary & Conclusion
While I am still bullish on the leading cybersecurity companies, my patience has worn thin with the BUG ETF due to its continued under-performance with respect to my other technology growth companies and even to the S&P 500 itself (the benchmark against which I measure my "growth" investments). That being the case, I have to be pragmatic, admit the mistake, and downgrade BUG from BUY to SELL. I recommend investors redeploy the proceeds into a leading cybersecurity company (like Palo Alto), or perhaps just abandon the sub-sector completely and invest in the QQQ and/or the IGV ETFs instead.
I'll end with a 5-year total returns comparison of the BUG ETF with that of the S&P 500, the Nasdaq-100 as represented by the triple-Qs, the IGV ETF, and Palo Alto:
Note that despite the 2022 bear-market that mauled the technology sector particularly hard, the QQQ ETF has still significantly out-performed the S&P 500 over the past 5-years. Meantime, PANW is the clear winner, and with 20-20 hindsight vision is the investment I should have made as compared to my allocation to BUG. What can I say other than I had a difficult time choosing between CrowdStrike, Zscaler, Palo Alto, and Fortinet ( FTNT ) and decided to go with the diversified ETF approach instead. In this case, the diversified approach - at least through the BUG ETF - has not worked out well for me. However, note that - from a "growth" objective - none of the competing cybersecurity ETFs, including the ETFMG Prime Cyber Security ETF ( HACK ), the iShares Cybersecurity and Tech ETF ( IHAK ), and the First Trust Nasdaq CEA Cybersecurity ETF ( CIBR ) have performed all that well (as compared to Nasdaq-100) over the past 5-years:
For further details see:
BUG: This Cybersecurity ETF Is Simply Not Working