The data breach involving a hacker who accessed the personal information of roughly 100 million people in the U.S. and 6 million in Canada who are Capital One credit card customers or had applied for its cards is yet another example of why cybersecurity—the protection of internet-connected systems—is one of the most essential industries of the 21st century.

In reaction to the news, it’s no surprise that Capital One’s stock took a header on Tuesday with a drop of nearly 6%, which was up a couple of percentage points from its afternoon low. But it’s somewhat surprising the share prices of the two main cybersecurity exchange-traded funds—the ETFMG Prime Cyber Security ETF (HACK) and First Trust Nasdaq Cybersecurity ETF (CIBR)—were down slightly for the day.

HACK got an immediate boost from a couple of high-profile corporate cyber thefts shortly after it launched in November 2014. But perhaps we’re now so inured to massive data breaches that the shock value is gone, and there’s no knee-jerk reaction to reach for a cybersecurity ETF.

Nonetheless, these two index-tracking funds have performed well since they debuted, topping the SPDR S&P 500 ETF (SPY) both year to date and during the one- and three-year periods. Meanwhile, both have gathered north of $1 billion in assets and both carry net expense ratios of 0.60%.

HACK was first to market, and is larger at $1.6 billion in assets. Yet CIBR from First Trust, which debuted in July 2015, has outperformed year to date (29.5% versus 21.9% for HACK), over a one-year period (13% compared to 9.3%) and on an annualized three-year basis (18.4% versus 17%).

Both funds invest primarily in the U.S., and their top holdings both include the likes of cybersecurity infrastructure and service provider companies Palo Alto Networks, Symantec, Fortinet, Cisco and Splunk. Perhaps one explanation for CIBR’s outperformance is that its underlying index is more heavily weighted toward U.S. large-cap companies (33% in CIBR’s portfolio compared to 14% for HACK, according U.S. large caps have significantly topped U.S. mid caps and U.S. small caps during the past three years.


The SPDR S&P Kensho Future Security ETF (FITE) is a newer fund with a cybersecurity bent. Launched in December 2017 and sporting an expense ratio of 0.46%, it’s a more diversified product that tracks an index with companies that are, according to fund literature, “driving innovation behind future security.” That includes cybersecurity, advanced border security and various high-end technologies for military applications.

FITE’s wider mandate makes it a different animal than either HACK or CIBR, perhaps making this a kumquats-to-pomegranates comparison. Regardless, at least so far in its brief existence the fund has offered a higher-octane approach to cybersecurity investing, with its year-to-date gain of nearly 33% and one-year rise of 15.6% beating the competition.

Elsewhere, Global X last week filed a registration statement with the Securities and Exchange Commission for the index-tracking Global X Cybersecurity ETF. According to the document, portfolio holdings must get at least 50% of their revenue from cybersecurity activities defined as the development and management of security protocols preventing intrusion and attacks to systems, networks, applications, computers and mobile devices.

The cat-and-mouse game between perpetrators of cyber shenanigans and those trying to protect against cyber crime is a fact of life in the Internet Age. That’s bad news for consumers, but it provides a potential long-term money-making opportunity for investors.