Skim The Cream Of The IT Sector With CIBR

Even in the face of a record inflation environment, high interest rates and limited budgets, enterprises are actively implementing information security solutions, which could classify the cybersecurity industry as non-cyclical. I believe the First Trust Nasdaq CEA Cybersecurity ETF (NASDAQ:CIBR) has a favorable allocation to benefit from the strong demand for cyber solutions, especially on the backdrop of the growing application of big data, IoT and cloud computing. And despite the ETF falling short of the S&P 500 in 2022, CIBR shares have already gained 10.5% since the beginning of the year against 6.8% in the S&P 500.

I expect this outperforming pattern to take hold from this far, as the cyber industry is predicted to grow at double-digits going forward.

Overview

CIRB is mainly exposed to cybersecurity software developers, providers of network equipment and infrastructure and is established to track and repeat the dynamics of the NASDAQ CTA Cybersecurity Index, though a bit costly with a 0.60% expense ratio.

The criteria for including issuers in the portfolio are also a capitalization of $250+ million and a free float of 20%+. Geographic-wise, the share of American companies accounts for 80% of the portfolio. As of March 1, 2023, the fund has $4.7 billion in assets under management, where the top 5 positions include Broadcom (AVGO) (6.66%), Fortinet (FTNT) (6.64%), Palo Alto (PANW) (6.54%), Cisco Systems (CSCO) (5.75%) and Infosys (INFY) (5.42%), while top 15 holdings made up 49% of the portfolio.

Outlook for Cybersecurity

Information security has become among the priority areas for investment in enterprises that have embarked on the path of digitalization. As new technologies are introduced, the risks of encountering cybercrime increase exponentially. The changing cyber threat landscape is forcing organizations to expand and deepen cybersecurity across broad directions.

Compared to the IT industry, cybersecurity is a relatively new and rapidly growing direction. Despite the slowdown in global economic growth, I expect enterprises to remain highly interested in cybersecurity solutions. The latter area is expected to increase by 13.2% and occupy around 4.8% of global IT spending in 2023, which is expected to register a 5.1% growth. The outperforming growth of the cyber industry is broadly in line with software spending (+11.3% in 2023), which should now take over, following the strong growth of data center systems last year.

Among the main drivers of the growth in business demand for cybersecurity solutions are remote work, active migration to the hybrid cloud or multi-cloud environment, the widespread introduction of big data and the IoT. There will also be a focus on AI risk management, following the active implementation of AI technologies. More than 40% of organizations face privacy and security breaches in the implementation of AI projects. Thus, businesses can't afford to cut security expenditures as this would leave them vulnerable.

The promising segment remains Zero Trust Network Access, which is on the rise, replacing VPN. The former is used to connect employees working remotely. If in 2021 less than 10% of new remote access deployments were carried out through ZTNA, then in 2025 their share could reach 70%, which suggests a significant growth.

In the meantime, modern cars have software covering a variety of systems - cruise control, door locks, airbags and advanced driver assistance, which makes them a bit of a gadget. Cars also use WiFi technologies for communication, which makes them vulnerable to hacker attacks. The threats will only grow as cars become more automated and autonomous, so this is a profitable area for cybersecurity providers.

Against the backdrop of a macro downturn, many companies in the industry were saved thanks to the subscription business model and didn't experience an immediate effect of a slowdown. In addition, with the introduction of a large number of technologies and devices, the areas to be secured are increasing. Thus, one could reasonably expect a transition to comprehensive solutions instead of heterogeneous ones. This consolidation on the part of customers plays into the hands of the large industry players, including Palo Alto (with an 8.4% share in the global market), Cisco (6.9%), Fortinet (6.7%), Check Point (3.8%) and CrowdStrike (3.2%).

The mass layoffs in the cyber industry could not be expected against the trend in tech corporations due to the OPEX optimization. The number of employees in the field of cybersecurity is not so large, and because of this, the average revenue per employee should be significantly higher. Thus, the industry even has an opportunity to profit from the staff laid off from big tech.

Valuation

I went for the valuation of CIBR using the weighted average target prices of the top 25 companies (out of 38), which make up 90% of the fund's portfolio. Based on the methodology, the upside potential of the fund's shares is 13%, which implies a target price of $50 and is in line with a Buy rating.

Fortinet (1.1%), Palo Alto Networks (0.95%), Cisco (0.87%), Zscaler (ZS) (0.86%) CrowdStrike (CRWD) (0.83%) are the largest contributors to the fund's growth potential and make up around 1/3 of the implied upside.

CIBR also has a dividend policy in place, which provides for quarterly payments. Although the fund cannot boast a high dividend yield, the average annual dividend yield of the fund in 2015-2022 is 0.54%.

To sum up, I believe CIBR has a favorable set up to meet the industry growth drivers. Going forward, rising software spending should provide for a sustainable demand for cyber security solutions, especially on the backdrop of the growing application of Big Data, IoT and cloud computing. Additionally, the gov digitalization initiatives around the world, along with demand from healthcare and manufacturing will provide for high utilization of cyber security solutions.

Risk factors

The main risks, highlighted in my article on Check Point (CHKP) align here as well.

Further tightening of monetary policy could increase the volatility of technology sector, which continued to gradually acquire the features of traditional industries that are highly responsive to the changes in the macroeconomic situation. In addition, recession fears could restrain spending on cybersecurity…

Conclusion

I see an attractive, long-term investment opportunity in CIBR due to the underlying sustainable growth factors for cybersecurity demand. I believe the cyber industry will continue to outperform the broad IT sector by 2x in the mid-term, providing a strong growth momentum for the cyber players. This will allow the investors to skim the cream of the IT sector. To sum up, I am bullish on CIBR, as the valuation model implies a 13% upside potential from the top 25 holdings. The remaining is on top of that and puts merely an upside risk to my estimates.