BUG: This Cybersecurity ETF Is Simply Not Working
Summary
- I continue to be bullish on the global cybersecurity market and the leading companies that operate in that space.
- However, it is time to acknowledge that the BUG cybersecurity ETF is simply not working as a "growth" investment.
- Indeed, over the past year, the BUG ETF has significantly lagged technology sector as a whole and has even trailed the returns of the S&P 500 by a wide margin.
Sundry Photography
The investment thesis supporting the Global X Cybersecurity ETF (NASDAQ:BUG) appears to be strong and relatively straight forward: cybersecurity for businesses, governments, and individual consumers is no longer optional - it is mandatory. As a result, leading cybersecurity companies that operate SaaS-based platforms are demonstrating strong growth in revenue and free-cash-flow. However, even as individual companies in the BUG ETF continue to perform very well, it is time for me to acknowledge that this ETF is simply an under-performing asset. Indeed, I had purchased BUG for inclusion in the "growth" category of my portfolio, but over the past year it has been left in the dust not only by other technology investments, but even by the S&P 500 itself:
Seeking Alpha
Indeed, as the chart above clearly shows, the Vanguard S&P 500 ETF (VOO) has nearly doubled the returns of the BUG over the past year while both the iShares Expanded Tech-Software ETF (IGV) and Nasdaq-100 Trust (QQQ) have fully participated in the recent technology rally and trounced BUG's returns. As a result, I am downgrading BUG from a BUY to an outright SELL.
Investment Thesis
As I have explained in previous Seeking Alpha articles on the BUG ETF, the global TAM for cybersecurity is large and growing rapidly (for instance, see BUG: There Is No Stopping The Leading Cybersecurity Companies). However, and while I continue to be bullish on the leading cybersecurity companies themselves, the fact is that the BUG ETF is simply an under-performing asset and has not met my expectations. I know it's a completely different industry, but BUG reminds me somewhat of my downgrade on gold (see Gold Isn't Working). That is, despite what looked like strong fundamentals, the investment thesis simply did not work out as expected. That being the case, it is time to consider selling the BUG ETF and re-deploying the capital to better performing equities. But first, let's take a look at some of the leading cybersecurity companies to see how they are performing.
Top-10 Holdings
The top-10 holdings in the BUG ETF are shown below and were taken directly from the Global X webpage where you can learn more details about the fund:
Global X
As you can see, the BUG ETF is a relatively concentrated fund: the top-10 holdings equate to 57.4% of the entire portfolio. However, as I have opined in the past, this is exactly what investors should want considering the leading cybersecurity companies are arguably in a "winners take most" position within the overall market.
Indeed, the #1 holding - with a 9.0% weight - is Zscaler (ZS). Zscaler continues to grow like a weed and earlier this month the company's Q3 earnings demonstrated that fact:
- Q3 non-GAAP EPS came in at $0.48 - a $0.05 beat.
- Revenue of $418.8 million (up a whopping 46.0% yoy) beat consensus estimated by $7.05 million.
- Free cash flow was $73.9 million (18% of revenue). That compares to $43.7 million (15% of revenue) in Q3 of fiscal 2022.
- The midpoint of Q4 revenue guidance ($430 million) exceeded estimates ($426.85 million).
CrowdStrike (CRWD) is the #2 holding with a 6.7% weight. Similarly to Zscaler, CRWD's Q1 FY 24 earnings report was also very strong: revenue of $692.58 million (+42.0% Y/Y) beat by $16.35 million, ARR grew 42% yoy to reach $2.73 billion, and forward guidance for Q2 was better than expected. Free cash flow was $227.4 million compared to $157.5 million in Q1 of fiscal 2023.
The #3 holding is Palo Alto Networks (PANW) with a 6.5% weight. PANW recently popped higher on inclusion into the S&P 500. PANW announced its Q3 report in late May and highlights included:
- Q3 Non-GAAP EPS of $1.10 beat estimates by $0.17.
- Revenue of $1.72 billion was +23.7% yoy.
- Billings grew 26% year over year to $2.3 billion.
- For the year, PANW expects free-cash-flow margin of ~38%.
As shown in its Analysts Day Presentation, Palo Alto's strategy is to focus on three primary categories: network security, cloud security, and security operation centers ("SOC"):
Palo Alto Networks
Going forward, PANW will be employing embedded AI & ML automation across the security stack.
Looking at the stock performances of these three leading cybersecurity companies over the past year is instructive:
Even though ZS and CRWD are growing revenue faster than Palo Alto, PANW is bigger and its inclusion into the S&P 500 was a positive catalyst as indexed funds raced to buy the stock. Meantime, and despite the tech rally YTD, ZS and CRWD are still negative over the past year.
The story is similar for Okta (OKTA), the #6 holding with a 5.2% weight. OKTA's Q1 report was a beat: revenue of $518 million (+24.8% Y/Y) beat by $7.32 million. The company generated $124 million of free-cash-flow and raised guidance. However, OKTA stock is down 25% over the past year and still trades with a forward P/E of 78x.
Risks
A primary investment catalyst behind these cybersecurity companies is that they operate SaaS-based platforms that can be easily scaled-up and are therefore expected to generate free-cash-flow growth that should, over time, exceed revenue growth.
However, this expectation is what has led to the premium valuation levels of these companies. The current forward P/E (as per Seeking Alpha) of the leading companies in the BUG ETF are shown below:
- ZS: forward P/E = 92.3x
- CRWD: forward P/E = 62.6x
- PANW: forward P/E = 51.5x
These kind of rich valuation levels, which the cybersecurity companies have enjoyed since the bull-market of 2020 began, is likely the primary reason that they - despite excellent operational and financial performance over the past year - have continued to lag the overall market. Meantime, despite the 2022 bear-market in the technology sector, the BUG ETF's overall valuation level remains elevated:
Global X
The BUG ETF's PE and price-to-book metrics (42x and 6.4x, respectively) compare to the S&P 500's PE of 24.9x and price-to-book of 4.2x (a roughly a 50% valuation premium).
Meantime, note the expense ratio of the BUG ETF (0.51%) is significantly higher than that of the QQQ ETF (0.20%) and more than 15x that of the VOO ETF (0.03%).
Upside risks include a potential decline in interest rates due to slowing macroeconomic factors. That would reduce the foreign currency headwind many of these companies have faced over the past year. Meantime, and considering the leading cybersecurity companies continue demonstrating their growth trajectories (as shown above), they could grow into their valuation levels and the stocks - as a group - could begin to move higher.
Summary & Conclusion
While I am still bullish on the leading cybersecurity companies, my patience has worn thin with the BUG ETF due to its continued under-performance with respect to my other technology growth companies and even to the S&P 500 itself (the benchmark against which I measure my "growth" investments). That being the case, I have to be pragmatic, admit the mistake, and downgrade BUG from BUY to SELL. I recommend investors redeploy the proceeds into a leading cybersecurity company (like Palo Alto), or perhaps just abandon the sub-sector completely and invest in the QQQ and/or the IGV ETFs instead.
I'll end with a 5-year total returns comparison of the BUG ETF with that of the S&P 500, the Nasdaq-100 as represented by the triple-Qs, the IGV ETF, and Palo Alto:
Note that despite the 2022 bear-market that mauled the technology sector particularly hard, the QQQ ETF has still significantly out-performed the S&P 500 over the past 5-years. Meantime, PANW is the clear winner, and with 20-20 hindsight vision is the investment I should have made as compared to my allocation to BUG. What can I say other than I had a difficult time choosing between CrowdStrike, Zscaler, Palo Alto, and Fortinet (FTNT) and decided to go with the diversified ETF approach instead. In this case, the diversified approach - at least through the BUG ETF - has not worked out well for me. However, note that - from a "growth" objective - none of the competing cybersecurity ETFs, including the ETFMG Prime Cyber Security ETF (HACK), the iShares Cybersecurity and Tech ETF (IHAK), and the First Trust Nasdaq CEA Cybersecurity ETF (CIBR) have performed all that well (as compared to Nasdaq-100) over the past 5-years:
This article was written by
Analyst’s Disclosure: I/we have a beneficial long position in the shares of BUG, IGV, QQQ, VOO either through stock ownership, options, or other derivatives. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
I am an electronics engineer, not a CFA. The information and data presented in this article were obtained from company documents and/or sources believed to be reliable, but have not been independently verified. Therefore, the author cannot guarantee their accuracy. Please do your own research and contact a qualified investment advisor. I am not responsible for the investment decisions you make.
Seeking Alpha's Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.