Cybersecurity ETFs' Shifting Fortunes

An ETF’s success can depend on more than just portfolio construction or performance.

Reviewed by: Jessica Ferringer
Edited by: Jessica Ferringer

On Aug. 25, President Biden hosted a meeting with private sector executives to discuss national cybersecurity, referring to the issue as “the core national security challenge we are facing.”

Ransomware attacks have had serious economic effects such as forcing the shutdown of a major U.S. fuel pipeline in May. That particular event disrupted the fuel supply to the East Coast for days, with many gas stations running out of fuel.

The pipeline security breach was far from the first notable story, however. In fact, nearly seven years ago, the breach of film studio Sony Pictures ended up being advantageous for one cybersecurity-focused ETF that had just launched a few weeks prior.

Breaches Benefit AUM

The ETFMG Prime Cyber Security ETF (HACK) was the first ETF on the market to focus on cybersecurity. The ETF launched on Nov. 11, 2014. Less than two weeks later, a hacker group called “Guardians of Peace” leaked confidential info from Sony Pictures. The data included confidential emails, social security numbers and other personal information.

Within its first year of existence, HACK saw net flows of over $1 billion.


Pop-up Image

Chart courtesy of FactSet

(For a larger view, click on the image above)


A large portion of these flows came from yet another data breach that occurred in early June 2015. If you use the ETF Fund Flows Tool, you can see that HACK pulled in net inflows as high as $171 million in a single day.


HACK Flows

Chart courtesy of FactSet

(For a larger view, click on the image above)


Later in June 2015, the U.S. Office of Personnel Management (OPM) announced it had been the target of a data breach involving personnel records related to government employees and their friends and family. It was one of the largest breaches of government data in U.S. history.

In its first year of trading, HACK only outperformed the SPDR S&P 500 ETF Trust (SPY) by 0.8%. However, HACK had been outperforming SPY by as much as 28.4% in June 2015.


Chart courtesy of


First Trust Enters The Fray

Not long after the OPM breach came to light, the First Trust NASDAQ Cybersecurity ETF (CIBR) came to market. This fund has since become the largest cybersecurity ETF, with $4.8 billion in assets under management as compared to $2.4 billion for HACK.

Though several other entrants have since launched ETFs focused on the cybersecurity space, HACK and CIBR are the only two that hold more than $1 billion in assets.

When it comes to cost, neither of these ETFs holds an edge, with both carrying an expense ratio of 0.60%. CIBR is about twice as big, but its average daily volume is nearly 3x that of HACK, leading to a tighter average spread.



Chart courtesy of FactSet

(For a larger view, click on the image above)


Comparing Construction

CIBR is a more concentrated portfolio than HACK, with fewer holdings and a more significant concentration in the top 10. Between the two portfolios, five names show up as top holdings in both CIBR and HACK.



Chart courtesy of FactSet

(For a larger view, click on the image above)


Performance between these two ETFs has mainly tracked in line over the trailing three years until recently, when CIBR has started to pull away.


Chart courtesy of


In particular, CIBR’s concentration in a few names has helped boost recent performance over that of HACK. The largest holding, Zscaler., has risen by 95% over the trailing year, while CrowdStrike, its second largest holding, is up 142% over the same time frame. Both names are also held within HACK’s portfolio, but at smaller weights.

Legal Issues At Play

Though performance could be the reason for CIBR’s place at the top of the field, legal issues have  befallen HACK over the last several years.

In December 2019, ETF Managers Group was ordered to pay $80 million to Nasdaq in a dispute over control of several ETFs, including HACK. The judgment was the culmination of a years-long battle over who was entitled to the profits from these ETFs.

In May 2020, Nasdaq and ETF Managers Group announced plans to settle their dispute over these funds. The two entities agreed that ETFMG would no longer maintain control over the funds. The funds would be reorganized under Exchange Traded Concepts, pending shareholder approval. (Read: Nasdaq Settles ETF Legal Fight Over ‘HACK’)

As of the writing of this article, ETF Managers Group still retains control over the HACK ETF, likely due to not enough shareholders having cast their votes on the reorganization.

Launching just prior to a data breach was a lucky break for HACK, but the prolonged legal battle has helped give CIBR the upper hand for now.

Contact Jessica Ferringer at [email protected] or follow her on Twitter

Jessica Ferringer, CFA, is a writer and analyst for She has 10 years of experience in investment research and due diligence, including helping to manage ETF portfolios. Jessica has a bachelor’s degree in economics from Lafayette College and an MBA from the University of Pittsburgh.