Key Differences Between 2 Cybersecurity ETFs

With all eyes on cybersecurity, it’s good to know how 'HACK' and 'CIBR' differ.

Reviewed by: Cinthia Murphy
Edited by: Cinthia Murphy

The World Economic Forum, in its assessment of the biggest threats to the global economy in 2017, said that the No. 1 risk to the U.S. this year is cybersecurity. In the ETF universe, there are two ETFs that invest solely in that theme, offering exposure to cybersecurity-related product and service providers.

The two ETFs, the PureFunds ISE Cyber Security ETF (HACK) and the First Trust Nasdaq Cybersecurity ETF (CIBR), are very similar in composition, tapping into a relatively small universe of anti-hacker stocks. And they both had a stellar year in total returns in 12 months, as the chart below shows. 

Chart courtesy of

But there are some key differences between the two, which help explain their different performances: 24.5% for CIBR versus 18.9% for HACK.

The first to market, and the most popular of the two, is HACK. The ETF HACK raced to more than $1 billion in assets in a matter of months after it launched in November 2014.

The timing of the launch was key. Repeated cyberattacks—the Sony hack was the most notable—were happening across the U.S. Today the fund has almost $790 million in assets under management. However, it faces growing competition from CIBR, which has $141 million in AUM and a relatively stronger performance in recent months.

Here are some of the key differences between the two funds:


In theory, it costs more to own HACK—a price difference that has to be made up in performance. HACK has an expense ratio of 0.75% compared with CIBR’s expense ratio of 0.60%, or in other words, HACK is 20% more expensive than CIBR.

But when it comes to trading these funds, HACK has traded with an average spread of 0.10% in the past 45 days, putting its total cost of ownership at about $85 per $10,000 invested. CIBR, however, has traded in that same period with a wider average spread—0.25%—bringing its overall cost of ownership to the same level of 0.85%.



Both funds own a similar number of holdings: CIBR has 33 and HACK 35. But CIBR places a bigger emphasis on liquidity. The fund looks to ensure that as it grows, lack of liquidity in underlying holdings isn’t an issue—a problem that happens if the ETF owns more and more of a company’s outstanding float. CIBR requires its stocks to have a minimum free float of 20% and market capitalization of at least $250 million.

CIBR also looks for a minimum three-month average daily dollar trading volume of $1 million, according to First Trust. The fund’s underlying index uses a modified liquidity weighting scheme that also imposes caps on individual weightings.

HACK requires a minimum market capitalization of $100 million—a smaller level than CIBR’s. The index methodology doesn’t specify a liquidity threshold, or designate when it comes to a company’s required free float. That means HACK is more likely to own smaller, up-and-coming companies that could be on the leading edge of technology breakthroughs, but that have yet to establish much of a track record.

HACK also imposes a weighting cap of 20% for individual securities, and it stipulates that the cumulative weight of all components with an individual weight of 5% or greater do not in the aggregate account for more than 50% of the weight of the Index. Average daily trading does play a role in the weighting of each security, according to ISE.


Both CIBR and HACK invest in companies that provide products and services related to cybersecurity. They have similar sector breakdowns—software, IT, etc.—but they have different weighting methodologies, which lead to different performance.

CIBR tracks the Nasdaq CEA Cybersecurity Index, which focuses on companies engaged in the cybersecurity segment of the technology and industrials sectors. The index uses a modified liquidity weighted methodology that includes caps on allocations to individual stocks, according to First Trust.

CIBR’s biggest holdings are Symantec at 6.2%, followed by Palo Alto Networks at 6%, with about 50% of the portfolio tied to software companies and 18% to communications equipment. CIBR’s median market cap is currently $3.7 billion.

HACK tracks the ISE Cyber Security Index, and applies a modified tiered equal-weighting methodology that spreads allocations evenly among its 35 holdings. Top holdings include Proofpoint and CyberArk Software, at about 5% each.

Some 57% of the portfolio is tied to software names and 18% to communications equipment.

HACK has a heavier tilt toward software names, at about 57% of the portfolio, followed by communications equipment, at 18%. The average market cap is $8.8 billion.

Cybersecurity has been a hot theme for awhile now. If the World Economic Forum is right, it should remain a focus in 2017. As an investor, you have ETF choices in this space, but looking under the hood is crucial to picking the right one for your portfolio.

Contact Cinthia Murphy at [email protected]


Cinthia Murphy is head of digital experience, advocating for the user in all that does. She previously served as managing editor and writer for, specializing in ETF content and multimedia. Cinthia’s experience includes time at Dow Jones and former BridgeNews, covering commodity futures markets in Chicago and Brazil equities in Sao Paulo. She has a bachelor’s degree in journalism from the University of Missouri-Columbia.