A cybersecurity fund has returned more than 30 percent since the Equifax data breach

  • A cybersecurity ETF has returned 31 percent since the Equifax data breach last year, double the return of the S&P 500.
  • Companies in the fund include Palo Alto Networks, Fortinet, FireEye, Juniper Networks, CyberArk Software, Symantec and Cisco.
  • Gartner recently projected cybersecurity spending to climb 7 percent to $93 billion this year compared with $86.4 billion in 2017.
An Equifax Inc. slide is displayed on a monitor in October 2017.
Andrew Harrer | Bloomberg | Getty Images
An Equifax Inc. slide is displayed on a monitor in October 2017.

As the rest of the stock market has struggled on heightened trade rhetoric and many big technology companies have faced regulatory scrutiny over data privacy issues, one subsector of that industry has been on fire: cybersecurity.

One of the cybersecurity industry’s most popular exchange-traded funds, the ETFMG Prime Cyber Security ETF (HACK), is up 18 percent in 2018. The fund launched in November 2014 as a new way to profit from the growing number of cyberattacks and data breaches plaguing U.S. companies.

Since the epic data breach of more than 145 million customers at credit firm Equifax in September 2017, the fund has returned 31 percent, double the return of the S&P 500 over that same period.

Although cybersecurity spending picked up beginning in 2016 as companies started to adopt a more platform-based approach to information security, those investments accelerated in mid-2017. Since then, an increasing number of organizations moved sensitive, proprietary data to cloud-based networks, and that trend has fueled shares across the cybersecurity landscape as companies look to protect that data.

"[Looking] at some of the top holdings of HACK, many of the positions are also our top picks across both security and storage," said Andrew Nowinski, Piper Jaffray senior research analyst.

Companies in the fund include Palo Alto Networks, Fortinet, FireEye, Juniper Networks, CyberArk Software, Symantec and Cisco. Several of those names have reported strong first-quarter earnings in the first half of 2018. And, while the group's success dates back to mid-2017, many analysts believe the group's climb took off in mid-February, a time when many of the top holdings in the index started to report earnings.

Fortinet, meanwhile, has surged 66 percent since the Equifax hack, while CyberArk — touted for its leadership in managing privileged access information - has rallied 50 percent.

"I believe this reflects the investor community's willingness to take on greater risk for the longer-term investment opportunity that many of these stocks offer," said Kenneth Talanian, Evercore ISI software research analyst.

And it’s not just HACK. Another other popular ETF in the space, the First Trust Nasdaq Cybersecurity ETF, had rallied 23 percent since last July.

IPOs

Talanian also points to the recent flow of IPOs as key in fueling cybersecurity stocks' gains. Carbon Black and Zscaler are among the cyber-related names that have gone public in the past few months, and both handily beat analyst earnings projections in their first quarterly reports.

Research and advisory firm Gartner recently projected spending on information security globally will climb 7 percent to $93 billion this year, compared with $86.4 billion in 2017. In a separate report, Cybersecurity Ventures estimated cybercrime damages will total $6 trillion annually by 2021— double the $3 trillion in damages in 2015.

"There is a major land grab opportunity over the next 12 to 18 months in cloud security for those security vendors that have the solution sets to protect critical cloud [information]," GBH Insights Chief Strategy Officer Dan Ives said in a recent research note.

Investors also point to the General Data Protection Regulation, a sweeping data privacy law that went into effect across the European Union last month, as a potential catalyst for the sector.

GDPR extends beyond Europe's borders to apply to any company offering goods to EU citizens. As a result, a majority of corporations will rely on cybersecurity tools to better protect consumer information.

"We believe we are in the initial innings from an adoption perspective with regards to regulation," Eyal said. "[T]hese could create significant pay winds for many of the [cyber] industry participants." He added that GDPR-related revenues already started to impact companies' income statements beginning in the second half of last year.

Correction: Cybersecurity Ventures recently estimated that cybercrime damages will total $6 trillion a year by 2021.